Re: [CODE4LIB] best practices for keeping / using library circ data

[Tom Cramer]

This email provoked zero responses on list. Was my timing off, is it a poorly 
framed question, or are people just not doing much in this realm? (By 
resending, I'm controlling for the timing factor...) 

- Tom


On Jun 7, 2014, at 3:20 AM, Tom Cramer wrote:

> I'm looking for best practices for keeping and using library usage data--real 
> life examples of libraries gathering and using things like circulation data 
> or e-resource traffic statistics to inform service and strategy decisions 
> while safeguarding patron privacy. 
> 
> I'm less interested in operational logging for security / authorization 
> purposes, and more interested in things like gathering data to make 
> recommendations (people who checked this out also checked this out...), 
> collection management / licensing / deaccessioning decisions, or overall 
> library / collection usage reporting--especially if the data are tracked and 
> used at more than a gross level (i.e., faculty v. graduate v. undergrad 
> usage). 
> 
> What usage data do you keep that may be correlated to patron identity?
> How do you use it? 
> What do you do to anonymize / aggregate / cleanse / protect patron privacy? 
> 
> Does anyone have an approach that they regard as state of the art? Or 
> pointers to previous work done in this space? 
> 
> Thanks in advance, 
> 
> - Tom
> 

Re: [CODE4LIB] best practices for keeping / using library circ data

[Blake, Tom]

Harvard's Innovation Lab at their law library was working with this type of 
data, I believe...
Try reaching out to them directly:

http://librarylab.law.harvard.edu/about.html



Tom Blake
Digital Projects Manager
Boston Public Library
700 Boylston St.
Boston, MA 02116
617 859-2039
Free To All


-Original Message-
From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of Tom 
Cramer
Sent: Tuesday, June 17, 2014 11:27 AM
To: CODE4LIB@LISTSERV.ND.EDU
Subject: Re: [CODE4LIB] best practices for keeping / using library circ data

This email provoked zero responses on list. Was my timing off, is it a poorly 
framed question, or are people just not doing much in this realm? (By 
resending, I'm controlling for the timing factor...) 

- Tom


On Jun 7, 2014, at 3:20 AM, Tom Cramer wrote:

> I'm looking for best practices for keeping and using library usage data--real 
> life examples of libraries gathering and using things like circulation data 
> or e-resource traffic statistics to inform service and strategy decisions 
> while safeguarding patron privacy. 
> 
> I'm less interested in operational logging for security / authorization 
> purposes, and more interested in things like gathering data to make 
> recommendations (people who checked this out also checked this out...), 
> collection management / licensing / deaccessioning decisions, or overall 
> library / collection usage reporting--especially if the data are tracked and 
> used at more than a gross level (i.e., faculty v. graduate v. undergrad 
> usage). 
> 
> What usage data do you keep that may be correlated to patron identity?
> How do you use it? 
> What do you do to anonymize / aggregate / cleanse / protect patron privacy? 
> 
> Does anyone have an approach that they regard as state of the art? Or 
> pointers to previous work done in this space? 
> 
> Thanks in advance, 
> 
> - Tom
> 

Re: [CODE4LIB] best practices for keeping / using library circ data

[Eric Phetteplace]

U. Huddersfield's Library Impact Data Project also comes to mind:
https://library3.hud.ac.uk/blogs/lidp/

I know they looked at circulation data pretty extensively and did indeed
make some "if you're looking at X, you may be interested in Y" type
conjectures.

Best,
Eric Phetteplace
Systems Librarian
California College of the Arts


On Tue, Jun 17, 2014 at 8:35 AM, Blake, Tom  wrote:

> Harvard's Innovation Lab at their law library was working with this type
> of data, I believe...
> Try reaching out to them directly:
>
> http://librarylab.law.harvard.edu/about.html
>
>
>
> Tom Blake
> Digital Projects Manager
> Boston Public Library
> 700 Boylston St.
> Boston, MA 02116
> 617 859-2039
> Free To All
>
>
> -Original Message-
> From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of
> Tom Cramer
> Sent: Tuesday, June 17, 2014 11:27 AM
> To: CODE4LIB@LISTSERV.ND.EDU
> Subject: Re: [CODE4LIB] best practices for keeping / using library circ
> data
>
> This email provoked zero responses on list. Was my timing off, is it a
> poorly framed question, or are people just not doing much in this realm?
> (By resending, I'm controlling for the timing factor...)
>
> - Tom
>
>
> On Jun 7, 2014, at 3:20 AM, Tom Cramer wrote:
>
> > I'm looking for best practices for keeping and using library usage
> data--real life examples of libraries gathering and using things like
> circulation data or e-resource traffic statistics to inform service and
> strategy decisions while safeguarding patron privacy.
> >
> > I'm less interested in operational logging for security / authorization
> purposes, and more interested in things like gathering data to make
> recommendations (people who checked this out also checked this out...),
> collection management / licensing / deaccessioning decisions, or overall
> library / collection usage reporting--especially if the data are tracked
> and used at more than a gross level (i.e., faculty v. graduate v. undergrad
> usage).
> >
> > What usage data do you keep that may be correlated to patron identity?
> > How do you use it?
> > What do you do to anonymize / aggregate / cleanse / protect patron
> privacy?
> >
> > Does anyone have an approach that they regard as state of the art? Or
> pointers to previous work done in this space?
> >
> > Thanks in advance,
> >
> > - Tom
> >
>

[CODE4LIB] COMMUNIA policy paper on digitization agreements

[todd.d.robb...@gmail.com]

An important new paper by the folks at COMMUNIA:

http://www.communia-association.org/2014/06/13/communia-policy-paper-on-digitization-agreements/

Definitely worth a read! The embargoes placed by Ancestry.com and others
through agreements with NARA are concerning.

-- 
Tod Robbins
Digital Asset Manager, MLIS
todrobbins.com | @todrobbins 

Re: [CODE4LIB] Does 'Freedom to Read' require us to systematically privilege HTTPS over HTTP?

[Stuart Yeates]

On 06/17/2014 08:49 AM, Galen Charlton wrote:

On Sun, Jun 15, 2014 at 4:03 PM, Stuart Yeates  wrote:

As I read it, 'Freedom to Read' means that we have to take active steps to
protect that rights of our readers to read what they want and  in private.

[snip]

* building HTTPS Everywhere-like functionality into LMSs (such functionality
may already exist, I'm not sure)


Many ILSs can be configured to require SSL to access their public
interfaces, and I think it would be worthwhile to encourage that as a
default expectation for discovery interfaces.

However, I think that's only part of the picture for ILSs.  Other
parts would include:

* staff training on handling patron and circulation data
* ensuring that the ILS has the ability to control (and let users
control) how much circulation and search history data gets retained
* ensuring that the ILS backup policy strikes the correct balance
between having enough for disaster recovery while not keeping
individually identifiable circ history forever
* ensuring that contracts with ILS hosting providers and services that
access patron data from the ILS have appropriate language concerning
data retention and notification of subpoenas.


Compared to other contributors to this thread, I appear to be (a) less 
worried about state actors than our commercial partners and (b) keener 
to see relatively straight forward technical fixes that just work 'for 
free' across large classes of library systems. Things like:


* An ILS module that pulls the HTTPS Everywhere ruleset from 
https://gitweb.torproject.org/https-everywhere.git/tree/HEAD:/src/chrome/content/rules 
and applies those rules as a standard data-cleanup step on all imported 
data (MARC, etc).


* A plugin to the CMS that drives the library's websites / blogs / 
whatever and uses the same rulesets to default all links to HTTPS.


* An EzProxy plugin (or howto) on silently redirectly users to HTTPS 
over HTTP sites.


cheers
stuart

[CODE4LIB] Adding reference product hits to discovery layer results

[Harper, Cynthia]

Hi All - We are a very small institution with a limited number of users and a 
limited number of electronic products. We do subscribe to several Oxford 
Reference Online products, e.g biographical/subject dictionaries.  Has anyone 
tried metasearching such products along with their discovery layer, or obtained 
indexes that could be added to a discovery layer?  To be honest, we haven't yet 
developed subject guides for these areas, so that would be the first step in 
marketing, but I wondered about the DL approach.


Cindy Harper
Electronic Services and Serials Librarian
Virginia Theological Seminary
3737 Seminary Road
Alexandria VA 22304
703-461-1794
char...@vts.edu

Re: [CODE4LIB] Does 'Freedom to Read' require us to systematically privilege HTTPS over HTTP?

[Brent E Hanner]

Stuart Yeates wrote:

Compared to other contributors to this thread, I appear to be (a) less 
worried about state actors than our commercial partners and (b) keener 
to see relatively straight forward technical fixes that just work 'for 
free' across large classes of library systems. Things like:


* An ILS module that pulls the HTTPS Everywhere ruleset from 
https://gitweb.torproject.org/https-everywhere.git/tree/HEAD:/src/chrome/content/rules 
and applies those rules as a standard data-cleanup step on all 
imported data (MARC, etc).


* A plugin to the CMS that drives the library's websites / blogs / 
whatever and uses the same rulesets to default all links to HTTPS.


* An EzProxy plugin (or howto) on silently redirectly users to HTTPS 
over HTTP sites.


So let me see if I understand this.  Your concern is that commercial 
partners are putting HTTP links in their systems rather than HTTPS.  
Because HTTPS only protects from a third party so the partner will still 
have access to all the information about what the user read.  IP6 will 
improve the HTTPS issue but something like HTTPS Everywhere ( 
https://www.eff.org/https-everywhere ) is actually the simplest 
solution, especially as you can't be sure every link will have HTTPS.


And having just read the Freedom to Read Statement, this issue has no 
bearing on it.  Freedom to Read is about accessibility to materials, not 
privacy.  While no doubt there is some statement somewhere about that, 
Freedom to Read is a statement about diversity of materials and not the 
ability to read them without anyone knowing about it. 


Brent

Re: [CODE4LIB] Does 'Freedom to Read' require us to systematically privilege HTTPS over HTTP?

[Stuart Yeates]

On 06/18/2014 12:36 PM, Brent E Hanner wrote:

Stuart Yeates wrote:


Compared to other contributors to this thread, I appear to be (a) less
worried about state actors than our commercial partners and (b) keener
to see relatively straight forward technical fixes that just work 'for
free' across large classes of library systems. Things like:

* An ILS module that pulls the HTTPS Everywhere ruleset from
https://gitweb.torproject.org/https-everywhere.git/tree/HEAD:/src/chrome/content/rules
and applies those rules as a standard data-cleanup step on all
imported data (MARC, etc).

* A plugin to the CMS that drives the library's websites / blogs /
whatever and uses the same rulesets to default all links to HTTPS.

* An EzProxy plugin (or howto) on silently redirectly users to HTTPS
over HTTP sites.


So let me see if I understand this.  Your concern is that commercial
partners are putting HTTP links in their systems rather than HTTPS.
Because HTTPS only protects from a third party so the partner will still
have access to all the information about what the user read.  IP6 will
improve the HTTPS issue but something like HTTPS Everywhere (
https://www.eff.org/https-everywhere ) is actually the simplest
solution, especially as you can't be sure every link will have HTTPS.


My concern is that by referring users to resources and services via HTTP 
rather than HTTPS, we are encouraging users to leak more personal 
information (reading habits, location, language settings, etc) to third 
parties.


These third parties include our networking providers, our hosting 
providers, our content providers, the next person who uses the users' 
public computer, etc., etc.


HTTPS protects in multiple ways. Firstly it protects the data 'on the 
wire' (but that is rarely a problem in practice). Secondly HTTPS 
protects from web caching attacks. Thirdly the fact that a connection is 
HTTPS causes almost all tools and applications to use a more secure set 
of options and preferences, covering everything from cookie handling, to 
not remembering passwords, not storing local caches, using shorter 
timeouts, etc. This last category is where the real protection is.


There are lots of privacy breaches that HTTPS won't deter (a thorough 
compromise of the users' machine, a thorough compromise of the content 
provider's machine, etc.), but it raises the bar and protects against a 
significant number of breaches that become impossible or much, much 
harder / less likely.


My understanding is that that HTTPS and EzProxy can potentially protect 
readers identity very effectively (assuming the library systems are 
secure and no one turns up with a warrant).



And having just read the Freedom to Read Statement, this issue has no
bearing on it.  Freedom to Read is about accessibility to materials, not
privacy.  While no doubt there is some statement somewhere about that,
Freedom to Read is a statement about diversity of materials and not the
ability to read them without anyone knowing about it.


If materials are only available at the cost of personal privacy, are 
they really available? In repressive regimes all across the world people 
are actively discriminated against (or worse) for read the wrong book, 
being in the wrong place or communicating in the wrong language.


How many of us live in countries where currently (or in living memory) 
people are been derided for speaking a non-English language?


cheers
stuart

[CODE4LIB] Code4Lib NorCal

[Roy Tennant]

Code4Lib Northern California (the SF Bay Area and surrounds, sorry Humboldt
and Del Norte, you must organize as Way Northern California), is tooling up
to organize a local get-together. So if you want to participate in the
planning, please sign up for this Google Group:

https://groups.google.com/forum/#!forum/code4lib-norcal

Any events will be announced on the main Code4Lib list, however, so if you
want to attend but not help plan you don't need to do anything. Just hang
loose until you hear from us. Thanks,
Roy for the planning group