The Voyager Library Information System
by Decora
The Voyager Library Information System is made by the Endeavor Information Systems of Chicago, Illinois.
It is used in thousands of libraries all over the world. For a good list, go to Google and type in site:voyager.*.edu That will give you a general idea of the install base. It is also used in government agencies (such as the National Park Service) and probably some corporations.
Voyager uses Oracle for its main database. I'm not giving specific details about how to h4x0r it. I don't want you to h4xor it. I want you instead to be aware of the stupidity of our government and corporate leaders. If you have the brains to h4x0r it, you don't need my article for help.
Voyager installs usually have ridiculously simple passwords. The one I worked on had the name of the school as the password. The password on the Oracle Database is equally stupid. I find it a bit humorous that us users must choose elaborate passwords but systems costing taxpayers tens of thousands of dollars get away with five letter, insecure passwords.
Now for what Voyager stores, and what kind of trouble we can get into while accessing it.
The first tables are the "bibliographic data" tables. That is, information about books, videos, journals, etc. Title, author, date, publisher, URL, sorting title, etc, and, the real gem, the LOC subject classifications. Who inputs all that information? Cataloging librarians. Really? Yes. If your teacher ordered some obscure book and put it in the library, the librarian had to hunt down which categories to put it in, which LC number to give it, etc.
Well, except, nowadays, librarians download most of the data from some pre-made source like the Online Computer Library Center (OCLC). Give OCLC the ISBN and it returns all the data on the book. But where does OCLC get that data? From librarians. If there isn't already a record, they can upload the information. It's like a giant Wikipedia of bibliographic data, but made by experts with decades of experience.
Except that Wikipedia uses the GNU Free Documentation License, while OCLC has been trying to claim copyright ownership of all the user-generated content that librarians have submitted to it over the years. So here we have committed our first act of treason against the almighty state. By copying bibliographic records out of a library database, that you paid for with your tax dollars, you are "stealing intellectual property" of the almighty, non-profit, free library loving OCLC.
What other crimes can be committed with this database?
Well, we also have patron records. Dumb schools keep the Social Security numbers of their patrons in the database. No, seriously. They really do. Addresses and phone numbers, too. Thank God people with links to the Russian mafia never get jobs in libraries... I can't imagine that happening on a university campus...
Oh wait...
Now forget about petty crimes. If you want to really commit a big crime, like being a government agent and violating someone's constitutional rights, then what can be done with this system?
Well, you can obviously learn what books someone has checked out. But not just what is currently checked out. The "Shitty Windows Client" Voyager software that library clerks use (clever titles: "Voyager Circulation," for circulation functions like check-in/check-out, "Voyager Cataloging" for cataloging functions, etc.) does not ever give the full picture of what is in the database.
It should erase records of what's been checked out after the books are returned, but it doesn't. Voyager's database keeps the records for years. So that phase you went through as a freshman, where you checked out 30 books on revolutionary Communist guerrillas, 17 books on psilocybin mushrooms, and 24 books on erotica - yeah, that's all in there.
O.K., so they can figure out what books you've checked out. So what?
Well, that brings me to my final table. There is a table that is not related to bibliographic records, nor is it related to patron records. It has to do with the "web interface" to Voyager.
You know, the thing you are greeted with when you go to look up a book on a library kiosk or from home. This database table actually stores queries that are made through that web interface. If you type in "Mark Twain" as a search, it stores the words "Mark Twain" in the database table. But that's not all it does.
It also stores the IP address of the computer that you searched from and the date the search was performed. So if you look up "illegal wiretapping" or "the 4th Amendment" from your computer, it will store all of that information in the database, too.
The funniest thing about that last table is that the library administrators, who spend tens of thousands of your tax dollars on this product, probably have no idea that this table even exists, nor that this data is being stored in it. There is absolutely nothing in the "Voyager Windows Interface" that interacts with this table. There is nothing in the instructions that points out what this table does, especially not to a lay person unacquainted with snooping around databases. Most library administrators think SQL is "that Microsoft thing" and databases are "like MS Access, right?" IP address? "It's that number on the outside of your case, right?"
Let me finally mention the PATRIOT Act. Under this law, the federales can bust into a library, wave an NSL (a National Security Letter, not a warrant, so no reason is required), take all the data they want, and none of the library employees are allowed to say that it ever happened. Yeah.
The NSLs are dying after the ACLjU sued the government, but the PATRIOT Act is not dead yet - it comes up for renewal in late 2009. Besides, a lot of library administrators are just as ignorant of the law as they are of databases, and many of them tend towards inveterate boot licking. And I haven't even mentioned what might go on outside the USA.
So there you have it, folks.
You don't need to worry about enemies of the country destroying your freedom. Just rely on good old-fashioned bureaucratic incompetence, ignorance, stupidity, carelessness, and corruption.