Monday, June 8, 2009

Libraries, Intellectual Freedom, Privacy, and Law Enforcement

What would you do if a law enforcement official barged into your library, demanding the records of a certain patron (or a whole group of patrons) or wanting to confiscate a computer thought to have been involved in a crime? How would you react? Are there any circumstances in which you are required to comply with their demands? Do you know what those circumstances are?

These situations are not excessively common in general. According to one American Library Association (ALA) survey to which over 1400 libraries responded, only 137 such instances were reported to have taken place between October 2001 and June 2005 (ALA, 2005a). It is perhaps unlikely that such a scenario will take place at your library, while you are on duty, and that the law enforcement officer will speak directly to you. (I have worked in four libraries over the past couple of years and have not heard of any such cases happening in any of them recently.) However, it could happen, and we as librarians need to know the basics, at a minimum, in regards to this issue.

This article will discuss three aspects of this issue. First, what might prompt law enforcement officers to make an inquiry at the library and what types of information they might request from us? Second, what lines of defense can we as librarians use to protect the privacy of our patrons against these types of searches? Finally, there are some circumstances in which we must comply with law enforcement requests: what are they, and what should we do when we are faced with one?

An infinite number of scenarios might prompt law enforcement to seek patron information at your library. This practice has been exacerbated particularly by the events of 9/11, the subsequent passage of the USA PATRIOT Act, and attempts to nab suspected terrorists. Inquiries may be related to the suspected use of library computers for computer crimes, such as viewing child pornography, hacking, or sending threatening emails. Or, the inquiry may be more of a “fishing expedition,” using profiling to hunt for potential criminals based on their circulation records or Internet browsing history. Law enforcement officials may demand to confiscate computer equipment, view Internet usage logs, or view circulation records either of a particular patron, or of anyone who has checked out books on a particular topic, such as terrorism, bombs, anarchy, etc.

What can we do to protect our patrons against unreasonable violations of their privacy, in regards to law enforcement inquiries? (Keep in mind, there will be some instances when these inquiries are not unreasonable, but we’ll get to that in a moment.)

The American Library Association (ALA) has provided librarians with a good arsenal of policies to protect patron privacy from unreasonable demands made by law enforcement officials.

First and foremost, we have the ALA Code of Ethics, which states in Article III: We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.

Librarians can also look to the guidelines set forth by the ALA’s Policy on Confidentiality of Library Records. You can view all of the ALA’s Privacy Policies and Statements here.

Library patron records are also protected by state laws. All 50 states have laws or provisions that protect the privacy of library patrons. To check the specific laws in your state, check out the ALA’s list of State Privacy Laws Regarding Library Records.

Your library should (and probably already does) have its own privacy policies in place, specifying what records are protected and how. These are usually posted on the library web site, which is a reassurance to patrons but also an assertion of where we stand on the issue of patron privacy. The ALA has compiled a large list of privacy policies at various libraries nationwide, or you might be interested to read Wayne State University Libaries’ Privacy Policy.

And finally, your library’s board-approved records retention policy can be your friend or your enemy in situations such as these. First of all, don’t create unnecessary records, and don’t retain records longer than necessary for reasonable library function. There are many examples for this: only keep computer reservation logs long enough to facilitate the waiting list; delete the Internet browser history after each patron logs off; only maintain the link between a patron and a specific borrowed item until the item has been returned (or the fine paid, if any). Furthermore, destroy records on schedule (automatically if possible!) according to your records retention policy. After all, law enforcement officials cannot force you to hand over records that you don’t have. And there’s really nothing they can do or say when you tell them, “I’m sorry; that data no longer exists.”

As you can see, there are many lines of defense against an unreasonable law enforcement inquiry.

However, there are some circumstances in which you must comply with a law enforcement inquiry. The ALA’s Policy on the Confidentiality of Library Records states in item 2: Advise all librarians and library employees that such records shall not be made available to any agency of state, federal, or local government except pursuant to such process, order or subpoena as may be authorized under the authority of, and pursuant to, federal, state, or local law relating to civil, criminal, or administrative discovery procedures or legislative investigative power.

And in item 3, it further specifies: Resist the issuance of enforcement of any such process, order, or subpoena until such time as a proper showing of good cause has been made in a court of competent jurisdiction.

That means, if the law enforcement officer has a court order, subpoena, or search warrant, and if good cause is shown, ultimately, you will have to comply with the request in spite of the invasion into patron privacy.

So what should you do if you are faced with a law enforcement inquiry regarding library patron records? The ALA has a great, detailed page of recommendations and step-by-step instructions for coping with law enforcement inquiries. Your library should have one person to whom law enforcement inquiries are referred. Even if you are not that person, you may one day be on the front lines of such an inquiry, and you need to know what to do. Remember these general guidelines:

  • Do not comply unquestioningly to law enforcement officers’ demands, even if they seem threatening.
  • Always keep in mind that the ALA Code of Ethics, as well as state laws, protect the privacy of library patrons’ records.
  • Ask for the officer’s identification.
  • Ask to see the court order, subpoena, or search warrant.
  • If possible, retrieve the designated person who is supposed to handle these inquiries.
    If your library has one, refer to its designated procedures for dealing with law enforcement inquiries.
  • Seek backup. You are probably not the only staff member in the building, so it’s probably a good idea to request other staff members to be present during whatever interaction you have with the law enforcement officer(s). They can back you up on policies, as well as serve as witness to whatever actions or conversations take place.

These are just some general guidelines. Some of it probably seems like common sense. The biggest thing to remember in dealing with law enforcement inquiries is that patron’s library records are protected by our Code of Ethics, as well as privacy laws. They can’t just be “handed over” to anyone, not even law enforcement officers, without certain paperwork and good cause.

References

American Library Association. (1986). Policy on confidentiality of library records. Retrieved June 4, 2009, from http://www.ala.org/ala/aboutala/offices/oif/statementspols/otherpolicies/policyconfidentiality.cfm.

American Library Association. (2005a). Law-enforcement activity report online. American Libraries 36(9). Retrieved June 2, 2009, from Academic OneFile, Gale.

American Library Association. (2005b). Policy on confidentiality and coping with law enforcement inquiries: Guidelines for the library and its staff. Retrieved June 4, 2009, from http://www.ala.org/ala/aboutala/offices/oif/ifissues/confidentiality.cfm.

American Library Association. (2008). Code of ethics of the American Library Association. Retrieved June 4, 2009, from http://www.ala.org/ala/aboutala/offices/oif/statementspols/codeofethics/codeethics.cfm.

American Library Association. (2009). American Library Association home page. Retrieved from http://www.ala.org/index.cfm.

Examples and Further Reading

American Library Association. (2004). Michigan libraries refuse law student’s request for patron info. American Libraries 35(7), 18. Retrieved June 2, 2009, from Academic OneFile, Gale.

American Library Association. (2006). Library insists FBI warrant in alleged terror threat. American Libraries 37(3), 13. Retrieved June 2, 2009, from Academic OneFile, Gale.

American Library Association. (2007). FBI accused of violating library policy. American Libraries 38(11), 23-24. Retrieved June 2, 2009, from Academic OneFile, Gale.

American Library Association, Office for Intellectual Freedom. (2006). Intellectual freedom manual (7th ed.). Chicago: American Library Association.

Magi, T. (2008). A privacy victory in Vermont: A new law protects patron confidentiality. American Libraries 38(11), 23-24. Retrieved June 2, 2009, from Academic OneFile, Gale.

10 comments:

Peter said...

It's true that many people bend immediately and without question when they are approached by law enforcement or other "officials". Without our right to privacy, we've got no civil liberties left. I would take an even harder line on this issue possibly to the point of contempt. Not only do you *not* have to comply with officers without a subpoena, you don't even have to talk to them. Also, court documents almost always allow a certain amount of time for responding to such request. We wouldn't want to, or need to, hand over information immediately even if they produce a subpoena. My uncle (who is a retired NYC police) always told me "lie to a cop, not a doctor". Now, that may not be super-sound advice, but it makes a point.

Unknown said...

Peter has a good point, when people are approached by law enforcement or other officials their usual reaction is to divulge, divulge, divulge. And I'm thankful to see that in essense libraries basically do not have to hand over anything unless we are issued a subpoena or warrant. It certainly makes me feel better knowing that I am protecting patrons rights. And, I didn't even think about the fact that you don't necessarily have to provide the information right away with a subpoena or warrant. Lisa also made an interesting point of mentioning clearing history on library computers and getting rid of unnessary login sheets, etc. Lots of things to think about!

Greta Grond said...

Thanks for the post. I particularly appreciated the section on making your records policy work for you in this area. If you do not keep certain records, there is nothing for officials to obtain; it simply does not exist.

Michael Graulich said...

Great blog entry! I agree with Peter 100% Take a hardline with police/federal inquiries. They have to have their legal ducks in a row before they can do anything,and as librarians protecting our patron privacy, we can make them wait while we defer to legal authorities acting on our behalf(like a lawyer contracted with the library district). I think the advice about calling other staff members to be present for any kind of police/FBI inquiry is excellent. Strength in numbers is a great defense against police bullying. Someone on the discussion board mentioned that the FBI forbids librarians discussing any inquiries with each other; all the more reason to create a "scene" if it happens by calling as many staff to witness as possible. A good way to protect against unlawful secrecy. Thanks for this contribution to a great discussion.

L.M.Martin said...

In order to protect our patrons' rights, we must be prepared to defend them. Through the resources that you have highlighted we are already better prepared to do so. We must take the offensive and prepare. All library staff should be made aware of privacy policies at all levels of authority and a plan of action should be created in order to implement if such a situation should arise. If we are educated about our patrons' rights, we will be less likely to fail to protect them.

Orien D said...

This was a very informative blog! Being that my brother is an officer for Detroit, I know how those in authority can influence someone to compromise their position and divulge information (even if they don't realize it), like Sarah and Peter stated. The procedures and tools provided in the article, to protect the privacy of library patrons, are a great line of defence against an intimidating authority figure. In most cases you could just direct law enforcement officials to a director or legal representative, as the article describes, but who knows when you could find yourself facing this dilemma on your own. There have been many times, at Comerica Bank, where I have been contacted by a law enforcement offical requesting information about a customer and a supervisor is not available. However, with the policies and proper training that are in place, this is never a problem.

Lisa Rickey said...

Glad I could provide some helpful info. I didn't explicitly read anything that said "call for backup" but it just seems like a good idea. It's good for more than one person to have some idea what happened. And more importantly, in case there is a question about what exactly YOU said or did, you have someone on your side who can back you up as to the actions you took.

Kate Van Auken said...

Lisa,
You have provide a great outline for a library looking to formalize a policy for the US Patriot Act. Great Job.

Joseph Miller said...
This comment has been removed by the author.
Joseph Miller said...

I've heard a lot of people on the forum and on the blog talking about "deleting" information about the patron's previous book holdings, etc. However, I wonder if this is the normal "deletion" from a hard drive, which actually isn't deleted until it is overwritten and thus still retrievable with certain technologies. Or is this information never actually on a hard drive somewhere and thus when it's deleted it is gone.
I'm just wondering how effective this "deletion" is in terms of whether this information is still retrievable by law enforcement via computer clean rooms. Does anyone have further information about how thorough these deletions are? I for one would love some techie help on this answer.
I only bring this up because my brother works for a company that can retrieved "deleted/destroyed" information off hard drives and what often we consider deleted is actually still on our computer until it is overwritten.