128 iNForMAtioN tecHNoloGY AND liBrAries | septeMBer 2010 Lynne Weber and Peg Lawrence Authentication and Access: Accommodating Public Users in an Academic World in Cook and Shelton’s Managing Public Computing, which confirmed the lack of applicable guidelines on academic websites, had more up-to-date information but was not available to the researchers at the time the project was initiated.2 In the course of research, the authors developed the following questions: ■■ How many ARL libraries require affiliated users to log into public computer workstations within the library? ■■ How many ARL libraries provide the means to authenticate guest users and allow them to log on to the same computers used by affiliates? ■■ How many ARL libraries offer open-access comput- ers for guests to use? Do these libraries provide both open-access computers and the means for guest user authentication? ■■ How do Federal Depository Library Program libraries balance their policy requiring computer authentica- tion with the obligation to provide public access to government information? ■■ Do computers provided for guest use (open access or guest login) provide different software or capabilities than those provided to affiliated users? ■■ How many ARL libraries have written policies for the use of open-access computers? If a policy exists, what is it? ■■ How many ARL libraries have written policies for authenticating guest users? If a policy exists, what is it? ■■ Literature Review Since the 1950s there has been considerable discussion within library literature about academic libraries serving “external,” “secondary,” or “outside” users. The subject has been approached from the viewpoint of access to the library facility and collections, reference assistance, interlibrary loan (ILL) service, borrowing privileges, and (more recently) access to computers and Internet privi- leges, including the use of proprietary databases. Deale emphasized the importance of public relations to the academic library.3 While he touched on creating bonds both on and off campus, he described the positive effect of “privilege cards” to community members.4 Josey described the variety of services that Savannah State College offered to the community.5 He concluded his essay with these words: Why cannot these tried methods of lending books to citizens of the community, story hours for children . . . , a library lecture series or other forum, a great books discussion group and the use of the library staff In the fall of 2004, the Academic Computing Center, a division of the Information Technology Services Department (ITS) at Minnesota State University, Mankato took over responsibility for the computers in the public areas of Memorial Library. For the first time, affiliated Memorial Library users were required to authenticate using a campus username and password, a change that effectively eliminated computer access for anyone not part of the university community. This posed a dilemma for the librarians. Because of its Federal Depository status, the library had a responsibility to pro- vide general access to both print and online government publications for the general public. Furthermore, the library had a long tradition of providing guest access to most library resources, and there was reluctance to aban- don the practice. Therefore the librarians worked with ITS to retain a small group of six computers that did not require authentication and were clearly marked for community use, along with several standup, open-access computers on each floor used primarily for searching the library catalog. The additional need to provide computer access to high school students visiting the library for research and instruction led to more discussions with ITS and resulted in a means of generating temporary usernames and passwords through a Web form. These user accommodations were implemented in the library without creating a written policy governing the use of open-access computers. O ver time, library staff realized that guidelines for guests using the computers were needed because of misuse of the open-access computers. We were charged with the task of drafting these guidelines. In typical librarian fashion, we searched websites, including those of Association of Research Libraries (ARL) members for existing computer access policies in academic libraries. We obtained very little information through this search, so we turned to ARL publications for assistance. Library Public Access Workstation Authentication by Lori Driscoll, was of greater benefit and offered much of the needed information, but it was dated.1 A research result described lynne webber (lnweber@mnsu.edu) is access Services librar- ian and peg lawrence (peg.lawrence@mnsu.edu) is Systems librarian, Minnesota State university, Mankato. AutHeNticAtioN AND Access | weBer AND lAwreNce 129 providing service to the unaffiliated, his survey revealed 100 percent of responding libraries offered free in-house collection use for the general public, and many others offered additional services.16 Brenda Johnson described a one-day program in 1984 sponsored by Rutgers University Libraries Forum titled “A Case Study in Closing the University Library to the Public.” The participating librarians spent the day famil- iarizing themselves with the “facts” of the theoretical case and concluded that public access should be restricted but not completely eliminated. A few months later, consider- ation of closing Rutgers’ library to the public became a real debate. Although there were strong opposing view- points, the recommendation was to retain the open-door policy.17 Jansen discussed the division between those who wanted to provide the finest service to primary users and those who viewed the library’s mission as including all who requested assistance. Jansen suggested specific ways to balance the needs of affiliates and the public and referred to the dilemma the University of California, Berkeley, library that had been closed to unaffiliated users.18 Bobp and Richey determined that California undergraduate libraries were emphasizing service to pri- mary users at a time when it was no longer practical to offer the same level of service to primary and secondary users. They presented three courses of action: adherence to the status quo, adoption of a policy restricting access, or implementation of tiered service.19 Throughout the 1990s, the debate over the public’s right to use academic libraries continued, with increasing focus on computer use in public and private academic libraries. New authorization and authentication require- ments increased the control of internal computers, but the question remained of libraries providing access to government information and responding to community members who expected to use the libraries supported by their taxes. Morgan, who described himself as one who had spent his career encouraging equal access to information, con- cluded that it would be necessary to use authentication, authorization, and access control to continue offering information services readily available in the past.20 Martin acknowledged that library use was changing as a result of the Internet and that the public viewed the academic librarian as one who could deal with the explosion of information and offer service to the public.21 Johnson described unaffiliated users as a group who wanted all the privileges of the affiliates; she discussed the obliga- tion of the institution to develop policies managing these guest users.22 Still and Kassabian considered the dual responsi- bilities of the academic library to offer Internet access to public users and to control Internet material received and sent by primary and public users. Further, they weighed as consultants be employed toward the building of good relations between town and gown.6 Later, however, Deale indicated that the generosity common in the 1950s to outsiders was becoming unsus- tainable.7 Deale used Beloit College, with an “open door policy” extending more than 100 years, as an example of a school that had found it necessary to refuse out-of-library circulation to minors except through ILL by the 1960s.8 Also in 1964, Waggoner related the increasing difficulty of accommodating public use of the academic library. He encouraged a balance of responsibility to the public with the institution’s foremost obligation to the students and faculty.9 In October 1965, the ad hoc Committee on Community Use of Academic Libraries was formed by the College Library Section of the Association of College and Research Libraries (ACRL). This committee distributed a 13-ques- tion survey to 1,100 colleges and universities throughout the United States. The high rate of response (71 per- cent) was considered noteworthy, and the findings were explored in “Community Use of Academic Libraries: A Symposium,” published in 1967.10 The concluding article by Josey (the symposium’s moderator) summarized the lenient attitudes of academic libraries toward public users revealed through survey and symposium reports. In the same article, Josey followed up with his own arguments in favor of the public’s right to use academic libraries because of the state and federal support provided to those institutions.11 Similarly, in 1976 Tolliver reported the results of a survey of 28 Wisconsin libraries (public academic, private academic, and public), which indicated that respondents made a great effort to serve all patrons seeking service.12 Tolliver continued in a different vein from Josey, however, by reporting the current annual fiscal support for libraries in Wisconsin and commenting upon financial steward- ship. Tolliver concluded by asking, “How effective are our library systems and cooperative affiliations in meet- ing the information needs of the citizens of Wisconsin?”13 Much of the literature in the years following focused on serving unaffiliated users at a time when public and academic libraries suffered the strain of overuse and underfunding. The need for prioritization of primary users was discussed. In 1979, Russell asked, “Who are our legitimate clientele?” and countered the argument for publicly supported libraries serving the entire public by saying the public “cannot freely use the university lawn mowers, motor pool vehicles, computer center, or athletic facilities.”14 Ten years later, Russell, Robison, and Prather prefaced their report on a survey of policies and services for outside users at 12 consortia institutions by saying, “The issue of external users is of mounting concern to an institution whose income is student credit hour gen- erated.”15 Despite Russell’s concerns about the strain of 130 iNForMAtioN tecHNoloGY AND liBrAries | septeMBer 2010 be aware of the issues and of the effects that licensing, networking, and collection development decisions have on access.”35 In “Unaffiliated Users’ Access to Academic Libraries: A Survey,” Courtney reported and analyzed data from her own comprehensive survey sent to 814 academic libraries in winter 2001.36 Of the 527 libraries responding to the survey, 72 libraries (13.6 percent) required all users to authenticate to use computers within the library, while 56 (12.4 percent) indicated that they planned to require authentication in the next twelve months.37 Courtney followed this with data from surveyed libraries that had canceled “most” of their indexes and abstracts (179 librar- ies, or 33.9 percent) and libraries that had cancelled “most” periodicals (46 libraries or 8.7 percent).38 She concluded that the extent to which the authentication requirement restricted unaffiliated users was not clear, and she asked, “As greater numbers of resources shift to electronic-only formats, is it desirable that they disappear from the view of the community user or the visiting scholar?”39 Courtney’s “Authentication and Library Public Access Computers: A Call for Discussion” described a follow-up with the academic libraries participating in her 2001 survey who had self-identified as using authentication or planning to employ authentication within the next twelve months. Her conclusion was the existence of ambivalence toward authentication among the libraries, since more than half of the respondents provided some sort of public access. She encouraged librarians to carefully consider the library’s commitment to service before entering into blanket license agreements with vendors or agreeing to campus computer restrictions.40 Several editions of the ARL SPEC Kit series showing trends of authentication and authorization for all users of ARL libraries have been an invaluable resource in this investigation. An examination of earlier SPEC Kits indicated that the definitions of “user authentication” and “authorization” have changed over the years. User Authentication, by Plum and Bleiler indicated that 98 per- cent of surveyed libraries authenticated users in some way, but at that time authentication would have been more precisely defined as authorization or permission to access personal records, such as circulation, e-mail, course regis- tration, and file space. As such, neither authentication nor authorization was related to basic computer access.41 By contrast, it is common for current library users authenti- cate to have any access to a public workstation. Driscoll’s Library Public Access Workstation Authentication sought information on how and why users were authenticated on public-access computers, who was driving the change, how it affected the ability of Federal Depository libraries to provide public information, and how it affected library ser- vices in general.42 But at the time of Driscoll’s survey, only 11 percent of surveyed libraries required authentication on all computers and 22 percent required it only on selected terminals. Cook and Shelton’s Managing Public Computing the reconciliation of material restrictions against “prin- ciples of freedom of speech, academic freedom, and the ALA’s condemnation of censorship.”23 Lynch discussed institutional use of authentication and authorization and the growing difficulty of verifying bona fide users of aca- demic library subscription databases and other electronic resources. He cautioned that future technical design choices must reflect basic library values of free speech, personal confidentiality, and trust between academic institution and publisher.24 Barsun specifically examined the webpages of one hundred ARL libraries in search of information pertinent to unaffiliated users. She included a historic overview of the changing attitudes of academics toward service to the unaffiliated population and described the difficult bal- ance of college community needs with those of outsiders in 2000 (the survey year).25 Barsun observed a consistent lack of information on library websites regarding library guest use of proprietary databases.26 Carlson discussed academic librarians’ concerns about “Internet-related crimes and hacking” leading to reconsideration of open computer use, and he described the need to compromise patron privacy by requiring authentication.27 In a chapter on the relationship of IT security to academic values, Oblinger said, “One possible interpretation of intellectual freedom is that individuals have the right to open and unfiltered access to the Internet.”28 This statement was followed later with “equal access to information can also be seen as a logical extension of fairness.”29 A short article in Library and Information Update alerted the authors to a UK project investigating improved online access to resources for library visitors not affili- ated with the host institution.30 Salotti described Higher Education Access to E-Resources in Visited Institutions (HAERVI) and its development of a toolkit to assist with the complexities of offering electronic resources to guest users.31 Salotti summarized existing resources for sharing within the United Kingdom and emphasized that “no single solution is likely to suit all universities and col- leges, so we hope that the toolkit will offer a number of options.”32 Launched by the Society of College, National and University Libraries (SCONUL), and Universities and Colleges Information Systems Association (UCISA), HAERVI has created a best-practice guide.33 By far the most useful articles for this investigation have been those by Nancy Courtney. “Barbarians at the Gates: A Half-Century of Unaffiliated Users in Academic Libraries,” a literature review on the topic of visitors in academic libraries, included a summary of trends in attitude and practice toward visiting users since the 1950s.34 The article concluded with a warning: “The shift from printed to elec- tronic formats . . . combined with the integration of library resources with campus computer networks and the Internet poses a distinct threat to the public’s access to information even onsite. It is incumbent upon academic librarians to AutHeNticAtioN AND Access | weBer AND lAwreNce 131 introductory letter with the invitation to participate and a forward containing definitions of terms used within the survey is in appendix A. In total, 61 (52 percent) of the 117 ARL libraries invited to participate in the survey responded. This is comparable with the response rate for similar surveys reported by Plum and Bleiler (52 of 121, or 43 percent), Driscoll (67 of 124, or 54 percent), and Cook and Shelton (69 of 123, or 56 percent).45 1. What is the name of your academic institution? The names of the 61 responding libraries are listed in appendix B. 2. Is your institution public or private? See figure 1. Respondents’ explanations of “other” are listed below. ■❏ State-related ■❏ Trust instrument of the U.S. people; quasi- government ■❏ Private state-aided ■❏ Federal government research library ■❏ Both—private foundation, public support 3. Are affiliated users required to authenticate in order to access computers in the public area of your library? See figure 2. 4. If you answered “yes” to the previous question, does your library provide the means for guest users to authenticate? See figure 3. Respondents’ explanations of “other” are listed below. All described open-access comput- ers. ■❏ “We have a few “open” terminals” ■❏ “4 computers don’t require authentication” ■❏ “Some workstations do not require authentica- tion” ■❏ “Open-access PCs for guests (limited number and function)” ■❏ “No—but we maintain several open PCs for guests” ■❏ “Some workstations do not require login” 5. Is your library a Federal Depository Library? See fig- ure 4. This question caused some confusion for the Canadian survey respondents because Canada has its own Depository Services Program corresponding to the U.S. Federal Depository Program. Consequently, 57 of the 61 respondents identified themselves as Federal Depository (including three Canadian librar- ies), although 5 of the 61 are more accurately mem- bers of the Canadian Depository Services Program. Only two responding libraries were neither a mem- ber of the U.S. Federal Depository Program nor of the Canadian Depository Services Program. 6. If you answered “yes” to the previous question, and com- puter authentication is required, what provisions have been made to accommodate use of online government documents by the general public in the library? Please check all that touched on every aspect of managing public computing, including public computer use, policy, and security.43 Even in 2007, only 25 percent of surveyed libraries required authentication on all computers, but 46 percent required authentication on some computers, showing the trend toward an ever increasing number of libraries requiring public workstation authentication. Most of the responding libraries had a computer-use policy, with 48 percent follow- ing an institution-wide policy developed by the university or central IT department.44 ■■ Method We constructed a survey designed to obtain current data about authentication in ARL libraries and to provide insight into how guest access is granted at various aca- demic institutions. It should be noted that the object of the survey was access to computers located in the public areas of the library for use by patrons, not access to staff computers. We constructed a simple, fourteen-question survey using the Zoomerang online tool (http://www .zoomerang.com/). A list of the deans, directors, and chief operating officers from the 123 ARL libraries was compiled from an Internet search. We eliminated the few library administrators whose addresses could not be readily found and sent the survey to 117 individuals with the request that it be forwarded to the appropriate respondent. The recipients were informed that the goal of the project was “determination of computer authentica- tion and current computer access practices within ARL libraries” and that the intention was “to reflect practices at the main or central library” on the respondent’s cam- pus. Recipients were further informed that the names of the participating libraries and the responses would be reported in the findings, but that there would be no link between responses given and the name of the participat- ing library. The survey introduction included the name and contact information of the institutional review board administrator for Minnesota State University, Mankato. Potential respondents were advised that the e-mail served as informed consent for the study. The survey was administered over approximately three weeks. We sent reminders three, five, and seven days after the survey was launched to those who had not already responded. ■■ Survey Questions, Responses, and Findings We administered the survey, titled “Authentication and Access: Academic Computers 2.0,” in late April 2008. Following is a copy of the fourteen-question survey with responses, interpretative data, and comments. The 132 iNForMAtioN tecHNoloGY AND liBrAries | septeMBer 2010 ■❏ “some computers are open access and require no authentication” ■❏ “some workstations do not require login” 7. If your library has open-access computers, how many do you provide? (Supply number). See figure 6. A total of 61 institutions responded to this question, and 50 reported open-access computers. The number of open-access computers ranged from 2 to 3,000. As expected, the highest numbers were reported by libraries that did not require authentication for affili- ates. The mean number of open-access computers was 161.2, the median was 23, the mode was 30, and the range was 2,998. 8. Please indicate which online resources and services are available to authenticated users. Please check all that apply. See figure 7. ■❏ Online catalog ■❏ Government documents ■❏ Internet browser apply. See figure 5. ■❏ Temporary User ID and Password ■❏ Open Access Computers (Unlimited Access) ■❏ Open Access Computers (Access Limited to Government Documents) ■❏ Other Of the 57 libraries that responded “yes” to question 5, 30 required authentication for affiliates. These institutions offered the general public access to online government documents various ways. Explanations of “other” are listed below. Three of these responses indicate, by survey definition, that open-access computers were provided. ■❏ “catalog-only workstations” ■❏ “4 computers don’t require authentication” ■❏ “generic login and password” ■❏ “librarians login each guest individually” ■❏ “provision made for under-18 guests needing gov doc” ■❏ “staff in Gov Info also login user for quick use” ■❏ “restricted guest access on all public devices” Figure 3. Institutions with the means to authenticate guests Figure 4. Libraries with Federal Depository and/or Canadian Depository Services status Figure 2. Institutions requiring authentication Figure 1. Categories of responding institutions AutHeNticAtioN AND Access | weBer AND lAwreNce 133 11. Does your library have a written policy for use of open access computers in the public area of the library? Question 7 indicates that 50 of the 61 responding libraries did offer the public two or more open-access computers. Out of the 50, 28 responded that they had a written policy governing the use of computers. Conversely, open-access computers were reported at 22 libraries that had no reported written policy. 12. If you answered “yes” to the previous question, please give the link to the policy and/or summarize the policy. Twenty-eight libraries gave a URL, a URL plus a summary explanation, or a summary explanation with no URL. 13. Does your library have a written policy for authenticating guest users? Out of the 32 libraries that required their users to authenticate (see question 3), 23 also had the means to allow their guests to authenticate (see question 4). Fifteen of those libraries said they had a policy. 14. If you answered “yes” to the previous question, please give the link to the policy and/or summarize the policy. Eleven ■❏ Licensed electronic resources ■❏ Personal e-mail access ■❏ Microsoft Office software 9. Please indicate which online resources and services are available to authenticated guest users. Please check all that apply. See figure 8. ■❏ Online catalog ■❏ Government documents ■❏ Internet browser ■❏ Licensed electronic resources ■❏ Personal e-mail access ■❏ Microsoft Office software 10. Please indicate which online resources and services are available on open-access computers. Please check all that apply. See figure 9. ■❏ Online catalog ■❏ Government documents ■❏ Internet browser ■❏ Licensed electronic resources ■❏ Personal e-mail access ■❏ Microsoft Office software Figure 5. Provisions for the online use of government docu- ments where authentication is required Figure 6. Number of open-access computers offered Figure 7. Electronic resources for authenticated affiliated users (N = 32) Number of libraries Number of librariesNumber of libraries Number of libraries Figure 8. Resources for authenticating guest users (N = 23) 134 iNForMAtioN tecHNoloGY AND liBrAries | septeMBer 2010 ■■ Respondents and authentication Figure 10 compares authentication practices of public, private, and other institutions described in response to question 2. Responses from public institutions outnum- bered those from private institutions, but within each group a similar percentage of libraries required their affiliated users to authenticate. Therefore no statistically significant difference was found between authenticating affiliates in public and private institutions. Of the 61 respondents, 32 (52 percent) required their affiliated users to authenticate (see question 3) and 23 of the 32 also had the means to authenticate guests (see question 4). The remaining 9 offered open-access comput- ers. Fourteen libraries had both the means to authenticate guests and had open-access computers (see questions 4 and 7). When we compare the results of the 2007 study by Cook and Shelton with the results of the current study (completed in 2008), the results are somewhat contradic- tory (see table 1).46 The differences in survey data seem to indicate that authentication requirements are decreasing; however, the literature review—specifically Cook and Shelton and the 2003 Courtney article—clearly indicate that authentica- tion is on the rise.47 This dichotomy may be explained, in part, by the fact that of the more than 60 ARL libraries responding to both surveys, there was an overlap of only 34 libraries. The 30 U.S. Federal Depository or Canadian Depository Services libraries that required their affiliated users to authenticate (see questions 3 and 5) provided guest access ranging from usernames and passwords, to open-access computers, to computers restricted to libraries gave the URL to their policy; 4 summarized their policies. ■■ Research questions answered The study resulted in answers to the questions we posed at the outset: ■■ Thirty-two (52 percent) of the responding ARL libraries required affiliated users to login to public computer workstations in the library. ■■ Twenty-three (72 percent) of the 32 ARL libraries requiring affiliated users to login to public computers provided the means for guest users to login to public computer workstations in the library. ■■ Fifty (82 percent) of 61 responding ARL libraries provided open-access computers for guest users; 14 (28 percent) of those 50 libraries provided both open-access computers and the means for guest authentication. ■■ Without exception, all U.S. Federal Depository or Canadian Depository Services Libraries that required their users to authenticate offered guest users some form of access to online information. ■■ Survey results indicated some differences between software provided to various users on differently accessed computers. Office software was less fre- quently provided on open-access computers. ■■ Twenty-eight responding ARL libraries had written policies relating to the use of open-access computers. ■■ Fifteen responding ARL libraries had written policies relating to the authorization of guests. Figure 9. Electronic resources on open access computers (N = 50) Figure 10. Comparison of library type and authentication requirement Number of libraries AutHeNticAtioN AND Access | weBer AND lAwreNce 135 ■■ One library had guidelines for use posted next to the workstations but did not give specifics. ■■ Fourteen of those requiring their users to authen- ticate had both open-access computers and guest authentication to offer to visitors of their libraries. Other policy information was obtained by an exami- nation of the 28 websites listed by respondents: ■■ Ten of the sites specifically stated that the open-access computers were for academic use only. ■■ Five of the sites specified time limits for use of open- access computers, ranging from 30 to 90 minutes. ■■ Four stated that time limits would be enforced when others were waiting to use computers. ■■ One library used a sign-in sheet to monitor time limits. ■■ One library mentioned a reservation system to moni- tor time limits. ■■ Two libraries prohibited online gambling. ■■ Six libraries prohibited viewing sexually explicit materials. ■■ Guest-authentication policies Of the 23 libraries that had the means to authenticate their guests, 15 had a policy for guests obtaining a username and password to authenticate, and 6 outlined their requirements of showing identification and issuing access. The other 9 had open-access computers that guests might use. The following are some of the varied approaches to guest authentication: ■■ Duration of the access (when mentioned) ranged from 30 days to 12 months. ■■ One library had a form of sponsored access where current faculty or staff could grant a temporary user- name and password to a visitor. ■■ One library had an online vouching system that allowed the visitor to issue his or her own username and password online. ■■ One library allowed guests to register themselves by swiping an ID or credit card. ■■ One library had open-access computers for local resources and only required authentication to leave the library domain. ■■ One library had the librarians log the users in as guests. ■■ One library described the privacy protection of col- lected personal information. ■■ No library mentioned charging a fee for allowing computer access. government documents, to librarians logging in for guests (see question 6). Numbers of open-access comput- ers ranged widely from 2 to more than 3,000 (see question 7). Eleven (19 percent) of the responding U.S. Federal Depository or Canadian Depository Services libraries that did not provide open-access computers issued a tempo- rary ID (nine libraries), provided open access limited to government documents (one library), or required librar- ian login for each guest (one library). All libraries with U.S. Federal Depository or Canadian Depository Services status provided a means of public access to information to fulfill their obligation to offer government documents to guests. Figure 11 shows a comparison of resources available to authenticated users and authenticated guests and offered on open-access computers. As might be expected, almost all institutions provided access to online catalogs, government documents, and Internet browsers. Fewer allowed access to licensed electronic resources and e-mail. Access to Office software showed the most dramatic drop in availability, especially on open-access computers. ■■ Open-access computer policies As mentioned earlier, 28 libraries had written policies for their open-access computers (see question 11), and 28 libraries gave a URL, a URL plus a summary explanation, or a summary explanation with no URL (see question 12). In most instances, the library policy included their campus’s acceptable-use policy. Seven libraries cited their campus’s acceptable-use policy and nothing else. Nearly all libraries applied the same acceptable-use policy to all users on all computers and made no distinction between policies for use of open-access computers or computers requiring authentication. Following are some of the varied aspects of summa- rized policies pertaining to open-access computers: ■■ Eight libraries stated that the computers were for aca- demic use and that users might be asked to give up their workstation if others were waiting. Table 1. Comparison of findings from Cook and Shelton (2007) and the current survey (2008) Authentication requirements 2007 (N = 69) 2008 (N = 61) Some required 28 (46%) 23 (38%) Required for all 15 (25%) 9 (15%) Not required 18 (30%) 29 (48%) 136 iNForMAtioN tecHNoloGY AND liBrAries | septeMBer 2010 ■■ Further study Although the survey answered many of our questions, other questions arose. While the number of libraries requiring affiliated users to log on to their public com- puters is increasing, this study does not explain why this is the case. Reasons could include reactions to the September 11 disaster, the USA PATRIOT Act, general security concerns, or the convenience of the personalized desktop and services for each authenticated user. Perhaps a future investigation could focus on reasons for more frequent requirement of authentication. Other subjects that arose in the examination of institutional policies were guest fees for services, age limits for younger users, com- puter time limits for guests, and collaboration between academic and public libraries. ■■ Policy developed as a result of the survey findings As a result of what was learned in the survey, we drafted guidelines governing the use of open-access computers by visitors and other non-university users. The guidelines can be found at http://lib.mnsu.edu/about/libvisitors .html#access. These guidelines inform guests that open- access computers are available to support their research, study, and professional activities. The computers also are governed by the campus policy and the state university system acceptable-use policy. Guideline provisions enable staff to ask users to relinquish a computer when others are waiting or if the computer is not being used for academic purposes. While this library has the ability to generate temporary usernames and passwords, and does so for local schools coming to the library for research, no guide- lines have yet been put in place for this function. Figure 11. Online resources available to authenticated affiliated users, guest users, open-access users AutHeNticAtioN AND Access | weBer AND lAwreNce 137 These practices depend on institutional missions and goals and are limited by reasonable considerations. In the past, accommodation at some level was generally offered to the community, but the complications of affili- ate authentication, guest registration, and vendor-license restrictions may effectively discourage or prevent outside users from accessing principal resources. On the other hand, open-access computers facilitate access to electronic resources. Those librarians who wish to provide the same level of commitment to guest users as in the past as well as protect the rights of all should advocate to campus policy-makers at every level to allow appropriate guest access to computers to fulfill the library’s mission. In this way, the needs and rights of guest users can be balanced with the responsibilities of using campus computers. In addition, librarians should consider ensuring that the licenses of all electronic resources accommodate walk-in users and developing guidelines to prevent incor- poration of electronic materials that restrict such use. This is essential if the library tradition of freedom of access to information is to continue. Finally, in regard to external or guest users, academic librarians are pulled in two directions; they are torn between serving primary users and fulfilling the prin- ciples of intellectual freedom and free, universal access to information along with their obligations as Federal Depository libraries. At the same time, academic librar- ians frequently struggle with the goals of the campus administration responsible for providing secure, reliable networks, sometimes at the expense of the needs of the outside community. The data gathered in this study, indicating that 82 percent of responding libraries con- tinue to provide at least some open-access computers, is encouraging news for guest users. Balancing public access and privacy with institutional security, while a current concern, may be resolved in the way of so many earlier preoccupations of the electronic age. Given the pervasiveness of the problem, however, fair and equitable treatment of all library users may continue to be a central concern for academic libraries for years to come. References 1. Lori Driscoll, Library Public Access Workstation Authentica- tion, SPEC Kit 277 (Washington, D.C.: Association of Research Libraries, 2003). 2. Martin Cook and Mark Shelton, Managing Public Comput- ing, SPEC Kit 302 (Washington, D.C.: Association of Research Libraries, 2007): 16. 3. H. Vail Deale, “Public Relations of Academic Libraries,” Library Trends 7 (Oct. 1958): 269–77. 4. Ibid., 275. 5. E. J. Josey, “The College Library and the Community,” Faculty Research Edition, Savannah State College Bulletin (Dec. 1962): 61–66. ■■ Conclusions While we were able to gather more than 50 years of litera- ture pertaining to unaffiliated users in academic libraries, it soon became apparent that the scope of consideration changed radically through the years. In the early years, there was discussion about the obligation to provide service and access for the community balanced with the challenge to serve two clienteles. Despite lengthy debate, there was little exception to offering the community some level of service within academic libraries. Early preoccupation with physical access, material loans, ILL, basic reference, and other services later became a discus- sion of the right to use computers, electronic resources, and other services without imposing undue difficulty to the guest. Current discussions related to guest users reflect obvious changes in public computer administration over the years. Authentication presently is used at a more fundamental level than in earlier years. In many librar- ies, users must be authorized to use the computer in any way whatsoever. As more and more institutions require authentication for their primary users, accommodation must be made if guests are to continue being served. In addition, as Courtney’s 2003 research indicates, an ever increasing number of electronic databases, indexes, and journals replace print resources in library collections. This multiplies the roadblocks for guest users and exacerbates the issue.48 Unless special provisions are made for com- puter access, community users are left without access to a major part of the library’s collections. Because 104 of the 123 ARL libraries (85 percent) are Federal Depository or Canadian Depository Services Libraries, the researchers hypothesized that most librar- ies responding to the survey would offer open-access computers for the use of nonaffiliated patrons. This study has shown that Federal Depository Libraries have remained true to their mission and obligation of provid- ing public access to government-generated documents. Every Federal Depository respondent indicated that some means was in place to continue providing visitor and guest access to the majority of their electronic resources— whether through open-access computers, temporary or guest logins, or even librarians logging on for users. While access to government resources is required for the librar- ies housing government-document collections, libraries can use considerably more discretion when considering what other resources guest patrons may use. Despite the commitment of libraries to the dissemination of govern- ment documents, the increasing use of authentication may ultimately diminish the libraries’ ability and desire to accommodate the information needs of the public. This survey has provided insight into the various ways academic libraries serve guest users. Not all academic libraries provide public access to all library resources. 138 iNForMAtioN tecHNoloGY AND liBrAries | septeMBer 2010 Identify Yourself,” Chronicle of Higher Education 50, no. 42 (June 25, 2004): A39, http://search.ebscohost.com/login.aspx?direct =true&db=aph&AN=13670316&site=ehost-live (accessed Mar. 2, 2009). 28. Diana Oblinger, “IT Security and Academic Values,” in Luker and Petersen, Computer & Network Security in Higher Edu- cation, 4, http://net.educause.edu/ir/library/pdf/pub7008e .pdf (accessed July 14, 2008). 29. Ibid., 5. 30. “Access for Non-Affiliated Users,” Library & Information Update 7, no. 4 (2008): 10. 31. Paul Salotti, “Introduction to HAERVI-HE Access to E-Resources in Visited Institutions,” SCONUL Focus no. 39 (Dec. 2006): 22–23, http://www.sconul.ac.uk/publications/ newsletter/39/8.pdf (accessed July 14, 2008). 32. Ibid., 23. 33. Universities and Colleges Information Systems Asso- ciation (UCISA), HAERVI: HE Access to E-Resources in Visited Institutions, (Oxford: UCISA, 2007), http://www.ucisa.ac.uk/ publications/~/media/Files/members/activities/haervi/ haerviguide%20pdf (accessed July 14, 2008). 34. Nancy Courtney, “Barbarians at the Gates: A Half-Century of Unaffiliated Users in Academic Libraries,” Journal of Academic Librarianship 27, no. 6 (Nov. 2001): 473–78, http://search.ebsco host.com/login.aspx?direct=true&db=aph&AN=5602739&site= ehost-live (accessed July 14, 2008). 35. Ibid., 478. 36. Nancy Courtney, “Unaffiliated Users’ Access to Academic Libraries: A Survey,” Journal of Academic Librarianship 29, no. 1 (Jan. 2003): 3–7, http://search.ebscohost.com/login.aspx?dire ct=true&db=aph&AN=9406155&site=ehost-live (accessed July 14, 2008). 37. Ibid., 5. 38. Ibid., 6. 39. Ibid., 7. 40. Nancy Courtney, “Authentication and Library Public Access Computers: A Call for Discussion,” College & Research Libraries News 65, no. 5 (May 2004): 269–70, 277, www.ala .org/ala/mgrps/divs/acrl/publications/crlnews/2004/may/ authentication.cfm (accessed July 14, 2008). 41. Terry Plum and Richard Bleiler, User Authentication, SPEC Kit 267 (Washington, D.C.: Association of Research Libraries, 2001): 9. 42. Lori Driscoll, Library Public Access Workstation Authentica- tion, SPEC Kit 277 (Washington, D.C.: Association of Research Libraries, 2003): 11. 43. Cook and Shelton, Managing Public Computing. 44. Ibid., 15. 45. Plum and Bleiler, User Authentication, 9; Driscoll, Library Public Access Workstation Authentication, 11; Cook and Shelton, Managing Public Computing, 11. 46. Cook and Shelton, Managing Public Computing, 15. 47. Ibid.; Courtney, Unaffiliated Users, 5–7. 48. Courtney, Unaffiliated Users, 6–7. 6. Ibid., 66. 7. H. Vail Deale, “Campus vs. Community,” Library Journal 89 (Apr. 15, 1964): 1695–97. 8. Ibid., 1696. 9. John Waggoner, “The Role of the Private University Library,” North Carolina Libraries 22 (Winter 1964): 55–57. 10. E. J. Josey, “Community Use of Academic Libraries: A Symposium,” College & Research Libraries 28, no. 3 (May 1967): 184–85. 11. E. J. Josey, “Implications for College Libraries,” in “Com- munity Use of Academic Libraries,” 198–202. 12. Don L. Tolliver, “Citizens May Use Any Tax-Supported Library?” Wisconsin Library Bulletin (Nov./Dec. 1976): 253. 13. Ibid., 254. 14. Ralph E. Russell, “Services for Whom: A Search for Iden- tity,” Tennessee Librarian: Quarterly Journal of the Tennessee Library Association 31, no. 4 (Fall 1979): 37, 39. 15. Ralph E. Russell, Carolyn L. Robison, and James E. Prather, “External User Access to Academic Libraries,” The Southeastern Librarian 39 (Winter 1989): 135. 16. Ibid., 136. 17. Brenda L. Johnson, “A Case Study in Closing the Univer- sity Library to the Public,” College & Research Library News 45, no. 8 (Sept. 1984): 404–7. 18. Lloyd M. Jansen, “Welcome or Not, Here They Come: Unaffiliated Users of Academic Libraries,” Reference Services Review 21, no. 1 (Spring 1993): 7–14. 19. Mary Ellen Bobp and Debora Richey, “Serving Secondary Users: Can It Continue?” College & Undergraduate Libraries 1, no. 2 (1994): 1–15. 20. Eric Lease Morgan, “Access Control in Libraries,” Com- puters in Libraries 18, no. 3 (Mar. 1, 1998): 38–40, http://search .ebscohost.com/login.aspx?direct=true&db=aph&AN=306709& site=ehost-live (accessed Aug. 1, 2008). 21. Susan K. Martin, “A New Kind of Audience,” Journal of Academic Librarianship 24, no. 6 (Nov. 1998): 469, Library, Infor- mation Science & Technology Abstracts, http://search.ebsco host.com/login.aspx?direct=true&db=aph&AN=1521445&site= ehost-live (accessed Aug. 8, 2008). 22. Peggy Johnson, “Serving Unaffiliated Users in Publicly Funded Academic Libraries,” Technicalities 18, no. 1 (Jan. 1998): 8–11. 23. Julie Still and Vibiana Kassabian, “The Mole’s Dilemma: Ethical Aspects of Public Internet Access in Academic Libraries,” Internet Reference Services Quarterly 4, no. 3 (1999): 9. 24. Clifford Lynch, “Authentication and Trust in a Networked World,” Educom Review 34, no. 4 (Jul./Aug. 1999), http://search .ebscohost.com/login.aspx?direct=true&db=aph&AN=2041418 &site=ehost-live (accessed July 16, 2008). 25. Rita Barsun, “Library Web Pages and Policies Toward ‘Outsiders’: Is the Information There?” Public Services Quarterly 1, no. 4 (2003): 11–27. 26. Ibid., 24. 27. Scott Carlson, “To Use That Library Computer, Please AutHeNticAtioN AND Access | weBer AND lAwreNce 139 Appendix A. The Survey Introduction, Invitation to Participate, and Forward Dear ARL Member Library, As part of a professional research project, we are attempting to determine computer authentication and current com- puter access practices within ARL libraries. We have developed a very brief survey to obtain this information which we ask one representative from your institution to complete before April 25, 2008. The survey is intended to reflect practices at the main or central library on your campus. Names of libraries responding to the survey may be listed but no identifying information will be linked to your responses in the analysis or publication of results. If you have any questions about your rights as a research participant, please contact Anne Blackhurst, Minnesota State University, Mankato IRB Administrator. Anne Blackhurst, IRB Administrator Minnesota State University, Mankato College of Graduate Studies & Research 115 Alumni Foundation Mankato, MN 56001 (507)389-2321 anne.blackhurst@mnsu.edu You may preview the survey by scrolling to the text below this message. If, after previewing you believe it should be handled by another member of your library team, please forward this message appropriately. Alternatively, you may print the survey, answer it manually and mail it to: Systems/ Access Services Survey Library Services Minnesota State University, Mankato ML 3097—PO Box 8419 Mankato, MN 56001-8419 (USA) We ask you or your representative to take 5 minutes to answer 14 questions about computer authentication practices in your main library. Participation is voluntary, but follow-up reminders will be sent. This e-mail serves as your informed consent for this study. Your participation in this study includes the completion of an online survey. Your name and iden- tity will not be linked in any way to the research reports. Clicking the link to take the survey shows that you understand you are participating in the project and you give consent to our group to use the information you provide. You have the right to refuse to complete the survey and can discontinue it at any time. To take part in the survey, please click the link at the bottom of this e-mail. Thank you in advance for your contribution to our project. If you have questions, please direct your inquiries to the contacts given below. Thank you for responding to our invitation to participate in the survey. This survey is intended to determine current academic library practices for computer authentication and open access. Your participation is greatly appreciated. Below are the definitions of terms used within this survey: ■■ “Authentication”: a username and password are required to verify the identity and status of the user in order to log on to computer workstations in the library. ■■ “Affiliated user”: a library user who is eligible for campus privileges. ■■ “Non-affiliated user”: a library user who is not a member of the institutional community (an alumnus may be a non- affiliated user). This may be used interchangeably with “guest user.” ■■ “Guest user”: visitor, walk-in user, nonaffiliated user. ■■ “Open Access Computer”: Computer workstation that does not require authentication by user. 140 iNForMAtioN tecHNoloGY AND liBrAries | septeMBer 2010 Appendix B. Responding Institutions 1. University at Albany State University of New York 2. University of Alabama 3. University of Alberta 4. University of Arizona 5. Arizona State University 6. Boston College 7. University of British Columbia 8. University at Buffalo, State University of NY 9. Case Western Reserve University 10. University of California Berkeley 11. University of California, Davis 12. University of California, Irvine 13. University of Chicago 14. University of Colorado at Boulder 15. University of Connecticut 16. Columbia University 17. Dartmouth College 18. University of Delaware 19. University of Florida 20. Florida State University 21. University of Georgia 22. Georgia Tech 23. University of Guelph 24. Howard University 25. University of Illinois at Urbana-Champaign 26. Indiana University Bloomington 27. Iowa State University 28. Johns Hopkins University 29. University of Kansas 30. University of Louisville 31. Louisiana State University 32. McGill University 33. University of Maryland 34. University of Massachusetts Amherst 35. University of Michigan 36. Michigan State University 37. University of Minnesota 38. University of Missouri 39. Massachusetts Institute of Technology 40. National Agricultural Library 41. University of Nebraska-Lincoln 42. New York Public Library 43. Northwestern University 44. Ohio State University 45. Oklahoma State University 46. University of Oregon 47. University of Pennsylvania 48. University of Pittsburgh 49. Purdue University 50. Rice University 51. Smithsonian Institution 52. University of Southern California 53. Southern Illinois University Carbondale 54. Syracuse University 55. Temple University 56. University of Tennessee 57. Texas A&M University 58. Texas Tech University 59. Tulane University 60. University of Toronto 61. Vanderbilt University