Author's Note: This essay was first published in Computers In Libraries. I'm sharing it under a Creative Commons license so that you may do almost anything you like with it. I encourage you to do the same with your pathfinders, documentation, articles, or any other fruits of your intellect, so that we may all benefit.
As fans of classic radio and TV know, the Lone Ranger wore a mask to hide his identity from the outlaws he brought to justice. While the people he helped asked, "Who was that masked man?" the audience knew that John Reid was safe only because his mask afforded him privacy.
Privacy has come a long way since that show was first popular. As technology for making and breaking codes has improved, our ability to keep secrets has waxed and waned. One constant, however, is the fact that you can't retrieve information that you've never stored.
Like the Lone Ranger's mask, a good information retention policy can safeguard personal identity information. Librarians want to be sure that patrons will return what they borrow, and they want statistics that quantify the library's value to its community. Librarians also want to protect customers' privacy; we usually don't keep personally identifiable information unless we have to.
Most of the time, if you walk into a library and want to use its books, nobody will ask to see your identification. Try to walk out with the latest best seller, though, and the librarian will insist on knowing who you are and where they can find you later. A library must protect itself from theft and damage, after all. You offer your identity as collateral, verified with photo ID. If you don't bring back a CD, the library staff can try to track you down.
Unfortunately, if an over-zealous special agent on a fishing expedition wants to know who checked out Anti-Flag's album The Terror State yesterday, the librarian will probably have little choice. Under the USA PATRIOT Act, he or she would have to surrender the personal identity information that was originally collected to protect the library's materials.
Local politicians and celebrities can also be the targets of information theft. Opponents in an election would love to expose possibly unethical behavior by the incumbent: fees that were waived as a courtesy, fines accrued for overdue items, or controversial books that he or she borrowed. A sympathetic volunteer or employee is a more likely source of data-leaking trouble than a hacker is, but your library's reputation would be damaged just as badly in either case.
In short, collecting personal identity information about customers is a dangerous activity for a library. We should be careful to engage in it only when absolutely necessary. Until now, proof of identity has always been an essential form of collateral to protect a library and its possessions. But soon libraries will be able to protect themselves from many legal snafus by opting to let patrons remain anonymous. How? You have to realize that personal information is not the only form of collateral--you can use cash instead.
For instance, did you know that you can rent an audiobook at any Cracker Barrel restaurant without showing identification? Just pay the price of the audiobook with cash, listen to it, and then return it with a receipt. They'll give your deposit back in cash, minus the rental fee. We librarians can improve on this service model by eliminating the rental fee.
You've seen anonymous cash cards already; you may even have received them before. They're better known as gift cards. Using the same principle, libraries can issue a borrower card that uses cash, rather than personal ID information, as collateral. Here's an example: If a privacy-minded user deposits $20 to get an anonymous library card, she can check out The Terror State without identifying herself. Her account balance is temporarily reduced by $15, and when the library checks the CD back in (in good condition), her balance is restored to its original value.
Of course, she can still use an identity-based library card as much as she wants. Because the library knows how to contact the owner of a card associated with a photo ID, it is willing to loan hundreds of dollars worth of material. If the user doesn't promptly return the material in good condition, the library can involve a collection agency or alert the police.
With an anonymous library card, the library is willing to loan materials to anyone because it knows it can't really lose anything. Since the library would never loan more than it could recoup from a cash deposit, it would be able to loan controversial items without storing personally sensitive information. If the user doesn't return the material promptly, the fines would be deducted when it's finally checked in (or once the accrued fines reach the price of the material).
With this system in place, libraries could also welcome tourists who want to borrow books about the local community, travelers who want to watch DVDs on their laptops in their hotels, and (where reciprocal borrowing agreements don't exist) library users from neighboring areas. I once drove to the next county over to borrow an obscure film on DVD only to realize there was no reciprocal borrowing agreement in place. I went home sad and empty-handed because a cash-based card was not an option.
Simply put, anonymous lending opens the door to new kinds of users, protects the library from loss of materials, protects the borrower from loss of privacy, and protects both from the repercussions of a privacy breach. And law enforcement could still investigate suspects in a criminal case: Having searched the suspect's belongings with a legitimate warrant, police officers could ask the library for information about the use of the anonymous library card they seized. Random snooping, though, becomes completely fruitless. Law enforcement would have to begin with a suspect and work backward, instead of starting with a controversial title and fishing for borrowers.
While anonymous library cards hold great promise, they are not superior in every way to traditional identity-based cards. They present risks and limitations not usually associated with a library card. I'll address these drawbacks and put them in context.
Like a gift card, a phone card, or indeed a $20 bill, an anonymous library card represents value that vanishes if the card is lost or damaged. This is a risk that library users take for granted in these other situations, and so they should readily understand it.
Also, like the service of renting out audiobooks for a fee, the anonymous library card does not do enough to address the needs of poor people. But all users, regardless of economic status, would still be able to check out books using identity as collateral, receive excellent reference service, and use material within the library. In fact, a homeless person who might otherwise be unable to get a library card could place requests on popular items with a $1 card and then use them within the library when his or her turn comes. So poor people would be no worse off in a library that offers anonymous cash cards.
You may be thinking, "That sounds interesting, but how could it ever work with our ILS?" Have no fear; help is on the way. Dynix is already working on it. [Note added in November 2005: Dynix is now SirsiDynix.]
With the upcoming release of Horizon 8.0 (scheduled for later this year [Note added in November 2005: it's scheduled for 2006]), setting up anonymous lending should be relatively simple. "Guest users" will be able to borrow items using money, not identity, as collateral. (To understand how this will work, see the sidebar provided by Dynix's Technical Product Management Department.)
I tried asking a few other vendors whether they were moving toward supporting this option. A rep from The Library Corporation told me that this can be implemented at a customer's request. I tried to reach Sirsi and Endeavor, but they couldn't tell me anything before this issue went to the printer. I suggest that you ask your own vendors about the possibility; others may well be able to set this up.
Meanwhile, if you're interested in anonymous lending, you can start making plans, talking to stakeholders, and planning publicity. Just be sure you don't arrange a photo opportunity with the first anonymous patron! After all, we want library users to know that we take their privacy seriously.
Ben Ostrowsky is a systems librarian at the Tampa Bay Library Consortium, a multitype cooperative serving the libraries of West Central Florida. He earned his M.L.S. from the University of South Florida. He has written several Web-based applications, including a PDF barcode generator. Librarians think of him as a good programmer, and programmers think of him as a good librarian. Vendors' tech support departments think of him as a nuisance for demanding reliability and good documentation. He thinks of himself as a geek-of-all-trades. His e-mail address is email@example.com.