While I was taking a break working on a blog entry, this post by Patrick Sweeney about getting rid of library cards showed up in my Google Reader. He talks about replacing library cards with user names and passwords, with authentication control happening at the library locations. I thought this was such a different take on the one traditional part of the library experience that I started to write a reply. What I wrote grew beyond what felt like a simple note so I decided to drop my current post and craft this one.
So, with the spirit of Patrick’s post in mind (getting rid of library cards), I started to think about what existing technology that we have now that could be adopted to fit this ultimate goal. In leaning back in my desk chair and rolling the puzzle around in my head, I brought it down to a few requirements: provide the same level of authentication (for privacy), provide the same level of permissions on and off site (for access), and be arguably easier and cheaper than the process it replaces (issuing library cards). Under those guidelines, I’d like to propose some additional alternatives to the library card (with varying degrees of viability).
1.) Cell phone wallet: Popular in the countries like Japan and South Korea, your library card information is stored on your mobile device. Simply by swiping your phone on a signal reader, you can use it for all of your library business (e.g. checking your account, borrowing materials). Computers in the library could be fitted with readers. For offsite authentication (such as remote account and database access), the user could simply retrieve their stored card number from the phone.
The major con for this is that not everyone has a cell phone, whether they are too young (think babies, toddlers, kindergarten through whenever their parents want to five them phones) or they cannot afford one with cell phone wallet capability. While the technology is popular in other countries, it has not taken off in the United States. In addition, this could also pose account management issues with people wanting to lend their card to others to check out materials, use computers, and other situations of permissible card lending. Unlike a card, a cell phone does not lend itself as well to lending.
2.) Fingerprint Scanner: No need to carry a card when you are using your fingerprint for authentication. Fingerprint scanners have come down in price to being under $100, a figure that is relatively easy to reach. Just scan your thumb or forefinger at the circulation desk or computer lab to prove your identity. It’s more reliable and secure than a library card since fingerprints are a unique biometric. The patron’s privacy is secure behind the fingerprint; it also completely removes the need to remember a library card while providing an accurate way of identifying patrons.
As nifty as this would be, it completely fails the off site authentication test. It would have to rely on a supplemental piece of material so that people could remotely access accounts and databases. However, for libraries where the materials and databases are not generally reached offsite (think of certain types of special libraries), this might be the right approach to securing access to sensitive materials. Like the cell phone wallet, it also creates the same issues for lending of library cards or allowing multiple people to use a card. Also, it does not address the issue of the small number of people who are without hands.
(My next suggestion doesn’t get rid of the library card, per se. However, I think it does present another possibility to the alternative of the library card.)
3.) A hybrid RFID card/’one button’ authenticator: Ok, so this device doesn’t exist, but it does take two types of existing technologies that would not work for the purposes of this idea experiment and put them together. Yes, it’s still something people would need to carry, but I think it could have broader implications and aspirations for a simple library card.
The RFID provides the on site identification for materials. Swipe the card past a reader, do your library business, done. I think the potential for RFID in libraries goes further by acting as a library card in multiple locations. The idea of a single card being able to access multiple locations (for example, your library, your state’s library, and the Library of Congress) would be the ideal; a single library card to access everything.
The one button authenticator provides the off side identification. Pressing the button provides a unique and time sensitive series of numbers to be entered into the interface to provide access. This is used currently in the private sector for secure computer networks (including the largest massively multiplayer online roleplaying game, World of Warcraft, with over 13 million players) Within a combined system, it could provide remote access to accounts and subscription materials for a spectrum of libraries.
While it solves the problems of remote access that are shared by the cell phone wallet and fingerprinting, each technology carries its own baggage. RFID has privacy and security implications that make it a vulnerable means while the ‘one button’ authenticator has the chance of failing like any other computer chip. In addition, there is the additional cost this would incur in the form of cards, readers, and staff training.
I will admit that it is a bit of technology overkill for solving a simpler problem, but it was still fun to imagine. I really liked Patrick’s post because it was bold in its questioning of a status quo. Perhaps libraries won’t replace cards, but it doesn’t hurt to go back and examine practices to either reaffirm, renovate, or remove them. It is this kind of inquiry that tests the boundaries and makes the occupation and practice more interesting to me.
Overall, I think there are alternatives to library cards, but it is on a location and library type basis. There are enough nuances to this that, in the right situation, a library could replace their cards with something else. Perhaps it is on this micro scale that card alternatives could be considered, so long as it is a true replacement and capable of community-wide acceptance. In any case, I wouldn’t think it would be a daring statement to say that anything that eases the patron-library interaction would be possible welcome addition.
Previous Library Reloaded post: Collections
Agnostic, Maybe 
Pingback: uberVU - social comments
I dig the option #1. Perhaps we (the libraries) should have the hybrid version like some airlines have done. For those who have the phone, they can use their cell phone wallet. For those who don’t (or opt not to), they can still use the traditional method. Nothing says you have to stick with one version only.
The “card lending” situation is an interesting challenge, although, technologically, I think it’s possible (add trusted accounts, like some professors @ MPOW do for their ILL needs so their assistant can do the ILL/pick up materials on behalf of the professor.)
I actually installed a “reward cards” mobile application on my phone and added my library card barcode on it too. Haven’t tested it out yet. If it works, I might persuade our Circulation Head to accept it. 😉
As a special librarian and a public library user, I still favor the traditional library card. Maybe I have an attachment to the memory of my first library card and the feeling that it has special power. I resent that I have to use a long stringed library number to access my account from home or the library ( I can’t remember such a long number). I’m still not sure if the user id can be changed to something similar.
I’m not a smartphone user–my husband and I are both unemployed. I also don’t like the behavior I see with users of smartphones. I see people who constantlly check their phones and aren’t engaging in the world around them.
This story addresses the last point you made.
So, I went to a conference last year. At the conclusion of the conference day, I went to dinner with a large group of people. We got a long table so all of us could sit together. The person who say next to me had a smartphone. During the entire duration of dinner, they were engaged with what was going on on their phone. I tried to make conversation (I was not terribly familiar with this person), but was rebuffed each time. They would answer, then lock their eyes back on their phone. It was rather rude behavior on their part, not because they didn’t talk to me, but they were not engaging anyone at the table. It was rather disconcerting.
I wouldn’t say that my post would convince people to swap to another form of authentication. I would hope that it would make people think about what some of the regular mundane things that we do at the library. A little evaluation goes a long way.
Library cards are used in two major contexts, which you mentioned in the form of “tests”: In the library, checking stuff out, and on the web to view resources such as account information or databases.
Within the library, scanning cards is an efficient workflow for circulation staff – if the patron has a library card, just scan the barcode and their patron record is ready for circ activities. This, however, is not a secure mechanism in-and-of itself. Unless a second authentication factor (such as checking against physical attributes stored in the record, or perhaps asking for secondary photo identification) is verified, anybody could use any card to check out materials.
Unwatched self-check stations and mobile devices are a particularly pernicious combination. Take, for example, this simple script (made for purely demonstrative purposes): http://brad.hawidu.com/bcode/
A user could load this webpage on their iPhone, put the first common digits of their barcode into the “prefix” area, then generate the rest as random digits. If the self-check station doesn’t impose a limit on the number of false scans, the user WILL eventually get into a random account. This isn’t particularly useful off-hand, unless the user is a thief and simply wants to disable RFID tags before walking through the security gates at the exit. Also, I suppose it could be useful for identity thief types, as personally-identifying information may automatically pop up on the screen.
Barcode readers are also susceptible to the same attacks as any input device going in to a computer system: http://video.google.com/videoplay?docid=-5716320056489246991#
Input validation is important, as this video attests – can we be assured that ILSes properly validate input strings to guard against exploits?
Luckily, there are a few ways to protect against these security concerns:
1. Limit the number of false scans at a station before disabling the station temporarily
2. Add a second factor of authentication, such as a passcode
I wholeheartedly recommend two authentication factors for any transaction with a system. Passwords should be salted and hashed if stored in the database, and the two points must match within the record. At least one of those points of authentication should be a string that the patron should not write down, such as a password. If someone can guess both matching points (or finds them on paper somewhere), the additional security of the two-point process is moot, except in the random barcode generator example.
That being said, there are some technologies out there that can make web authentication faster and easier for patrons, while outsourcing much of the authentication concerns to applications with a vested interest in secure transactions. I’m speaking of Facebook Connect, OAuth, and OpenID. These authentication methods essentially handshake the authentication of one system to another, so a user can sign in to facebook and the credentials (albeit keyed) propagate to the secondary service. These can be additive to a sensible authentication scheme, so users with Facebook, Google/Twitter/etc., or an OpenID provider can piggyback the authentication of their familiar system onto that of their library account. This is a secure and practical method – though it may be cumbersome to convince vendors to add it to their systems. If I were to recommend one method to make web authentication faster and easier for patrons, that would be it.
Within the physical library, checking out books, a barcode system combined with a PIN or other passcode may be old-fashioned, but it is practical. Since we don’t necessarily WANT patrons to lend each other cards, a PIN doesn’t impose too much.
Your idea of using biometrics is novel and would work the vast majority of the time in conjunction with a secondary input, with a few caveats not mentioned in your post:
* Biometrics can be hacked like any input method: http://www.washjeff.edu/users/ahollandminkley/Biometric/index.html
* Implementing sensible and secure backend software for verifying biometric input is tough
With a password, you can reasonably secure the string by not storing the password itself but rather a salted hash in your database. With biometrics, you’re comparing the profiles of two disparate images. Unless the profile can be obfuscated in a similar manner, the full biometric records of your patrons are susceptible to database hackers.
Cell phones, fingerprints, and RFID/RSA modules are all single factors, so someone could swipe the card and have access to the system. A second authentication factor should be necessary, whether an old-fashioned card is used or some new-fangled contraption replaces it.
This isn’t putting library data on any sort of pedestal; these are security principles that should be used whenever users store their information in a database. If libraries aren’t providing this minimal level of security to their patrons’ data, then patrons should be wary of storing their data at libraries.
http://en.wikipedia.org/wiki/Two-factor_authentication
My final contention with regard to abandoning library cards is a sentimental one; It’s not just about teaching kids responsibility, it’s giving them pride. I was so happy to get my library card because my wallet as an x-year-old was all cards that I had drawn myself. My library card was the first thing in there that actually was useful in the real world, and I loved the library for issuing it to me. It was a rush to sign the little white strip on the front, since I had only recently learned to write it in cursive. This was the foundation for my appreciation of libraries.
Library cards are such a part of the library/librarian brand that it would be unwise to break the tradition. People love to hear about books and the dewey decimal system and all the other things they associate with libraries. Library cards are certainly part of that combined narrative.
Pingback: The Library Reloaded: Fines « Agnostic, Maybe
Pingback: Library Reloaded: The Catalog « Agnostic, Maybe
Pingback: The Library Reloaded: Library Cards, Cont. « Agnostic, Maybe