Documents  
Those Darned Users!   
Librarian and librarian.net blogger Jessamyn West explains how to serve your users without sacrificing safety, privacy, or your sanity.
Author:
Jessamyn West
Date Posted:
9/11/04
@Jessamyn West 2004
Tags: expwj

The trouble with providing public access computing in a public library setting is, of course, the public. Though we have the occasional tussle with spyware and unintended porn/casino links on the staff computers, we wage an almost daily war against "the troubles" on our 15 public access computers. Since we are a small library with no full-time systems librarian, troubleshooting computer problems is left to the head of circulation with the assistance of reference staff and sporadic visits from a local computer consultant. While this is not an ideal situation, it's what we've got.

Since we still have an obligation to protect the privacy of our patrons, the online safety of our youth users in particular, and the sanity of our staff members, we have a lot of work to do with few resources and little time. This article contains some accumulated wisdom and knowledge from our situation to hopefully assist you in working with yours.

This article assumes that you have public access computers in your library that may or may not have internet access. It also assumes you could possibly use some help getting the larger system of public access computing running more smoothly in your library. This article deals more with the nuts and bolts of policy than the realities of specific software and hardware configurations.

Start with Sanity - the Five W's of Public Access Computers [PACs]

If you can lead with a good system to begin with, you don't have to make as many mid-course corrections. Not having to constantly put out fires leaves staff free for miscellaneous other librarian jobs, and keeps them happier. Maintaining a networked computer system can easily take up all of one or many staff members' available time. Here are some guidelines for using the time that is available appropriately and judiciously. The recipe for sanity is a well thought out system that is implemented with competent leadership and adjusted using solid feedback mechanisms.

Who Staffs Them - Decide who is going to administrate all duties related to PACs up front. None of these jobs will be taken care of by patrons. Some may be able to be done by volunteers. Some of these jobs can be automated, but many can't. Keep in mind that ensuring that these jobs are done is, itself, a job

What Needs to be Done - "All duties" include turning computers on and off daily, regular maintenance, emergency maintenance, cleaning monitors and mice, upgrading and replacing hardware and software, and staffing in whatever way the library feels is appropriate. Be sure to include time for troubleshooting problems, shopping for equipment, supervising people doing these jobs, giving feedback on how well the system is working, and reporting on progress and problems to the necessary people. The task of maintaining a public computer network is much different than maintaining a home computer and needs to be approached more seriously. While you probably know what is on your home computer, make sure you have an inventory of what operating systems, software [including version numbers] and networking configurations are on each different computer at your library, including staff computers. An inventory list can be combined with a maintenance log so you can keep track of who fixed what, and when.

When This Needs to Happen - These jobs should be placed on someone's regular work schedule and done frequently enough to avoid problems. They take time. Patrons should not have to deal with: home pages that revert to Windows Update; pop-ups telling them to upgrade their virus software; or web pages that do not function because the browser they are using is several years old. All of these are easily preventable problems.

Where [a subset of When] - The more maintenance work you can do on the PAC while the library is closed, the better. If your library has determined that having computers is a patron right not a luxury, you should not be surprised when people begin to rely on them and expect them to be functional when the library is open. Be clear about what patrons can and can't expect, and offer work-arounds when possible if maintenance or outages make computers unavailable.

When Things Go Wrong - A system with as many moving parts and interconnected systems as a PAC environment can be assumed to have troubles from time to time. With luck this will happen less often if the system is well-maintained. Any system is easier to maintain when it's working properly. Make sure you have procedures in place for reporting outages both internally and externally, reporting software and hardware malfunctions, alerting patrons to outages and problems, notifying staff of any odd new changes to the computing environment, having staff notify you if there are problems that can't be fixed immediately, and getting necessary updates for virus and spam filters. Try to not have staff reiterate tired "computers are hard and confusing" mantras when things don't work right. Your patrons, rightly or wrongly, see you as the experts and will take cues from you. Be in control of the situation.

If you do only one thing in this article, make sure you have a plan for what to do if things go wrong.

Safety and Privacy - Two Sides of the Same Coin - Five T's To Think About

Keep in mind that all of this planning takes place before the patrons even enter the picture....

We have to protect our computers from our users while we try to protect our users from our computers. At the same time, we must protect our users and our computers from unwanted intrusions and spying, from both strangers and people we know. In your role as librarian superhero, here are some foes you must learn to vanquish, starting from easy to complicated.

Time - Unless you are a very small library with some very tame patrons, you will need to manage the shared time that is available on your computers. I generally think that any system is preferable to no system, and that a system that you can explain in under 20 seconds is preferable to one that may seem more fair, but is complicated to explain. As an example, here is the current state of our public access system:

We have five OPAC-only computers that can also search our web site and our online databases. We have one stand-alone word processor and one stand-alone kids' games computer, both without Internet or sign-on screens. We have four patron-only computers that have Internet and word processing. Three are one hour computers, one is a 15 minute express terminal. We have five computers available for patrons or non-patrons. Four are one hour computers, one of them is filtered for children or anyone preferring a filtered Internet experience. One computer is a fifteen minute express computer. All computers require logins. If you are a patron, your login is your library card number and PIN. If you are a non-patron you need to get a temporary login from me.

It's a mouthful. We have a system that evolved over time as the library got more computers and different ideas of what to do with them. To be fair, it used to be worse. At our library, computer users get a warning when their time is running out, but otherwise they are on their own as far as keeping track of time and queueing for computers. Having the software time your patrons beats having someone with a Masters degree doing it.

Thoughtlessness - Do you have an internet use policy at your library, or a privacy policy? Are they on your web site? Make sure your users see them and agree to them every time they use the computer. Time management software often lets you insert a screen before the computer is "unlocked" where users can agree to the library policies. This may not keep patrons from using the computers inappropriately, but it makes enforcement a more cut and dried proposal. Similarly, if your patrons are free to view material that other patrons may not want to look at, invest in some privacy screens for your monitors and try to arrange computers so that you strike a balance between total anonymity and reasonable boundaries between patrons.

Thwarting Access - I would certainly prefer to live in a world without internet filtering, but CIPA and the Weird Wide Web have made thinking about filters a necessity. If your library has mandated the use of filters, make sure you know why. Make sure you know what needs to be done to bring your library into compliance with CIPA or with other local regulations. Decide if you want to meet the spirit or the letter of the filtering regulations, since they are often different. sSee if you can use a filter with a customizable blacklist, or a blacklist that your staff can access. Choose a filter where you can whitelist pages that are errantly blocked or disable the filter entirely if a patron requests it. Make sure you understand why pages are blocked so that you can explain that to patrons. At my library, the URL to our online databases page contains the word "adult" so it's blocked by our filter.

To Lock Down or Not to Lock Down - As much as we like our patrons, we can't trust all of them to not test the limits of our systems. A pro-active approach to security, optimally one that restores a computer to the same state for the next patron, is a good way to prevent both privacy and security issues. The more locked down a computer is, however, the less it behaves like a computer your user might recognize, so choices have to be made concerning how far you want to go down that path. Do you want users to be able to save documents on to the hard drive, the A drive, a CD, a Zip disk? Should they be able to right-click, restart the machine, use their own headphones, or bring their own software? These will all come at a price.

Trail, Breadcrumb - Any data that your users leave on a public computer after they leave could potentially be used by other users [such as email logins or credit card numbers], discovered by other users [bookmarks to porn/casino sites, resumes] or made available to law enforcement, should they desire it. Assuming your patrons are using the computers primarily for internet browsing and word processing, here is an incomplete list of places where personal user data can hide that you should be aware of:

  • cookies - can be set to be on for a session, cleared after a session
  • bookmarks - ditto, or restored to a default set of library bookmarks
  • home page setting - if your library has a home page, it should be the fixed default page on your browsers, unless you have a start page already configured
  • browser cache - there is no reason to keep a cache except that you do not know how to get rid of it; make sure you delete caches for all browsers patrons may use, not just whatever the primary one is.
  • history - set this to zero days, make sure it's clear after each session
  • hosts file - many browser hijacks corrupt the hosts file, but it can be write-protected or rewritten with a clean copy each session
  • start menu - the Documents menu off of the start bar has the names of the last ten or so files accessed. this can be locked down or cleared each session.
  • most recently used files - same as above, for users of Word or other Microsoft projects

Make sure your browsers are not set up to auto-fill forms, save passwords, or even, if you can avoid it, auto-complete URLs. Make sure there's no default user's email address configured. It's less than perfect if users can't click mailto links to send email, but it's better than users sending email from your library's email address.

Wrapping Up - Setting a Proper Tone

Of course, if you really want to test your security system, let a bunch of fifteen year olds use it for a few hours and see what sort of hijinx ensues. Short of that, just keep track of problems or issues as they come up, and encourage your users to let you know when something isn't working correctly. Make them part of your troubleshooting system - since they use the computers all the time - and you can get early warnings of small issues before they become big problems.

A successful PAC system most of the time should "just work" and at the same time, not make users sad, frustrated or horrified. Things will sometimes go wrong, but with proper foresight and regular maintenance really ugly mishaps or glaring privacy invasions should be avoided or at least minimized.

Jessamyn West is the Outreach Librarian at the Rutland Free Library in Rutland Vermont. She maintains the weblog librarian.net and has been using computers for two decades.

Contribute to this topic
Do you have an article, presentation, or other content to share on this topic?
You can post it on this topic page. Find out more about submitting documents in the Member Center.
Ratings You must be signed in to rate this item
Average (0 Votes)
Comments