As our Nation moves forward during this time of mourning and recovery, it is important that we continue to protect and preserve the freedoms that are the foundation of our democracy. Our Nation's libraries are trusted, impartial resources providing information on all points of view, for all people. America has been served for over two centuries through public, school, academic, research, law, and special libraries in our many diverse communities and institutions. The role of libraries as a national resource must not be compromised by the erosion of the privacy rights of library users.
The Library Associations listed below call on our Nation's leaders to move cautiously in proposing new laws and regulations aimed at terrorism. We are concerned that some of the legislation proposed thus far threatens the rights of the public and undermines the confidentiality that is crucial for the flow of information needed for the provision of library services and most importantly, the vitality of our democracy.
As the national debate on how to maintain our freedom while assuring appropriate security moves forward, the library community will balance the impact of any legislative and regulatory proposals on the privacy and First Amendment rights of library users. The proposals thus far have raised significant concerns, including:
- Expansion of Pen Register and Trap and Trace Devices to the Internet
Issue: Libraries are providers of information to the public and do not monitor information sought or read by library users. To the extent that libraries "capture" usage information through computer logs or networked services, this is purely for administrative, housekeeping purposes. There are instances when there is a need for law enforcement to collect information from libraries, and in such circumstances libraries comply with court orders. Any new legislation in this arena raises potentially significant First Amendment and privacy concerns. Proposals to allow these devices to capture information about electronic mail, web surfing, and other kinds of electronic communications over the Internet raise at least two concerns.
First, the expansion of the information captured by these devices goes far beyond their use in traditional telephone settings, where a trap and trace device notes only the numbers dialed to or from a certain telephone. Internet "addressing and routing information" may include considerable information about the content a user viewed, and it may include personal information submitted to a web site. This is a major expansion of the scope of information made available through the use of these devices.
Second, proposals also include allowing trap and trace information to be collected in relationship to a person, rather than a location. Unlike a computer in a home, a library computer is open for use by the whole community. In many libraries, it is impossible to narrow the use of a trap and trace device to only reach the communications of particular individuals.
Recommendation: The current standard of "relevant to an ongoing investigation" may be entirely appropriate for obtaining a court order for a pen register or trap and trace device for telephone. There should be a higher standard for obtaining a court order if there is an expansion of the number of users monitored or the content of their communications. The information collected through an order should be specified as narrowly as possible.
- Expansion of Access to Business Records (including library circulation data)
Issue: Library circulation records are highly confidential and are protected from disclosure under most state laws. Confidentiality assures library patrons that, in ordinary circumstances, they will not be subject to intrusion, intimidation, or reprisal for their choice of reading material or research topics. Libraries already provide law enforcement officials such records if served with a court order.
Proposals to make it easier to access so-called business records by lowering standards and eliminating judicial review would appear to apply to library circulation records as well. If adopted, these proposals would eviscerate long-standing state laws and place the confidentiality of all library users at risk. Such proposals could also apply to electronic records showing the history of web sites viewed at a library's public workstations -- records that may well include personal information about individuals wholly uninvolved in any federal investigation. These types of proposals violate existing privacy laws and policies.
Recommendation: There should continue to be a high standard for obtaining a court order requiring the release of library records. This is of special concern to libraries given the mission of libraries to provide access to information and resources, including the technological means to achieve such access, while protecting the privacy and First Amendment rights of library users.
- Expansion of Access to Educational Institution Records
Issue: The library community shares Congress' longstanding commitment to student privacy and the confidentiality of educational institution records, which is reflected in current federal laws such as the Family Educational Rights and Privacy Act of 1974 and the Children's Online Privacy Protection Act of 1998. For democracy to flourish, individuals must be able to control the disclosure of privacy information such as their academic records. Of course, if there is a legitimate law enforcement need for particular educational records associated with particular individuals, the library community cooperates and will continue to cooperate with such efforts.
Recommendation: There should continue to be a high standard for obtaining a court order requiring the release of educational institution records. Students' privacy and First Amendment rights remain high priorities for the library community, and existing law permits sufficient access to the records created and maintained by educational institutions.
- Expansion of the Definition of Terrorism
Issue: Libraries are concerned that the expansion of the computer fraud and abuse provisions could have unintended consequences for users. For example, any proposal that concerns computer fraud and abuse provisions could mean that relatively low-level cybercrime offenses by "hackers" (including users in libraries) could become "terrorist" activities. Similarly, we are concerned that the expansion of the definition of terrorism could have the effect of sweeping in copyright violations, including infringement.
Recommendation: Libraries believe that there is adequate existing legal authority for law enforcement to deal with computer crimes. Libraries question whether there is a need for new and exceptional authority.
- New Mandates for Technology
Issue: Libraries use a wide range of technologies to provide Internet and other electronic information to users, which vary based on the communities served and the library's resources. New technological requirements should not be imposed on libraries, many of which already struggle to meet user demand for access to Internet and computer resources. Proposals that require certain types of information to be retained in libraries' limited-capacity databases for extended periods of time, or that require law enforcement technology to be added to a library network, may have substantial unintended consequences that affect libraries' ability to provide core user services.
Recommendation: The library community believes that libraries should not need to reconfigure their systems or undertake actions that exceed their existing technological capabilities.
American Association of Law Libraries;
Mary Alice Baish, Associate Washington Affairs Representative;
American Library Association;
Lynne Bradley, Director, Office of Government Relations;
Association of Research Libraries;
Prudence S. Adler, Associate Executive Director;
Medical Library Association
Mary M. Langman, Manager, Information Issues and Policy
312-419-9094, ext. 27
October 2, 2001