Out-take of data from Library Computer Systems.
There are three issues here:
The central issue in this section is that Devon Library Service (and others in the UK) continue to pay little or no attention to data protection on their own machines yet have introduced systems to snoop on library users in such an incompetent manner that the records have little credibility. In future, local councils may be allowed to use more powerful surveillance technology.
Two of the principal objections to government 'snooping' are the extent to which even existing records are known to be inaccurate and the degree to which they can be (and are) accessed by unauthorised persons. Given that there are admitted to be substantial problems even within the systems run by the Police, Inland Revenue and Benefits Agency, little confidence can be attached to claims that other computerised record systems will in actuality be operated in a principled manner. Integration of systems, including perhaps across Europe, may make matters worse.
This page records the author's own experiences, and those of others who shall remain nameless. Warnings about issues of data protection were given in August 2002 to Devon Library Services (see letters at intern2.htm and intern5.htm for example) but as far as I am aware, have been ignored.
The overall history of this website and in particular its present emphasis on libraries in the UK is covered elsewhere. For the moment the relevant history dates from summer 2002 when I used Honiton library in Devon. Three new People's Network computer systems were situated a few feet away from the issue desk, and staff could see every word that was on any of the screens. I had to use my library card to gain access to the Internet but decided against checking bank accounts on a machine that offered no privacy. I can recall thinking to myself - what is the use of 128 bit encryption if both a local librarian and the snoops in the DCC computer control bunker can read every word?
I decided instead on an experiment: after logging off I tried a consecutive number to gain access. It worked! My library number is C0 0000009 4XX51 and I tried 4XX52 (and a few more that did not work). However, after a week or so glancing at library tickets of other users (often left conveniently on view while they checked books in) I had worked out that there were several distinct and easily memorised sequences of ticket numbers - later I learnt these were merely the result of having a different set of opening numbers for each issuing library. A system more open to abuse would have been difficult to devise. Indeed, as detailed below, there were even easier methods to obtain both library ticket numbers and names of borrowers: the former being useful for computer access purposes and the latter useful (to a person intent on mischief) in obtaining the address of the hapless borrower. In my letter of 22 August to the Head of Devon Library Services (intern2) I warned :
Your system of using library card numbers for access to computers offers virtually no security. It may be easily be defeated in four different ways. You have directly facilitated two of them. Do you recognise you can have little to no confidence in linking numbers used to users, certainly not to a degree that would be necessary to support even proposed exclusion from the library under bylaws let alone any serious Court action? In your Terms and Conditions you promote your extensive surveillance capabilities "It is possible to identify sites visited and users responsible". Using your systems?!
Later, I offered to sort out these and several other security related issues for DCC but received no reply to my letters. Minor software changes would have solved most of the problems.
The method given above was used by quite a few people to defeat the 'snooping' of Devon County Council but more often to obtain a further 'free' session on the computers, these being limited officially to one per person per day. I was not able to do this, being rather too well known in Sidmouth!
However, there were (and I suppose still are) two other methods of defeating the systems. Ticket numbers could be collected almost en-masse from book issue computer screens at many libraries, these often being sufficiently in public view. Dozens were collected and used - indeed (as DCC would be able to confirm all too easily) I used my own ticket number precisely twice in accessing People's Network machines probably over a hundred times between June and October 2002.
At the dawn of the 'new computer age' in Devon Libraries, staff were issued with 'emergency ticket numbers' for use when a casual visitor wanted to use a machine. After all, Sidmouth and other seaside towns do have a tourist industry! These ticket numbers were (amazingly) issued in a sequence with very easily memorised numbers. C 000 000 122 1032, 1034, 1035, 1037, 1043 and several others (7368, 8851 etc). Staff were instructed darkly and in 'secret' documents (one of which I obtained) not to divulge these numbers to users and not under any circumstances (!!!) to hand them the emergency ticket itself.
An intelligent person might ask, would it be possible not to divulge the number when it was both held under the nose of and typed into computer screens in plain text a few inches away from the gaze of an aspiring surfer? Also, some staff became so agitated at having to use these tickets many times a day, they got into the habit of reciting the numbers almost in frustration as they were entered. "One, two, two, (pause) one, oh, three, seven." BANG. The return key was hit with such force that I often thought Miss Luxton at Sidmouth library would be better employed as an impact testing operative. Anyone standing ten metres away could have made a note of the number. Other libraries in Devon were even more lax, with these top-secret tickets sometimes left casually on issue desks.
An even greater element of farce was introduced by the use of special children's emergency tickets which would allow access to word processing but not to the Internet. Unfortunately, the central computers had a habit of forgetting which were which. On several occasions I tried to help a hapless user access the Internet only to find that an adult emergency ticket had 'slipped' into child mode. The reverse also happened on a number of occasions, and I was later able to confirm that photographs downloaded from the Internet or scanned into the machines and stored on drive D: could be accessed using a children's ticket (see intern31.htm and following pages for more details).
Notwithstanding that they usually had more than enough to do keeping up with system failures and dealing with irate users, instructions were issued to library staff to change emergency numbers frequently - a rather pointless exercise in view of how they had to be used. Amazingly for a County Council that professed great surveillance capability, the same emergency numbers would work at any Devon Library - these being probably the numbers issued centrally in June 2002 and never changed!
Sometimes, as a rare treat, I managed to obtain the ticket number of a staff member. One such was Mrs. K at Sidmouth, who dutifully scanned some books she was returning and left her ticket number on screen for half an hour. (Your secret is safe with me Ann, C 330.079.310.XXX.) I never did get around to trying whether staff numbers gave access to other areas of the computers denied to us ordinary taxpayers.
More seriously, I was able to amass data on names and (sometimes) addresses of people I casually approached (standing in the queue behind them) whilst they were having their books checked in/out or renewed. The data will not be published for obvious reasons. Of course, the point is not that I was able to collect personal data but that I could do it so openly and easily and despite DCC and the Information Commissioner having been warned about system vulnerabilities.
Systems elsewhere in the country were little better. On a trip to the north of England I was a casual visitor to Barnoldswick library. I used a public access computer with no identification being requested after being told that most of them were reserved for holders of local library tickets. (Hardly in the spirit of the People's Network!)
Whilst resting casually against the issue desk pretending to read a leaflet I was able to memorise names of two borrowers from book issue computer screens, and later (just for the hell of it) obtained the address of one of them from a library computer using a false email account (created weeks earlier in another part of the UK and using an untraceable ticket number) and a few free searches on 192.com. So much for data protection in the computer age! It was fortunate for Mrs. J, who was an attractive woman with an unusual and therefore easily traced name, that (as a wild northerner myself) I was not intent on pillage and rape. More details of the dangers of casual release of names in the computer age are given below in the pages dealing with electoral registers and credit cards.
Other libraries, operated in areas of the country where overstaffing is more obviously a problem, have adopted a labour intensive solution to command and control. They demand that intending users hand over their library ticket for manual scrutiny before it is logged into the system. This would be impracticable where computer loading is high and staffing levels low. As usual, the pretext for snooping was given as 'child protection' despite that one can walk a few yards down the road and access the Internet (and presumably chatrooms) from a new style pay-and-surf BT phone booth - although at the moment they are rather expensive to use. There is similar freedom in many Online centres including High Street off-shoots of universities and in an increasing number of shops that offer casual access.
In one town, I needed Internet access for ten minutes and used a 'lifelong learning' centre. I was asked merely if I was a new user (yes), asked to fill in a form giving only my name (a false one) and not even asked to leave the form behind when I dutifully paid my 50 pence. At the award winning COSMIC Internet Centre in Ottery St Mary the public access computer log asks only for your first name. Against these and many other examples of 'free' access within a free society, the amateurish yet overbearing surveillance of DCC bears all the hallmarks of an organisation steeped in incompetence and dominated by fear. Management Consultants know that the two often go together.
Use of PIN numbers would render misuse of library ticket numbers far more difficult but not impossible. Rolling PIN numbers (issue of a single-use PIN to a user upon insertion of the card into a reader) would guarantee that only the actual bearer of a genuine card would be able to use it. Simple bar code readers are rather easily defeated! Counterfeit cards could be generated probably as easily as credit cards by well funded terrorist groups, negating completely the benefits purported to flow from all the effort, expense, and violation of privacy of these ultimately useless surveillance systems.
So called 'smart' cards, similar to those being deployed on the London Underground, are being tested in Herefordshire libraries, with an eventual aim of allowing out-of hours access to computers, which it is aimed to site in non-library buildings to allow longer hours of access. However, according to The Economist magazine of 17-23 August 2002
"Few of the 20 million who use the capital's underground will realise that the card, which will work from inside a wallet or bag, will record their daily movements for billing purposes. Mobile phone companies hold data on an individual's calls and movements. Shops hold details of purchases. Such companies frequently bleat that personal data is secure and inviolable."
In libraries, mandatory use of such a card would not only enable a record of date and time of visit but every webpage viewed and (probably) for how many minutes. A similar system may be introduced for cars in the UK, logging every journey ever undertaken by every vehicle using tracking chips incorporated into number plates and a vast new array of roadside tracking sensors. (see smart_card_surveillance.htm later in this section)
Leaving aside incompetence and casual attitudes to data protection, a more fundamental issue is whether libraries have any right to introduce surveillance of such an intensity that every website page visited is logged against a ticket number. Systems could easily be designed to control access to computers on a fair basis (including automated and charged printing) but without any record of who had used which machine and when. This should be the norm in a free society.
Two serious questions about the people in local government who design and operate library computer systems.
Could they in future take their duties seriously and design systems that cannot easily be compromised but that do not violate personal privacy? I could probably do it in about two weeks and my fees are reasonable.
Could they stop issuing dozens of glossy leaflets at the public expense telling us how wonderful they are and how much they value our comments? Taxpayers with experience of science and logic would be more impressed if they just did their simple jobs properly and answered questions posed in the public interest.