LESSON 10: ETHICAL DECISION-MAKING IN DESIGN,

IMPLEMENTATION AND EVALUATION OF DIGITAL LIBRARIES

LESSON 10: ETHICAL DECISION-MAKING IN DESIGN, IMPLEMENTATION AND EVALUATION OF DIGITAL
LIBRARIES

• Information ethics is another vital area of responsibility for digital librarians, who
have the responsibility to keep information confidential if necessary and to ensure
that it is used only in appropriate and professional ways.
• Digital information professionals have the responsibility to abide by the four
principles of information ethics as described by Severson (1997):
1) principles of respect for user’s Intellectual Property,
2) Privacy,
3) fair representation, and
4) principles of non-maleficence to daily information dissemination to users. (The
principle of nonmaleficence holds that there is an obligation not to inflict harm
on others. It is closely associated with the maxim primum non nocere (first do
no harm).
ETHICAL DECISION-MAKING IN DESIGN, IMPLEMENTATION AND EVALUATION OF DIGITAL LIBRARIES

• Introduction Information ethics provides an ethical framework for library professionals to carry out
information related works such as
1) acquiring,
2) storing,
3) processing,
4) making available and
5) using information.
• Ethics is a branch of philosophy that is concerned with human conduct, more specifically the
behaviour of individuals in society. Ethics examines the rational justification for our moral judgments;
it studies what is morally right or wrong, just or unjust (Kaddu 2007).
• Despite the presence of qualified professionals in libraries, and also rigorous campaigns by the library
to uphold ethical standards in all spheres of information works, the question of information ethics is
not widely recognized.
• The unprecedented explosion of information in all branches of knowledge, and massive proliferation
of ICT tools and techniques have raised fundamental questions about privacy, freedom of expression,
right to information and accessibility, among other issues. As a result, library and information
ETHICAL DECISION-MAKING IN DESIGN, IMPLEMENTATION AND EVALUATION OF DIGITAL LIBRARIES

• While designing, implementing and evaluating the usage of digital information, digital library
professionals need to consider customer protection as a top priority ethical obligation.
• In the Information Age, information security and privacy are very important issues.
• Digital librarians have an ethnical responsibility to protect the information that individuals
and organizations took the time to collect, record or create.
• Having appropriate regulations for the use and evaluation of information resources is
necessary to safeguard the interests of all those affected by copyright issues or the distribution
of information in digital format.
• The digital librarian should regard personal intellect in
1) non-print materials,
2) artworks,
3) music, and
4) other creative ideas as personal property.
• As such, digital information professionals should make efforts to preserve the privacy of these
 PRIVACY, ANONYMITY AND IDENTITY

• The American Library Association’s Code of Ethics states that librarians should
“protect each library user’s right to privacy and confidentiality with respect to
information sought or received and resources consulted, borrowed, acquired or
transmitted” (ALA, 1995).
• This and similar codes and standards developed in other countries have protected
library users’ privacy for many decades in the conventional library context, where
their searching and borrowing activities have not generally been monitored over
time by library staff.
• In contrast, digital libraries and especially the new Library 2.0 developments often
require the recording of personal information including bank account details (for
subscription-based services) and track search activities in detail (Kuzma, 2010;
Zimmer, 2013).
 PRIVACY, ANONYMITY AND IDENTITY

• In this context, digital librarians have the new responsibility of ensuring this data
is held in confidence, used only for the stated purpose and protected from hackers,
criminals and other parties wishing to secure information about the library users
for their own gain (Bowers, 2006).
• The privacy related concerns of digital libraries are to prevent patrons’
information from being disseminated among other users and organizations in
unethical manner.
• Digital librarians cannot give out information to parties not associated with the
patron and must not violate the patron’s privacy.
• They should be especially cautious when disseminating information in sensitive
areas such as healthcare, to protect the privacy and identity of patients.
• Furthermore, in a university setting, digital information professionals should
prevent the sharing of student information and should uphold their rights to
privacy.
 FUTURE TRENDS OF SECURITY AND PRIVACY IN DIGITAL LIBRARIES

• As Zimmer notes, now that many services formerly provided by libraries are being
made available online in other forms such as web search engines, the traditional
roles and expertise of librarians in “collecting, filtering and delivering
information” are being threatened (Zimmer).
• Digital libraries offer the possibility for librarians to retain and expand on their
important roles, if they can develop new skills and become experts in all aspects
of digital data collection, storage, preservation and retrieval. Especially pertinent
are security and privacy related expertise.
• Recent research indicates that, despite the ongoing expansion in digital libraries
around the world, there are serious shortcomings in addressing privacy and
security related issues, and low levels of awareness of the issues among librarians.
Though many laws and standards are in place that relate to information security
and data protection, there is evidence that these are not always being observed in
relation to digital libraries.
 FUTURE TRENDS OF SECURITY AND PRIVACY IN DIGITAL LIBRARIES

• For example, Kuzma (2010) conducted research with 80 European

libraries and found evidence that 65% had serious security flaws in
their web applications.
• In the non-western world, survey research with library managers has
revealed very low levels of awareness of how to develop digital
libraries and the security issues involved, and little or no training for
librarians in these areas (Mohsenzadeh & Isfandyari-Moghaddam,
2011; Sarchami, & Mohsenzadeh, 2012).
• Digital libraries form an important component of the emerging Library
2.0 developments, in which users actively participate in the ongoing
design of both physical and virtual library services (Casey &
Savastinuk, 2010).
 FUTURE TRENDS OF SECURITY AND PRIVACY IN DIGITAL LIBRARIES

• Library 2.0 initiatives are expected to expand, including the use of social media to engage with
patrons and seek their input into the development of library services.
• Web 2.0, a phrase coined by O'Reilly Media in 2004, refers to a perceived or proposed second
generation of Web-based services—such as social networking sites, wikis, communication tools,
and folksonomies—that emphasize online collaboration and sharing among users
(http://en.wikipedia.org/wiki/Web_2.0).
• Library 2.0 is a loosely defined model for a modernized form of library service that reflects a
transition within the library world in the way that services are delivered to users.
• However, Zimmer (2013) found that though there is considerable professional interest in Web 2.0,
which is seen as a significant new way of delivering library services and information content, very
little attention is being paid to the privacy implications and how to address these. As a result little
training or education is being developed for library and information specialists in this area
(Zimmer, 2013), and there is a need to redress this situation.
• Moreover, Library 2.0 developments offer valuable opportunities to educate users about the need
to protect themselves and their personal information in this environment and on the appropriate
use of digital resources, and the library profession should therefore also develop guidance and
materials for this purpose.
 2. Security issues with digital libraries
• According to the DELOS Reference Model (Candela et al., 2007) there are 6 main
concepts in a digital library universe:
1) Content,
2) User,
3) Functionality,
4) Architecture,
5) Quality, and
6) Policy.
Each of these concepts has security issues that affect it.
 2.1 Content
• The content of a digital library includes the information objects that a digital library provides to the users.
• Some of the security issues involved are integrity and access control.
• Integrity requires that each object/resource has not been altered or changed by an unauthorized person.
• Access control encompasses two security requirements.
1) The first is authentication where the user must log into the system while
2) The second is confidentiality, which means that the content of an object is inaccessible by a person
unless they have authorization.
• Not all digital libraries are free; often content is provided to digital library users for a certain fee,
whereupon access control is needed to protect the content.
• Further, some content is inappropriate for some users, or targeted to particular user groups; there are a
whole host of such other reasons for access control.
• Logical attacks such as hacking, and message tampering can affect the integrity and confidentiality of the
content.
• Improved information access in digital libraries has raised many issues that affect the management of
digital libraries.
• Content Management, or more specifically Digital Rights Management, refers to the protection of
content from the different logical security attacks and issues relating to intellectual property rights and
 2.1.1 Digital rights management
• DRM provides content protection by encrypting the content and associating it with a digital license (Tyrväinen, 2005).
• The license identifies the user allowed to view the content, lists the content of the product, and states the rights the
user has to the resource in a computer readable format using a digital rights expression language (DREL) or extensible
Rights Markup Language (XrML) that also describes constraints and conditions.
• There are 7 technologies used to provide DRM (Fetscherin & Schmid, 2003).
• Table 1 summarizes the DRM components and supporting technology. Each of these components involves mechanisms
used to provide DRM:
• • Encryption: Encryption techniques can be used to provide access control; public-key encryption is used in payment
systems that control how and by whom the content is used.
• • Passwords: Stored strings must be matched by users desiring access.
• • Watermarking: Characters or images are added to reflect ownership. Different watermarking techniques have
different aims; some watermarks might be visible while others invisible. Some watermarks are reversible. it depends
on the desired use of the watermark and what is being protected.
• • Digital signature: can be used to create to allow access in the library system
• Digital fingerprint: Digital fingerprints are a more powerful technique involving digital signatures and watermarking.
The creator of the content creates a unique copy of the content marked for each user; the marks are user-specific
hence called fingerprints. Should a user illegally distribute the content, the creator can use search robots to find those
copies
• • Copy detection systems: Search engines also can help locate such copied objects. Copydetecting browsers can
protect digital content too. • Payment systems: Users must divulge personal information to pay for content. Installing
 2.2 User
• The User in a digital library refers to “the various actors (whether human or machine) entitled
to interact with digital libraries” (Candela et al., 2007).
• Digital libraries connect the different actors with the information they have and allow the users
to consume old or generate new information. Security issues relating to the users of a digital
library intersect with content issues discussed above. A main logical security issue relating to
users and content is access control.
• Different access control requirements arise for distributed systems (Tolone et al., 2005) to
ensure both confidentiality and authentication:
• • Access control must be applied and enforced at a distributed platform level, so should be
scalable and available at various levels of granularity.
• • Access control models should allow a varied definition of access rights depending on different
information and must be dynamic where changes to policies are easily made and easy to
manage.
• • “Access control models must allow high-level specification of access rights.”(Tolone et al.,
2005)
• Digital library users may need to be authenticated before they can access content.
 2.2 User
• A service provider that provides content based on a non-identity-based criteria like age will not benefit
from global identification because there is no way to verify the authenticated user’s personal
information.
• Usernames and passwords are not efficient ways to provide authentication. The personal security
assistant is used to obtain credentials on behalf of the client, store the credentials, parse and interpret
the required credentials, and manage the acceptance policies (Winslett et al., 1997). A server security
assistant is available to specify the credential acceptance policies and their usage.
• Digital credentials can be used as a means of authentication in providing DL access control (Winslett et
al., 1997). Two agents can be used to assist in the management: a personal security assistant and a
server security assistant, to manage digital credentials using a client/server model.
• The server must notify the client of the credentials required for the current request. The client then
sends its credentials for authentication. The client must have some trust of the server to give its
credentials, which raises privacy issues.
• The personal security assistant is used to obtain credentials on behalf of the client, store the credentials,
parse and interpret the required credentials, and manage the acceptance policies (Winslett et al., 1997).
• A server security assistant is available to specify the credential acceptance policies and their usage.
There is a tradeoff between flexibility and security that must be considered when choosing an access
control model.
 2.3 Functionality
• The concept of functionality encompasses the services
that a Digital Library offers to its
• users (Gonçalves et al., 2008). The minimum functions of
a Digital Library include adding
• new objects to the library or searching and browsing the
library and other functions relating
• to DL management. A security attack that can affect the
functionality of the Digital Library
• is a Denial of Service attack, which can affect the
performance of the system and prevent
• users from accessing the system.
• 2.4 Architecture
• Digital libraries are complex forms of information systems, interoperable across
different libraries and so require an architectural framework mapping content and
functionality onto software and hardware components (Candela et al., 2007).
• There are various models for architecture, e.g., client-server, peer-to-peer, and
distributed. All these require the protection of the communication channels
between 2 parties, where sensitive data might be transferred (Kohl et al., 1998).
• Securing the connections involves different layers - Internet, transport, or
application layer - depending on the architecture of the system.
• The distributed model is scalable and flexible. It is useful when building a digital
library with changing content from different sources and offers potential for
increased reliability.
• The security requirements for a distributed digital library are challenging, since the
content and operations are decentralized. Fault tolerance and error recovery are
issues that affect a distributed system. Replication is used to increase the
availability of the system. While this approach solves problems with denial of
service attacks, it complicates the protection of the content because a replica of
the content exists.
• The client-server model doesn’t have the same security problems as a general
distributed model, however, it presents a major security weakness, the server
• What is Peer to Peer Network
• In a peer to peer network, there is no specific client or a server. A device can send and
receive data directly with each other. Each node can either be a client or a server. It can
request or provide services accordingly. A node is also called a peer.
• In peer to peer network, a node joins the network and start providing services and request
for services from other nodes. There are two methods to identify which node provides
which service. A node registers the service it provides into a centralized lookup service.
When any node requires obtaining a service, it checks the centralized lookup to find which
node provides which facilities. Then, the service providing node and service requesting
node communicate with each other. In the other method, a node that requires specific
services can send a broadcast message to all other nodes requesting a service. Then, the
node that has the required service responds to the requested node by providing the
service.
• There are multiple advantages in peer to peer network. It is easier to maintain. It is not
necessary to have a specialized expert to maintain the network. The entire network does
not depend on a single machine. Moreover, it does not require extensive hardware to set
up the network. On the other hand, a peer to peer network is not very secure. It can also
be difficult to maintain an organized file structure. Furthermore, the users need to manage
Figure 1: Peer to Peer Network
• What is a Client Server Network
• In a client server network, there are clients and servers. A client can be a
device or a program. It helps the end users to access the web. Some
examples of clients are desktop, laptops, smartphones, web browsers, etc.
• A server is a device or a program that responds to the clients with the
services. It provides files, databases, web pages, shared resources according
to its type.
• In this network, a client requests services from the server.
• The server listens to the client requests and responds to them by providing
the required service.
• The main advantage of a client server network is that it more secure as the
server always manages the access and security.
• It is also easier to take backups. On the other hand, it is not very reliable as a
failure in the server will affect the functioning of the clients.
Figure 2: Client Server Network
• Difference Between Peer to Peer and Client Server Network
• Definition
• Peer to peer network is a distributed application architecture that partitions tasks or workloads
between peers. Client server network is a distributed application structure based on resource
or service providers called servers and service requesters called clients. This constitutes the
difference between peer to peer and client server network.
• Functionality
• Thus, the main difference between peer to peer and client server network is that, in peer to
peer network, each node can request for services and provide services. Whereas, in client
server network, the client requests for service and server responds with a service.
• Network Type
• Also, another difference between peer to peer and client server network is that the peer to
peer network is a decentralized network while client server network is a centralized network.
• Reliability
• There are multiple service providing nodes in a peer to peer network. So, it is more reliable. In
client server network, the clients depend on the server. Failure in the server will disrupt the
functioning of all clients. This is an important difference between peer to peer and client
server network.
• Access time for services
• Moreover, as the service providing nodes are distributed in the peer to peer network, the
service requesting node does not need to wait long. On the other hand, in client server
network, multiple clients requests for services from a server. Therefore, the access time for a
service is higher.
• Cost
• While a client server network is expensive to implement, a peer to peer does not require
extensive hardware to set up the network.
• Security
• A client server network is more stable and secure than a peer to peer network. This is also an
another difference between peer to peer and client server network.
• Conclusion
• The difference between peer to peer and client server network is that in peer to peer network,
each node can request for services and provide services while in client server network, the
client nodes requests for services and server node responds with services.
• What is a distributed network?
• The definition of a distributed network is a system of interconnected but independent networks,
often spread across multiple geographical locations.
• Distributed network vs. centralized networks
• To really imagine what a distributed network is, it’s useful to start by picturing centralized networks.
With a centralized network, everything depends on a single primary server or set of servers to
operate. If the central server goes down, the entire network goes down. A simple on-premise client-
server network is a good example.
• Distributed network architecture, on the other hand, doesn’t have a single point of failure. In fact, a
distributed network generally interconnects multiple independent centralized networks. For
example, a corporate WAN (wide area network) with branch offices fits our definition. Any individual
office—which is effectively a centralized network on its own—may continue to operate if other sites
go down, but management and monitoring are often centralized. A CDN (Content Delivery Network)
with multiple PoPs (points of presence) also fits our definition. Each PoP is independent, but the
entire distributed network comes together to create the CDN.
• What’s the difference between distributed and decentralized networks?
• Since blockchain’s rise in popularity, distributed networks often are confused with decentralized
networks. Decentralized networks will NOT have a central control system, while distributed networks
generally do. In fact, the presence of a central control system is what helps make many distributed
• 2.5 Quality
• The content and behavior of a Digital Library is characterized and
evaluated by quality parameters. Quality is (Gonçalves et al.,
2007) a concept not only used to classify functionality and
content, but also used with objects and services.
• Some of the parameters are automatically measured and are
objective while others are considered subjective; some are
measured through user evaluations.
• 2.6 Policy
• Policy is the concept that represents the different regulations and
conditions that govern the interaction between the Digital Library
and users.
• Policy supports both extrinsic and intrinsic interactions (Candela
et al., 2007) and their definition and modification.
• Examples of security issues relating to policies include providing
 3. Summary and Conclusion
• Digital libraries should be secure. This is an important quality that affects all aspects, as
has been shown above using the DL characterization of the DELOS Reference Model
(Candela et al., 2007)..
• Structures and Streams cover all types of content, and the many security issues related,
including digital rights management, fingerprints, and watermarks.
• As Kuzma (2010) highlights, digital library security is not just a technical endeavor but “a
multi-dimensional approach with a combination of both technical and managerial
solutions”.
• This lesson has discussed the main security and privacy related issues facing digital
libraries and has highlighted the ways that these must be addressed to protect the integrity
of the digital library environment and the security of its users.
• Inevitably there are considerable costs involved: it will be important for digital library
managers to allocate adequate resources not only for technical solutions, but also for the
training of library professionals and the education of users.
• Collaboration of library professionals both within countries and internationally can help
improve the efficiency and cost-effectiveness of relevant initiatives and help standardize
approaches to digital library development and the security and privacy issues involved.
•9.3 Assessment Questions

•1. The content should be protected so as to maintain the integrity

•A. TRUE
•B. FALSE
•2. There is no need of spending funds to protect users' privacy especially in large libraries

A. TRUE
B. FALSE
3. Explain how you guarantee security in digital library based on the following concepts:
a) Content,
b) User,
c) Functionality,
d) Architecture,
e) Quality, and
f) Policy.
4. What’s the Difference Between Digital Information Security and Cyber Security?
5. Explain the importance of security in digital libraries
6. Explain different types of security threats in a digital library.
7. Explain different security measures for digital libraries
• REFERENCES
•11.4. E-References
•Al-Suqri, Mohammmed. (2009). Information Security and Privacy in Digital Libraries. Handbook of Research on Digital Libraries: Design, Development, and
Impact. Retrieved from https://www.researchgate.net/publication/260174707_Information_Security_and_Privacy_in_Digital_Libraries
•Fox, Edward &ElSherbiny, Noha. (2011). Security and Digital Libraries. Retrieved from https://cdn.intechweb.org/pdfs/14701.pdf
• Abie, H., Spilling, P., & Foyn, B. (2004). A distributed digital rights management model for secure information-distribution systems. [IJIS]. Interna tional
Journal of Information Security, 3(2), 113–128. doi:10.1007/s10207-004-0058-4
• Al-Suqri, M., & Afzal, W. (2007). Digital age: Challenges for libraries. Information. Social Justice (San Francisco, Calif.), 1(1), 43–48. American Library
Association (ALA). (1995). Code of ethics of the American Library Association. Retrieved September 26, 2006, from http//www.ala.
org/alaorg/oif/ethics.html
• Anday, A., Francese, E., Huurdeman, H. C., Yilmaz, M., & Zengenene, D. (n.d.). Information security issues in a digital library environment: A literature
review. Bilgi Dünyası, 13(1), 117-137.
• Birnbaum, J. S. (2004). Cybersecurity considerations for digital libraries in an era of pervasive computing. In Proceedings ACM/IEEE Conference on
Digital Libraries (JCDL’04) (pp. 169-169). New York, NY: ACM
• Borgman, C. L. (2000). From Gutenberg to the global information infrastructure: Access to information in the networked world. Cambridge, MA: MIT
Press.
• Bowers, S. (2006). Privacy and library records. Journal of Academic Librarianship, 32(4), 377–383. doi:10.1016/j.acalib.2006.03.005
• Casey, M., & Savastinuk, L. (2006, September 1). Library 2.0. Library Journal. Retrieved August 29, 2013, from http://lj.libraryjournal.com/2010/05/
technology/library-2-0/Digital Library Federation. (n.d.). What is digital library? Retrieved April 12, 2007, from www.clir. org/diglib
• Ershova, T. V., & Hohlov, Y. E. (2001). Integration of Russian electronic information resources of social value on the basis of DL concept. Russian Digital
Libraries Journal, 4(1), 32–41.
• Garfinkel, S. L. (2003). Understanding privacy email-based identification and authentication: An alternative to PKI. IEEE Security & Privacy, 1(6), 20–26.
doi:10.1109/MSECP.2003.1253564
• 1. “Peer-to-Peer.” Wikipedia, Wikimedia Foundation, 27 Aug. 2018, Available here.
2. “Client–Server Model.” Wikipedia, Wikimedia Foundation, 24 Aug. 2018, Available here.
3. “The Client Server Model”, Clients and Servers, WebDev Cave, 20 May 2016, Available here.
• Image Courtesy:
• 1. “P2P-network” By User:Mauro Bieg – Own work (Public Domain) via Commons Wikimedia
2. “341420” (CC0) via Pixabay