RE: [IUG] Experiences with the Reading History option

["Hahn, Harvey" <hhahn at ahml dot info>]

Aimee Fifarek wrote:
|We're a turnkey site, so if we had a warrant for the information we
|would ask innovative to provide us or the police with it.  However from
|a practical standpoint all a staff member would have to do is to log in
|as the user (for us, that would mean resetting the user's PIN) to
access
|it.  From a professional ethics point of view we would never do that,
|but technologically speaking it would be simple.

With search warrants (and, I presume, FISA requests), the authorities
can *TAKE* what they need--and if that's the III server, that's the way
it is.  (I hope libraries have appropriate onsite and offsite backups to
load onto a new server to get you back in business relatively quickly,
perhaps several days.)  Is loss of your III server part of your disaster
planning?  "Disasters" don't have to be flood, fire, chemical,
electrical, weather, hacker, or terrorist related.

And, along the same line, John Boggs wrote:
|Even if you can't access it, Innovative can -- unless it's encrypted.
|After all, it has to be stored somewhere on the server.  I'd wager that
|the inability to access it through the staff interface wouldn't stop
|anyone intent on making you give it up.

Accessing data (even encrypted or supposedly "erased" or "deleted") is
what the field of computer forensics is all about (and what the
authorities mentioned above would use to find the data they're looking
for).

Harvey
 
--
===========================================
Harvey E. Hahn, Manager, Technical Services Department
Arlington Heights (Illinois) Memorial Library
847/506-2644 - FX: 847/506-2650 - Email: hhahn(at)ahml(dot)info
OML & Scripts web pages: http://www.ahml.info/oml/
Personal web pages: http://users.anet.com/~packrat