What e-books at the library mean for your privacy

Folks know what you read last summer.

Laura Hautala
Laura Hautala
Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala
5 min read
Open book
Getty Images

Back in 1995, printing company Quad/Graphics didn't let its employees in Saratoga, New York, access the internet. But that didn't stop the workers from figuring out a way to get online during business hours.

The employees dialed long distance -- that was a thing back then -- to a free dial-up internet service called Libraries Without Walls that was offered through the Southern Adirondack Library System and used their library cards to log on. Over a span of 18 months, they surfed a total of 1,770 hours and racked up $23,000 in phone bills.

Unsurprisingly, Quad/Graphics wasn't happy. So the company asked the library system to give it the names of the employees who used the service. The library refused and when taken to court, a judge backed it up.


The Next Chapter is a multipart series that examines the changing role of libraries in a connected world. 

James Martin/CNET

The incident underscores the lengths to which librarians go to protect patron privacy . But the world has gotten more complicated since the days of dial-up. As National Library Week kicks off, librarians face tough questions on how to balance the benefits of electronic resources with the library's commitment to privacy.

"Privacy ensures that there's no chilling effect," said Deborah Caldwell-Stone, deputy director of the Office of Intellectual Freedom at the American Library Association, "so you don't avoid a topic because you fear the judgment of neighbors or your government."

The new technology environment is at odds with the traditional role libraries have played as champions of privacy. Librarians stood up to the US government over requirements in the 2001 USA Patriot Act to share records with law enforcement. They designed policies that require that records of the books you've checked out are deleted as soon as you return them. And they've pushed every US state to adopt protections for patron records.

E-books and audiobooks, now standard at libraries, make protecting privacy harder. Titles are usually provided through private companies, which can access your data. And today's software can create more comprehensive records about you than a simple list of the books you checked out. (You can also get many e-books and audiobooks online free and legally.)

Watch this: How to check out digital library books

Who has your reading list

Library apps let you borrow e-books and audiobooks without leaving home, which makes it easier to access a library's collection. They also create a list of everything you're reading.

Some of the apps, such as Libby by e-book publisher Overdrive, keep a record of your borrowing history that's linked to your library patron ID number, though not your name. Overdrive CEO Steve Potash says the app collects the least amount of personal information possible.

"We have to be held up to extraordinarily high standards," Potash said, in order to get the trust of the nation's libraries.

Nonetheless, you still have to be confident app makers won't use your data for advertising, hand it over to law enforcement or leak it to hackers.

I know what you read last summer

Cybersecurity experts have found bugs in library apps. Erin Berman, who chairs a privacy subcommittee at the American Libraries Association, said a test of products she oversaw at the San Jose Public Library in 2018 found six apps with serious cybersecurity flaws. In March, cybersecurity expert Justin Paine found the Kanopy video streaming app leaked information about what patrons were watching because of an improperly secured cloud service.

You can also inadvertently leak your own information. Overdrive's apps let you transfer your library e-books to the Kindle app, which tips off Amazon to the library books you read. Some librarians have questioned whether patrons know that's happening and that there could be unintended consequences, Berman says. 

For example, a young person might not realize that reading a YA novel with a gay or trans protagonist on their Kindle app could prompt similar titles to appear in accounts they share with their family. That might out him or her before they're ready.

Amazon says that protecting privacy is a "top priority" for the company.

"Books are in our DNA at Amazon and we believe that public library lending has great societal importance including increases in literacy and exposure to stories and new ideas," an Amazon spokesperson said. "Maintaining the trust of our customers by protecting their privacy and ensuring the security of their data is a longstanding top priority for Amazon."

Kindle Paperwhite (2018) really is all new

See all photos

Targeting library services

Libraries are also using software behind the scenes to collect data about how you use their services. It's called customer relations management software, and it helps libraries market and customize their services.

The tools connect information about the topics you're interested in with the library programs you attend – think children's story time, gardening tutorials or legal seminars. That helps librarians know you might be interested in a newsletter about upcoming gardening events or more gardening books in the collection.

But some events are about sensitive topics, like a Know Your Rights seminar on dealing with police or immigration officials, and library visitors might not want to create a record that they attended.

Becky Yoose, a consultant who advises libraries on how to use technology while protecting privacy, says librarians must think carefully about why they need specific data.

"Usually you have people collecting data just in case," Yoose said. "It's data FOMO."

Patron demographics

Analytics On Demand, recently renamed Gale Analytics, is a service that gives librarians a map of demographic data about potential patrons. The data comes from Experian and includes information such as household income level and whether you have kids. (It doesn't include credit information.) 

Fred Zimmerman, a product manager at library software maker Gale, said the product doesn't connect the information to specific patron records. Instead, it gives libraries information on the needs and interests of their patrons so they can make better budget decisions.

"It makes you more confident if you're making your decisions based on data," Zimmerman said.

It's up to librarians not to connect a patron's library records to the demographic information from Gale Analytics, and the ALA's Berman says the service provides librarians with too much information. Still, there's comfort in knowing many librarians stick to their privacy principles -- even if you blow your company's budget by surfing the web at work.

Originally published April 8, 5 a.m. PT.
Update, April 9: Notes that Analytics On Demand is now Gale Analytics.