Safeguarding Our Patrons' Privacy

The satellite teleconference, "Safeguarding Our Patrons' Privacy: What Every Librarian Needs to Know about the USA PATRIOT Act & Related Anti-Terrorism Measures," aired on December 11, 2002. The teleconference was cosponsored by the American Association of Law Libraries, the American Library Association, the Association of Research Libraries, the Medical Library Association, and the Special Libraries Association. A panel of librarians and lawyers provided libraries and their governing institutions with an analysis of the implications of the recent anti-terrorism measures, including the USA PATRIOT Act, the Attorney General's Guidelines expanding the investigative powers of the FBI, and the Homeland Security Act. The panelists began by offering the admonition that nothing they presented was legal advice, and individual libraries should consult with their own counsel for questions or clarifications.

The USA PATRIOT Act gives law enforcement expanded surveillance and search authority. The panelists identified an immediate practical concern for libraries: to verify that there are institutional policies and procedures in place to guide library employees faced with a request for information from law enforcement. Panelists also recommended that training on these policies and procedures should be provided, so that staff know how to respond in the event they are asked for information or records, presented with a subpoena, or presented with a warrant. One of the panelists, Tracy Mitrano, offered the following helpful suggestions in the conference syllabus on what is sometimes called the "chain of command" or "chain of custody" in responding to requests for information:

• If anyone approaches you alleging to be a law enforcement official requesting information, do not disclose to that individual any information.
• If they present a subpoena, direct either the person or the paper to your supervisor, who will in turn direct it immediately to legal counsel.
• If they present a warrant, do not interfere with their search or seizure, and call your supervisor [or some other office] as soon as possible.
• Library administration should have a pre-established and pre-published path for routing those papers to legal counsel.
• In turn, legal counsel should be apprised of that routing path and informed of the office(s) or individual(s) delegated to make the presentation.
• And...keep a record of all legal requests to preserve institutional memory and to insure against any potential for abuse.

It was further noted that a warrant is the only type of request that allows no time for contacting legal counsel or supervisors before responding. Library employees should not obstruct the execution of a warrant, although contacting a supervisor, other official, or legal counsel, immediately and as indicated in the institution's policy, is allowed.

Any requests for information, especially those that don't involve a subpoena or warrant, should be logged by the library. This will be important when the time arrives to consider continuation or renewal of various provisions of the USA PATRIOT Act; some provisions are due to "sunset" or expire automatically in 2005. While there is no evidence that the broader powers given law enforcement by the recent anti-terrorism measures have been or will be abused, panelists made it clear that librarians need to maintain vigilance over time to ensure that constitutional rights to privacy are safeguarded.

In addition to documented policies on responding to requests for information, libraries should have policies and procedures on retention of business records and protocols in case of electronic trespass on a computer. Compliance with the business records retention policy should be audited to ensure that only the records that should be kept over time are actually retained (and not left to accumulate in a bottom drawer or backup file). A computer trespasser is anyone using a protected computer without authorization — a "protected" computer is any computer on the Internet. Computer trespass protocols need to spell out who should investigate a trespass and, if unauthorized computer use has occurred, the official who will decide whether it is appropriate to contact federal authorities.

The participants materials (handouts) for the teleconference are available on the Association of Research Libraries web site http://www.arl.org/patriot/, along with links to additional resources, including:

• ARL's Web site on Anti-terrorism Legislation and Related Issues, http://www.arl.org/info/frn/other/ATL.html
• ALA's Web site on Libraries and the PATRIOT Legislation, http://www.ala.org/washoff/patriot.html
• NASULGC/AAU, Post September 11 Resources for Universities, http://www.aau.edu/resources/resources.html

"Safeguarding Our Patrons' Privacy" panelists were:

• Tracy Mitrano, Policy Advisor, Director of Computer Law and Policy, Office of the Vice President for Information Technology, Cornell University
• James Neal, Vice President and University Librarian, Columbia University Libraries
• Gary Strong, Director, Queens Borough Public Library
• Thomas M. Susman, Partner, Ropes & Gray, Washington, D.C.

EG

[Editor's Note: A videotape of the satellite teleconference is on order. A message will be posted to the listserv and on our tape loan page http://nnlm.gov/psr/loans/ when the videotape is available for circulation.]

Next Article > >