Sunday, March 11, 2007

From reading this you've got to wonder...

...why the Cass County Public Library is even bothering with wireless.

http://www.casscolibrary.org/wirelessfaq.htm

First of all, what's their rationale for limiting access to cardholders? The need for a public library to do so with its own workstations is obvious-they can only have a limited number of them and need to give everyone a fair shot at a chance to use one. What's more, the demand for their use is normally so great that time limits generally have to be imposed.

A network providing wireless access for user-owned equipment suffers from neither of these limitations. There's no good reason for a public library to close it, and plenty good ones not to. After all, if you do close it, you have to:

  1. Either purchase or devise an authentication solution, making the network more expensive or complicated than would otherwise be necessary.
  2. Make provisions for protecting the login credentials (because they can be easily intercepted otherwise, thus negating whatever perceived benefit you hoped to realize by closing the network, as well as exposing patrons to the risk of identity theft), adding even more cost and complexity.
  3. Provide support for the inevitable problems that patrons will have logging in, as opposed to issues with connecting to the network itself. You can beg off responsibility for the latter, since you can't take responsibility for touching my computer. You won't be able to get away with that, however, if you give me a username and password that don't work. In short, you'll be turning your library staff into a help desk.
And anyone who is a cardholder really needs to consider the privacy implications of using this network, particularly with regard to such things as the Patriot Act. Open networks that don't authenticate users don't keep records. Without a clear disclosure of what information is logged and for how long, how is someone supposed to make an informed decision as to whether he or she wants to be a registered user of this network? After all, should whatever mechanism employed for protecting the login credentials be compromised and someone's credentials be misused, it's possible he or she may only find out when the feds kick down his or her door in the middle of the night, after the miscreant's activities-carried out under the innocent patron's library card number and PIN-resulted in the delivery of a Section 215 subpoena or National Security Letter to the library (which the library would be prohibited by law from notifying the identity theft victim of). Granted, it's unlikely, but it's not impossible.

Also, doing this just seems to me to be at cross purposes with what a public library is supposed to be all about. Once again, I understand why public-access workstations need to be reserved for cardholders-although there are a few libraries where they aren't. Would Cass County ever dream of posting an armed guard at the door of each of its library branches, permitting only cardholders to enter? I hope not. Were I cruising through Belton and had some time to kill, would I be approached and asked to leave if I were to come into the branch and sit down to read a magazine from the rack? I don't think so. Why, then, preclude my doing essentially the same thing with my laptop?

Should the response include the words "costs" or "expenses," as I'm sure it will, I'd simply point out that public libraries get both state and federal money, and I, like most other gainfully employed persons, pay both state and federal taxes. The library really isn't doing much to endear itself to taxpayers with this dog-in-the-manger attitude.

Which brings up another issue. Cass says they're filtering this connection to comply with both Missouri statutes and the all-important CIPA, even though it's still an open question (or at least it was the last I heard) whether it applies to computers the library in question does not own or manage. The state law linked to from the library's website, however, appears to be less ambiguous; it clearly does not cover a privately owned laptop ("A public library that provides a public access computer...").


If you're authenticating users, why bother with filtering? No one is going to "porn" you if they have to identify themselves to you first. And why go to the trouble of filtering when in the section of your webpage discussing security issues, you suggest a surefire method of circumventing it?

And finally, what's the difference between Cass County and the rest of the metro? You're the fourth library system to implement free wireless after Kansas City, Olathe, and Johnson County, and you're the only one to close your network. Why?

No comments: