There's been a debate going on in Library land for a while now about the relative importance of privacy as it applies to library users. And by "a while now" I mean decades. It probably goes back before the automation of circulation records back in the 60s and 70s, but there is no question that the advent of computerized circulation tracking added impetus to the discussion, as various third parties (for example, law enforcement) sought to obtain access to library circulation records for their own purposes. Typically libraries have taken the stance that user records are to be kept confidential, and better yet, not kept at all beyond the point at which they are operationally required. The idea here is that if you knew that your reading choices were being monitored, it might have something of a chilling effect on your freedom of thought.
However, the discussion started to get spun in interesting ways with the advent of cloud computing a few years ago. The staunch privacy advocates were still there, of course, but other voices, more resigned if not downright cynical, began to dominate. Privacy is a red herring, they said, for two reasons:
1. Users no longer care about privacy anymore. Look what they post on Twitter and Facebook!
2. It's silly and naive to think libraries can stand up to vastly more powerful and better resourced outfits like the NSA and CSIS. Do you honestly think you can keep the spooks out of your circulation records, if they want in?
Of course, in rebuttal I could take the low road and simply note how privacy magically became unimportant when it began to pose a challenge for the business models of cloud service providers. But instead I'll approach it somewhat differently.
The first argument is the easiest to rebut: Just because some of our users over-share, it doesn't mean all of them don't care about privacy. Even more important is the question of agency: it's one thing if users choose to share personal stuff, it's another thing (read: abdication of responsibility) if we share their personal stuff without their consent, or expose it to the possibility of third-party access through negligence. And finally, there has been enough hue and cry over things like Bill C-51 to put paid forever to the idea that people don't care about privacy anymore.
The second argument is harder, because it's less of an ideological position and more a statement of defeat. So what I'm going to do first off is to in fact concede defeat as a rhetorical strategy. Let's say the central argument is in fact correct: the spooks will have their way regardless of anything we try to do about it. Is privacy dead?
Well no, I don't think so. And that's because privacy is not a binary, all or nothing kind of thing. It's actually pretty contextual. To take a purely hypothetical example, let's posit that I like to stay home in the evenings and have tea parties with my cats. One day I discover there's a webcam on my windowsill. Which would bother me more: finding out that it was the NSA recording these private moments as part of their general surveillance activities, or finding out that my next door neighbour was live-streaming the parties on YouTube? Of course, the latter would be a lot more troubling, because it would be a lot more embarrassing.
And that's precisely what the NSA argument is missing here: personal information can be used by all sorts of people for all sorts of things, and for most of us the NSA and CSIS are the least of our worries. There was a piece in the New York Times not too long ago about data brokers, companies that aggregate information about individuals and use it to draw inferences about them. That their dossiers often contain erroneous information, out of date information, and unsupportable inferences does not stop them from being consulted by, say, employers when evaluating the suitability of job applicants. Imagine the boon to all concerned if all the books you ever checked out of a library, or all the articles you ever read online, could be added to their data pool.