Publishers Proposing Surveillance Tech on Libraries

Gautama Mehta’s recent article “Proposal to install spyware in university libraries to protect copyrights shocks academics” is an important read. I appreciate the many issues it raises and the great links to additional commentary about Elsevier’s and Springer’s problematic Scholarly Networks Security Initiative (SNSI).

Although the article mentions digital rights advocates and scientists, I did not see much written about the fact that librarians are not passive recipients of technology in their libraries.

The article says “…the proposal to install surveillance software in university libraries is only hypothetical.” but nobody gets to come in and just install software in university libraries. Librarians actively engage in making well-informed technology decisions. As an academic librarian, I would like to call attention to the perspective that librarians could be expected to have with respect to the SNSI’s hypothetical proposals.

Libraries are the living results of ongoing development, change, care, and preservation by many people in collaboration. We make intentional, studied decisions on how we go about our work. Generally speaking, we aim to provide equitable and safe access to information for everyone.

In fact, librarians have professional codes of ethics. For example, the International Federation of Library Associations and Institutions (IFLA) Code of Ethics for Librarians and other Information Workers explicitly guides against the sort of scheme being proposed by the SNSI’s oligopolistic publishers. Within the code, a section titled “Privacy, secrecy, and transparency” states:

“The relationship between the library and the user is one of confidentiality and librarians and other information workers will take appropriate measures to ensure that user data is not shared beyond the original transaction.”

The guidance here closes the door on permitting a third party to collect additional biometric data about people using the library’s tools or services. In fact, it asks that we take measures against that possibility. And we do. Discussions about ensuring user privacy are not uncommon when we consider how we implement services.

Librarians take very seriously the implications of what might happen if data about a person’s research interests were to be obtained by third parties that might sell or use it in unexpected, detrimental ways to that person’s academic freedom, well-being, or personal security. Although I’m not arguing that libraries are perfect in this regard, librarians have a history of advocating for privacy and security rights alongside rights to access information.

We also have a professional responsibility to ensure that people respect the rights of authors, publishers, or other creators (see the section in the IFLA code on “Open access and intellectual property”). We fulfill that responsibility in various ways, including educating people on legal access.

Respecting intellectual property rights does not conflict with the responsibility to protect privacy or confidentiality nor should the two be deceptively pitted against each other as the SNSI appears to be attempting. One avenue that can help alleviate misconstrued tensions in these two objectives is to advocate for open access publishing and reasonable copyright terms, which we put considerable effort into, but that is another story.

Keep in mind those ethical guidelines that professional librarians consider while implementing technology in libraries. How then, can these SNSI publishers imagine that we would possibly entertain implementing such a privacy-leaking, invavise technology as they have described? One possibility that was mentioned is that they would dangle discounts to their databases in front of us. That sort of mafia-protection style scheme is a non-starter from this librarian’s perspective. I suspect the answer is that they know we would not support any of this and that is why their stategy instead appears to be targetting overall university security.

Mehta’s article notes that the SNSI has made a “…mandate of protecting higher education from cybercriminals…” Furthermore, the FAQ on the SNSI website asks “Why should I be worried about security within university networks?” and provides this response:

“The higher education sector is particularly vulnerable to cyber-attack due to the large amount of personal and research data that universities, including library systems, routinely store….”

All of this strikes me as a strategy to position sales of their invasive, surveillance technology as a means to protect the university’s data and IT systems against potential attacks. In other words, to go around libraries by engaging other segments of their institutions.

That approach misleads, as was linked elsewhere in Mehta’s article. University security is unlikely to be under much of a threat due to the sort of activity the SNSI’s tech would supposedly operate on.

I hope that knowing about librarians’ professional codes of ethics and our overarching aims suggests something useful about the proposed surveillance technologies from the SNSI. Specifically, we would challenge such technologies, reducing the likelihood of them leaving the realm of the hypothetical or succeeding in production environments.