Out of Circulation

Cyberattacks on library systems are an equity issue

Out of Circulation
Illustration by Paul Twa

In recent years, public libraries have been celebrated as “social infrastructure” and as “gathering pool[s] of narratives and of the people who come to find them.” They’ve also faced dramatic budget cuts, become battlefields in the “culture wars,” and been pressed into providing social services that far exceed their original mandates. New and newly renovated central libraries, especially (but not always!) in northern Europe, are vibrant “living rooms” for socializing and democratic participation. At the same time, an increasing share of librarians are suffering from burnout.

We can add yet another challenge to this precarious and transitional moment. In one two-day period last October, two of the world’s largest and most important library systems announced they had suffered catastrophic cyberattacks. I noticed one almost immediately, because it impacted the Toronto Public Library, the system I love and depend on. The other attack occurred at the British Library, a major research center and a home, by law, for every book published in the UK and Ireland.

The attacks were twofold: first, the hackers encrypted important data and held it ransom; second, they stole sensitive personal files and offered it for sale on the black market. Both libraries refused to pay the ransom. Both will end up spending more than the ransom amount to restore their services. And, three months later, both institutions are still severely hobbled.

In Toronto, “Staff are checking out materials by hand. Anything returned can’t be logged back into the system and has been taken out of circulation—about one million items so far filling ten tractor trailers. In-library public computers are shut down and interbranch book transfer requests are not possible.” In London, “because funding and shelf space are finite, an extraordinary amount of online material—recently published books, academic journals, and digitized archives of all kinds” remains inaccessible.

I’m in a relatively privileged position; the outages in Toronto affect my ability to request books be delivered to my neighborhood from across the city, or to sign up for the waitlist on forthcoming titles. I have felt guilty checking out books, knowing they won’t be returned to those shelves after my family is done with them. (The children’s section at one popular branch downtown is reportedly empty.)

But for many others, especially those who depend on the library for computer and internet access, the attacks mean missing out on job opportunities, or being unable to connect with faraway family members and access necessary services. On the other side of the ocean, PhD students are having difficulty completing their dissertations; writers cannot make progress on their books; and teachers are unable to bring in their classes to connect with the UK’s printed material culture.

In December, Sir Roly Keating, chief executive of the British Library, wrote, “The people responsible for this cyber-attack stand against everything that libraries represent: openness, empowerment, and access to knowledge.” My worry is, in some sense, the opposite: that hackers like these are merely opportunistic and don’t care at all about what libraries represent, just that their digital platforms are easier to penetrate.

One cybersecurity expert said that the British library hack “should be a wake up call for companies to update their security systems, and training for staff about good online behavior.” But libraries are not “companies” with budgets for these kinds of updates, or even the flexibility to easily reallocate their meager resources. One can imagine, as larger private companies become better hardened against these kinds of attacks, that hackers will increasingly target nonprofits and civic institutions. One more instance doesn’t make a trend, but it’s unnerving that last week the Toronto Zoo announced that it, too, had been hacked.

Scholar Carolyn Devon noted, in December, “For good reason, this [British Library] theft makes me wax existential: What did those cyberterrorists steal, when they stole the library’s entire digital footprint? What is a library, anyway?” The stolen employee data and inaccessible journals are an important part of it. But it’s only part. Civic institutions and nonprofit organizations disproportionately serve people who face hardships. Hacking their systems, especially to such an extent that it takes months to repair them, compounds those inequities. They make already unfair societies even more unjust.

Just one week after the Toronto and London hacks were announced, the Library of Congress published its new strategic plan. Ironically, its announcement focused almost exclusively on technology: “For the first time, the plan has digital strategy embedded throughout, rather than being represented in a separate document.”

I agree with library champions who argue that they give us a “chance of rebuilding a better society.” Many of these systems are undergoing a transition like the one outlined by the Library of Congress, often with far fewer resources. They’re bringing priceless cultural heritage online and helping people adjust to digital economies. Helping them prepare for and, when necessary, recover from attacks like those in Toronto and London should be higher on our civic agenda.