Challenging Library Patron Behaviors
Use These Six Choices
By Dr. Steve Albrecht

In the 1941 film noir movie classic, “The Maltese Falcon,” Humphrey Bogart, playing private detective Sam Spade, meets femme fatale Brigid O’Shaunessy, played by Mary Astor. In the opening scene, she concocts a story about her missing sister to get Spade and his partner to find her and scare off her rival for the black bird, the name of the movie that all the forthcoming fuss will be about.

There is a line in their first discussion that always strikes me as so spot-on. In talking about what she did to contact her sister, Brigid says, “I shouldn’t have done that, should I?” Spade replies, “It’s not always easy to know what to do.”

His response seems like such an accurate answer for the complexities and challenges of modern life today: It’s certainly never easy to know what to do.

In my live programs and online library service, safety, and security workshops, I’m often given a complex patron behavioral concern and asked by an anxious staffer, “Did I do the right thing?”

My answer is always a positive “yes,” perhaps with a touch of helpful correction added in, because I know we cannot predict human behavior and we especially can’t predict eccentric, threatening, or potentially violent human behavior. Equally true, it’s mostly impossible to predict accurately the motives for threatening behaviors. We often don’t know the why until after scary people have said or done what they planned to do.

And I often get asked about what to do about a complex patron behavioral problem by a staff member or during a training group discussion and my answer is, “It depends.” Being a longtime consultant, it’s a useful response when I don’t know the best answer and I need a bit more time to think of a useful answer and not a perfect one. And isn’t, “It depends” kind of how life choices go? This might work or it might not, depending on the context, past behaviors and our answers to them, and the reaction of the other person.

As such, as I review the vast array of potential responses to a problematic patron, I believe we can boil them down to these six. While not perfect (and we already established there is no perfect way of fixing people), these six can give us a framework that helps:

Intuition?

What does your gut feeling tell you to do? Get help? Back away? Call over the PIC or a higher-level boss? Push the Panic Button? Call 9-1-1? Handle it using your work experience and life wisdom? Try your collection of de-escalation and communication tools? Say or do nothing, in the hopes that the situation resolves itself after the patron self-calms, runs out of negative energy, satisfies his or her need to vent, or sees the error of his or her ways?

Intuition is a valuable tool, says Hollywood security expert Gavin de Becker in his bestselling book, The Gift of Fear: Survival Signals That Protect Us From Violence, because it’s “knowing what to do without knowing why.” The “little voice,” that tells us to talk more, talk less, take action, get help, or move away is built into our DNA.

Code of Conduct?

What does the rules built into our Code of Conduct tell us to do? Is the patron’s behavior a clear violation (like physically assaulting staff or another patron), meaning they need to be arrested and/or banned, or is it more about something that can be handled with a verbal warning?

The Code of Conduct is not the be-all, end-all about library behavior (otherwise it would be a 192 pages long), but it’s a useful place to look, especially since it offers us one of the best ways to be firm, fair, consistent, assertive, legal, empathic, patient, and reasonable (otherwise known as my “Essential Eight”).

Library Policy?

Every library should have a Policies and Procedures (P&P) Manual that covers the steps directors, mangers, supervisors, and employees need to take to handle a host of issues related to patron behaviors. The P&Ps can be seen as a larger, more thorough, more in-depth version of the Code of Conduct.

State, County, or City Laws?

We’re not asking librarians to become lawyers (although some certainly are, working at county and state law libraries), but every state has a collection of law books that address various problematic library behaviors. These include the Penal Code (for crimes that occur in the library, like assault, battery, theft, vandalism, making threats, possession of child pornography); the Health & Safety Code (often used for drug and alcohol offenses); or the Welfare and Institutions Code (often used to define mental health concerns, like “danger to self or others” or “gravely disabled”).

Cities and counties have Municipal Codes that cover everything from illegal parking at the library, to soliciting for money, to overnight sleeping in public places.

The function of all these law books and codes is to help library leaders and their staffs to enforce consequences for problematic library behaviors that hurt the overall library experience and impact the enjoyment others are seeking when they walk inside the building.

Our Usual Approach?

What does the work culture suggest we do? In other words, how have we handled similar patron behavior issues in the past - especially with some of our more chronic, “frequent fliers”? This can vary from branch to branch, with geography having a lot to do with how patrons act appropriately or act up in certain parts of town, being very different than how they act - and how we respond - across the city or county. What has worked in the past may or may not work again, but patterns exist for a reason, and it can help not to make thing worse, by doing what solves the problem based on the past.

What’s Reasonable?

Lastly, the concept of “reasonableness” is a court-tested theory that has a basis for establishing whether or not we did the right thing. Again, without having to be a lawyer, we can ask ourselves, collectively, as both library leaders and staff, “Did we do the right thing, on behalf of the staff and the patrons? Was our response deemed as thoughtful and measured, meaning we didn’t overreact or under-react?” Being reasonable takes into account the previous five elements listed above, into a measure of fairness.

To Union or Not to Union
That is the Question for Some Library Employees
By Dr. Steve Albrecht

Samuel Gompers (1850-1924) became the first president of the American Federation of Labor (AFL) in 1886. At age 10, he began rolling cigars with his father, at his home in London, before moving to New York City three years later. At age 25, he was elected president of the Cigar Makers’ International Union. He is long known as the founding father of the organized labor movement in the US.

According to the US Department of Labor’s Bureau of Labor Statistics, union membership by employees in the United States in 2022 is 14.3 million employees, or about 10.1% of all employed workers (https://www.bls.gov/news.release/pdf/union2.pdf).

This number has trended downward over the last 40 years. As the US DOL BLS report attests, “The 2022 unionization rate (10.1 percent) is the lowest on record. In 1983, the first year where comparable union data are available, the union membership rate was 20.1 percent and there were 17.7 million union workers.”

“Among occupational groups, the highest unionization rates in 2022 were in protective service occupations (34.6 percent) and in education, training, and library occupations (33.7 percent). Unionization rates were lowest in sales and related occupations (3.0 percent); computer and mathematical occupations (3.3 percent); food preparation and serving related occupations (3.6 percent); and management occupations (3.8 percent).” Ibid. (Emphasis mine.)

A question that has come up on several Library 2.0 webinars concerns how or even if, managers and supervisors should coach union employees. Is a library employee, who is a member of a union, entitled to a union representative during a meeting (also known as a “Weingarten meeting,” from the 1975 US Supreme Court ruling)? The answer is: “Not if the meeting is merely for the purpose of conveying work instructions, training, or communicating needed corrections in the employee's work techniques.”

If the meeting is an “investigatory meeting,” then the employee is entitled to a rep during the discussion. An “investigatory meeting” is defined as when “a supervisor questions an employee to obtain information which could be used as a basis for discipline or asks an employee to defend his or her conduct. If an employee has a reasonable belief that discipline or discharge may result from what he or she says, the employee has the right to request union representation.”

Since coaching meetings are requests for the employee to change or improve his or her work performance (quality or quantity of work, meeting deadlines, etc.) or work behavior (following policies and procedures, interacting with bosses, co-workers, or customers, etc.), and are not used to either threaten or initiate discipline, they are not Weingarten eligible.

I have also been asked by some library employees - who are often highly unsatisfied with their work environment, working conditions, or the way they feel they have been treated by their library directors, managers, or supervisors (always a highly subjective view) - if they should unionize. I tell them it’s not my job to sway them either way and I am neither an advocate for management nor a champion for labor unions. Over my long career, I have worked with both entities, as an HR consultant, most often in a problem-solving or conflict-resolution role. (I was a rank-and-file member of a union when I worked for the City of San Diego.)

Here’s what I believe to be true for employees who want to unionize: you have to carefully weigh the pros and cons of establishing a union shop at your workplace. The benefits are often more visible than the drawbacks. To wit:

Pros:

• Union membership creates more fairness in the hiring, management, supervision, and promotions process. The presence of the negotiated Memo of Understanding (MOU) makes the employment cycle visible and subject to correction if it’s not legal, ethical, or fair.

• Unions can stabilize the local wages and benefits - often at higher than current rates. In other words, a rising tide floats all boats. And in many systems, you can get most of the same benefits all members get, without having to be a dues-paying member; you just don’t get union representation in Weingarten meetings, as one example, although you’re usually subject to the same wages and benefits package.

• MOUs create a structured, formalized process for employees to file grievances that management must address. This can create more accountability for the working conditions and the work culture.

Cons:

• The (often way-long) process where a union is introduced to the employees, and the subsequent successful vote to unionize, can create lots of animosity between the management side and the employee side. Becoming unionized can seem like a victory for the employees and a defeat for the management, which can create longstanding grudges. And in a worst-case scenario, some people who used to be friends no longer speak to each other after one or the other went out on strike or crossed the picket line to work.

• The presence of the MOU can make casual conversations between bosses and their people complicated. Any changes in job duties, days off, and the various normal gray areas about worklife now become subject to the MOU. “Can I leave a bit early today?” can turn into a pointed conversation between the shop steward and the supervisor, which the employee is not involved in.

• The negotiation of subsequent union contracts can get hopelessly bogged down in the primary sticking point: everything on the table has some connection to Wages and Benefits. Individual benefits that could be agreed upon in a non-union organization in one meeting now became part of a larger collection of items that must be hashed out over weeks or months of angry, frustrated discussions.

I have heard employees tell me the union saved their careers, leveled the playing field for pay and promotions, eliminated bullying or discrimination, enforced consequences, and raised their salaries.

I have heard other employees tell me they wished they had never agreed to a union, especially after “paying a lot of dues for years and years for not much in return.” Or they got laid off soon after being hired, because while they may have a better work ethic and way more skills than their colleague, that person was senior to them, and the union followed the “last hired, first fired” rule.

As they say in the car business, “Your Mileage May Vary” or in Latin, “Caveat Emptor,” otherwise known as “Let the Buyer Beware.”

Eight Ways Why Your Library is Like a Hospital
The similarities are fascinating.
By Dr. Steve Albrecht

Okay, so the library doesn’t take insurance and we aren’t doing surgery in the stacks, but there are some parallels between the two environments, especially when viewed from the eyes of the patients and patrons. Consider these similarities in the hospital and library environments:

1. Patients and patrons bring their problems, issues, and life struggles through the doors.

Hospitals and libraries can’t pick their customers; they get who walks in the door. People coming into an Emergency Room and into a library may have a lot of the same life struggles: homelessness, mental health issues, substance use addictions, hunger, pain, illness, hopelessness. They come into our medical and library buildings because they want help, support, comfort, information, a cure, or at least a solution, as to what ails them.

2. Patients and patrons may not be there by choice.

The guys with the pain that radiates across the left side of his lower back can’t figure out what’s going on and doesn’t want to go to the doctor waits until he is agony to stagger in the building. One hospital admit and one kidney stone later, he is wishing he was home.

“Go do your homework at the library and don’t come home until it’s finished!” says the working and frazzled mom to her teenager. So the kid trudges from the school into the library and drops her backpack on a table and grudgingly pulls out her assignments. She’d rather be at the mall with her friends.

3. Patients and patrons may have never been to the facility, ever.

“I’m here for a medical test they said I need. The parking garage was huge, I’m late, and I don’t know where to go. Information Desk? Check In Desk? Where are the elevators? Am I even in the right building? There are either no signs or they’re just really confusing. Maybe I should just go back home and try this on another day.”

The first time for everything can be nerve-wracking. Libraries can be bright, vibrant, energizing places, with a lot for the eyes and ears to take in. “Which floor do I need to go to get help for my question about my government benefits? Everyone looks busy and moving with a purpose. Who can I talk to? Will they even want to help me? I don’t want to bother the employees but I’m confused.”

4. Patients and patrons don’t know how the facility operates.

“What does my insurance cover and how come I still have to pay so much of a co-pay? What do you mean you don’t accept my insurance? Can you still treat me if I don’t have insurance?”

“What’s free? What costs? Should I even care how my tax dollars are being used? Does the library still charge for overdue books? How much does it cost to get a library card? Can I use the Internet for free? Will they keep track of the sites I go to? How come they charge me to make copies? Can I really check out a laptop, a tablet, or a video game controller for free?”

5. Patients and patrons may not always get the positive outcome or the solutions to the answers they seek.

“What do you mean I have high blood pressure and need to take medication? I feel fine! I’m not taking any stupid pills.”

“Why won’t you help me file my income taxes? What can’t you give me free legal advice and help me sue the local government here? What do you mean you don’t have any eclipse glasses? The local TV news said you could get them here.”

6. Patients and patrons are not always satisfied with the quality of the product or the services they received.

“The doctor was very rude to me. No bedside manner whatsoever. She told me I was pre-diabetic and I needed to lose weight. She’s not the boss of me. I’ll eat whatever I want!”

“Those people at the library kicked my kid out for supposedly staring a fight with another kid from his school. It wasn’t his fault. He didn’t start the fight; he just finished it. No one tells my little angel what to do.”

7. Patients and patrons are not always right.

“I read on Google that I can treat my dangerously high cholesterol with these special minerals from Australia.”

“The lady from the library told me I didn’t have to pay any way, way overdue fines and I that I could still check out these ten books. No, I don’t remember her name and I don’t see her working today.”

8. Patients and patrons may not appreciate the little things that are done for them, on their behalf.

People coming into healthcare environments - either as patients or family members of patients - are often under a lot of stress. They can forget that the people providing medical services are doing the best they possibly can on their behalf.

Library employees are not paid the same as medical doctors and nurses, yet they contribute to the good of their communities in important, if different ways. A little courtesy for the efforts of both would be greatly appreciated. Sometimes, you have to give yourself your own praise, if it didn’t come from the person you just helped.

(This content was originally published on January 1, 2025 in Information Today. https://newsbreaks.infotoday.com/NewsBreaks/Eight-Ways-Your-Library-Is-Like-a-Hospital-166690.asp)

The "Joyless Library" Work Culture
It's a big reason why library employees don't want to come to work.
By Dr. Steve Albrecht

It’s hard to buy into the concept that work should be “fun.” Work is often hard. It’s often tiring. It is the rare public-contact employee who leaps from bed, races to the workspace, and can’t wait to start serving others. (Even if they actually start out like this, this uber-enthusiasm fades in time.) There is a reason we pay people to leave their homes and sit or stand in the same place for eight to ten hours. It’s called work, not fun or play or freedom.

But consider how many things we do, as adults, for no money at all. We work at night and on the weekends for our churches, kids’ schools, and community groups. We donate time, energy, expertise, and our own money to causes we believe in. We coach our kids in sports. We volunteer to help people less fortunate than us in soup kitchens, homeless shelters, and domestic violence shelters. We volunteer in hospitals and hospices, animal shelters, and help our neighbors after natural disasters.

And all of this we do for no money, because it feels good to do good. I would say that these efforts can bring us joy. We can define joy as a feeling that gives us great pleasure, often in response to something we have done, either for ourselves or others. (Seeing my daughter gives me great joy, as does watching baseball, walking one of my seven dogs, finishing a gym workout, and writing.)

So the question is, can working at the library give you joy? The answer is yes, maybe, and no, and a lot of that depends on who you work with and for, and how you perceive your job. We can define a “Joyless Library” as a place where the staff doesn't feel connected, supported, protected, or praised. Let’s break down each one:

Connected: The people who I work with and for, on a daily basis, know things about me and I know things about them. We share our interests, hobbies, beliefs, and our exasperations, especially when Life Isn’t Going Smoothly. We don’t grip constantly, overshare, and we don’t cram our opinions down each others’s throats. We have achieved a nice balance between expressing things about our professional lives and our personal lives, since both matter.

Supported: We take care of each as co-workers and we expect to be taken care of by our bosses. We don’t avoid work by ever saying, “That’s not in my job description.” We pitch in to help each other and our bosses’ requests, especially when things get hectic. Our bosses don’t overwork us.

Protected: Our co-workers and bosses never embarrass us in front of the patrons. We don’t air our personal dirty laundry in front of others. We take each other aside and speak in confidence when we have issues. We expect our bosses to give us feedback, in private, not “constructive criticism,” especially in front of patrons or co-workers.

Praised: We want to hear “Good job!” when we deserve it, from both our bosses and co-workers. We want to be told that what we do matters, especially when what we do when working with patrons is complex, emotional, or time-consuming. We want it to be sincere, not dismissive. We want to know we have added value to our patron and co-worker relationships. We aren’t “just here for the paycheck” and it’s not our “only reward for showing up.”

The presence of these four critical factors makes work bearable. Their absence, especially when not even one of them are present, makes work unbearable. People quit (which is often a relief, even when it creates an uncertain future) or worse, feel like they can’t quit (chained in economic handcuffs) and so they have to just show up and hope things get better, someday. This usually only happens when certain toxic, bullying, lazy, annoying, or passive-aggressive bosses or co-workers leave and are replaced with people who truly recognize the value of the four factors from above.

So how do we create a library workspace where these four exist in equal, positive, and affirming amounts? By doing them, for each other, every day. By having our library leaders do them, for their employees, every day. These four create joy. These four make it more likely staff not only stay at their libraries, but their good feelings rub off on their service encounters with patrons. (nothing is more more miserable in a public-contact job when you don’t want to be there and a customer goes out of his or her way to ruin your day). They nurture harmony and the desire to do work, hard or easy.

I’ll list them again: Connected. Supported. Protected. Praised.

The Power of Rewards and Recognitions: Library staffers work for more than just money
By Dr. Steve Albrecht

Consider working in an environment where you only hear from your bosses when you screw up and never when you do well.

It seems we have had to become a nation of self-rewarders, patting ourselves on the backs for our accomplishments at work, instead of waiting for our bosses, co-workers, or patrons to do it. The list of employees who say, “My boss constantly praises me for my efforts,” is often painfully short.

In reality, some library directors, managers, or supervisors say they are just too busy and/or distracted to see the value of formally recognizing and rewarding their people. “They know I appreciate their efforts. Do I have to tell them every single day?” The short answer is yes, with sincerity, with timeliness, and with impact.

Business bestseller Bob Nelson has written extensively on how to reward and motivate employees. He suggests the benefit of formal incentive programs, giving physical rewards to employees. These small but regular gifts, that can come from the library’s leader’s budget, and that go far beyond, “Good job. See you tomorrow.”

The subject of incentive programs always seems to fall to the bottom of a leader’s to-do list. This is a shame on many levels, because people will work hard for more than just pay. What about giving employees gift cards, gas cards, movie passes, dinner certificates, the special close-to-the-front-entrance parking space, and the most popular incentives of all - working only a half-day at full pay or getting a discretionary day off?

When library employees are publicly noticed and heralded for what they have done, they’ll do more because they feel good doing it and they know it’s important. And when they get singled out for their energy and enthusiasm, hard work might just lead to more hard work.

Non-monetary rewards can come from a multitude of sources: reading a positive patron email at an all-hands staff meeting; having the an elected official or Library Board member formally recognize employees at a training meeting; writing a blogpost about the employee for the library’s website or Facebook page; or announcing the employee’s promotion or anniversary date of hire.

Employees who say, “Don’t make a big deal about my birthday,” secretly like it when folks make a big deal about their birthday – cake, cards, balloons tied to the chair, confetti on their desks, and hearing that song with their name in it.

Napoleon said, “An army travels on its stomach.” Today, he’d know that a work team is often motivated by food. More money is great, extra benefits are fine, and time off is very important, but food has always been a powerful motivator for employees.

Whether it’s pizzas, salads, and sodas on Fridays, doughnuts for the weekend staff, bagels and coffee on Mondays, or cake and cupcakes at the monthly employee birthday lunches, the secret to using goodies as a reward is to be random with both the selections and the dates. If employees get the same tired choices each week after month, their enthusiasm wanes quickly.

Any employee reward, from food to formal recognition programs, should be as episodic as your luck during a casino visit. If you won all the time, the casino would close; if you lost all the time, the casino would close. Success in the casino business comes when the players don’t expect their triumphs. As such, the element of surprise seems to work best when it comes to employee reward programs.

Public recognition is necessary, motivating, and builds teamwork. Whether it’s a gift card or a years-of-service award presented by a city, county, or library bigwig, employee rewards work.

(Originally published at https://stevealbrecht.substack.com/p/the-power-of-rewards-and-recognitions)

Approaches to Library Panic Alarms
Using tech to keep staff safe
By Dr. Steve Albrecht
Cross-posted from https://stevealbrecht.substack.com/p/approaches-to-library-panic-alarms

Getting emergency help at the press of a button is an issue that some libraries are still discussing, others have a system in place that sort of works, and still others have a process, policy, and response that really works. The level of sophistication of both the panic buttons and more importantly, what happens when the button is pushed, needs a careful review and often, the need for improvements.

I have consulted with libraries on security issues for high-stress or even dangerous encounters with out-of-control patrons. They tell me they have panic buttons at their main Circulation or Information Desks and either their security guards, or their PICs or supervisors, or an alarm company will get an immediate notification. I say, “Great! Can we test the actual button to see what happens?”

This is when they and I learn the button was disconnected several years ago, the button is broken, the security guards don’t get notified, there is no supervisor’s response, and the contract with the alarm company was discontinued last spring. This hardly gives comfort to the desk staff. (I’m reminded of a lawsuit where a fire sprinkler contractor wanted to cut costs and make more profit, so he simply super-glued the fire sprinkler valves to the ceilings without actually connecting them to the water supply. I think he went to prison for that fraud and safety hazard as well.)

Some of my library clients are in the “wait and see” mode for panic alarms, often waiting for the “Big Event” to give them the momentum, motivation, and reason to spend the money on a panic alarm system. Since I also teach substance abuse awareness for managers and supervisors of safety-sensitive employees (truck drivers, transportation operators, etc.), this is like waiting for the alcohol-or drug-addicted employee to crash into a busload of nuns and orphans before you take action on stopping the issue.

Let’s break down some potential panic button solutions:

1). The library can install a panic button that rings to the back offices, the security guard station (if applicable), sets off a silent strobe light in the back hallways, or alerts the leadership via an emergency text or desk PC/Intranet notification. This should initiate a response that is safe and measured, meaning before dialing 9-1-1 or rushing forward to see what the concern is, the library leaders should look first at any camera views that shows what is happening at the desk. It may be just as useful to call 9-1-1 from their position of safety, before going forward, getting involved in the patron contact, and then having to either retreat to a safe place to call 9-1-1 or sending someone else to go to do it.

2). When pressed, the panic button notifies the leadership team electronically (ringer installed in the back offices or by text/email) as well as the system calls an offsite alarm company who monitors the button’s activation. The alarm company often provides two responses: they will call the library and ask for an agreed-upon code word or phrase to make sure the situation is safe. Not hearing that code, they call the police on behalf of the library and explain that it is a potentially dangerous or armed situation. Or, the alarm company will dial 9-1-1 for the library immediately after getting the panic button notification and ask police to be dispatched.

There are disadvantages to both: calling the library first, instead of 9-1-1, can delay the police response while the alarm dispatcher tries to figure out what is going on. Then again, calling the police before they know what is really happening can send the Big Blue Calvary barreling into the library, looking to prevent an active shooter when that isn’t the real problem. This is especially stressful when it’s a false alarm and the button gets pushed either accidentally or not for a potentially violent act.

The false alarm rate for properly-positioned panic alarms tends to be low. (They are mounted under the counter in a place where they won’t be bumped by a knee or chair). This is important because some alarm companies and many law enforcement agencies will charge a false-alarm fee after a certain number of mistakes. This can get expensive and it can turn into the “Librarian Who Cried Wolf” when there was no wolf at all.

Library staff who are introduced to panic alarms need to know they should be used only when there is a real concern for violence against themselves or another patron, by someone who is threatening, armed, or mentally unstable. Before pressing a panic button, staff needs to use their best de-escalation/conflict resolution skills (something I have been doing for libraries for 25 years), and only use the panic button as if it was a 9-1-1 call they would make from their home. Staff and the library leaders can develop code words to get more help when dealing with angry/frustrated/uncooperative patrons, and then use the panic button for when those attempts fail and the person escalates toward violence.

There is a trend at some libraries where there have been a lot of threatening conduct by patrons to give the floor staff personal panic alarms. These wearable devices either ring a loud alarm that can be heard in the area, notify the leadership team, ring to an alarm company monitoring service, or some combination of these.

At a minimum, installing any panic button system, mounted under the desk or personal alarms for staff, needs a written policy that explains the location, when to push it, and what is the expected response from either the leaders in the back offices, the alarm company, the police, or all three. (Email me at DrSteve@DrSteveAlbrecht.com for a copy of one I give to my libraries.)

Besides the policy, staff needs to be briefed (and de-briefed after they press the button and the solution-makers rush in). This is especially true for new-hires, part-time or weekend desk staff, and anyone else who may need to work the desk and wonder what the little button under the counter does.

By Dr. Steve Albrecht

When I started my library security training journey back in 2000, my knowledge of what went on in libraries as an operation was limited, and my understanding of what happened in libraries regarding crime, violence, and patron behavioral issues wasn’t much more. I was grateful that my first primary training client sent me on a field trip of sorts, starting out at libraries in Northern California, into the Bay Area, and finishing in Southern California, Los Angeles, and ending in my then-home city, San Diego.

I talked to library staff, library directors, managers, supervisors, PICs, Friends of the Library bookstore volunteers, security guards, library board members, and when possible, the local cops. Each of these gave me my first education as to the challenges library leaders and employees faced.

I taught my security workshops in Oakland, Berkeley, San Francisco, San Jose, Sacramento, Fresno, Los Angeles, and San Diego. I presented at city and county libraries and law libraries, in downtown, urban, and suburban locations.

I have lived in the Midwest for seven years now, but I keep in close touch with my parents in San Diego and still have a lot of friends there too. Library security news follows me everywhere and I see the same stories that perhaps you do: crime and violence problems at the main branch of the Oakland library; fentanyl drug overdoses around the San Francisco Civic Center library; the temporary closure of the Long Beach main library due to harassment of staff; the one-day closure of the Antioch (CA) Library due to staff fears about on-going crimes, vandalism, and violence; security issues at Los Angeles city and county libraries; a homicide shooting in front of the San Diego downtown library.

It’s hard to look at this list of issues in our most populous state in the county and conclude California is at the forefront of library safety and security, for its staff, facilities, and patrons. The safety of library staff is now a significant issue with the employee unions

Here are five primary reasons for this growing trend of crime and behavior problems in and around California libraries:

1). Most homeless people in the United States are in California.

The number seems to be around 150,000 people. The weather makes life on the streets somewhat easier (if that’s even possible) in January in Los Angeles when compared to Chicago.

Some cities, with San Francisco as the most visible example, pay some homeless people a stipend of $500 to $750 per month.

Libraries have always attracted homeless patrons, most of whom want to be there and don’t cause problems. The small number who are chronically mentally ill and drug/alcohol addicted create the most incidents and that makes many occasional patrons feel like “the homeless ruin the library experience for me,” even though that is not the real truth.

2). The explosion of fentanyl.

This drug makes the prevalence of crack cocaine back in the 80s and 90s look like breakfast cereal. It’s cheap to make, easy to smuggle into the US from China and Mexico, and cheap to buy -- unfortunately making it very profitable. Fentanyl is so prevalent it is now laced into marijuana joints, cocaine, opiate pills, Ecstasy/Molly/MDMA pills, and even street-sold Ritalin or Adderall pills. Almost every street drug used today is contaminated with fentanyl. Drug overdoses kill over 100,000 people each year and are now the leading cause of death for 18 to 45-year-olds.

Back twenty years ago, it would be quite unusual to find the overdose recovery drug Narcan in a library, let alone have staff trained to use it. Now, you can get Narcan over the corner at a pharmacy and some libraries have used it to save lives before paramedics could get there.

3). The passage of California Proposition 47 in 2014.

Over the last ten years, there have been significant changes in how crimes are classified, arrested for, and prosecuted in the Golden State. This ballot issue was designed to ease jail and prison overcrowding, “put more cops on the street fighting real crime,” and ease the burdens on our criminal court system. What it did was de-criminalize a lot of crimes that used to be arrestable offenses, like retail store petty theft, drug possession, and even physical assaults.

As one example, possession of illegal drugs used to be a felony, and being under the influence of illegal drugs was a misdemeanor. Now drug possession is a misdemeanor and being under the influence is an infraction, the equivalent of a speeding ticket.

Grand theft in California used to be a felony crime. It’s now considered to be a misdemeanor, even for the stealing of most items over the previous dollar amount of $950.

Jail and prison overcrowding was influenced by “three strikes” laws. Many of those have been reduced and California has even closed some state prisons. This means more previously violent people who were in prison than are not now.

All this means less enforcement by police overall, including either no response or an hours or even days-late response for low-level crimes that happen in or near the library.

4). Not enough police or security officers to cover crimes and threatening behavior problems in libraries.

To safeguard its 72 branches, the Los Angeles Police Department’s Security Services Division (SECSD) provides uniformed police officers, unarmed security officers who are city employees, and contract private security officers. (The LA Public Library pays LAPD $4.5 million for their security services.)

The Los Angeles Sheriff’s Office provides uniformed deputies to provide security to LA County’s 86 library branches. (I was told there 8 to 10 deputies, who must cover 3,024 square miles. I’m not a math whiz, but this is not a great ratio.)

There are not enough police officers and sheriff’s deputies in this country to respond even to emergency calls, let alone minor behavior-based crimes. In California, police staffing is way down, for a variety of reasons, including the high cost of housing in the largest cities (the median house price in my former home-city San Diego is $970,000). Also, not many people want to apply to do that job anymore, because: it’s dangerous (a cop is shot in the US every 27 hours); not very popular (if you want to be admired, become a firefighter); and not always well-paid.

5). Apathy about library safety and security by political leaders.

It’s not that many elected or appointed officials in California don’t care about libraries or library employees, it’s just that they don’t care as much about what happens in or around the library unless there is a significant negative event. Just like they don’t always pay attention to what happens at the local Parks and Recreation facility unless there is a problem. Politicians are driven by events, by bad optics that reflect poorly on themselves and their governing bodies, by what gets expanded and continuing media attention, and by what triggers a lot of voters to call their offices and complain.

What does all this mean, if you work in a library in California or any other state?

• Keep on doing your job, focusing on your personal and collective safety every day as you do.
• Use Security Incident Reports as leverage to get better police responses, policy changes, and equipment improvements.
• Keep the library involved as much as possible in discussions with electeds.
• Use your Library Boards and employee unions/associations to educate the politicians as to what is really happening in your branches.

By Dr. Steve Albrecht

SUBMITTED QUESTION

I’m a security director for a large library district. I’ve got a rural library director who feels unsafe with drug activity around, and in fact, a late night bullet accidentally hit the library door a couple months ago. The director bought a TASER, with library funds, to protect herself. I’ve looked through your rural chapter 7 in your The Safe Library book and sent a few pages to her from that.

Is a TASER advisable or not advisable? Could it be lethal? Pepper spray or wasp spray preferred? If a staff person has a TASER, does the library need a policy? Especially if the TASER was bought with library funds?

The Board has questions, and I’ve referred them to their county lawyer, but I thought I might get some insight from you as well?

ANSWER

Dear Security Director:

Thanks for your note. Did she buy an actual TASER (which either shoots a dart or has probes attached to it) or another version that causes a shock when pressed against the person? They are not lethal unless the person is soaked in gasoline or another flammable liquid, in which case there is a danger of fire. They rarely disrupt heart rhythms, but can cause problems if responding police handcuff a person using meth and place him in restraints (causing excited delirium death),

In choosing between OC Pepper spray and bear/wasp spray, I would never recommend the latter because it can cause lasting chemical burns and is not designed for use on humans. OC Pepper spray is designed to stop people and not cause lasting injuries. I have taught OC Pepper use to civilian employees (park rangers, parking enforcers, lifeguards, and code compliance officers) for decades and it is effective. The two biggest downsides are that it can temporarily contaminate the whole room when used indoors, and that it is not often carried by employees when urgently needed. (Pocket is good, purse or desk drawer in the other room is not.)

Back to the TASER, any employee carrying it should be able to demonstrate its safe use, having gone through a self-training class (online video) or even better, a training briefing by a law enforcement officer. There needs to be a written policy about how it is transported to and from the library, stored, and protected from access by patrons (especially kids). There are ethical considerations about its use: not to be used by people who aren't trained; not to be used to injure/torture someone who is no longer a threat; and it needs to have a written security incident report anytime it is deployed.

My argument against e-weapons is that they can be taken from the person and used by the crook against them. If the kind she has requires her to touch the suspect with it, she can get disarmed. Some bad people might be scared off by the sound or appearance of the device, but most mentally ill people or predatory people will not. 

PS - A bit of historical trivia: the founder of TASER was a NASA researcher who named his device in 1974 after an adventurous boy and main character in science fiction novels of the early 1900’s named Tom Swift. TASER = Tom Swift And His Electric Rifle (first published in 1911).

By Dr. Steve Albrecht.

Thank you, Bold and Brave Librarians! We asked and you shared! My hands trembled as I complied your List of Yuck.

As you review what your colleagues have “curated” here, you can either take some comfort that either your library has not had it as bad as others, or enjoy our “congratulations," because your library came out near the top of the List of Awful.

What are the Worst, Grossest, Scariest, or Oddest Things Ever Found in the Stacks or in the Book Drop for Your Library?

“We had a full bag of apple pie filling dumped in the book drop. What a mess! The book drop was sticky for months!”

“By far the weirdest and most disgusting thing I've found in a book was a piece of raw bacon! Oddly, I was taking a library class several years ago and this question came up. I thought I had the weirdest things, hands down. Turned out that 3 other people in the class had found raw bacon in books, too! Bacon! ”

“When I worked in a public library some teenage troublemakers tossed a lit sparkler into the book drop. It singed some books but luckily didn't start a fire. We also had a very overdue book returned coated in chocolate cake. Another time, in a combined elementary/middle school, a student came in with a ziplock baggie full of ice cubes. She had walked into a pole in the playground during recess and the ice was for her forehead. As her class was leaving I asked her, "Where's your baggie?" She had no idea. We found it (full of water) inside an upright I Spy book on the shelves.”

“Once a group of very sneaky students came into our school library with raw eggs, which they snuck in between the books on the shelves. When we pushed the books up straight you can imagine the mess! We never found out who did it either.”

“Books covered in blood returned to the checkout desk by a person who looked like they had recently been in a fight, an entire hotdog and big gulp in the book drop, (what a waste!) and of course, the dreaded bedbugs and cockroaches.”

“I discovered a dead frog used as a bookmark in a returned book once. It was very sad.”

“That beats the whole cupcake (including frosting) used as a bookmark.”

“Patron brought a (recently) dead skunk in the library. Wanted information on taxidermy.”

“We had a metal tool that looked to be from a veterinarian's office...it said `tick remover’ on it.”

“We've had a dead bird (who was not alive when he entered), pop cans, and dirty socks in our book drop.”

“Once we had an ice cream cone in our book drop. Thankfully it only damaged one book.”

“School librarian here. My first year collecting textbooks in a high school, checking each for their condition, in just one day, I saw drawings of flaccid penises, erect penises, dancing penises, ejaculating penises, happy penises, sad penises, etc., ad nauseam. And I had one student at the end of the day, trying to describe his book to me, saying, You know, it was the one with the penis drawn in it? I lost my mind: the one? the ONE????”

“Ah yes, the penises! I remember trying to erase them from books when I worked in schools.”

“Carefully drawn cartoons of phalluses riding bicycles. 🚲 🚲 🚲”

“Someone's birth control patch was stuck to the back of a novel I was shelving. I washed my hands for a WHILE after that one.”

“This happened to a library where friends of mine worked and/or frequented: a woman was dumping mayo, ketchup, and other condiments into the Ada County library (Boise, ID) book drop. She was also a regular in an agriculture store I worked at during the time she was doing all of this. My coworkers knew I was working on my MLS and started calling me the Librarianator.” Link to one of the many articles about her (even made it to CBS News): Police bust 74-year-old for depositing mayo in book drop... 

“Late one Halloween night in the mid-90s, I received a call from local police dispatch. I was asked to come to unlock the library as the local fire department were on scene responding to smoke in our book drop.(I was middle management, but lived blocks, not miles from the library.) I arrived at the library a few minutes later in my pajamas. Fire Department investigation determined a paper bag of feces was set on fire and dropped in the book return. Definitely tricks and no treats that year.”

“A few of the noteworthy items i've either witnessed in person or tertiary handled questions/fallout over the years:

"a) Raw turkey in the book drop, the whole thing, smooshed to fit. It seems to have been dropped off the evening/night before thanksgiving. By the time staff found it several days later, everything in the book drop (a lot of stuff) was ruined and the smell was horrific. 

"b) Mucus (boogers). Over the course of a year or so, someone had been leaving bloody boogers in multiple sections of novels returned on the rollers, always during rush hour when staff don't have much time to spot check inside the books. It took a long time and concerted effort to catch the person, who I kept hearing referred to as "The Booger Bandit.” 

"c) Cat urine. It was all over a book so it was billed. Pet-related incidents are common, but the interesting thing here was that the customer denied that it had been damaged upon return, insisting that a cat had somehow gotten into the book drop. It's a double-door system with a long chute, and there had been no cat found by staff inside the closed book drop closet. The customer doubled down, said that it must have disappeared somehow, like magic. Magic cat? Yes, says the customer. Then they decided that a certain librarian was out to get them and had gotten into the book drop, pulled out their return, and urinated on it, with cat urine. I just took notes on everything the customer said and handed it off up the chain of command. I don’t have enough hands for the amount of facepalm needed on that one."

“I have thankfully not found anything imminently harmful like drug paraphernalia, but when city Public Works moved a trash can next to our book drop (which was just across the parking lot from a busy bowling alley), the amount of beer bottles (some with beer inside) and food wrappers increased. It was easily fixed."

"The saddest thing I have ever found was a litter of kittens, young enough their eyes were still closed. Two of the four made it to the vet's office. Sadly, none survived. I cannot for the life of me figure out why the owner of the cats thought it a good idea to put them there. (and no, no momma cat could have opened the drop by herself).   Those poor kittens.”

“Pot, meth, pills, crack, various pipes, used needles, full and empty alcohol containers, mostly in the stacks, but ocassionally found on the ground or in landscaping. I walked into a cloud of meth smoke in the restroom. Items soiled with bodily fluids/solids (diapers, sanitary napkins, tampons, condoms, tissues): All the above, but dealt with by either janitorial and/or building maintenance. Mostly blockages caused by:clothing, needles or other items shoved down into toilets. A serial cough drop user who stored used drops in-between pages. 

"Notes threatening staff and other patrons.

"Not books, but walls, signs, benches, lamp posts and fences tagged.

"Stick with axe and hunting knife duct-taped to form a home-made 'halberd.' Various sharpened sticks.

"A mouse caught in the sorter. I had to review the video to determine if it was accidental or intentional. It was accidental--no idea what possessed the mouse - making him decide to jump onto the sorting belt.

New iPhone, large uncashed paycheck, cash, credit cards.”

“I'm in a suburban library system in California. The community is ranked one of the safest, best places to live overall. However, the location that generates most of the incidents is in a core neighborhood, and within walking distance of a shelter. Some of it could be attributed to that and the issues faced by the unsheltered. Most of the incidents are from the last five years, and coincidentally so has evidence that methamphetamine and fentanyl use has increased locally. I also think we receive an overflow of people from a larger metro area adjacent to us, as authorities put pressure on them to the point that they migrate to us.

"Oh, and I forgot to mention the arson. It started with us finding evidence of small fires around the facility. Then, one night, someone continually tossed burning books down from the elevated parking into our chiller/HVAC system until it caught the enclosure on fire. Luckily, it was far enough from the library building and it did not spread. It was caught on security camera and it burned for at least 30 minutes before someone called the Fire Dept.

"There are also more serious incidents and some with pending legal cases that I've left out for obvious reasons.

"I will also mention that the two adjacent library systems have dealt with far worse, so we consider ourselves lucky in that respect.

"I feel guilty for sharing all these bad incidents, and the negative associations it creates with libraries. However, if there's anything positive about this, I will say that it illustrates that we have some of the best staff, who handle incidents professionally, while maintaining excellent service and remaining compassionate and caring people, despite the challenges.”

By Dr. Steve Albrecht

As one of my friends, who has the unenviable job of cleaning airplane bathrooms between flights, likes to say, “People are nasty.”

The shelves in your library or your oh-so-inviting book drop seem to draw things you wouldn’t want to discuss at a party. What solid or semi-fluid objects have been “donated,” abandoned, or discarded at your library?

You may have been an eyewitness to these things - meaning you saw them personally - or you may have been an “earwitness” to them, meaning you heard about them, or they have taken on mythical status in your library, and are passed down to the new-hires like so much iconic-symbolic-allegorical lore.

Here is a list for you to choose from. (Try not to be too disgustingly-specific in your descriptions.) Please put your answers in the comments below this post! (Here's the LINK if you're coming from somewhere else.)

1. Needles or drug paraphernalia (pot pipes, empty baggies with powdery residue).

2. Items soiled with bodily fluids/solids (diapers, sanitary napkins, tampons, condoms, tissues).

3. Hate-filled or threatening notes (written in crayon, typed, carved into something).

4. Graffiti-covered books (tagger “art" or gang signs).

5. Bullets, knives, sharp objects, weapons.

6. Mice, rats, spiders, insects, snakes (living or dead).

7. Expensive stuff (jewelry, watches, cash money, big uncashed check, winning lotto ticket used as a bookmark, rare coins, car keys).

8. Other

[A shorter version of this essay ran as an op-ed in the February 2, 2024 online edition of The Seattle Times. Click here for the link to that version. https://shorturl.at/txFKW. See also "U.S. Department of Education Issues New Resource for School Administrators on Importance of Safe Firearm Storage" - Campus Safety]

I have spent the past 32 years of my life and career trying to keep people safe from violence in the workplace, in our K-12 schools, colleges, and universities; in healthcare facilities; and in city and county government agencies that serve taxpayers (including libraries and utilities). I have worked diligently to educate public and private sector employees about the real dangers of domestic violence, especially when it crosses over from home to work. 

I have interviewed three workplace violence murderers in prison, something no other author I know of has done. Their primary motive for what they did (killing a total of 12 people) was simple: they wanted revenge. We can limit that possibility based on how we treat people, as co-workers, employees, students, ratepayers, patients, and people receiving services from organizations. That’s why so many of my library security workshops talk about the real value of empathy, patience, and listening skills, even when the other person isn’t cooperating very much.

I have trained dozens of K-12 school districts and hundreds of school employees in school violence prevention approaches, including helping with the creation of District-wide Threat Assessment Teams (TATs).

If I had just one wish, where I could snap my fingers and make it happen instantly to prevent school shootings, it would not be about anti-bullying campaigns (which range in success from a lot to not at all); or more School Resource Officers (hard to do today with such low staffing in law enforcement agencies); or better physical security at our schools (the locked, staffed “closed campus” model works best, especially as students enter and leave). No, those aren’t my primary concerns.

If I could make it happen, I would demand that every single parent who has a kid at a K-12 school and who owns a gun in their home stores it safely. 

Even a quick review of the over 344 school shootings in 2023 (a stunning number, as collected by the K-12 School Shootings Database at https://k12ssdb.org) paints the terrible picture clearly: The majority of K-12 school shooting perpetrators under the age of 18 get the guns they use from their homes.

As a library security consultant and trainer since 2000, I’m reminded of the Clovis, NM library shooting on August 28, 2017, that took the lives of two female library employees and wounded four others, including a 10-year-old boy. The shooter, 16-year-old Nathan Jouett, had originally intended to go to Clovis High School where he had been bullied, to shoot students there. He went into the library first, to use the bathroom, then came out and shot six people. He got the gun from home, from his father’s unlocked gun safe. (Yes, I put those words in bold for emphasis.) 

I researched the Jouett case extensively, talking with the plaintiff’s lawyer who sued the young man’s therapist and father for negligence, reviewing the court transcripts, reading the depositions of the court-appointed child psychiatrist, and even Jouett’s prison deposition. The ease with which he acquired the gun and ammunition is stunning.

Guns in a gun shop are expensive and only available to people over a certain age, and in some states, after a background check. Many homes (too many homes) have unsecured handguns, rifles, and shotguns, sitting in closets, clothing drawers, nightstands, desks, and boxes in garages. Too many parents (most often the men) mistakenly believe, “My kid knows not to go into my sock drawer and open that box marked `Glock’.” 

This is foolish, wishful thinking, proven tragically wrong when that kid gets an unsecured handgun, rifle, or shotgun from his or her own home and takes it to school, either with murderous intent or to scare away the students who have bullied him or her.

Think that can’t happen with a pre-teen? From a January 6, 2023 NBC News online story: “The 6-year-old boy who seriously wounded his teacher at a Virginia elementary school in January said in the aftermath that `I did it’ and `I got my mom's gun last night,’ according to newly unsealed court documents.” (https://tinyurl.com/ykr8sske)

In the aftermath of these tragedies, the parents are “in shock” as to what happened and why it did, and “saddened and surprised” that their own child used a gun from their home to commit these acts. “We thought they were locked up and that he or she didn’t have access. We never thought that in a million years this could ever happen…” The excuses are just that - excuses for failing to be vigilant, every single day that they own and store one or more firearms in their homes. 

So how can local libraries and even more so - school libraries - help stop this? By committing to a national campaign, in partnership with their nearby school districts, to put parents on notice that they have a legal, moral, and ethical duty to safely lock up every firearm type in their homes. And equally important, to give parents easy, inexpensive, and readily available safe gun storage solutions.

Posters at the school and campus-wide announcements aren’t enough. This effort will require our K-12 school districts to bring parents together, through on-campus meetings and even Zoom sessions, to educate them firmly and directly, that they must store their firearms.

Trigger locks (usually a cable with a key lock) are cheap to buy and easy to distribute to parents. How about asking the local gun safe vendors in our communities to provide reduced-rate gun safes (after getting a good-faith discount from their manufacturers)? You don’t need to buy a 600-pound gun safe, when a lockable gun box will do. Can we ask local gun shops and gun ranges to agree to provide as many free or inexpensive gun storage solutions as they can, as part of a gesture of goodwill to the entire community? 

How about asking our local law enforcement agencies to partner with our schools, school libraries, and city or county libraries to speak on campus and at specific library programs about this issue? “Attention Parents! Here is the problem: kids are stealing guns from home to use in shootings, often at their schools or in the streets, and often against other children. Your child could be a victim and if you don’t secure your firearms, your child may decide to be the shooter. Here are some free solutions you can get at the library, at the school district office, or your child’s school campus, right now, today: trigger locks, small gun safes, and lockable gun boxes. Please go home and protect your firearms, your children, our schools, and our communities.”

After three decades of trying to solve workplace violence and school violence problems, I’m weary from my efforts, which sometimes feel in vain. It’s time to ask our local libraries, school libraries, school districts, and local law enforcement agencies to come together and offer real, physical solutions that stop this issue of too-easy gun access in its tracks.

Archbishop Desmond Tutu said it so well, “There comes a point where we need to stop just pulling people out of the river. We need to go upstream and find out why they're falling in.” 

Kids are getting unsecured guns from their homes to use to shoot others and themselves. The solution is upstream but it’s not too far away to make it happen.

By Dr. Steve Albrecht

The trope we see most often in movies and TV crime shows is when a child is kidnapped, it’s done by the “creepy guy driving a van.” We tell our kids, as soon as they can know it, about “Stranger Danger,” and we spend our lives worrying about them, even into their adulthood. The truth is according to the National Center for Missing and Exploited Children (www.MissingKids.org), most children are kidnapped from the custodial parent, who has the legal right to care for them, by the non-custodial parent, who does not.

These incidents either end in tragedy or at a minimum, with plenty of trauma for the anguished parent and the child, who, we hope, is far too young to fully comprehend what is happening and why. It takes an effort by police, social workers, and the courts to get the child safely back with the proper parent.

The other trope we see on the screen is the woman who can’t have a baby and steals one from the Neonatal Unit at the local hospital. Thankfully, these incidents are extremely rare because hospitals have realized the tremendous liability, emotional harm, and horrible publicity that comes with allowing this crime to occur because they didn’t have vigilant staff, effective security and access controls, and constant monitoring policies.

As a part of what hospitals do, the use color codes broadcasted over their public address (PA) systems to tell staff about emergency situations. These are often followed by the building location, as in, “Code Blue, Room 348,” which tells the medical staff to respond with a cardiac crash cart to the third floor. This is the most common building-code announcement, but there are other hospital codes for other events:

Code Red - Fire
Code Silver/Gray - Active Shooter
Code Orange - Radioactive, Chemical, or Biological Hazard
Code Green - Patient Elopement/Walkaway
Code Black - Bomb Threat
Code Violent - Violent Person
Code Pink - Abducted Infant or Young Child

The response plan in an actual Code Pink emergency in a hospital is to immediately send all available medical, security, and even administrative staff to their nearest exterior exit door and stop anyone from leaving with an infant or toddler.

Hospital Security officers coordinate with the supervisors and employees at the location where the child was last seen and take an immediate look at all available video camera footage to get a description of the abductor and the abductee. They will allow actual parents with children to leave and detain potential child-stealers for the police.

Now, let’s focus on the possibility of a stolen child at the library. Your library needs a similar plan, where staff has been trained (and has practiced it in an annual drill) to drop what they are doing when they hear a Code Pink PA announcement, move to their nearest entry/exit door, and stop anyone from leaving with a child. Only after it has been verified that the person is the bona fide parent, caregiver, or guardian, can they both be allowed to leave. If the person who has taken the child pushes past the library employee to escape but leaves the child behind, so much the better. We just want the kid to be safe and we can provide video footage and/or a detailed description of the perpetrator to the police when they arrive.

The following possible disturbing scenarios that could occur in your library, although they are rare:

• a child is kidnapped by a stranger in the library, either when the parent or caregiver is not looking or when the child has come to the library alone or with friends;
• a child encounters the kidnapper in the public restroom (or worse, when the kidnapper hides in the children’s-only restroom);
• a child is grabbed in the parking lot while walking toward the library.

What is most likely, however, is when the non-custodial parent and the custodial parent either meet in the library parking lot or inside the library to arrange the visitation exchange or to discuss why were won’t be a visitation exchange, and the kid gets taken by the non-custodial parent by force. (I have heard judges and family court advocates suggest the “local library is a good neutral meeting place” for these types of high-stress encounters.) It can be quite an emotional moment for all concerned when a tearful mom runs inside the library to tell the staff that her child has been taken by her former spouse or partner. This is definitely the time for a 9-1-1 call. In any potential crime or violent situation that happens inside or outside your library, you should provide the responding police with any parking lot camera video or internal camera video footage. Seconds and minutes matter.

Anyone who has followed my blog, podcast, and webinar content here at Library 2.0 knows I believe in the need for occasional practice drills for high-stress/high-threat emergency situations, e.g., Run-Hide drills for a potential active shooter; fire drills; and evacuations for gas leaks, power blackouts, and HazMat spills. These drills should be done before the library opens and with full staff awareness that they are going to occur. No need to surprise or frighten staff with a seemingly realistic situation that is actually a drill--those wrongly coordinated events offer a good way to terrorize, injure, or demoralize library staff, and they can create trust issues with management and don’t help with learning or compliance.

A pre-planned Code Pink drill can be done by telling staff about the incident through the library PA system (or megaphones used by supervisors or PICs, which can be brought, not surprisingly, on Amazon). The drill should start with the announcement, “Code Pink! Attention All Staff - Code Pink!” All staff should move quickly to the exits, including those accessible only through an internal staff hallway, since bad people may use the employees-only section of the library to get free. (Yet another reason to keep those non-public doors locked by key card access.) During the drill, other staff who are not guarding the doors can help with the search of the building, looking in kid-sized hiding places, unused rooms, restrooms, etc., until it’s time to end the exercise.

In a real event, all staff should block the exit doors and wait for a description of the missing child as it comes in. As soon as it becomes clear after a fast search that the child is definitely not in the library and is presumed missing, call 9-1-1. For anyone attempting to leave with a child, staff must ask the right questions to verify who is who, and if they have doubts, say, “You’ll have to stay here until the police arrive to sort this out.”

The reason for the Code Pink drill and real-time response is to stop the kidnapper before he or she can leave and to help get the child back. Time is critical in these actual events. Like other potentially bad things that may or may not ever happen at your library, it’s best to have a plan, a building-wide notification, staff training, and a drill in place to make it more likely we can stop this potentially tragic crime.

Dear Dr. Steve - Our Code of Conduct prohibits patrons from sleeping in the library. Our staff is quite lenient on this issue and they usually just “verbally nudge people awake” and remind them about the rule. There are some patrons who come here just to sleep and when staff wakes them up from an obvious deep sleep they say, “I wasn’t sleeping! I was praying or meditating and you disrupted me!”

This seems like a highly prepared answer, of course, and it kind of catches staff off guard, like it really was their fault for disrupting this patron’s worship or mediation. What should we do?

Dr. Steve Albrecht: “This does sound like an answer that patrons who have been told repeatedly not to sleep have carefully crafted to shift the focus from their behavior on to the staff who is “harassing” them. In my world, this is known as an “excuse,” not a valid reason, and as such, we should treat it like any other excuse by not arguing back and forth as to who was doing what, but by “putting a fence around the excuse,” and moving on to the solutions.

Here are the steps, using my ARC tool:

• Acknowledge what they just said, without having to agree or disagree that was what they were doing: “Oh, okay. I thought you were sleeping. I can see how that might be confusing for both of us.”
• Reaffirm/Remind them of the no-sleeping policy, even if you have told them many times before: “I think we might have already talked about this, and if so, I just wanted to tell you again, you cannot sleep in the library.”
• Commit/Conclude: “I know you want to follow the library rules, right? So you can use and enjoy the library without being asked to leave, right? Can I get your promise to follow that guideline for me, so you can stay? Thanks.” 

Here’s a fun exercise, one that will help you connect to a wider variety of your patrons: 

Step 1 - Create a list of the Top Three most common languages spoken in and around your library, by the patrons you serve. (Just one language is too easy; four is too hard.)

Step 2 - Do your usual “skilled library professional research” and develop a list of the most common phrases in those languages. Memorize them and have them at the ready (or on a cheat sheet) when you encounter patrons who speak those languages besides English. 

Thanks to a total of six years of classes through high school, college, and graduate school, I speak Spanish fluently. (Living most of my life in San Diego helped me practice every day.) In terms of skill level from best to needs-improvement, for me, it’s reading, speaking, writing, and hearing it. That last issue is my biggest challenge, since native speakers talk quickly, especially when they hear me speak Spanish and think I understand them fully. I have to say, “Por favor, mas despacio,” more times than I’d like.

Thanks to being an Albrecht (a name in Germany as common as Smith is here), I can speak enough German to get by there. It came in plenty handy on our river cruise through Holland, Germany, France, and Switzerland this past May. “Entschuldigen, wo sind die Brezeln?” or “Excuse me, where are the pretzels?” 

With my mother’s side being from Finland, I can say, “Good day,” “How is it going?,” and “What’s happening?” plus a few dozen swear words. Finnish, to quote a part of a line from Philip Seymour Hoffman’s office rant scene in “Charlie Wilson’s War,” is not that handy here in Missouri. 

My dad speaks German, Spanish, Japanese (including being able to write a few dozen kanji symbols), and even a little Mandarin Chinese. He’s a good enough speaker/listener to travel to those countries regularly and stay comfortably hoteled, fed, and explained to, by native speakers. 

Many years ago, I had a challenging coaching session with an employee from Thailand who was in jeopardy of being fired, due to his conflict with another employee. I memorized how to say, “How are you? My name is Steve” in Thai. (Phonetically, it’s “Sa-Wat-Dee-Khrap, Pom-Chue-Steve.”) When he heard me, he smiled, bowed, and thanked me for my effort to connect with him in his language, however briefly. We worked it out, he kept his job, and I picked up a few new phrases from him as well.

The old adage that people from other countries actually like it when you try to speak a few phrases of their language is universally true. It just helps to demonstrate your respect for their heritage, it can lower the emotional temperature in a potentially conflicted situation, and it shows you care enough to have done the research and memorized the words. 

The most common languages spoken in many US neighborhoods are Spanish, Chinese, German, Arabic, Hindi, Tagalog, and French. Of course, where you are geographically is the biggest indicator. Some of these languages are quite challenging, so start memorizing these phrases in the three languages you pick:

Hello/Goodbye
How is your day going?
I’m learning this language. 
How can I help you?
Can you teach me some common phrases?
How do I say, “Please speak slowly?”
Thanks/Thank you/You’re welcome.

Our connection with people is built on mutual communication that is respectful and that shows listening skills on both sides. A little patience, a little practice, and a little courage to try what you are learning can really set the most positive tone with the patrons you serve.

Hyvää lomaa! (Happy holidays in Finnish.)

An AskDrSteve@Library20.com submission about getting all-staff buy-in for emergency-related training:

“We do bi-monthly trainings via PowerPoint for safety topics (Medical Emergencies, Tornado/Severe Weather, Code Adam, Active Threat, Personal Safety/Building Evacuation, and Bomb Threats).

"We had some employees complain about having to 'do the same stupid training each year.' I update any changes each time I send out the PowerPoint. I understand that in an emergency, the only way you are going to have any idea what to do is to go over the options repeatedly. Is there any way to get more buy-in, or do I just figure that some people just like to complain?

"Thank you so much for your presentation! I've got some things to work on."

From Dr. Steve Albrecht:

“Thanks for your note on my session. I would say that hearing about emergency, crisis, or rare events planning and policies is like going to the doctor and hearing him or her tell us to eat healthy and exercise: same song, same verse, every time. Some employees don't like to hear about subjects that are or make them uncomfortable, so they complain about the repetition as a way to cope with their anxiety. I say keep on keeping on; you're on the right track. Under stress, we do what we have learned, and the shorter the instructions (Run-Hide-Fight, for example) the easier they are to remember and do.

You'll get no kudos for being the voice of reality until there is an event and people do what you have told them.

Regards,

Dr. Steve

After doing a keynote speech for a state library association last week, one of the directors in attendance came up and asked me, “What is a similar type of business to a public library?”

I didn’t need much time to answer because I have been thinking about that very same thing for several years. I said, “Starbucks.” He seemed surprised at first and then he quickly agreed.

I said, “Libraries are a publicly-accessed, community-based business with locations in most cities and counties. They are open long hours and on weekends. It can get quite busy, noisy, and even stressful in a library at certain times, just like at Starbucks. Plus, like them, we get our customers from all walks of life, all ages, races, genders, colors, income levels, disabilities, and orientations. They all want a place to either get a flavorful cup of coffee, get in out of the weather, rest a bit before moving on, use the bathroom, learn something, read something, hear some music, meet someone they already know, or make a new friend, in a safe, open, visible, welcoming place.”

That some libraries have a cool cafe inside or a coffee kiosk out front makes the parallel even more true. I see plenty of pre-teens and teens getting icy drinks in Starbucks, and lots of kids with their parents, especially on the weekends, just like at the library during after-school hours or busy homework or finals times.

Just like at the library, some Starbucks customers come in early and set up their workstations (or nesting areas), with laptops, mini printers, papers, books, and headphones. They count on the free Wi-Fi to work, do a job search, study, or entertain themselves. They could be there from opening to closing. They have their favorite spot inside the coffee shop and the library and can get a little (or a lot stressed) if there is already someone in their place, using the available power plug. Conflicts between library patrons, like an argument between Starbucks customers (“You cut in line! You took the last Everything bagel!”) are similar.

And because the library and Starbucks accept all who enter, both places can occasionally get eccentric, unruly, impatient, demanding, drunk, or threatening people. Most libraries, like most Starbucks, are not overstaffed, meaning a small number of shorthanded employees may have to handle a lot of challenging tasks (quickly and accurately) and people (some of whom can have mental health or sobriety issues), which makes them uncooperative when asked to leave.

Clearly, Starbucks and libraries have had their share of homeless people asking for money outside the doors and inside their facilities. Both places have had thefts of customers’ personal properties. Both places have had vandalism incidents.

Starbucks has had to deal with opiate drug users using their restrooms to shoot up (way too many YouTube videos illustrate this problem, especially when they put their drug-taking equipment on the baby diaper-changing tables). Like some libraries, some Starbucks locations have had to call paramedics to assist with life-saving measures for fentanyl overdosers.

Back to the positives for both: Starbucks and the libraries have theme days, nights, weeks, and months (often having to do with PSLs - Pumpkin Spice Lattes), where they honor specific community members. Some Starbucks have programs, musical artists perform, and encourage groups to come (church members, road cyclists, soccer teams) and use their stores as a safe, easy-to-find, comfortable, gathering place. And just like the libraries, they see themselves as longtime members and ongoing participants of a part of a city or town, large or small, for years to come. (Have you ever seen a Starbucks close for lack of business? One location in my city has at least eight cars in the drive-through line every time I pass it.)

To run a safe and secure location, each Starbucks has customer service training for their employees and rules of safe use for the customers, like libraries have staff training and a Code of Conduct.

Did I leave out any other parallels between the library and Starbucks? Please post your thoughts in the Comments and think about the similarities the next time you get a PSL in a cup with the green Siren Mermaid on it. (You can read more about her https://stories.starbucks.com/stories/2016/who-is-starbucks-siren.)

[Patrons watching pornography in the library can range from an irritating behavioral problem to an actual federal crime. So what do we do to enforce our Internet and Wi-Fi policies? Dr. Albrecht has written this article for the September 2023 issue of Computers in Libraries magazine. Our thanks to Executive Editor Dick Kaser, for allowing us to publish it here. The oroginal is at https://www.infotoday.com/cilmag/sep23/Albrecht--What-You-Need-to-Learn-About-Porn-and-Patron-Safety.shtml.]

One of the more vexing issues in public libraries is the viewing of pornographic photos and videos by patrons. Either these images are searched and viewed on the library’s network using a library-provided desktop, laptop, or tablet; the patron looks at them on their own laptop, tablet, or phone (using the library’s Wi-Fi connection); or the patron brings their own imagery on their own device and doesn’t require internet access. It’s even possible that the patron brings pornographic magazines into the library.

Several issues arise when it comes to this behavior. Is it a “reasonable use/free speech application” by the patron—meaning viewing pornography is not addressed or cannot be enforced by the library’s internet usage policy or code of conduct? Does it not bother other patrons or staffers, meaning its business impact on the library (always a good measure to use when evaluating patron behaviors) is minimal? Or does it irritate patrons or other library employees? Might it lead to a physical confrontation with a parent who has brought their kids to the library on a Saturday and doesn’t want them walking by and seeing what is on this person’s screen?

From an internet usage perspective, does the patron’s ability to look at internet porn mean that they have defeated the filtering software installed by the library’s IT department or vendor—and therefore violated policy? (The sophistication of some of the filtering programs seems to range from quite vigilant to easy to defeat.)

Why It Happens

Why do people watch porn in the library? The short answer is because they can, especially if that content is not filtered. The longer answers are more complex. It’s likely that they enjoy the thrill of doing something prurient, or they like the attention, even if it’s negative, from staffers or other patrons. It’s even more probable that they enjoy being provocative, want to annoy others, and like pushing decency boundaries, especially in a public place.

It’s possible that they are homeless, don’t have internet access, and/or can’t watch it at their home or workplace. Maybe they are not allowed to, or they fear the consequences of being discovered. It could be that they don’t have a cellphone, tablet, or laptop—and the library does. They could have an addiction to pornography, a specific sexual paraphilia, or a mental illness connected to compulsivity. These typically male patrons tend to be both chronologically and sexually immature.

The rationalizations and excuses made to staffers, when confronted, include:

“I’m not bothering anyone. Leave me alone!”

“It’s my First Amendment right to look at what I want.”

“It was an accident.”

“I can’t help it. I have an addiction.”

“It’s no big deal. People are too uptight.”

“I’m doing research. I was just curious.”

“I’ll turn the screen away.”

“Tell people not to look at my screen.”

Defining Child Pornography

Probably the most concerning issue is legal and moral: How do we respond, as library professionals, if we suspect the patron is viewing (and is therefore in possession of) what appears to be video or photo images of child pornography? We already know pornography is legal and child pornography is not. Unfortunately, the age difference in the imagery is not always clear.

The U.S. Department of Justice website states, “Child pornography is a form of child sexual exploitation. Federal law defines child pornography as any visual depiction of sexually explicit conduct involving a minor (persons less than 18 years old). Images of child pornography are also referred to as child sexual abuse images. Federal law prohibits the production, distribution, importation, reception, or possession of any image of child pornography. A violation of federal child pornography laws is a serious crime, and convicted offenders face fines [and] severe statutory penalties …” (rb.gy/60x38). All states have child porn prosecution laws equivalent to the federal statute. The usual federal response is to seek to prosecute suspects with 500-plus images—an “egregious offender”—in which the punishment is 10 years in prison. Other states may have lower possession numbers that will result in a prosecution.

If we divide internet pornography into two zones—sites that are accessible by anyone (with or without using a search engine) and those that are hidden—it’s less likely that the porn site industry leaders (who get millions of daily visitors) will have obvious child pornography images. This is not because they are excessively noble or vigilant about every photo or video they upload, but because the consequences of child pornography possession and distribution to their thriving, multimillion dollar companies would be severe: prosecution, mainstream and social media coverage, public shaming, being sued by victims or victim advocacy groups, and being forced out of business. These adults-only sites want to keep child pornography away so they can continue to flourish economically. Instead, the illegal content typically dwells at the hidden level. Those who know how to navigate to these sites may want to use library computers to do so.

Statistics on the internet as to the prevalence of pornography sites by overall percentage vary wildly, but the best estimate seems to be that about 4% of all internet sites (about 8 million) are X-rated in content. There may be child pornography imagery on these sites, of course, but it appears to have migrated from the deep web to the dark web. According to the data security firm CrowdStrike, “Simply put, the deep web is any part of the net that is not indexed by search engines. This includes websites that gate their content behind paywalls, password-protected websites, and even the contents of your email. The dark web, on the other hand, uses encryption software to provide even greater security” (rb.gy/nhib3).

While national governments around the world do their best to discover encrypted images, the use of video and image steganography software makes this both difficult and an ongoing battle. Steganography is the process of concealing information within another message or physical object to avoid detection, like how the Greeks used invisible ink to send coded messages more than 2 millennia ago. To transmit child pornography, perpetrators send seemingly innocent photos or videos, which are then downloaded, decoded, and opened via an electronic key that only the sender and receiver have.

Approaches to Internet Policies and Enforcement

For most municipal libraries, there are five common approaches for how they allow patrons to access the internet, either through the library’s devices or its Wi-Fi, or if the patrons use their own devices:

1. They filter the internet and enforce their policies on screen content.
2. They filter and don’t enforce their policies on screen content, allowing their software (and the bypassing skills of the patrons) to decide what is available.
3. They don’t filter content and enforce their policies on screen content using staff vigilance.
4. They don’t filter and don’t enforce their policies.
5. They only filter PCs in the children’s section, not the rest of the library

Internet use policies might naturally differ at law libraries, medical or research libraries, or even college and university libraries, but there is no reason to assume that the problem does not exist there. It’s understandable that most library staffers would rather not have a discussion with patrons who are both out of compliance and viewing pornography. It takes courage to confront behavior that is against policy or out of compliance with the code of conduct in general and viewing pornography specifically.

Best Practices for Prevention and Safe Staff Interventions

Here are some tips for dealing with the situation:

✓ Set early behavioral boundaries based on both your internet use policies and code of conduct.

✓ If possible, warn teenagers in the library that sharing pornographic imagery through their texts, phones, tablets, or laptops can be a crime for both the sender and recipient. (Not an easy conversation to have, but it may be a necessary one to save them a lot of legal grief.)

✓ Use a simple deterrent phrase: “You can’t do that if you want to stay here.” Speak in polite but assertive, low tones. Give one warning, and then enforce your policies, including banning chronic violators of the time limit per your policies. (No consequences mean continuation and escalation.)

✓ Update your internet use policies and code of conduct, as necessary, to match the requirements of new federal or state laws. Train and remind staffers to enforce the policies, getting help to change the ratio of confrontation, if needed.

✓ If you filter the internet in your library (including the children’s room), discuss the effectiveness of your current filtering software with your IT department or vendors.

✓ What about changing the room design in which the internet computers are used? Flip some of the internet-access PC screens around to face the wall, instead of facing them out into the open stacks. Install privacy screens or desk dividers.

✓ For cases of either sexual behavior in the library or suspected child pornography, call your local police station. The responding officers or deputies may not know much about state or federal child pornography laws, but they will be familiar with crimes related to sexual behaviors in public places (and may know the patron by criminal history).

✓ It may be necessary for a local, state, or federal law enforcement officer to impound a library-owned computer, tablet, or laptop as evidence. To assist the continuity of the investigation, take all desktop PCs off Wi-Fi, and put any portable devices that have had access to the internet into airplane mode before giving them to the appropriate law enforcement agency for a forensic review. This helps the evidence technicians do their job more effectively.

The Internet Crimes Against Children Task Force Program

For more advice on these concerns, contact your regional Internet Crimes Against Children (ICAC) Task Force Program center for advice, staff training, and, if necessary, an investigative response after making a police report for a patron suspected of possessing or viewing child pornography.

There are 61 task force programs in the U.S., staffed by more than 5,400 federal, state, and local law enforcement professionals. All 50 states have at least one ICAC Task Force Program agency; some states (such as California, Texas, Florida, and New York) have several offices. Their mission is to investigate child pornography and child abuse imagery and locate, arrest, and prosecute the creators and possessors, both in the U.S. and around the world. They provide training, information, and resources to the public and law enforcement. You can get more information at icactaskforce.org.

Libraries receiving discounts under the E-Rate program have been required since 2000 to comply with Federal Communications Commission (FCC) regulations that impose certain requirements on schools or public libraries that receive the E-Rate discount on internet services. These rules were updated in 2011. Among the requirements is the establishment of an internet safety policy that includes technological measures such as blocking and filtering software on devices that are accessible by children to protect them from images that are obscene, constitute child pornography, or are harmful to minors. Other conditions apply, and full details are available at rb.gy/c8v5m.

Dr. Albrecht was interviewed by Steve Thomas, the host and producer of "Circulating Ideas."

"Steve chats with Steve Albrecht, author of The Safe Library: Keeping Users, Staff, and Collections Secure, about how he transitioned from working with law enforcement to libraries, the importance of having a security plan, learning to why assertiveness is the key to maintaining a safe environment, and the culture of cops that librarians need to understand."

https://circulatingideas.com/2023/08/15/245-the-safe-library/

A transcript is included.

By Dr. Steve Albrecht

There are patrons that you serve on a daily or near-daily basis, who see you almost as much as they see their local coffee shop barista. They just love or really like the library and they may really like you. The question is: Can you or should you ever become personal, outside-of-work friends with a patron? Maybe this has already happened with you in your career and it has developed into a nice friendship. Maybe you tried to develop a friendship outside the library and it either never got off the ground or it ended badly. (I’m not talking about developing or initiating a dating relationship with a patron; that’s a complex subject for another day. And while dating equal-level co-workers has a number of potential hazards, dating a subordinate is usually prohibited by HR policy and bad for business.)

Perhaps it’s best to start with defining some categories of people in your life: your lifelong best friend, who knows all about you and vice versa; your really close friends, who you shared lot of your life and who you spend most of your time with; good friends, who you don’t see or talk to enough, because of mutual busyness or geographic distance, but when you do reconnect, talk by phone, or meet for coffee, it’s like old times; work colleagues, whom you may or may not socialize with on occasion outside of work; friends of your spouse or partner, who you know but don’t hang out with alone; acquaintances, who you know from your neighborhood, your school days, or in passing, that you say hello to or make polite conversation with, but never see otherwise.

A predictive rule of thumb: if you have been to their house more than once, met their spouse/partner and kids; done things socially (movies, picnics, ballgames, concerts, coffee, cocktails, lunches and dinners) or they have done likewise with you, they are probably a good friend. If they are the type of person where you ignore their call on your cellphone, probably not so much.

Not every person in your life has to be a bestie; but it helps to be realistic about the number and type of relationships you can put energy toward, with the time you have. In The Tipping Point, bestseller Malcolm Gladwell cited the British evolutionary anthropologist Robin Dunbar, who suggested five seemed to be the top-end magic number of close friendships most of us can manage. That comes from Dunbar’s research into human relations which says most of us have five intimate friends; 15 good friends (which includes the first five); 50 friends (the 5 plus the 15 plus 30 more); and 150 all total. People who say they have “hundreds of Facebook `friends’” are usually not really engaging with any of them.

As a library employee, becoming friends with a patron outside of work is usually based on shared interests, often centered around the love of books, movies, or video games. Or the book subject in question is an activity you both like - hiking, kayaking, knitting, owning dogs or cats, book club meetings, cooking, eating out at new restaurants, antiques, softball, going to the theater, etc.

The two keys to my discussion here are safety and boundaries. If you want to develop friendships with patrons, start small, pick safe locations and activities, and see how that goes. One initial boundary is that you do not invite that person to your home until you’re certain they are stable, reasonable, and not going to become too intrusive. Some people are good at hiding their neediness at the start of a friendship. Next thing you know, you’re taking them to doctor appointments, loaning them gas money, and trying hard not to give them relationship advice. They should never ask you to put your professional stature at the library at risk or monopolize your personal time.

On a recent drive from the airport to my home, I discovered through small talk that my Uber driver grew up in San Diego at the same time I did. We hit it off immediately and became the type of guys who meet for coffee, go to an occasional movie or ballgame in our new town, and talk about the Good Old Days in our former city. Our “acquaintanceship” is on a good level, just as it is.

Maybe you have the same type of casual, easy connections with a patron or two? Enjoy, with eyes wide open.

By Dr. Steve Albrecht
Originally published in Computers In Libraries Magazine, June 2023

Over the last 6 years, libraries in St. Louis; Boston; Northampton, Pa.; Syracuse, N.Y.; Contra Costa, Calif.; Spartanburg, S.C.; and Butler County, Pa. have all had to deal with outages and disruptions to their servers and data caused by ransomware attacks. In July 2019 and again in April 2022, the Westchester County, N.Y., library system was hit with ransomware attacks. In a news release for the 2022 incident, the library told patrons, “The Westchester Library System informed us yesterday that the public internet terminals’ hard drives need to be wiped. … Considering that there are 500 terminals in 38 different libraries the process will take 1 1/2 to 2 weeks” (bit.ly/401Yi3q). In August 2022, the venerable library supplier Baker & Taylor was hit by a ransomware attack (bit.ly/3YMIzV5).

By this point in our internet lives, we have all seen stories of supposedly secure federal, state, or local government or corporate sites hacked; the hijacking of social media accounts of celebrities; and intrusions of even “unbreakable” password storage sites and smartphone applications. We have moved beyond the need for constant vigilance, deterrence software, and toothless end-user policies. Why is it that even as recently as 2022, the most common passwords—and therefore the easiest and fastest to learn—are still “password,” “123456,” “guest,” and “qwerty?” Have we learned nothing about how easy it is for software programs to guess any password under 12 letters, numbers, or symbols? If a 16-year-old kid from Estonia using a simple brute-force password-cracking program can get into the network of a Fortune 500 company, something is seriously wrong with our cyber-protection strategies.

The Need for Library IT Professionals to Step Up

I have conducted dozens of security site assessment reports for libraries. As part of these projects, I spend time speaking with the IT/information systems (IS) directors, managers, supervisors, and technical employees, asking pointed questions about the strength of their cyber-protections. We talk about software updates; backing up data off-site or to the cloud; preventing hacking; dealing with denial-of-service (DOS) attacks; and even how to train, remind, and encourage all library employees and their patrons to comply with cybersecurity policies and not make things easy for the cyber-predators to steal data, shut down operations, or hold the library’s OSs, payroll functions, or internet access for ransom.

The problem with this approach is that unlike physical security devices that I can see or security operations that I can observe, I can only take the word of the library’s IT/IS experts that all they have told me is true and “everything is fine.” This is their area of security expertise, not mine. This makes me uncomfortable. Not only do I not know what I don’t know, but it’s more likely they feel uncomfortable revealing their real security concerns to me about actual or potential weaknesses in their systems. Their lack of openness to me about real vulnerabilities—including issues senior library management would likely not know or fully understand either, but would want to—does a disservice to us all. It’s time we ask our IT/IS security colleagues in our library systems to own up to their concerns and ask for and get the financial help and—bureaucracy-limiting—support they need to make ongoing improvements, instead of the usual response of trying to clean up the cyberhack after it has happened.

Going After Our Power Grids

We are hearing more about the rising number of attacks on unsecured/unsupervised power stations, as happened in December 2022 in North Carolina and in June 2022 in Washington state. Both left thousands without power for many days. According to a January 2023 article by investigative journalists from the Oregon Public Broadcasting service and the Seattle radio station KUOW, the western power grid—which serves 11 U.S. states and the provinces of British Columbia and Alberta in Canada—“has had more incidents of vandalism, sabotage, and physical attacks during the first 8 months of 2022 then the rest of North America combined” (bit.ly/404Mr4W).

We have also seen disturbing cyberattacks on hospital systems, which have affected their ability to give quality, life-saving care. Most of the cyberattacks on healthcare facilities have attempted to shut down their electronic medical records/electronic health records (EMR/EHR). This has forced the victimized healthcare facilities to revert to pen-and-paper recordkeeping for patient care during the time these systems were hijacked. CNN ran a Dec. 20, 2022, story about this, titled “Brooklyn Hospital Network Reverts to Paper Charts for Weeks After Cyberattack” (cnn.it/3ZP4Xin), and The Washington Post’s “An ‘Unprecedented’ Hospital System Hack Disrupts Health-Care Services,” from Oct. 6, 2022, describes a cyberattack that hit a large healthcare provider with 140 hospitals and 1,000-plus patient care sites in 21 states (wapo.st/3Woc2U1).

One of the most valuable uses of EMR/EHR computer systems is that they help to cut down on human errors in the receipt of medical services, which is a problem that still leads to thousands of patient deaths per year. (This number is in constant dispute by medical researchers, patient advocates, and defenders of their various healthcare providers and systems. Even one medical error leading to a death is too many, and the reliance on computers in healthcare makes hacking and DOS attacks life-threatening events.)

Time for a New Model for Measuring Workplace Violence?

“Workplace violence is the act or threat of violence, ranging from verbal abuse to physical assaults directed toward persons at work or on duty,” according to the National Institute for Occupational Safety and Health (NIOSH). There are four perpetrator types:

• Criminal intent (i.e., involving criminals)
• Customer/client (i.e., taxpayers, students, patrons, patients, passengers, etc.)
• Worker to worker (current or former)
• Domestic violence (involving an employee, for example)

These labels are often used in the policy language of most research, government publications, and law enforcement agencies; K–12 schools; colleges and universities; churches; malls; concerts; and public gathering places, such as libraries. The four perpetrator types help academics and government researchers, security practitioners, first responders, human resources professionals, and those who seek to identify the connection between the attacker and an act. Our constant goal is that by understanding this nexus, we can develop ways to stop them, enhance the security, and improve the way we interact with each group, either as potential perpetrators or as potential victims. (How we treat people—as library patrons or customers who use our facilities and services—can make an enormous difference in their desire for revenge, a major factor that encourages or deters them from making threats or using violence.)

We can now define a cyber-driven workplace violence incident as one that can cause the injury or death of many people because the electronic or internet systems we rely on have been compromised, shut down, or held hostage. It’s time to make the case that a new fifth workplace violence perpetrator type should be cyberattacks, which cause fear, injuries, or the potential for actual deaths. We need more awareness-building through continuous education; better cyber-vigilance, starting in our K–12 schools; and advanced deterrence and denial software and hardware tools to combat what is clearly a growing threat to our peace and our lives. The bad guys should not have more advanced tools and techniques than our government, intelligence, and military agencies. We should not have to worry about the necessities that make civilized life possible—constant electricity, clean water, hygienic sanitation, and healthcare facilities—being extorted and forced into operating as if it were the 1950s.

A DOS attack or a successful ransomware attack isn’t just an inconvenience—it has the potential to be life-threatening. While it may be true that some of our fiercest foreign enemies lack technical sophistication, they can certainly buy the brainpower they need from other countries who hate us too. We continue to see so much in open source news about hacking attacks from China, Russia, North Korea, and Iran, as well as numerous others from unidentified attackers or anonymous nation-state actors. (Imagine what is not publicized by our own military or intelligence services and those of our allies.)

At a Jan. 26, 2023, U.S. Department of Justice and FBI press conference, Deputy U.S. Attorney General Lisa Monaco said, “Using lawful means, we hacked the hackers.” This referred to the government’s takedown of a notorious cybercrime and ransomware network known as Hive. “The Justice Department said that over the years, Hive has targeted more than 1,500 victims in 80 countries, and has collected more than $100 million in ransomware payments,” according to Reuters. A Canadian researcher working for a cybersecurity company called Hive “one of the most active groups around, if not the most active” (reut.rs/3ZNCBEy). Let’s hope this is the start of our stronger offense, not just a defensive posture, wherein we wait to be cyberattacked.

A Worst-Case Cyber-Scenario

It’s too painful to even think about a darkness falling over this nation, literally. Imagine digital terrorists shutting down the country, using keystrokes from thousands of miles away, not weapons of mass destruction. Let’s consider a worst-case scenario, in which 10–20 midsize American cities have their electric power grids taken down. How could this happen? By targeting their power stations, transformers, and electrical towers—not with bombs that destroy them, but with cyberattacks on the software that runs them. With no electricity, no internet, no basic human needs for water and hygiene met, and no civil protection, our society would crumble into lawlessness and despair—and quickly.

Consider the chaotic environment created if several major U.S. cities were to go completely without power for a week: Hospitals run out of diesel fuel for their backup generators; banks can’t open their vaults or dispense cash from ATMs; burglar alarms stop working after their batteries die; food spoils in homes, grocery stores, and restaurants; no gas from local gas stations can get delivered or pumped; no one can charge their cellphones; water pumps and wells won’t work; sewer treatment stops; there’s no heat in the winter or A/C in the summer; and emergency communications systems at fire stations, police stations, airports, aircraft control towers, and emergency operations centers stop functioning when their backup generators go down.

Think this won’t happen in our lifetime? Southwest Airlines had a major software shutdown over the 2022 holiday season that crippled its operations and reputation. The Federal Aviation Administration’s national air traffic control system known as NOTAM (Notice to Air Missions) had a 90-minute shutdown in January 2023 that created the largest single-event aviation ground stop since the 9/11 attacks. Had enough doom and gloom with just these two non-life-threatening scenarios? If our lives are put at risk, we will enter a Digital Stone Age.

What will happen if they do knock out our power grids, power plants (nuclear, gas, coal), mass server sites, water supplies, sewer treatments, and hospitals? And our libraries? It’s time to make our case for a new fifth type of workplace violence perpetrator: the cyberattacker. Libraries are a component of our national heritage and identity and are part of the strength of our communities. Library leaders and staffers need to do their part, every day, to keep internet and intranet access safe in their facilities.

How Vulnerable Are You? Questions to Ask IT

Library leaders need to have an honest discussion with the IT/information systems (IS) professionals responsible for keeping the library's network, servers, hardware, and software systems protected and in working order. This includes these questions:

• Even if our data is backed up nightly to an off-site location or a cloud-based system, if we were to get hacked, what is the potential for data loss in time? Is 24 hours' worth of data gone? Less? More?
• Have we ever conducted a worst-case scenario drill? If so, what was the scope, and what did the outcome tell us we still need to do?
• Do we make regular changes in our network access systems, so that we don't trade security for convenience with our passwords and with whom we allow to access our servers?
• Is there a complete removal process for server access that IT/IS uses when one of its employees leaves, even under pleasant circumstances? Since many library employees at all levels worked from home during the pandemic, have we removed all remote access capabilities since then? If not, who still has them and why?
• Does the IT director or manager have a physical sign-in/sign-out procedure each time any employee goes into our server room? Have we considered installing a camera over the server room door to be able to see who enters?
• What type of fire control system do we use for our server room? Since halon is usually no longer used, do we have a CO2 or FM-200-type fire suppression system?
• How often is the air conditioning system in the server room serviced?
• If money was not an issue, what systems, procedures, or policies would you put in place to fully protect our server systems? Can we buy, install, or change portions of those perfect-world solutions to create better best practices?
• What three things do you want all library employees to do when it comes to protecting our IT/IS systems?
• What three things do we need staffers to remind all patrons to do to help us protect our IT/IS systems?