Working in a public library there is a constant balancing act between security and access with an overall need to consider the amount of staff resources that can be expended to provide access. While I would prefer to be writing this post about access to some new and exciting databases- down in the trenches negotiating number of simultaneous connections, off site proxy access, and archive rights- I am not. This post revolves largely around the need to limit access to prevent tampering. While there have been some limited incidents of actual criminal activity, the motivation to steal is clear enough. What I’m addressing here falls closer to mischief.
Often, the majority of attention to security in libraries is divided between protecting patron privacy and preventing the loss of materials. The need to protect patron privacy is well documented and codified in such documents as the ALA Privacy and Confidentiality statement. Librarian resistance to the USA Patriot Act is a testament to how seriously these issues are taken.Preventing loss of library materials is also well tended too. The importance afforded to the protection of library materials is evident in the numerous security gates, locked cases, overdue/billed notices, and miles upon miles of tattle tape.
Over the past few years there has been no lack of incidents that surprise me with the multitude of different ways in which patrons will find a way to mess with things. We have reasonable security measures in place that span from the physical locking of all doors to non-public area to an automated of data from patron computers. While these measures largely keep things running smoothly there have been several unforeseen events that have caused an evolution of our security practices. The following outlines three such incidents.
As the most accessible computers in the library, the OPACs seem to take the brunt of tampering from the public. In one instance a patron rebooted each machine, entered the BIOS, put a somewhat unintelligible string of profanity, and then password locked the system not to boot. They did this on 4 OPACs in the span of about half an hour. While it was an easy fix it was a total waste of time to open each of these machines and reset and lock the BIOS to prevent further tampering.
The OPACs took further abuse as users who I assume were angry about being restricted to only the catalog took what access they did have, mainly the ability to create bookmarks on the desktop and change the screen orientation, and tried their hardest to render them unusable. The majority of this type of tampering did not cause any major functional problems, however, having to flip the screen orientation right-side up multiple times is annoying. The inconvenience on patrons tyring to legitimately use the OPAC is unacceptable. In this case the OPACs needed attention anyway, so this served as the impetus to devise a better solution. A problem, none-the-less, that I was not expecting.
On a less technology oriented note, a patron recently discovered an electrical junction box in a somewhat hidden location and decided to randomly flip the breakers, cutting power to about half of the library. After restoring power and locking the box, I searched the library for anything unsecured that could possibly be abused. It’s a given that something like an electrical junction box, that is publicly accessible, should be secured. While it should be, it wasn’t, nobody had considered it a vulnerability before and while I pass by them everyday I never had a second thought until they were exploited.
These acts were all minor, caused no permanent damage, did not require physical repair or replacement, and did not result in any consequences.The take away, for me at least, is that while it’s easy to get caught up and ultra focused on bibliographic standards or implementing the next big technology or getting patrons to a resource in the fewest number of clicks, there exists a need to consider the vulnerabilities implicit in operating a public space and to address them before they are exploited and hinder legitimate users.