Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Privacy

Building Anonymous-Friendly Computer Libraries? 301

Posted by Cliff from the protecting-your-privacy dept.
H310iSe writes "Listening to NPR today and caught a story on All Things Considered about how the FBI has demanded information on borrowing and browsing habits, including computer seizures, from 85 libraries since Sept. 11 (utilizing their new-found powers from the PATRIOT act). Similar stories (which don't require RealAudio) are here and here. The American Librarian Association is providing information for librarians to help deal with this, and it seems heavily tilted towards supporting individuals' rights to privacy. It seems like the Slashdot crowd could come up with a great library computer setup that would protect anonymity (I'm thinking about things like creating a RAM disk and loading the OS onto it). How about ways to enable people to borrow books anonymously without opening the door to large-scale theft? I bet if we offered a packaged, free, easy to install Safe Browsing computer or Anonymous Checkout program, libraries across the U.S. would enthusiastically embrace it." According to the articles, these checks can be made for any reason, not just for suspected terrorism. It seems that if the American people are going to protect their rights, they are going to have to do so actively. Is the idea presented above, feasible? How would you improve upon it?
This discussion has been archived. No new comments can be posted.

Building Anonymous-Friendly Computer Libraries? More

Building Anonymous-Friendly Computer Libraries?

Comments Filter:

  • interesting... (Score:3, Insightful)

    by graznar ( 537071 ) on Sunday August 11, 2002 @11:52AM (#4050597) Homepage
    hmm i agree that the users rights should be protected. but maybe the RAM disk is a little bit of over kill. i think potentially it could be solved at a software level rather than having to reload the OS into a new location. theoretically, browsing habits can be covered easily at the software level with many programs available on the internet. i sure wish the CoDC would come up with something for this. :)
    • Having the OS on something that is loaded clean at each boot would be a good idea for other reasons.

      If the browser history were filled with porn, if the computer were infected with a virus, or if a keystroke logger were installed, everything could be cleaned up with just a reboot. (The keystroke logging thing happens more often than you would think on public machines.)

      An OS that boots from read-only media (like some CD-based Linux distros) would accomplish the same thing.

    • Go Back... (Score:2, Insightful)

      by Blue Stone ( 582566 )
      Roxio's GoBack 3 has an "Auto-Revert" function that automatically restores the hard disk to a pre-determined "clean" state, at a given time/event (midnight/shutdown/whatever.)

      They tout it as being ideal for cyber-cafes and libraries.
      Unlike GoBack's normal working state, where a detailed history of the drive's activity is maintained, when Auto-Revert is enabled, no history is kept after a revert; all that's left is the "clean state."

      Sounds ideal for preventing authoritarian agencies from snooping on their citizen's web surfing habits. :)

  • Why? (Score:3, Funny)

    by Anonymous Coward on Sunday August 11, 2002 @11:54AM (#4050603)
    WHY on EARTH would you want to hide from Big Br... er, Our Benevolant Government? You must be guilty of something! Stuff him and cuff him, boys!

  • Privacy So Important? (Score:1, Troll)

    by Anonymous Coward
    Does anyone really think that the privacy to look up whatever info you want is important enough to justify the fact that that privacy WILL be used by someone somewhere to take lives?

    The people who built the propane bombs that thankfully didn't kill anyone at Columbine got their info off the internet. Kevin Mitnick was able to escape justice by using anonymous chat rooms. No doubt there are terrorists using it to communicate as we speak. I just don't think that your paranoia about what someone might find out about your computer habits justifies the risks that have to be taken.

    Why not just accept that what you look at might be known by someone else? If you aren't trying to make bombs or Anthrax or anything, you'll be fine. To do otherwise is to put your own wants above the lives of others.

    • Re:Privacy So Important? (Score:5, Insightful)

      by Fat Casper ( 260409 ) on Sunday August 11, 2002 @12:07PM (#4050657) Homepage
      Does anyone really think that the privacy to look up whatever info you want is important enough to justify the fact that that privacy WILL be used by someone somewhere to take lives?

      Yes. I'm sorry; yes, Mr. Anonymous Coward. I cherish my freedom, as you apparently cherish your anonymity. The price of having freedom is allowing other people to have it, too. You apparently believe that freedom is really just the freedom for all of us to be exactly like you. If we don't want to do anything that you don't like, we'll do fine. Because so many people are fucking morons, that means letting them have the freedom to saturate the airwaves with the Backstreet Boys, or the freedom to learn about explosives. We have to accept these dangers as simply the cost of doing business.

      Just as my right to privacy is important enough to justify the fact that that privacy WILL be used by someone somewhere to take lives, my right to due process and a fair trial is important enough to justify the fact that due process and fair trials will end up allowing dome "detainees" to go free.

    • Does anyone really think that the privacy to look up whatever info you want is important enough to justify the fact that that privacy WILL be used by someone somewhere to take lives?

      Given the general interest among US citizens about Islam, terrorism, and methods of terroism that has been shown through the packed classes on all three at colleges and the huge amount of hits that such websites are getting, I seriously doubt that we can say that that privacy WILL be used to take lives. What the Justice Department is doing here is policing the freedom of information and stifling an interest in the unknown and relevant. If there's a piece of evidence that will prove that someone is a terrorist, it won't be found in what books they checked out or what website they went to in the local library. And if such evidence were admissable in court, then a whole lot of curious, middle class white Americans would be heading for the slammer.
  • ... but the library could have a service where they download a book into your eBook or other reader, set to expire when the book is "due".

    If their software doesn't keep records -- which they won't have to, as "overdue" downloads remove themselves -- there is nothing to subpoena.

    That said, my borrowing habits are innocuous enough that I'm having trouble mustering a lot of outrage over this whole business.
    • That said, my borrowing habits are innocuous enough that I'm having trouble mustering a lot of outrage over this whole business.

      They're innocuous right now. Wait until your favorite author publicly supports something unpopular. Wait until these records become even more public; you'll be looking for a job and the interviewer won't like your taste in books. You could get turned down for a mortgage because the bank sees you return books late sometimes.

      I don't go to the library- I buy a lot of used books. My borrowing habits are about as innocuous as you can get, not being on their records. I've still got outrage enough to spare. Wake up and muster some yourself.

  • now if only we could build an anonymous-friendly slashdot, that doesn't place posts at 0.

  • Dead Man's Switch? (Score:2, Interesting)

    by Ophelan ( 55379 )
    Perhaps the information on the reader could be encrypted with some sort of "dead man's switch", except that it is triggered to release the information to the library in the event that the book is not returned in a timely fashion. At this point, the encrypted record is purged from the system.

  • Anonymous Checkout? (Score:3, Interesting)

    by cheinonen ( 318646 ) <cheinonen&hotmail,com> on Sunday August 11, 2002 @11:57AM (#4050619)
    Maybe I'm not sure what exactly the submitter means by Anonymous Checkout, but if they don't know who checked out a book, why would anyone ever return it? I guess I'm just confused about that issue of this idea, they have to maintain some records so that they can fine people that don't return books, right?
    • Instead of checking out the actual book they could check out the amount the book costs (plus some extra as a deterrent). This way if you lose the book, you pay for the amount and the book comes up as missing (not who lost it though). The same thing could apply to other materials (they would just cost more or less). The time when is due as well as overdue fees would remain the same. The problem is the software not the feasability.

  • Just purge records (Score:5, Insightful)

    by BenCaxton ( 114005 ) on Sunday August 11, 2002 @11:58AM (#4050621)
    It's my understanding that a lot of libraries don't keep any records of who has checked out a book in the past. The only records kept are who currently has the book and any info pertaining to fines. The same could essentially be done with computer usage. The records of who was using a computer need not be kept past the end of a day, and the hard drive could then be synced to some disk image (I know some places already do this too, just to keep the machines working properly). I'm not sure any fancy technical solution is really necessary. If libraries are really interested in protecting privacy they can do it.

    • Re:Just purge records (Score:2, Interesting)

      by DrZish ( 520513 )
      At the library where I work something similar to this happens. The only information that our computer system keeps on a patron is what items they have checked out and what fines they owe. Once they return the book or stop using a public internet station the item is checked in, removed from their record and we have no way of knowing what they have out. Now I guess someone could look at the backup tapes but we only keep a 3 week cycle of those anyways so after those are overwritten there is no way we can tell what someone has checked out. The computer system is actually better from a privacy point of view than the old system using paper cards in each book. This is because with the older paper based system the card numbers are stamped on a card which remains with the book until it is removed from the collection. Therefore, at my library at least the computers seem to be more anonomous than the old way. Of course I believe we also have a policy that we cannot release borrower information without a warrant anyways.

  • if you build it.. (Score:4, Insightful)

    by mjolnir_ ( 115649 ) on Sunday August 11, 2002 @12:00PM (#4050626)
    ..the Feds will complain and Congress will simply mandate that any US library that receives any federal aid (ie, all of them) use a browse/borrow system that can supply exactly this kind of information.

    Patriot Act, indeed. If you want to be a patriot these days, go vote in November and boot these current idiots out of power.

  • Are you sure it's a computer problem? (Score:4, Insightful)

    by Sheetrock ( 152993 ) on Sunday August 11, 2002 @12:01PM (#4050633) Homepage Journal
    First things first, one would have to assume that the librarian and network techs can be fully trusted. If not, any library-provided computer has to be considered untrustworthy unless you bring your own laptop, in which case what's the point, right?

    Respect for the anonymity of the library patron (at a minimum) needs to be codified in law. Otherwise, at any point the government can stop funding libraries that don't track patrons (like McCain's initiative that flew through Congress mandating web surfing filters) or worse.

    If all these conditions are met, then if the libraries refused to use proxy logs or anything of the sort, and set up network PCs that ghosted themselves from a server (preferably with Linux) every time a patron logs out to fight trojan loaders and such, then things would go pretty well. But I don't think that it's the technology that's at issue.

    Our librarian is pretty cool about these things, by the way, and probably would go for setting up something along these lines if she thought it'd be worth the investment. It wouldn't be, however, because there's still a lot of other variables that prevent such a setup from presenting anything other than a false sense of security.

  • anonymous borrowing (Score:4, Insightful)

    by pensano ( 168570 ) on Sunday August 11, 2002 @12:02PM (#4050637) Homepage
    A borrower could get an anonymous ID number (anytime) and leave a deposit, refundable upon return, for the replacement cost of each book checked out.

    The only problem I see with this is that some people might not be able to come up with the deposit -- they could use the old, non-anonymous system.

    • Re:anonymous borrowing (Score:3, Insightful)

      by ipfwadm ( 12995 )
      The only problem I see with this is that some people might not be able to come up with the deposit -- they could use the old, non-anonymous system.

      Oh, so anonymity is the privilege of the wealthy, and not the right of the people? How equitable.
      • There is a price associated with anonymity. How do you suggest we counter the liability of loaning books to strangers? The price you pay with anonymity is trust. Nobody inherantly trusts strangers for long.

        • Re:anonymous borrowing (Score:3, Interesting)

          by ipfwadm ( 12995 )
          How do you suggest we counter the liability of loaning books to strangers?

          Simple. I suggest we don't loan books to strangers. I wasn't the one advocating anonymous borrowing. Personally I think the solution is for libraries to just destroy borrowing records after the book is returned. I have no problem with libraries keeping historical data on how many times a book was borrowed, but there's no reason they should keep individual borrowing histories. And from other comments, it appears as though many libraries already use that policy. Anonymous borrowing is totally unnecessary.
          • And from other comments, it appears as though many libraries already use that policy. An onymous borrowing is totally unnecessary.

            I've never worked at a library that kept the records for long. But most books aren't checked out very often. Sensitive books are mostly read in the library so your record could easily be kept for 10-15 years even if they only keep a record of the last person that checked out the book. I shelved Mien Kampf every 6 months or so but it hadn't been checked out in years. I was only one page out of 4 in the branch so it was read every 6 weeks or so.

            They kept the last person checking out the book in case it was reported damaged by the next patron. Of course an expiration date on that would have made sense since you can't claim someone who had the book two years ago damaged it. But libraries subsist on donations and usually a stipend for salaries, and sometimes building maintenance. Large city libraries purchase books, but them smaller ones rent them or get the donated. If you ever checked out a book with a green label it was probably rented. Sometimes this is just the new fiction.

            Unless it's a large city library the tech department is probably funded by grants from private foundations. Sometimes they get some government money from sending books to a scanning and pulping operations, but only if they have enough rare books that it's worth the effort. Their buildings are usually something that was condemned or abandoned. If it's an East coast and nice looking that's explained by the robber barons that established them a while back. The foundation is generally bankrupt but may still restrict the actions of the library for good or ill.

            The library is unfortunately a dying institution. They can't even lend out software. And their efforts to offers to lend scanned books online can only apply to books printed before 1850-1925 depending on when the author died. Hours are constantly cut back in even the wealthiest library systems. By now there should be 24-7 libraries.

            If I ever fund a library it will be open 24-7, foundation supported and have not be allowed to accept any operating funds from any government.
      • Oh, so anonymity is the privilege of the wealthy, and not the right of the people? How equitable.

        Preach it brother! It's just like those super-scary GPS equipped cell phones that they're always using to track poor people. I consider myself lucky that I'm wealthy enough to use land lines and pay phones.

        • It's just like those super-scary GPS equipped cell phones that they're always using to track poor people.

          No one is forcing you to use those super-scary GPS equipped cell phones. If you don't like it, use a pay phone. No one is forcing you to use your platinum credit card. If you don't like it, use cash. And so on. On the other hand, many poor people can't afford to drive the 8 mile-per-gallon SUV that they don't have to the local Barnes and Noble and sip cappuccinos and buy a hundred dollars worth of books. For these people, a free library is their only chance to read (and that is, after all, the point of a free library - to give everyone the opportunity to read for free). Everyone on /. seems to believe that privacy and anonymity are a basic human right, but then the original poster turns around and implies that no, those things are just a privilege of the wealthy. Personally I don't give a damn if Big Brother knows what I read, I'm just pointing out the hypocrisy in the argument.
          • If you don't like it, use a pay phone. No one is forcing you to use your platinum credit card. If you don't like it, use cash.
            You don't really have that luxury of choice any more: already most of the pay phones around here are gone. The phone company says they aren't getting enough revenue to justify maintaining them, so they are ripping them out.

            Some businesses do not accept cash anymore, or very reluctantly. Try renting a car or getting a hotel room with only cash. How about paying for a resaurant meal with a cheque?

            • Some businesses do not accept cash anymore, or very reluctantly.

              I have NEVER encountered a business that does not accept cash. As for renting a car or getting a hotel room, I have, with cash, no problem.

              How about paying for a res[t]aurant meal with a cheque?

              Checks aren't anonymous. And besides, I understand why businesses are reluctant to accept checks. You never know if one will bounce (as opposed to credit cards, which nowadays are verified instantly).
      • The only problem I see with this is that some people might not be able to come up with the deposit -- they could use the old, non-anonymous system.

        Oh, so anonymity is the privilege of the wealthy, and not the right of the people? How equitable.

        For anyone reading /., the replacement cost of a book as a deposit is no impediment to anonymity, but you are so right about the implication for those for whom the library is the key resource, those who almost certainly cannot find the deposit money. It is a very tricky problem, I see that it is actually two issues. First access to resources within the library premises. In this case a deposit really shouldn't be an issue since we should be able to "secure" the book/computer/whatever to the premises in an acceptable way whilst retaining anonymity. The second issue is when the user is to be granted permission to remove the item from the premises, the nice thing about this is that clearly browsing habits are not a part of this problem and so we are just worried about reading habits.

        The library user goes into the system as having borrowed a book, the title is irrelevant, but the item has a due/popularity/price index that is used as the basis for calculating late fees and damages and this index is assigned to the non-anonymous part of the library users account. So in the event of lateness or default then the user can be charged but the actual book remains anonymous. The library can then use it's catlogue system to detect which books are missing from its deposit and replace them. The netting of the cash from the defaulting system and the cost of replacing books should be zero within reasonable tolerance.

        This leaves one problem, borrowing a high index book and returning a low index book, wearing the fine and selling the high index book for a relative profit. Well, this is a bit trickier, but certainly the system could ensure that high index book borrowed == high index book returned which would help enourmously and you could go further by encoding the title of the book in a write only cypher with the borrower holding the key, that way the return could be managed exactly without identifying information about the borrower being available (this last bit is probably unnecessary given the way libraries actually work.

        Using this approach, libraries can still record the statistics about borrowing habits from the catalogue, they just can't track who did what.

        Admittedly the risk here is that the anonymous library user who legitimately loses or damages a high index book might be paying more to replace it (since the index would be inexact to protect correlation between price and title) but that _is_ a reasonable price to pay for anonymity since you know it to start with and it is only for exceptional cases.

  • well (Score:5, Interesting)

    by AllMightyPaul ( 553038 ) on Sunday August 11, 2002 @12:03PM (#4050642)
    If you ask most any librarian, he or she will tell you that they do NOT give out information regarding borrowing histories without a warrant from an official and will not give out to anyone else for ANY reason. Most libraries in colleges and universities purge all those records as soon as possible if they know what is good for them. Public libraries aren't so good at that, but still don't like keeping that information longer than they have to.

    My mother has been a librarin for over thirty years at various places of business, including private corporations, public libraries and at colleges and universities and from listening to her, I believe it is the general sentiment of the ALA to protect their reader's privacy. If you all take a moment to recall, it was the librarians who fought the most against COPPA because of they inherent censorship created by the requirements.

    What does happen, however, is libraries will outsource their searching services because they don't have enough money or manpower to handle the computer equipment themselves. When that happens, the business they outsource to may not have the same ideas in their head concerning privacy and censorship and will start storing this. Unless libraries get more funding, it's likely that outsourcing will continue and records will be saved.
    • I worked as a developer in a major university library for about two years. The system I worked on only tracked requests made to borrow books through other universities, but it kept ALL of them. Your whole history. This system was used at a whole host of other libraries, including NYU, ASU, Berkely, and more.

      The main system that kept track of circulation for the whole library also kept all requests. And it gets worse. I shouldn't have known that; it was outside my employee privileges, but several reference librarians kept the username and password posted on post-it notes, and being able to look up my own circulation record via telnet (or tnvt3270 or whatever it was) was way too convenient. From that point, looking up someone else's circ records was often way too interesting.... oh, and did I mention that the library used your SSN as a unique ID?

      Anyway, the point is, the system saved ALL your information, and it was fairly easy to get to it. If we were counting on practices of libraries to preserve anonyminity, I wouldn't feel all that secure....

  • As one that works in a Library Systems Office ... (Score:3, Informative)

    by Anonymous Coward on Sunday August 11, 2002 @12:05PM (#4050647)
    ... Privacy is extremely important to us. We allow not only Web browsing but also offer full the full MS Office package on several hundred computers so that people can work on their projects as they conduct their research.

    While not completely secure, we clear the web browser cache and history each time the browser loads (and it closes itself after 10 minutes of inactivity o further help this along).

    We also remove the contents of "My Documents" and then the Recycling Bin each morning before the library opens. This is all done via scripts of course.

    Granted this isn't the best solution, as the info could still be retrieved, but between not requiring login's (there-fore not knowning where anyone that comes into the library was sitting) and deleting as much as we can, as often as we can it should help.
    • ... not requiring login's (there-fore not knowning where anyone that comes into the library was sitting) You see, that's the part that annoys me. Yes, protect the privacy of what they were searching for, but dammit, keep track of who they are and where they were working. Crackers aren't idiots, they know damn well where the anonymous computers are. We have this trouble with library labs all the damn time. I don't care if they were reading info on HIV, downloading insurrectionist pamphlets, or searching any number of embarrasing topics, but when ebay shows up at our door step with proof of credit card fraud coming from that pc, I damn well want you to be able to tell me who was sitting there...
  • You must have some pretty good crack in your pipe today. Anonymous Checkout? Sure! I'll just anonymously check out a few expensive books I've always wanted, and just keep them. Since it's anonymous, they'll never know who has them, so they can't bill me for them or come looking for them. The only way you're going to keep theft out of the equation is to keep tabs on who has what, but throw away that data the minute the book is returned. No amount of encryption is ever going to make anonymous checkouts work, since you must always be able to tell who has what.

    As for running your entire OS in a ramdisk...yea...sure...that's...great. I don't know about you, but I sure as hell wouldn't pass any mileage that simply wanted to put 3GB of ram in every public computer. All so that the entire OS can run in a RAM disk so that we can have a false sense of anonymity on those machines. If the FBI wants to see where a computer has been, they will find out. Yes, if they turn off the machine, everything is lost. But this will only get them once or twice. They aren't fucking idiots. They will catch on, and start going to the library's isp instead and plugging a nifty little black box between the library and the internet. "Wow, look! I can see every packet going in or out of that building. How nice!"

    Three words: Waste of money.

    • "As for running your entire OS in a ramdisk...yea...sure...that's...great. I don't know about you, but I sure as hell wouldn't pass any mileage that simply wanted to put 3GB of ram in every public computer. All so that the entire OS can run in a RAM disk so that we can have a false sense of anonymity on those machines."

      You can run an entire OS from RAM. Miniature Linux installations are available for free download on the WWW. They require under 50Mb of HD space, so what makes you think that it wouldn't fit in RAM? You don't need a power installation - just a GUI, a database, and a network connection to ghost the machine.

      "If the FBI wants to see where a computer has been, they will find out. Yes, if they turn off the machine, everything is lost. But this will only get them once or twice. They aren't fucking idiots."

      Whether you're an idiot or not, you can't just magically extract all the data from some RAM after it's been turned off. It's physical law. It's math. It's not an issue of IQ points.

      "They will catch on, and start going to the library's isp instead and plugging a nifty little black box between the library and the internet."

      Libraries do not need an Internet connection to look up databases for books. This can be done across an intranet, with no access to an ISP or the outside world whatsoever. To break into that and run a packet sniffer, the FBI agent would have to be sitting on the premises, where they could easily be seen.

      • Alright, I was hoping that maybe I could get some intelligent replies, but apparently not. I guess you really do need to spell it out for some people. (BTW, don't get the idea that this is entirely a direct attack on the parent's author. This is just the thread on which I clicked 'reply to this'.

        I'll start out with the issue of an OS not fitting into RAM. I don't know about your area, but in my area the libraries could give less of a shit about linux on their public access PCs. Realistically, the PCs aren't there in order to show the world that linux is a great solution for everyday problems, the PCs are there to provide a simple service. Word processing and internet access. PERIOD. There is a reason why those boxes are Wintel machines. Mainly because it is what 90% of the desktop computer using population is familiar with. Yes, linux would solve this problem quite nicely, but I can guarantee you that any proposal suggesting the use of linux would get a lot of "what the hell is leenux?" going on in the background, following by some light chuckling. When people go to the library to use the computers, they expect to use MS office, and surf the net. Sorry, but that is the extent of it. Yes, there is openoffice, and I agree that mozilla kicks the shit out of IE. But the fact remains, OpenOffice isn't MS Office, and mozilla is still plagued by plenty of IE only websites.

        Now for a few direct rebuttals:
        No where did I ever mention that an FBI agent would gain access to data on powered down RAM. The IQ reference was in regards to them shutting the machine off to begin with. Like I said, they aren't fucking idiots. If they lose the logs once to a RAM disk, you can bet they won't make that mistake again. Next time they'll simply leave it on, or as I said, tap the network at the ISP.

        And I don't know where you got the idea that I was referring to book checkout logs when I was talking about tapping at the ISP. I would sure as hell hope that any library with half a mind wouldn't use a public network to service their internal database transactions. However, even if the logs were the target of the search, they could just simply walk up to the machine hosting the database and fuss all they wanted to while the librarians called their bosses to explain how the FBI just walked in with a search warrant. And if you've read my previous post, you'll remember that you can't have both accountability and anonymity. The two are mututually exclusive. No amount of fancy encryption is ever going to change that. Please think before you flame. I don't post crap, so I don't expect crap in return.
      • The FBI could quite easily sneak a wireless AP onto the library's intranet, place the AP into bridging or sniffing mode (see the OpenAP project for ideas), and watch database lookups from their van parked at the coffee shop down the street.

        That's beside the point anyway. Patrons frequently use the library terminals for things they can't find in the dead-tree collection. This does require an internet connection.

        Here's an idea: Many libraries are on reasonably fast connections. Someone needs to create a small ram-based Linux distribution in a DOS executable. Something like Loadlin packed with a kernel image and filesystem image.

        Then place this distro on a server with some carefully-scripted web pages which exploit flaws in IE to run the package. This is because the library probably runs Windows security software that prevents the user from easily downloading and running arbitrary programs.

        The library patron walks up to the computer, and punches in the URL of this distro. The thing downloads, IE is tricked into running it, and the library's computer is now running a real OS from RAM.

        Build in whatever freedom and paranoia you want: Perhaps the kernel shuffles things around in RAM every few seconds to prevent memory cell persistence. Perhaps the browsing is done via a secure tunnel to prevent the feds from simply Carnivoring the library's pipe. Perhaps this system meets other similar systems (gnutella-style?) on the net and they proxy each other's data (Freedom.net-style) to make things hard to trace. Perhaps the screen font is Tempest-annoying.

        When the patron is finished, the distro wipes memory and reboots, back into the library's Windows for the next person to come along.

        Of course such a distro would also be used by lame crackers with nothing better to do than attack websites from the library. *sigh*
        • I like that approach, not sure if Windows will cache (write to swap, whatever) the DOS session the linux disto would run under but I suppose I could ensure nothing interesting is in there. Or if it really whiped the RAM then what about the people who have Word open and want to launch I.E.? I don't think the windows session would survive this intact :)

          Your second idea is interesting, something I was thinking about - IBM did something called crowds that were basically a peer-to-peer proxy program that would send requests randomly to proxy servers (other nodes on the network) - if a bunch of libraries ran this desktop they'd all be peer'd proxies for eachother, sending encrypted requests through several hops before it goes to the internet. The only way it could be traced to a source is if you could hack the proxies - you'd have to hack a good number of them record the NAT and keys in real time to trace who'se sending what.

          At least i think that's how it works. I like the idea of creating a huge national library network of peers - you could run your own gnutella-like network to encourage information sharing between libraries, etc.

  • Don't remove the books (Score:2, Informative)

    by dr_l0v3 ( 568242 )
    If you don't want to be hooked by some large data-mining net you can always read the book in the library and take handwritten notes.

  • Act on it! (Score:3, Interesting)

    by warkda rrior ( 23694 ) on Sunday August 11, 2002 @12:06PM (#4050653) Homepage

    Says the article poster:

    It seems that if the American people are going to protect their rights, they are going to have to do so actively.

    Of course you have to be active about protecting your rights. If you let someone else "protect" your rights for you, you let that third party decide which right you have (i.e. which rights that someone will defend for you).

    Methinks that instead of looking for technological solutions that will take a while to implement, we would be better off making a big deal of this issue. The more the general public knows about how FBI snoops into library records (about other things), the more stringent the public outcry.

    I am not saying drop the search for a technical solution, I am saying a lot of policies can be balanced through social means rather than actively fought through some kind of enforcement tool (e.g., technology).

  • Cash up front (Score:4, Interesting)

    by Comrade Pikachu ( 467844 ) on Sunday August 11, 2002 @12:13PM (#4050675) Homepage
    1. Library patron checks out a book. Barcode inside the cover is scanned in by librarian to register it as "checked out".
    2. Patron hands librarian the cash equivalent of the book, then walks off anonymously.
    3. When patron returns the book, he gets his money back minus late fees, if applicable. The intrest which accrues on the patron's money while it is being held by the library is used for salaries, maintenence, or additional aquisitions.
    4. Anyone can return a checked-out book for cash completely anonymously. All books are checked against a database of books in the library's collection to prevent fraud.

    It's not an ideal solution, since libraries should be in the practice of lending books for free, but it would work.

    • Re:Cash up front (Score:4, Insightful)

      by R2.0 ( 532027 ) on Sunday August 11, 2002 @12:29PM (#4050732)
      Problem is it this plan throws up an economic barrier to getting knowledge, which is the exact OPPOSITE of what a free library is supposed to be.

      Scenario: Poor kid doing a term paper. A smart, ambitious kid, and he needs some relatively obscure books. Cash value may be $100/per for academic stuff. So now this kid must come up with $300 cash to write his paper. It doesn't matter if he's going to get it back - he just doesn't have it to give.

      And the system can't be "opt-in". That means the well-off get to be anonymous, while the poor get tracked.

      Lord knows I think the ACLU is a bunch of busibodies, but they'd have a fit over this one, and rightfully so.
      • True, although *most* libraries don't prevent anyone from coming in and using the materials on the shelves, regardless of who you are. For example, not being a current student, I can't go check out books from our local University without paying a (rather high IMHO) fee to get a non-student library card. I can, however, sit down in the library and read anything I want.

        What this idea would do is allow the wealthy to research in the comfort of their own home, whereas the poor would have to take notes and do the work at the library.

    • Re:Cash up front (Score:2, Informative)

      by TKinias ( 455818 )

      [ checking books out for a cash deposit ]

      There's a very real drawback to doing this: many important works are out of print (and will stay that way until they enter the public domain -- but that's a different rant) and cannot be had at any price unless you can locate a used copy. If I found a library that would lend me -- anonymously! -- a book which I'd spent a year trying to find for, say, a $50 deposit, the temptation simply to "buy" it that way would be tremendous. Unless the deposit were made so onerous that no one could consider its payment an acceptable price to acquire the work, the system would fail. And if the deposit were that onerous, books would not circulate.

    • Re:Cash up front (Score:2, Insightful)

      by moody ( 7729 )

      I'm a librarian and I see a few problems with the anonymous checkout idea. The library at which I work does not keep records of what someone has checked out in the past as long as fines have been paid, but we do keep information on books currently checked out and books that have been returned overdue with fines, until those fines have been paid.

      This serves two purposes: to protect the library and to protect the patron. In a perfect world the system you lay out might work, but occasionally libraries make mistakes and sometimes people make mistakes or try to take advantage of the system.

      On the patron side: If a book is returned on time, but somehow never gets properly scanned, it may show up as not having been returned. Often patrons cannot or will not return books during open hours, so they will use the book drop. Also having to stand in line at the checkout desk to have a deposit return would at least double the amount of people in line at the desk, meaning longer waits, and perhaps higher taxes to pay for more personnel to deal with twice as many transactions. If the library makes a mistake and the book is returned and not checked-in but reshelved, there will be no way to prove that the book was in fact returned. The patron would have no ground to stand on in stating that the book is in fact on the shelf or checked out to someone else or some such thing, as there would be no record they had checked out that book in the first place. Merely a deposit.

      It might be possible to barcode cards and then input prices on the cards at checkout and then check cards inserted into the books on a patron's record, but in addition to taking more time, there would be no record of shelf status for the book (is this book checked out, withdrawn, missing, etc.) meaning anytime someone would want to see if something was one the shelf they would have to go and look, defeating much of the purpose of computer-based catalog systems.

      On the library side: In addition to some of the above points (which in many cases would be negatives for patrons and libraries), there are always a group of people out there who wish to abuse the system. A case in point is our printing policy. We do not typically charge per page on printing from public machines, and we used to have signs merely saying "The library reserves the right to charge for excessive printing." 95% of persons using the computers printed reasonable amounts. However, a small percentage would consistently come in the library and print out reams of stuff. We eventually started enforcing that policy, and eventually changed it to the current policy which is 30 pages free, pages 31+ 10 cents a page and printing. But the same contingent still likes coming multiple times during the day, trying to sneak out without paying, printing without doing a preview getting lots of stuff they don't want and hiding the undesired pages, etc. It's a pain. I'm hoping to develop some system for counting pages printed (perhaps running all print jobs through a central server) but with Win98 machines this seems to be an expensive and not-too-easy task.

      At any rate, I have no doubt that people would check out single materials, for instance, and then come back on a different day and try walking out with different stuff and say, "hey it's checked out on my record" and there might be no way aside from anecdotal evidence of the circulation staff to prove otherwise. People wouldn't remember what they had checked out. People wouldn't remember what they owned fines on. I'm sure the system could probably be undermined many different ways, while now we can say, "You have X checked out, and X is overdue." and if we are wrong the patron can try to prove otherwise.

      Perhaps the most reasonable solution to get this kind of thing to work might be to check out the card to a patron with a price input at check-out and the book checked out to a dummy (non-existant) checkout patron, but that would essentially double work and add an awful lot of hassle, and might have other problems I haven't considered (I don't actually work in circulation, and most of the time the people that work in circulation technically aren't librarians (they don't have a library science degree) but clerks or para-professionals).

      I have doubts that this kind of thing is really worth it in the end. If someone is that protective of their privacy that they can't stand to have a book linked with their record for the 3 weeks they have it checked out, maybe they'd be better off just reading it in the building or buying a copy with cash somewhere.

  • Libraries in America (Score:5, Interesting)

    by idonotexist ( 450877 ) on Sunday August 11, 2002 @12:15PM (#4050684)
    I am reminded of a public service ad which demonstrated how lucky Americans are that reading activities at libraries are kept private. Ads, such as this, were produced after 9/11 to show an appreciation of individual rights.

    Ironically, the new government policies for our libraries seem to have, now, deteriorated our privacy. And the ad is, now, an excellent demonstration of how the current administration has run amok.

    PSA's ad, "Library [streamos.com]" is in realmedia format. And, no. America is no longer America.
    • Right.

      You've done nothing illegal. Nothing 'deviant'. Nothing thats going to get you on the cover of a popular tabloid. Nothing your neighbours might go 'tsk' and whisper about. You don't drop litter, swear, or look at porn on the internet. You're not 'guilty' of smoking, drinking, or sex before marriage. You don't speed, you've never inhaled, and your only knowledge of a 'hooker' is from watching Rugby (obscure English sport) on the telly.

      So, what the fuck do you care if the feds see that you borrowed a copy of 'Popular DIY' last weekend?

      Or is your desire for 'privacy' just a misplaced sense of rebellion against the state because you're a bit anal and have no other way to vent your displeasure about 'the system'?

      DISCLAIMER: I'm English. The idea^h^h^h^hinevitability of having to live with identity cards and the state tracking is very real here. And yet, it seems very few people have a problem with it. We can see the benefits. A reduction in crime, the possibility of being able to pay tax online and such securely, and whatever else we think up, is GOOD. OK, so Tony Blair might be able to tell what I was doing this weekend. SO WHAT?
  • While one would think that a RAMdisk in such a situation would lead to privacy, don't forget that our good and trusted friends the government already have carnivore in place, and can use it to get anything that they might have expected to find on the hard drive.

    That said, I still think a RAMdisk based system is a good one, the computers could be booted from a boot image on the network or even from a locked CD drive and then run completely from RAM. While it offers no protection from Carnivore, it does protect people's information from other people who come to the computer later and snoop for e-mail addresses, account information, and the like. Lets not forget to try to get libraries to close this door just because the shadow government can still get our private information.

    The NPR story made claims that the government could somehow link information between a user's sessions. The reference was to someone who looked up information about atomic energy and then came back later and looked up something about the Koran. Unless they have logs of who used the terminal and when, how can they make such a link? Do they just assume that the person doing the Koran lookup must be the same evil doer as the person who previously committed the heinous deed of reading about atomic energy?

  • Technological Solutions (Score:2, Interesting)

    by evdg ( 250709 )
    A technological solution to any problem posed on Slashdot is always the community's first response. As we've seen from the history of encryption, any realistic and practical method of protecting data is eventually going to be broken.

    Legislation is the answer. Not happy with a law? Last I heard America was a Democracy of sorts -- let's get out there and use the classic techniques for creating change. Vote. Write. Talk. Protest. Rage.

    Or has the wealth we enjoy in North America made us too complacent?

  • My Addition To The Pot (Score:3, Insightful)

    by DarkZero ( 516460 ) on Sunday August 11, 2002 @12:37PM (#4050753)
    Security measures such as firewalls and anonymous browsing would still be needed, but I'm sure that much more educated individuals could point you toward good solutions for that. I just wanted to bring up the idea of an OS on a CD-ROM. It leaves no records and viruses and worms cannot be installed on it, because it cannot be written to. It's a security solution for both Big Brother and the stupid, worm-downloading idiots that he watches over.
  • As far as I see it, anonymous checkout won't work in a free library. OTOH, if you require the library patron to deposit the value of the book before they can check out the book, that would work. You might be able to decrease the deposit amount to a percentage, depending on the honesty of the patrons, but I wouldn't count on it. Put money into the equation, and dishonesty increases.

    Another method would be to give a "library card voucher" to every new resident, and allow them to obtain a card with the voucher, using some sort of random hat draw or something. Have some type of card trading system in the library, where people can trade cards, reliably knowing that each card has no books on it. (Scan cards, it tells you, "No books are checked out." You then randomly decide whether or not to exchange cards.) Of course, if you lose your card, you're screwed. This method would require a bit more honesty than today's libraries. IOW, it's susceptible to many of the same no-return attacks as modern libraries, (Borrow books, and never use the card again. Not much they can do about that either way.) But the fact that it can be traced back to you seems to encourage honesty, regardless of the library enforcing returns with external mechanisms. IOW, being anonymous increases dishonesty.

    The best method seems to be to delete the records of a patron's borrowed books as soon as they are returned.
  • I've come to the conclusion that privacy activists are fighting the wrong battle.

    There seems to be two main assumptions when dealing with privacy:
    1) X can't be trusted. With X being any group other than the privacy group advocating something.
    2) X needs to insure our privacy.

    In all honesty, these two beliefs are mutally exclusive. If you can't trust the government or the corporations or anyone else (and I'll agree that you probably can't), then stop looking for a method for them to insure your privacy.

    The only solution to insure your privacy is to insure than no external entity is capable of tracking you. In the case of libraries, this means NOT checking books out. It means paying with cash everywhere. It means no phone service, credit cards, charge cards, discount cards, banking accounts, driver's license, car, or anything else that involves filling out an application or showing any form of identification.

    And even that isn't a safe bet. You have to also not allow your face to be seen in public, where a camera can record you in a specific location at a specific time.

    It's simply too easy to track data. Giving outside agencies method to quit tracking your data only works if you trust those agencies.

    Maybe a better solution is to make all, or at least as much of the data as possible, public. After all, the problem is the ability of someone to use data about you in a method you don't approve of. Another solution to that is to level the playing field. When spammers and telemarketers can't hide behind a wall of anonymity any more than you, when goverment officials have all their dirty little secrets made public, then perhaps we'll see a change in behavior.

    But as long as some groups have access to information that everyone else doesn't have, you'll have the same problem over and over. Either you need to insure your privacy yourself of you need to insure that they have no pricacy either.

  • To make a difference (Score:3, Insightful)

    by FakePlasticDubya ( 472427 ) on Sunday August 11, 2002 @12:59PM (#4050846) Homepage
    Run for a seat on your local library board. I can almost guarantee you that you won't see much competition, and heck there might even be an open seat that you can run for uncontested.

    Libraries are not run or operated by the Federal Government, at least in the United States. They are run by local government, paid for my the local library district's taxpayers.

    Show up to the library board meetings, bring your friends with you. Ask them what they think about these issues, and what they are doing to keep a balance between needed record keeping and just letting Project TIPS or the Homeland Security department grep through records for "nuclear weapon" or "anthrax."

    You can make a difference! Most people it seems lately take no interested in local / town / area governments, but that is where the normal citizen can make the MOST difference!
  • really are....It must be tracked...

    Information and who's accessing it....

    So as many may be trying to rationalize invasion of privacy by thinking only of terrorism excuses, perhaps there is the other side of the coin as to what the feds may be looking for......like those assessing information in order to see the truth:

    take a look at this: World Meters [osearth.com]

    Take a good look at the different meters! Then look at this: What the World Wants [osearth.com]

    We have the technology and we have the funds to make good things happen.

    So why is it not happening? You want to fight about it?

    Assuming you don't want to fight about it, that fighting is not the goal or main desire of people, then there must be something else, something bigger that is the problem. You know, considering annual world military spending is $780 billion dollars (US) and to solve the major world humanitarian problems only needs 1/3 of that....

    The problem has to be more than something under a trillion dollars.

    A CIA Fact Sheet on Indonesia -- see the religion percentages (88% muslim). [cia.gov]

    OK, (given the above muslim population of indonesia): from the pbs trillion dollar bet article: [pbs.org]

    "In the summer of 1997, across Thailand, property prices plummeted. This sparked a panic that swept through Asia. As banks went bust from Japan to Indonesia, people took to the streets - events so improbable they had never been included in anyone's models."

    and in Indonesia May 1998: [go.com]

    "Sources all over Asia tell Uscher that Asians know about local corruption but believe America is taking advantage of the situation to grab Asian markets and Asian wealth."

    and (read the article!!!) another article from CNN: [cnn.com]

    "The austerity measures were a condition of the International Monetary Fund's $43 billion aid package to bail out the southeast Asian nation. "

    World Bank wanted to help Indonesia out but charge interest (usery) entrapment???? Funny how China is the only country who did not participate in this stock game and are better off then the rest of us for not doing so.....

    Where the US bailout was only (pbs article):

    "We expect that they're going to explain to the members of this Committee why the Federal Reserve has organized the $3.5 billion bail-out for billionaires, why Americans should be worried about the gambling practices of the Wall Street elite"

    And there is Something Else [neo-tech.com] I have run across for that timeline as well (making the "trillion dollar bet" just icing on this cake?):

    (note: overall I find information from this resource to be integratingly correct enough to be both useful and insightful, though with a touch of blind bias towards capitalism, though it does try not to be blindly biased, it is to subjective to capitalism to completely avoid it.)

    "During the 1993-1999 bubble era of false economic progress, many CEOs, executives, employers, employees, even customers adopted the scams of clintonian-era politicians, lawyers, journalists, academics to become increasingly dishonest, corrupt, even criminal. The bubble-building, stock-market fraud began when Chairman Alan Greenspan clintonized the
    Federal Reserve. He signaled that politicization by blatantly breaking a time-honored apolitical precedent when he sat as a special guest in the president's box during Clinton s first State-of-the-Union address. Greenspan, the former acolyte of capitalism-champion Ayn Rand, then married a socialist/clintonian journalist. His drive to create a Clinton-boosting, economic boom -- a high-tech bubble economy -- escalated from that point. He with Robert Rubin and Bill Clinton artificially increased the value of the dollar, relentlessly increased the M-3 money supply, recklessly created sloshing liquidity, and pied pipered consumers and corporations into bankrupting debt. He engineered those cancerous long-term policies to continually fuel the equity markets for baleful political ends and unearned glory.

    The bubble burst in early 2000 causing losses of four-trillion dollars. After several sharp bear-market rallies, those equity losses launched a long-term economic decline -- the feared L-shaped recession or worse."

    Oh yeah and this 5 year stock market link comparing the DOW with the S&P and most important the NASDAQ. [yahoo.com] Where you can tell where the money went and also know what the dot coms were all about.

    Given the above

    From theCBS article on the NSA (National Security Agency) total system failure: [cbs.com]

    "In January 2000, Gen. Mike Hayden, the director of the NSA, received a call from the agency's watch officer alerting him that all of its computers had crashed."

    In that same article (in fact in the previous paragraph):

    "A phone call intercepted by the NSA is often the first warning that a terrorist such as Osama bin Laden is planning an attack against Americans. To find that threatening phone call, email or radio transmission among the billions made daily, the NSA relies on rooms of supercomputers."

    The date of this CBS article is Aug 29, 2001.

    Do you really think maybe Y2K brought the systems all down? For what is supposed to be the top spy agency in the US? (they don't say what caused the three and a half day crash.)

    Or do you perhaps see a simpler Truth to the matter, such as:

    Stock market gamblers and Gov. screwed up the world economy so bad and especially for muslims that the NSA had damn good reason to KNOW what was going to happen and that they needed an excuse for their total inability to deal with it.

    *And then there is this, how might Afghanistan participate in global* *humanitarian issues:* [doe.gov]

    And the Bill of Rights [cornell.edu]

    How about now? Do you want to fight now? And if you were an Afghan Muslim, instead of a US citizen?

    Targets....White House for it's political control over Pentagon military backed control over World Trade Center ....world economy.

    We taught them how to do it, How to fight smart, how to learn what they need to know and where they can get supplies (anthrax, planes, etc..) from us to use against us....... then we lite a bon fire under their ass to motivate them into action while we turned our backs to intelligence....played ignorant......so they could more easily do it.

    And Ted Turner (CNN) said something about the attack being an act of desparation. Which he later apologized for.....because of why?

  • How? (Score:2, Informative)

    by starX ( 306011 )
    "I bet if we offered a packaged, free, easy to install Safe Browsing computer or Anonymous Checkout program, libraries across the U.S. would enthusiastically embrace it."

    The fundamental problem with this is that an anonymous checkout system would mean that the library would have no way of getting their books back. Not that a lot of people are out to steal books from public libraries, but I know that if there weren't a fine for returning it late, I would probably put my borrowed books down some place and forget that they were borrowed and not mine. After two weeks of this, they usually give me a call reminding me that the books actually belong to them.

    Now picture a world where they can't call me, and when I check out a book, they have no idea that I have quite a few sitting in my apartment waiting to be brought back. Multiply that by the number of people checking out books, and the nations libraries would soon be depleted.

    Another thing, I know quite a few people who work in libraries, and they tend not to enthusiastically embrace anything. Especially anything that even sounds like it might require having to re-enter every book in their collection to a new database, and unfortunately they equate the people I know equate "new software" with "new database:. Of course this view is probably a little bit skewed because I'm used to pivcking around small libraries in sleepy towns in the sticks.

  • Anonymising library loan records (Score:3, Interesting)

    by caveman ( 7893 ) on Sunday August 11, 2002 @01:48PM (#4051001)
    Some years ago, the Hampshire County Library service in the UK had two different styles of library tickets. One type was the standard cardboard wallet into which went a ticket identifying the book. On this carboard wallet, about 1.5" square, was the borrowers name and address. When you returned the book, you got the cardboard wallet back, leaving no trace of who borrowed what, and when.
    The other type of ticket was the 'Fiction Token'. This was a simple, mass-produced plastic card, identical to every other plastic card, which was simply exchanged for fiction titles. You take a book, you give 'em a token. You return the book, they give you a token back, but not the same one. There's no way to track who has what.

    This was all removed in the name of efficiency some years back. The current system uses barcodes in books, and barcoded member cards, tying all books to borrowers present and past. Any librarian can browse through your borrowing history, or the history of a book, almost instantaneously.

    So, take a backward step for privacy. Replace your lendng libraries computer system with cardboard wallets. When a book is loaned, you do have the borrowers details, but ONLY while the borrower has the item. This allows you to chase borrowers who have not returned items. Once the item is returned, you lose the association. Simple, private, and virtually idiot-proof too. The system doesn't even need electricity. For low value items, such as paperback books, issue 'fiction tokens'. Borrowers get, say, four tokens, and if they want more, they pay the average cost of a paperback for one. Keep a log of who has how many tokens, but nothing more than that. This will catch abuses, but not provide any tracking. Librarians: You're in the library business, not the espionage business! Do your community a favour, and take a step backwards.
  • Who thought "Programming Libraries".

    The answer to make sure they weren't spying was to create open-source ones, duuuuuh. ::shakes head, sighs:: I am such a geek.

  • The crypto for anon checkout is already done... (Score:4, Informative)

    by Jim McCoy ( 3961 ) on Sunday August 11, 2002 @02:45PM (#4051221) Homepage
    David Chaum, the inventor of the "blind" signature mechanism that is the core of most digital cash protocols, created an extended variant of this system [Chaum90] that explained how you can accomplish some rather tricky things with unlinkable identity systems. One of the examples he has used in the past a computer controlled library, the "librarian" would let you check out books with an anonymous identity and maintain policies such as "only three books out at any one time", etc. with strong security for the system and complete unlinkability among user transactions as long as they follow the rules.

    This system handles the daily mechanics of such a digital library, but it needs an external hook to get a user into the system called an "isa-person" certificate (a cert that you could only get one of, probably biometric, that is a hard link to your meatspace identity) which is used as the stick to prevent people from walking away with your books. If someone checks out books and does not return them they get a negative mark on their isa-person cert that will follow them to around until it is cleared. A deposit of cash, as others have suggested, would probably serve an equivalent purpose.

    If you really want a secure, anonymous digital system it is probably going to end up working something like NetFlix. You apply for an anonymous id and put down a cash deposit, the anon id lets you borrow titles with certain restrictions, when you are finished with the account you cancel your subscription and get your deposit back.

    Jim

    [Chaum90] David Chaum: Showing credentials without identification: Transferring signatures between unconditionally unlinkable pseudonyms; Auscrypt '90, LNCS 453, Springer-Verlag, Berlin 1990, 246-264.
  • Information should only record that you have something checked out, but not exactly what you have in your possession. Use a one-way hash such as MD5 on the ISBN as a key. When you check out a book, only this hash is recorded. When you return the book, this information is purged from the computer.

    Downside, the library can't tell how much the book is worth when it is lost. If you record the value along with the hash, it could theoretically be used to figure out the exact book. To fix this, only the value "range" is recorded, and the maximum is charged if the book is loss. For example, the book is in the "Under $10 range". If lost, you own $10 to the library, even if the book only cost $7.

    Another downside, the library doesn't have a way of keeping track of which books need to be replaced. This isn't a good situation, but privacy overrides inventory tracking need. I think it's a fair trade-off. The library could implement an "inventory week". During that week, the actual ISBN is recorded when you borrow a book so they can do a proper inventory check. If you don't want that information recorded (even if purged when the book is returned), don't check anything out that week.

    • Use a one-way hash such as MD5 on the ISBN as
      a key. When you check out a book, only this
      hash is recorded.

      And then the FBI runs the ISBNs of all the books they find "interesting" through the hash and searchs for matches.

      Another downside, the library doesn't have a
      way of keeping track of which books need to be
      replaced.

      Sure they do. They can add the accession number of each book to a list of books in circulation as it is checked out. If you note only the week or even only the month it went out you'll be able to figure out when to give up hope of it coming back without giving the FBI any useful information.

      I like your idea of "price classes", though. Try this: When you check out a book its price class is added to a list linked to your name. Appended to this is a hash of the accession number likely to be unique among the small number of books of a given class that can be checked out by any one client but far from unique across the entire collection. When you return the book the hash is recomputed and the book removed from the list. If you don't return the book the library levies fines and eventually compensation based on the price class. An adequate hash might be something as simple as the las few digits of the accession number.
      • And then the FBI runs the ISBNs of all the books they find "interesting" through the hash and searchs for matches.
        Good point. Some method needs to be used to randomize the hash. Perhaps each person would have a PIN they would use. The ISBN and the PIN generate the hash. When you return the book, you enter your PIN and they scan the ISBN to compare the hashes Big downside here! Now we've added an element that makes it even easier to track you if the MIBs compromise the database. I think I need more foil for my hat.

        I was trying to come up with a method that did not require a deposit on the book. People with limited incomes have as much right to privacy as people with money.

  • Do we really want an ironclad technological solution to this? I sure like my library records being anonymous, but I also recognize the benefits of having such records accessible by a warrant or subpoena. Right now I think the Librarians' policy "No records without a warrant" is an entirely reasonable and sufficient policy.

    At Andersen, Worldcom and Enron, the technological solution to their "problems with anonymity and privacy" (document shredding) was illegal, even before there was evidence of wrongdoing. (Now I know this is slashdot, the home of the easily stretched bad analogy, so I'll right off state that I realize that their financial records are supposed to be available.)

    When a planned, possibly conspiratorial crime/attack/etc. occurs, do you really want our law enforcement hobbled by an inability to unravel the methods, sources, and co-conspirators of the bad guys?

  • I'm thinking about things like creating a RAM disk and loading the OS onto it

    Knoppix [knopper.net] is what you need.

  • Get them all running this [peek-a-booty.org]

    Anonymous distributed networking. If and when enough people get to using it, network spying will be quite difficult indeed.

Slashdot Top Deals

Let's organize this thing and take all the fun out of it.

Close