Libraries value patron privacy. Yet a scan of current practices reveals uneven activation of the basic technology to secure web-based library systems. Encryption of data presented in online catalogs, discovery services, and other resources is essential to protect privacy. Without encryption, the content that patrons search for, view, or download is easily intercepted. These online streams of communications deserve the same protection granted to circulation records, but few libraries are taking even minimal steps to encrypt this data.
Secure communication on the web provides two important benefits:
- identifying the website authoritatively
- enabling encrypted communications between the user’s browser and the server that provides the resource
Encryption algorithms transform the data into a seemingly garbled form that, if intercepted, cannot be deciphered. The use of a secure communication protocol (HTTPS) provides the best approach available today for protecting patron privacy. With HTTPS, a page remains encrypted from the time it is transmitted by the web server until it is displayed on the user’s browser. The information remains impervious to eavesdropping throughout its route, even if it passes through unsecured wireless networks or other points of vulnerability. The use of HTTPS has expanded from securing passwords and credit cards to all types of online services, and it is now widespread among commercial services, including Facebook, Twitter, and all Google services.