Posted by: bluesyemre | June 10, 2016

Protecting #patron #privacy – #Libraries are failing to use #HTTPS


Libraries value patron privacy. Yet a scan of current practices reveals uneven activation of the basic technology to secure web-based library systems. Encryption of data presented in online catalogs, discovery services, and other resources is essential to protect privacy. Without encryption, the content that patrons search for, view, or download is easily intercepted. These online streams of communications deserve the same protection granted to circulation records, but few libraries are taking even minimal steps to encrypt this data.

Secure communication on the web provides two important benefits:

  • identifying the website authoritatively
  • enabling encrypted communications between the user’s browser and the server that provides the resource

Encryption algorithms transform the data into a seemingly garbled form that, if intercepted, cannot be deciphered. The use of a secure communication protocol (HTTPS) provides the best approach available today for protecting patron privacy. With HTTPS, a page remains encrypted from the time it is transmitted by the web server until it is displayed on the user’s browser. The information remains impervious to eavesdropping throughout its route, even if it passes through unsecured wireless networks or other points of vulnerability. The use of HTTPS has expanded from securing passwords and credit cards to all types of online services, and it is now widespread among commercial services, including Facebook, Twitter, and all Google services.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: