v0.1 (roughly google translated from swedish - sorry for poor english).
Libraries should work for the democratic development of society by contributing to the dissemination of knowledge and freedom of opinion. This means that access to the internet is an important service to provide to visitors of the libraries. However, it does not mean that visitors should be able to do what they want with library equipment or access other visitor's information. Patrons should trust that their use of library services do not infringe on their privacy.
This document is a first draft of a checklist aimed at reducing the risk of intrusion into the visitors' privacy when using digital services in a library environment. The checklist is not exhaustive. The idea is that a librarian can use the checklist to get a basic idea of a library´s protection of patron privacy. This should be used in discussion with colleagues and suppliers about how you can increase privacy.
The checklist has three parts:
A. Physical access - how to check and prevents access to the computer to prevent visitors installing equipment that can be used to access other users' information.
B. Configuration of the computing environment - fundamental requirements for lockdown of the computing environment to avoid malware and unintended sharing of visitor data.
C. Library services on the Web - how to avoid sharing information about your visitor's activities to outsiders.
For each section you should document the results and then plan possible actions with your IT supplier. If possible, perform the test together with someone from your IT organization.
If a visitor can access ports and cables for keyboards, there is a risk that a malicious visitor connects logging equipment to capture other visitors' keyboard activity. In this way, a malicious user get passwords, e-mail content and other information that visitors enter via the keyboard.
Make sure the library computer ports and cables are locked, encapsulated or otherwise made inaccessible to visitors. Is it possible to unplug the keyboard and plug something in between the keyboard cable and your computer? Is it possible to access network ports?
Contact your IT provider to discuss possible solutions for locking cables and equipment. If keyboard cables aren't locked, you need to make regular inspections of the equipment to ensure that no one connected the unauthorized equipment such as a keylogger.
In a library environment it can be difficult to use a computer for sensitive information if other visitors can see the screen. Try to place screens and seating in a way that minimizes the risk of gleaning information. This also applies to printers and copy machines. Can other people access printing jobs that another user has started?
Test whether you can see the screen from seats nearby a computer. Can you read text displayed on the screen? When printing, there is a risk that printouts are visible to others? Is it possible to discard printouts in a way that prevents access by other visitors (e.g. in a locked trash bin)?
Place screens directly on the desk instead of on top of computers if possible. A lower positioned screen makes it harder for others who are sitting behind to see screen content. Consider the possibility to equip the screens with privacy filter (a plastic film which minimizes visibility from the side). Consider using locked bins for paper trash.
If visitors can connect their own equipment to the library network you need to minimize the risk that they get access to other visitor's information.
Try to connect a computer that does not belong to your organization in a network port on the premises. What services can be accessed? Can you see other computers on the network?
If your library has wireless internet access for visitors', check:
- encryption is enabled (at least WPA-2).
- default password is changed
- default SSID is changed
- DHCP addressing is limited (maximum number of simultaneous users)
- WAN requests are blocked (Blocked ICMP ping)
- wireless wifi configuration is switched off (should require a physical connection to the appliance)
Contact your IT provider to discuss network security measures that protects privacy.
After a visitor leaves a terminal, it is important that the information that the user leaves behind isn't available to the next user of the same equipment. This applies to temporary documents, browsing history, stuck print jobs, cookies etc.
Use the equipment in the same way as a regular visitor would. Note the URLs you visit, enter information in forms and submit them, store files on the desktop. End the session according to the instructions and use the computer as a new user.
- Are documents left on the desktop or in the temporary files folder?
- Can you see browsing history in the browser?
- Are cookies stored?
- Is form information stored?
- Can you see recently opened documents in software available on the computer?
- Print a document to a printer that is switched off. If the user leaves the computer and the printer is turned on again, will the document be printed anyway?
Lockdown of computers can be done in several ways depending on your computing environment. Review the results of the items above and talk to your IT provider.
If users can install their own software on library computers there is a risk that such software intercepts other visitors' information. Configure the environment so that the software can not be installed by unauthorized persons. Hide and block access to operating system files / directories so that ordinary users can not replace files there. Narrow ordinary user's permissions to a minimum.
Use your computer as a library user would do. Try to install a program on your computer, download the installation files for e.g. Firefox or other free software that is not already on the computer. Run the installer. Was it possible to install? If it was possible to install the software, is it left installed for the next user?
Try opening a directory that belongs to the operating system. Is it possible to save files there? Is it possible to install extensions in the browser in a way that they remain usable when the next visitor comes?
Contact your IT provider and ask them to lock down the IT environment so that unauthorized persons can not install software or access operating system files.
Users may need to download documents from the net. Minimize the risk that they are affected by viruses or unknowingly spread infected files by providing an antivirus software on the computers.
Enable users to learn more about digital privacy by having privacy badger or similar tools installed in the browser.
Is there anti-virus software on the computer? Is it up-to-date?
Are there privacy-related tools installed (e.g. browser extensions to skip ads and logging)?
If antivirus software is missing, please order the installation of antivirus software from your IT provider. Install Privacy badger or similar software.
Ensure that information about your visitors are not passed on to third parties. If your organization logs network traffic you should ensure that procedures are in place for limiting access information in the logs.
Contact your IT provider to see if logging of user activity is done and what the procedures for accessing logs are.
Ask your IT provider to establish guidelines on who has access to the logs, and the situations in which access is granted.
The provisioning of digital library services typically involves several different actors. When the library's online services are used there is a risk that sensitive information is shared with other organizations through activity tracking in web statistics, sharing buttons, advertizing etc. By configuring digital services correctly, this can be minimized.
There are several tools to find out how information is shared with others. Use any of the tools below to test such your library's website and subscribed services.
- https://webbkoll.dataskydd.net/en/
- Privacy Badger: https://www.eff.org/privacybadger
- Implement relevant recommendations depending on the result from https://webbkoll.dataskydd.net/en/
- Implement HTTPS everywhere.
- Minimize use of tracking scripts