may04b.indd C o l l e g e & R e s e a r c h L i b r a r i e s Authentication and library public access computers A call for discussion by Nancy Courtney A uthentication is creeping quietly into academic libraries. It is often initiated by groups external to the library, mainly campus computing personnel, database vendors, and serials publishers. Librarians who would rise up to defend library circulation records are, often without protest, allowing a system to be put in place that will track every movement made by a patron on a library computer and match it to the patron’s identity. Besides the loss of privacy, there are real concerns of ac­ cess and convenience. Imagine having to log into a library computer every time you want to check a reference in a database. Imagine being a visitor at a library with which you are not affiliated. Will you have to fill out fi ve minutes worth of paperwork in order to do a two­minute search? Will you even be able to check a reference or will access to the data­ base be denied you altogether? Authentication seems to represent a major shift in library policy, yet the subject is nearly absent in the library literature and remains undiscussed at conferences. Authentication is considered here within the context of public access computers in academic libraries (i.e., computers located in public areas of the library that are intended for patron use) and is defined as having to log in with a username and password in order to use the computer. In many academic libraries, staff computers already function this way, but public computers have been largely open for anyone to walk up and use. This article is not concerned with the issue of remote authentication, which provides a means for affiliated patrons to use proprietary databases from off­campus Internet addresses, nor is it concerned primarily with the issues of privacy and anonymity, although these are deserving of further scrutiny.1 Its primary focus is ac­ cess to academic library resources by patrons unaffiliated with the institution and how the adoption of authentication on public access computers can limit or deny access to library materials. Authentication practices As part of a 2001 survey of 814 academic libraries regarding policies toward unaffi liat­ ed users, 72 academic libraries indicated that they used authentication, and 56 planned to implement it within the next 12 months.2 In order to look more closely at the details involved in authentication, an informal sur­ vey was developed and e­mailed to a rep­ resentative of the reference department or alternate at each of these libraries. In some cases, a suitable e­mail address could not be identified easily and the library was not sur­ About the author Nancy Courtney is head of the Information Services Department at Ohio State University Libraries, e-mail: Pcourtney.24 @osu.edu © 2004 Nancy Courtney C&RL News May 2004 / 269 http:Pcourtney.24 veyed. Surveys were sent to 62 of the librar­ ies that indicated they were already using authentication and to 35 of the libraries that indicated planning to authenticate. If the li­ brary was not planning to use authentica­ tion, they were asked not to complete the rest of the survey. Thirty­eight replies were received from libraries now using authen­ tication (30 from the “using” group and 8 from the “planning” group). Twenty­one of the 38 libraries answered that they had a mix of authenticated and unauthenticated computers in the library. Of these, nine libraries had a certain number of catalog­only machines, two had “kiosk­type” machines, eight had a limited number of “public” machines, one mentioned a single machine for the catalog and one database, and one had a machine just for accessing government documents. Most libraries had a limited number of public machines, rang­ ing in number from two to six, although an exceptional library had 50. Twenty­seven libraries allowed unaffi li­ ated patrons to use authenticated machines. Two additional libraries said they did not allow use but made very limited exceptions. In 11 libraries, the staff logs the patron on, 8 libraries had generic or guest logins available, 9 assigned guests a temporary identifi cation, and 1 had a single password for consortium users. When questioned about what resources unaffiliated users were not allowed to access, nine libraries indicated productivity software and nine specified databases with licensing restrictions or all subscription databases. Other types of resources unavailable to un­ affiliated patrons in a small number of cases were Internet access, free printing, certain special databases, campus network drives, and, in one case, everything but the online catalog. Why authenticate? Libraries were asked to indicate the moti­ vation for requiring authentication. Fifteen answered that it was a campus requirement and ten libraries cited high demand for com­ puter use. Hacking, threats, and other secu­ rity issues were cited in eight cases, and da­ tabase licensing restrictions were mentioned by five libraries. Other reasons given were the need to limit printing to authorized us­ ers, the desire to give affiliated users more access to the network, and the desire to pre­ vent users from viewing pornography. Most libraries reported that users and library staff were satisfied with the system, although a few mentioned that it was more work for staff to log patrons in and, in one case, staff expressed concern over the loss of user privacy. Conclusion The results seem to indicate an ambivalence among academic libraries regarding authen­ tication as evidenced by the fact that more than half of the sample still provide some form of public access, such as a catalog­ only machine or a limited number of public workstations, and an even greater percent­ age allow use of authenticated machines by the public. In addition, the restrictions that existed were sometimes limited to provid­ ing an increased benefit for affi liated users (such as use of productivity software or free printing) without denying access to outside users. Of greater concern is the acceptance of database license restrictions as a reason for authentication. Libraries are not obligat­ ed to accept licenses that do not permit use by walk­in users. It is also a concern that libraries are being driven by campus computing policies when it comes to authentication. The comparison with library circulation records is not an idle one. Librarians have taken a strong stand con­ cerning patron privacy with respect to circula­ tion records and have policies to prevent their misuse, even to the extent that systems are designed to prevent retention of information. The difference is that circulation records exist within the library’s control and public access computers, now connected to the Internet and tied to the campus computing center, are perceived as being outside the library’s control. It is also possible that librarians with little technical knowledge readily bow to the desires of campus computing professionals when confronted with incidents of hacking, security breaches, and the specter of death threats issuing from the reference room. The issue is not that authentication is un­ equivocally good or bad. It is that it is a sub­ ject that needs to be considered deliberately, with concern for how it relates to the library’s philosophy of service and existing policies. (continued on page 277) 270 / C&RL News May 2004 W a s h i n g t o n H o t l i n e Bernadette Murphy Register to Vote @ your library Libraries are essential to our democracy and, thanks to a new partnership, libraries throughout America will have an opportu­ nity to make it easier than ever for people to become registered voters. Through Register to Vote @ your library, ALA and Working As­ sets will cosponsor a voter registration page at www.yourvotematters.org/ala, where in­ dividuals can register to vote or update their registration information. Voters in all states except New Hampshire, North Dakota, and Wyoming are eligible to complete registra­ tion via this Web site. The Your Vote Matters site was created and customized by Working Assets for par­ ticipating nonpartisan, nonprofi t organiza­ tions. When citizens register to vote through www.yourvotematters.org/ala, they help raise funds for ALA thanks to a generous grant from Working Assets. All donated funds will be used to support ALA’s library advocacy efforts nationwide. “Libraries have always served their communities by providing the information resources needed to be informed citizens,” said ALA President Carla Hayden. “Libraries are community centers offering information on voter registration, hosting forums, and providing resources about issues of concern in the community and the nation. Our public libraries are a perfect fit for this critical civic activity. We are delighted to have Working Assets support in this effort.” ALA will highlight Register to Vote @ your library on its homepage and via press releases and member publications. Through these ef­ forts, ALA will not only encourage members to become registered voters, but also will ask librarians to promote voter registration through this site in their local libraries. ALA will award a grant of $1,000 to the library that registers the largest number of voters through the site and grants of $500 to the fi rst five libraries that register 500 individuals. Bernadette Murphy is communications specialist at ALA’s Washington Offi ce, e-mail: bmurphy@alawash.org In addition to helping to support advocacy at ALA, Working Assets will underwrite the costs of producing tip sheets, bookmarks, and buttons for library workers to use in promoting voter registration in their com­ munities. These materials can be requested online at www.ala.org/requestmaterials by any library interested in participating in this voter registration initiative and grant contest. Materials will be mailed to libraries until early September. “When it comes to defending our democ­ racy, librarians have always been on the front lines,” said Working Assets President Michael Kieschnick. “We’re proud to be their partner in this crucial campaign to register new voters in library branches nationwide.” For more information about Register to Vote @ your library, please contact Lainie Cas­ tle at (800) 545­2433, extension 5050. Contact Your Vote Matters at (877) 205­VOTE(8683) with technical or voter registration questions. For more information about Working Assets, visit www.workingassets.com.  (“Authentication...” cont. from page 270) It should not be dictated by the conve­ nience of other units or the passive accep­ tance of standard license agreements. Notes 1. Two articles that do consider the privacy aspects of authentication from somewhat dif­ ferent perspectives are: Lynn Sutton, “Advo­ cacy for Intellectual Freedom in an Academic Library,” in Crossing the Divide : Proceedings of the Tenth National Conference of the As­ sociation of College and Research Libraries, March 15–18, 2001, Denver, Colorado, ed. Hugh A. Thompson (Chicago, ACRL: 2001), 54–56 and Virginia Rezmierski and Aline Soules, “Security vs. Anonymity: the Debate over User Authentication and Information Access,” EDUCAUSE Review 35 (March­April 2000): 22–30. 2. Nancy Courtney, “Unaffiliated Users’ Ac­ cess to Academic Libraries: A Survey,” Jour­ nal of Academic Librarianship 29 (January 2003): 3–7.  C&RL NewsMay 2004 / 277 http:www.workingassets.com www.ala.org/requestmaterials mailto:bmurphy@alawash.org www.yourvotematters.org/ala www.yourvotematters.org/ala