Review of “Connection: Not Collection: using iBeacons to Engage Library Users” inCIL Dec.2015

I just finished reading Connection, Not Collection:  Using iBeacons to Engage Library Users By Sidney Eng in December 2015 issue of Computers in Libraries.  The article looks at an interesting and possibly very useful way of reaching out to library patrons.  It talks about an experiment to send out notifications and messages to library users within the library using Bluetooth. However, it does raise a few questions in my mind.

The first is what skills are needed by the library staff to implement this type of service?  What is being used to create and send the messages out to the iBeacons?  My biggest concern is security and privacy.  Bluetooth has the similar issues as does using Wi-Fi in public areas.  These include “data security, privacy, and the potential for hacking or spoofing.”  He states that “the notification function—which is technically susceptible to hijacking—will be an unlikely target for hackers.”  In my opinion, that type of assumption will lead to hacking.  Security by thinking your service is low profile is poor security.  He does not go into enough detail on what the user must do to have the messages received on his or her device.  Leaving Bluetooth open to be seen by any Bluetooth enabled device not a good idea.  The author does provide references to three article about iBeacons that deal with some of my concerns.

When implementing new technology such as beacons, it is important to make security the primary concern.  Such services can provide great benefits to a library but must be balanced with security and privacy concerns.  Articles in Computers in Libraries and other library oriented publications do not place enough emphasis on security, especially with the mushrooming growth of the Internet of Things.


1 thought on “Review of “Connection: Not Collection: using iBeacons to Engage Library Users” inCIL Dec.2015”

  1. Any web applications and appliances are subject to the common security threats. Bill is correct that these issues should be emphasized. Since the beacons have no computing power, the app will have to depend on other systems’ safe-guards. That includes the firewall and other measures of the vendor’s server. The important thing is for the users to be aware.

    The user opts in by downloading the app. Once the app is in place, unless Bluetooth or Notification is turned off, the user will receive notification within the range of various beacons.

    We out-sourced the app to a service provider and the staff do not need any particular technical skills. For example, changing the messages is via a manager’s console. (If you want the challenge, the beacon manufacturers have provided tutorials and SDK’s for developers.)

    I hope this clarification helps.


Comments are closed.