In Toronto, Canada, violent incidents at libraries are up, coinciding with the fact that library staffing levels are down 20 percent. The city is experimenting with staffless libraries this year, meaning those staff levels will drop even lower.1 The staffless library is not a concept unique to Toronto, or even Canada. Milwaukee has an automated, unstaffed library at the Westlawn Gardens housing project, a unique approach in some ways, because of the automation factor. But in the UK, Denmark, and other countries in Europe, open (or staffless) libraries are fairly common. 2
In the UK, the Open+ libraries project puts the keys in the hands of residents. When the library is unstaffed, users enter via a card reader and enter a pin to access material. Security cameras monitor the stacks, and the library even closes using an automated system.3
There are major concerns about this model, though. While projects like the one in Milwaukee provide automated 24 hour access, and other cities like Chicago, Los Angeles, and Brooklyn, are looking to co-locate libraries in housing projects (to save money on facilities and serve the populations who most need their services), others like those in Washington State look at the staffless option.4 This seems like a great idea at first glance: saving money and letting patrons use technology to serve themselves. However there is a threat to security on many levels.
The concern about violence in libraries is real, along with concerns about drug use and other illegal activities. Staff in places like San Francisco and other jurisdictions are even receiving training about recognizing the signs of an overdose and administering first aid until emergency personnel can arrive.5
Without physical staff, some questions are raised: Who monitors the cameras? Who responds to such emergencies? What will the blind spots in the cameras be (like restrooms), and how will they be dealt with? The prevention of theft is a significant concern as well. Certainly a card system and cameras help, but cards and pins can be stolen and hacked, and identities can be hidden from cameras.
As for cyber threats, library systems have been looking for ways to protect themselves. Giving patrons access to the library when it is unstaffed means leaving computer systems open to even more attacks.6 If a person can access an internal terminal physically, he or she can also bypass encryption. They can also do so by obtaining valid administrative passwords using phishing emails or other software, thereby opening up the system to remote attack. Encryption is good, but if fraudsters have a password or physical access to the system, it is entirely ineffective.
The solutions are similar to the steps you would take to avoid personal credit card fraud: using two step authentications, strong passwords that are changed often, and reviewing privacy settings on both servers and public computer terminals. However, time has proven that none of these are foolproof.7
Libraries may look at what happened in St. Louis and think there is no way it will happen to them. However, libraries are targeted for the same reasons small businesses are, and face similar dangers; a well-timed and executed denial of service (DNS) or ransomware attack can nearly ruin a library system in a matter of days, if not hours. Recovery costs can be outrageous.8
Risk vs. Reward
When undertaking any library project, each district must evaluate for themselves the risks and rewards. While saving money with automated and staffless libraries may be a solution in some areas, it is clearly not the solution across the board.
There are risks to cutting staff. But the risks are greater than physical or cyber threats. The biggest risk is losing the humanity that makes a library a library. No one knows better the resources in a particular area, or how to dig up that obscure fact, than a reference librarian.
Automated checkout has its place. Computer databases and artificial intelligence make research even faster. Still, no automated system can offer a friendly smile, a helping hand, and an eye to security that provides an immediate response to problems as they occur.