Extracts from an internal Q and A document produced by Devon Libraries. In this they admit to privacy concerns but make light of them (see intern5.htm  and DCC's dismissive reply smithreply.htm). The fact that I was allowed to read this document in Sidmouth library is now at the centre of a legal dispute. Events at the time are described at intern23.htm#internaldoc

The Q & A document was four pages long: only the paragraphs related to privacy and snooping are reproduced here. In seeking to justify the use of ticket numbers for accessing computers, and subject always to Terms and Conditions that would be more at home in a Eastern Bloc Police State (terms_and_conditions.htm), Devon Library Services produced for its staff the following list of excuses. Obviously, they had had a number of library users unhappy about the extent to which 'electronic trails' were being established, with each web page accessed being logged against ticket numbers.My comments on each one of DCC's excuses are shown in purple.

1.  "We need a unique identifier for each person for the booking system". Not true, it would be quite possible to book computers using a name (real or imaginary) or a unique number code generated and valid for just the one booked session. The notion that computers must of necessity be booked using a ticket number that can be traced uniquely to a borrower is simply another dismal justification for development and use of an all-pervasive command and control snooping system.

2. "So we can measure patterns and types of use so as to match supply to demand". How laughable! For a start, patterns of use can easily be determined to the required degree of statistical accuracy using survey (snapshot) techniques. Pretending you need to log each and every use is like saying you need to count every vote before you know who has won an election (pregnant chads in Florida notwithstanding!!)

3. "So that if people abuse the system we don't blame the wrong person. By abuse, we mean things like sending death threats by email or persistently trying to access pornographic websites". Again, how comical and amateurish. The control on obtaining and using both emergency ticket numbers and other people's numbers was and remains so lax in all Devon libraries (and most Online sites elsewhere) that the whole concept of being able reliably to uniquely identify a 'wrongdoer' based on these systems is laughable - and I told DCC exactly this in my letter of 22 August. In addition, determined paedophiles are cunning people and could easily circumvent the pathetic security systems built into Devon Libraries. The vast bulk of pornographic sites are blocked (as they should be) at the main DCC server - so there is no point in 'persistently' trying to access them!

4. "because the old paper based system was very unreliable and staff-intensive, and wasted an awful lot of trees!" Oh dear me! When even Devon County Council start to use an environmental excuse for doing something, you just know they are scrabbling around for any available argument. The old paper based system was appalling in terms of data protection (see intern5.htm) but given that it could be circumvented even more easily than the system based on ticket numbers it did have one advantage! The paper it consumed was utterly insignificant. The energy used by the new command and control computers would be far more environmentally damaging.

***************************************************************************

When faced with a library user concerned about privacy aspects of having to log in using ticket numbers, DCC library staff were instructed to reply as shown below. The red numbers refer to my comments: I hope DCC enjoy reading them. Are all libraries run in this manner and is it not about time we had a coherent national policy permitting privacy and dignified use of computers without all the pretence of monitoring and local officials being allowed access even to our encrypted bank records? Soon they will have our medical records on-line too. Some thoughts are given in filtering_pornography.htm.

Q: So then they ask "what about my privacy?"

A: The new system is actually much more private than the old one which had names on a sheet of paper for all to see! (1) Only library staff have access to the booking record (2), and they can't see what people are doing on screen (3). It's only if someone abuses the system that staff may become aware (4), and that's via a central monitoring system to which access is strictly limited. When this does happen, we will use the record to identify who was using the computer in question when the abuse occurred (5). And of course all the normal rules of data protection apply (6) - the legal requirements outlined in our Acceptable Use Policy apply as much to library staff as to members of the public.

It is difficult to know where to start in dismantling this rubbish. No wonder DCC have become so exercised knowing that I was allowed freely to copy parts of it! The document in question was taken by me from the same location and in the same manner as several other documents I had read in June/July/Aug and without ever any objection having been raised by any member of the Library staff.

(1) At least DCC are here admitting the inadequacy of their paper based system in terms of data protection - and despite the dismissive comments in the letter they sent me (smithreply.htm).

(2) No they didn't. Names and details were recorded on the iCAM control system and could be read from six feet away (not that it really mattered, but occasionally one could discern the name of a delectable girl who arrived to claim her computer!). It was all so easy to defeat these systems.

(3) Staff can and do monitor a great deal that is 'on screen' and to my knowledge they on more than one occasion asked people to stop accessing 'mild' sexual material. Most of the time they didn't bother. I remember one girl who was writing an email in very large type all about oral sex. Most passers-by were concerned only to read what was on her screen! I was more interested in copying her ticket number to add to my list.

(4) Rubbish

(5) Rubbish. Anyone with an ounce of ability would use another number, not his (or her) own, for any dubious session. I collected and used dozens of numbers. Where did I get them? From library computer screens. So did several other people I could identify! Most people just noted down and used the emergency numbers which were supposed to be kept a staff secret yet became widely known and misused within weeks of the system coming into operation. Amazingly, the same numbers would work at any Devon library, month after month (see data_outtake.htm for more details) .

(6) The normal rules of data protection include that material of a personal nature (name / address etc) should be displayed on publicly accessible computer systems on a need to know basis only. DCC appears to pay no heed to basic principles of data protection.

next page  smithreply.htm