Utah librarians talk about 9/11, the Patriot Act, and how they became privacy warriors

“There was a lot of panic,” said one librarian — then libraries changed rules to protect patrons’ privacy.

(Rick Egan | The Salt Lake Tribune) Wanda Mae Huffaker has been with Salt Lake County Library for 26 years, and is involved with the American Library Association. The passage of the USA Patriot Act, which allowed the FBI to access patrons' book and internet records, caused an uproar in U.S. libraries, and prompted changes in how libraries handled data. The photo was taken Sept. 9, 2021.

Within seven weeks of the terrorist attacks that toppled the World Trade Center and hit the Pentagon in 2001, President George W. Bush signed the USA Patriot Act into law — and librarians were in shock.

“When it first hit, I think there was a lot of panic,” said Wanda Mae Huffaker, public service librarian for the Salt Lake County Library. “We were all quite worried that the FBI was going to come in, and what’s going to happen. We didn’t know how or what to do. We were all worried they were going to run in and grab our computers. And if we said anything, we were going to get arrested.”

Among the many provisions in the Patriot Act — a grab bag of anti-terrorism policy changes that did everything from expanding law enforcement’s surveillance powers to requiring people to give their addresses when buying over-the-counter cold medicine — were two that directly affected America’s libraries.

One gave the FBI authority to look at library records of those the agency thought “relevant” to an “authorized investigation” — to see what books people were checking out or what websites they were reading on the internet. The other put a gag order on any librarian who was asked to give up records, with a possible prison term of five years for violating it.

“I don’t think any of us knew how to handle it, because we were all afraid,” said Huffaker, who has been with the county’s library system for 26 years. “We all felt very threatened. We weren’t supposed to tell anybody; we weren’t supposed to say anything.”

‘We always protected privacy’

The gag order didn’t last too long. In 2005, a group of librarians, known as the Connecticut Four, challenged the law in court, and the government in 2006 gave up the fight both for the gag order and the federal National Security Letters that called for the librarians’ silence.

“We always protected privacy. That’s what we did,” Huffaker said. “What people read was private, what they researched was private. All of a sudden, somebody made us give it up.”

And it didn’t take long — maybe a couple of years, Huffaker said — for librarians to take themselves out of the equation, by changing their protocols so they weren’t collecting as much data from patrons as before.

“The general practice in libraries now is less is more,” said Rita Christensen, a children’s librarian at the Orem Public Library and president of the Utah Library Association. “We don’t need to save a lot of data that we don’t need and could compromise the patron if there’s a data breach.”

(Francisco Kjolseth | The Salt Lake Tribune) Rita Christensen, a children's librarian at the Orem Public Library and president of the Utah Library Association, pictured on Thursday, Sept. 9, 2021, has relayed changes in her profession after 9/11, and the passage of the USA Patriot Act, which allowed the FBI to seize records of people's library usage.

Before, Christensen said, a library would keep a full record of what a patron checked out previously, though only the patron could have access to that record. That is, until the Patriot Act gave the FBI access to it, too.

Now, at the Orem Public Library and many others, the library will hang onto the record that a patron checked out a book only until the next person who checks it out returns it. That way, if the later patron notices something in the book — whether it’s damage to the pages, or a $20 bill used as a bookmark — the library can trace it back to the previous user. But after that, the record is expunged.

If a patron has a lot of unpaid fines, “that record is going to stay there” until the fines are paid off, Christensen said. Some libraries have stopped charging fines, she said, so for them that practice isn’t done.

When patrons use library computers to go online, Huffaker said, most libraries have a simple system: “As soon as they log off, it’s gone,” she said. “The FBI can come in and take the computer, and the information’s gone. They find nothing.”

The Salt Lake City Public Library has similar rules in place, said Deborah Ehrman, the library’s acting executive director.

“Our computers scrub search history, and we do not track patrons’ collection history with us unless they opt in,” Ehrman said. “We continue to stand by the protection of patrons’ privacy, believe information should be open and accessible to all, and therefore do not have many privacy issues.”

Privacy is important to librarians, Huffaker said, and should be important to everybody.

“There are people who say, ‘Oh, it doesn’t matter. What I read is an open book. Nobody cares about privacy any more,’” Huffaker said. “I say, ‘Well, yeah, then why do you have curtains on your windows?’ … You all want privacy about something. I don’t want everything I read to be public all the time. Or what I research.”

Remembering the old checkout slips

Christensen acknowledged a bit of nostalgia for the old, pre-computer days in libraries, where every book had a checkout card in a pocket in the back, and a patron could see who else had that book because it was written in ink. (Christensen cited the 1995 Japanese animated film “Whisper of the Heart,” where the hero sees the same boy’s name on the checkout cards in the books she had read, and the girl becomes convinced she has found her soul mate.)

Losing that paper database “felt like a little bit of humanity was gone,” Christensen said. “At the same time, we’re protecting the patron from inquiry and judgment of what they’ve read.”

In the computer age, she said, “library patrons really won’t be finding their soul mate through library checkout cards. But as a reference librarian, I can suggest Goodreads.com,” a website where users can chat about their favorite books.

Becoming fighters for intellectual freedom and personal privacy improved librarians’ reputations, Christensen said. “It got us out of the bookworm and nerd category.”

New librarians, Huffaker said, don’t fully understand the privacy battles that were fought after the Patriot Act was created. “9/11 is almost history for them. They were in grade school,” she said. “They don’t have any concept or any fear of any of this.”

The library provisions of the Patriot Act had been modified over the past two decades, and they finally expired in 2020 — when lawmakers, Christensen said, were busy dealing with the threats of the COVID-19 pandemic.

Huffaker said she’s “a different librarian than I was 20 years ago. Then, I was more afraid than I was now. I was always looking over my shoulder, and I’m not going to lie about that. … Now I have a lot more confidence.”

Sometimes, though, she has to show that confidence and dispense some constitutional wisdom, to younger librarians. On occasion, she said, law enforcement officers will ask to see the library’s surveillance video, and a younger librarian might turn it over to them.

“We have to say, ‘Wait, wait, wait. Let me tell you about what we do with warrants,’” Huffaker said. “It’s not that I don’t care for law enforcement, but there has to be procedures. We also have to protect rights.”