The Library of Congress Was Hacked Because It Hasn’t Joined the Digital Age
The Library of Congress’ aging IT infrastructure and mismanagement of both of funds and personnel have put the future of one of the nation’s greatest resources at risk.
The Library of Congress Card Division. Image: Library of Congress/Wikimedia
With the presidential election taking all the air out of the room, July's IT attack on the Library of Congress barely made the news. But for good governance advocates and policymakers, this denial of service attack, which caused a three day service outage, validated decades of complaints about the Library of Congress' failure to join the digital age.
Americans are familiar with the Library's mission to archive the world's literature and research. But Congress, librarians, and specialized policy wonks are more familiar with the Library's many other functions, including the intelligence gatherer, legislative tracker, governance think tank, and intellectual property bureaucracy. The library's dysfunction is bad news for Congressional staff, and the researchers and scholars who depend on the archives of American history and information on the world's most unstable regions.
Surprisingly, the Library of Congress was among the first in government to embrace the power of the Internet. Pushed on the Library by Newt Gingrich and thrown together with a quick and dirty build, THOMAS.gov (the predecessor to Congress.gov) debuted in January of 1995. Despite the fast execution and concern over who could even access this site when comparatively few people had internet access, THOMAS.gov handled almost a million queries within the first 38 days of operation.
So what happened? Government investigations as far back as 2002 have highlighted the mismanagement of contractors, budget, overall management, and IT services. Many government watchdogs and library scholars also point to the former librarian, Dr. James Billington. Serving 28 years in the position, Billington had a reputation for both being difficult manager and an infamous luddite, even reportedly requesting at times that staff fax him at home and refusing to use email.
Appointed by Ronald Reagan in 1987, Billington has had some positive moments in his legacy. His review of the DMCA in 2010 (which the library holds jurisdiction over and is tasked with reviewing every three years) massively changed the future of copyright. Around Washington, Billington gained a reputation as a dynamic private fundraiser, using these funds to supplement library budgets for collections and programming. However, much like his overall management, Billington's fundraising style has also come under fire, both over the exclusivity and possible use of donated funds for donors-only swank dinners and performances.
The library does have a Chief Information Officer, but in recent years, it struggled to fill the position, cycling through five temporary CIOs before being forced to find a permanent CIO by recommendations in a scathing 2015 Government Accountability Office report on the Library's IT systems.
In this report, the GAO again confirmed what scholars, lawmakers, and their staff have been struggling with for years: the Library of Congress is simply not equipped to join the 21st century. The GAO estimates that the LOC spends roughly $120 million dollars on IT functions, but the library's accounting records leave much to be desired, particularly when recording acquisitions of new IT assets.
These overseas offices have even become an important tool in the fight against ISIS.
When asked to account for the number of systems within the library, the number of systems was first recorded to be 30, then 46, and eventually 70. Most notably, overseas office systems were left off the list. Since 1962, these offices have been tasked with collecting materials in underdeveloped and politically volatile areas, including (infamously) the acquisition of a copy of Osama Bin Laden's autobiography.
These overseas offices have even become an important tool in the fight against ISIS. With the wanton destruction of cultural artifacts and archives by ISIS and general civil unrest, experts at the library's Middle Eastern offices have been at the forefront of providing support in the salvaging of damaged books and other materials. The collection of materials (in 2014, the overseas offices collected over 800,000 items) has been invaluable for researchers in the United States. However as the associate librarian for library services, Mark Sweeney, noted in a March 2015 testimony before the Senate Legislative Appropriations Subcommittee, security is a continuing concern for these offices.
With overseas offices in cities such as Islamabad, Cairo, and Jakarta, accurately managing cybersecurity risks to the Library's overseas collections and personnel is difficult, particularly when, as admitted by Chief of the Library Services Automation and Planning Office, these systems haven't been accredited or credentialed.
The library has also been unable to keep an accurate inventory of key resources and assets. It reported having fewer than 6,500 computers in use, while the actual number is somewhere around 18,000. While the library does have oversight of initial technology investments, it lacks any effective way to oversee continued funding. For example, the library reported in 2013 "missing" the review of the $2.2 million dollar project, the National Library Catalog.
An .xml database and public facing web service intended to replace Online Public Access Catalog, the library's current publically accessible database, the National Library Catalog was intended to finally allow a smooth search experience of the Library's many different archives and websites after a 2009 report by the Office of the Inspector General that highlighted the difficulty the public had accessing the library's resources.
In March 2012, the project was dumped after being denied release when it was discovered that a recommended switch to Solr-based platform had been ignored. Due to a lack of communication, the entire project was scrapped, including the usable .xml database which had cost 1.25 million dollars and 33 months to develop.
Even offices with separate functions operating under the Library's jurisdiction haven't been free from massive mismanagement. The copyright office still runs on a largely paper based system (some records kept are still kept in card catalogues) and is forced to share the library's aging IT systems. Large digital projects have even failed to materialize, such as the promise of an archive of everything that has been tweeted since 2010. Digitization projects are so far behind that only a fraction of the Library's 24 million titles have been made available online.
While Congress has been reluctant to criticize Billington, a bill to term limit the Librarian of Congress to 10 years seems very conveniently timed to Billington's retirement. Congress also took a step in the right direction with the confirmation of Carla Hayden, former president of the American Library Association. Despite opposition from some conservative advocacy groups and Republican Senators on her stances on the Patriot Act, censorship, and frankly ridiculous assertions that she didn't have the appropriate scholarly background to helm the library, Hayden was confirmed late this summer to become the first female and African American librarian.
Hayden's reputation as a technologically savvy reformer is well deserved, having modernized Baltimore's flailing Enoch Pratt Free Library and ushered in a period of unprecedented expansion for Baltimore's library system in an otherwise bleak time for the city. Hayden even became a beacon of stability and normalcy after the Freddie Gray riots with her decision to keep the library open despite the unrest.
With Hayden in the top job, policy advocates and scholars might have a glimmer of hope that the former crown jewel of American libraries can be pulled out of mothballs and dragged into the 21st century.