Aiding and Abetting: Third-Party Tracking and (In)secure Connections in Public Libraries

Abstract

ABSTRACT Patron privacy, as articulated in the American Library Association (ALA) Code of Ethics, is a longstanding concern for librarians. In online environments, the possibility of tracking by third parties, usage of HTTPS/TLS to provide secure connections, and easy disclosure of a site’s privacy policies all have implications for user privacy. This paper presents new empirical evidence about these issues and discusses their ethical implications. Data about the incidence of third-party tracking, usage of HTTPS by default, and easy discoverability of a privacy policy or terms of service (TOS) were collected for public libraries across Canada and the United States. The sample consisted of 178 public libraries; members of the Canadian Urban Libraries Council and Urban Libraries Council. Several common commercial databases (e.g. OverDrive) were also examined using the same criteria. Results show that only 12% of libraries were devoid of third-party tracking, with Google Analytics being the most common third-party tracker. While libraries may support HTTPS under certain circumstances, it was found that a majority of libraries serve neither their websites nor their online catalogs (OPACs) HTTPS by default. Regarding disclosure of possible tracking, it was found that 58% of libraries did not link to a TOS or privacy policy from their homepage. Together with previous research on the usage of privacy-enhancing tools in public libraries, these results suggest that public libraries are accessories to third-party tracking on a large scale. Implications of this fact in light of library professional ethics are discussed.