2. Privacy vs. security
⢠A security problem can violate privacy, sure.
⢠But the violation is inadvertent! And often
involves some illegality!
⢠Weâre not talking about that today; weâve
done so already.
⢠Weâre talking about perfectly legal (usually)
uses of information that still (potentially or
actually) violate privacy.
⢠This is a mineďŹeld. I donât have all the answers.
We MUST still ask the questions.
3. What is privacy, really?
⢠âExposure of personal informationâ is too
easy an answer.
⢠Exposure of what to whom, exactly?
⢠danah boyd: ârespecting contextâ
⢠Consider your social circles. You have several
of them. What happens to them online?
⢠So privacy is partly the ability to practice âselective
disclosureâ (another boyd-ism).
⢠Privacy is also trust that those we interact
with will not betray us.
⢠Whatâs betrayal in a library context, and how do libraries
avoid it?
4. Why do we care?
⢠Privacy of information use is a cornerstone of
intellectual freedom.
⢠ALA Code of Ethics:
⢠III. We protect each library user's right to privacy and
conďŹdentiality with respect to information sought or
received and resources consulted, borrowed, acquired or
transmitted.
⢠Additional concerns include:
⢠Privacy of research subjects in collected data
⢠Privacy of living individuals mentioned in archival materials
⢠Privacy of conďŹdential business records
⢠Privacy for especially vulnerable individuals
5. What is âfreedom to read?â
⢠Historically: preventing Big Brother from
watching patronsâ checkout histories
⢠Remember the Patriot Act? How âbout that NSA?
⢠What happens to circ records nowadays? How did
moving circ records digital help privacy?
⢠Today: is Big Brother the only threat?
⢠Who else wants information, and will pay and/or bug
to get it?
⢠Historically: censorship and book banning
⢠Today: is that all that keeps good
information out of the hands of patrons?
6. Do we have privacy laws?
⢠Not in the US. Not really.
⢠We have libel and slander laws, and laws about
childrenâs information online (remember those?).
Limited âinvasion of physical spaceâ laws.
⢠Consumer-privacy laws have been introduced in
Congress. No joy... yet.
⢠We often have laws/ordinances around
library patron information.
⢠And even in the absence of law we SHOULD (and
usually do) have policy.
⢠KNOW THE LAW AND POLICY where you are.
⢠Itâs diďŹerent in Canada and Europe.
⢠Canada has even taken Facebook to the cleaners once
or twice.
7. Why do privacy problems happen?
⢠Monetary beneďŹt
⢠Accident or ineptitude (see thedailywtf.com)
⢠Privilege and associated thoughtlessness
⢠Google Buzz: testing with its own (white, male, healthy, wealthy,
educated) engineers and no one else.
⢠Collapse of realspace social boundaries on the web
⢠This is a service-design problem! Human beings manage just ďŹne
in realspace. Our online tools donât give us the aďŹordances we
need to replicate that success online.
⢠Web is more than the sum of its parts.
⢠Most scarily: DESIRE TO OFFER GOOD SERVICE,
e.g. recommender engines.
8. Libraries and privacy
⢠Itâs not as simple as âalways protect
patron privacy!â
⢠What about libraries and social media? Will we wipe
librarians oďŹ the Web? Really?
⢠What about user studies for service improvement?
⢠What about patron communities that form around
our materials and services?
⢠What about users who WANT to share what they
read, watch, and listen to? Will we shake our
paternalistic ďŹngers at them and tell them no?
⢠What about digitization projects? Research?
⢠âHowâ is getting harder to ďŹgure out too.
10. Law hinders privacy research
⢠DMCA!
⢠If thereâs information about you on a machine you
own (or even one you donât), and the only way you
can ďŹnd out about it is to hack the machine...
⢠These lawsuits have happened.
⢠Often they go away very quickly as the vocal tech
community shames the plaintiďŹ.
⢠But Ed Felten of Princeton has been in and out of
court so many times...
11. Public records
⢠Back in the day, if you wanted a public
record, you went to a physical building,
combed through ďŹle cabinets, and paid for
the privilege.
⢠This is a variant on security-by-obscurity.
⢠Now many public records are online. Easy
discovery and easy access make them A
LOT MORE PUBLIC.
⢠How should we, as citizens, respond?
⢠As records managers/archivists/librarians, how should
we educate, train, and refer?
14. Email
⢠So how âbout that Petraeus guy?
⢠Email is only very loosely legally protected at present.
⢠Larger point: we have the privacy protections we do
because they are enshrined in law, not because
theyâre societal norms. Theyâre pretty clearly not.
⢠Email is sent in the clear unless you take
encryption precautions.
⢠Even then it may be readable if your inbox is hacked.
⢠Your employer owns its email systems and
email sent on them. Behave accordingly.
⢠Students: using non-university email may
bypass FERPA protections.
15. What is âreidentiďŹcationâ or
âde-anonymizationâ?
⢠Imagine this scenario:
⢠One website has your name, age, zipcode, and gender.
⢠Another has your age, gender, zipcode, pseudonym, and
dubious or sensitive taste in entertainment.
⢠If the info from both sites can be collated,
you can be pegged to your taste.
⢠And your pseudonym just got exposed. Hope you
werenât using it anywhere else...
⢠We arenât as unique as we think!
⢠âAnonymizingâ data doesnât ďŹx this.
⢠We can be identiďŹed by our attributes, friends, and
behavior almost as easily as by regular identiďŹers.
⢠What price public records NOW?
16. ReidentiďŹcation horror scenarios
⢠Health information
⢠Wouldnât your insurance company like to know...?
⢠Becoming a major issue in health research!
⢠âCharacter witnessingâ
⢠Are you an atheist? A gamer (this came up in a 2012
political campaign)? GLBTQ and not out? A person of
color whoâs passing? A woman in IT? A whistleblower?
⢠A target for harm
⢠Physical, legal, ďŹnancial, employment, mental/emotional
(bullying)
⢠Where could library-patron information
ďŹgure in to this? Archives informants?
18. What information does the
web collect about us?
⢠âPersonal informationâ
⢠Including health information, demography.
⢠Financial information
⢠Information about our habits
⢠Purchasing habits
⢠Entertainment habits (including, yes, reading habits)
⢠Search habits
⢠Information about our physical location
⢠through IP addresses or through web services like
Foursquare
⢠Information about our social lives
⢠And then it correlates as much of this as it can!
19. How is this information collected?
⢠Through server and search logs (IP addresses)
⢠Through sign-ins
⢠some of which are âreal name requiredâ
⢠Geolocation of our gadgetry
⢠Browser âďŹngerprintingâ
⢠Which version, with what add-ons, on which OS... unique!
⢠Human error (and exploitation thereof )
⢠Through observation of our behavior on individual
websites and across websites
⢠Cookies, Flash cookies, âweb bugs.â Worst case: âkeyloggers.â
⢠Our online associatesâ behavior
⢠Which we obviously donât control!
⢠How much of this are we actually aware of? How
much do sites disclose? Let us control?
20. EďŹects
⢠... on citizenship
⢠... on open discourse
⢠... on vulnerable populations
⢠... on markets
⢠is privacy-endangerment a winner-take-all market?
⢠what about online redlining?
22. Privacy and ebooks
⢠Ebook vendors, unlike libraries, do not
necessarily purge records of what you read.
⢠You are entirely at their mercy as far as who they share those
records with and what they do with them.
⢠Are they collecting info from library patrons too? Unclear!
⢠Because of this and DRM, they can also take
away what you want to read.
⢠And then thereâs what you search for, or look at,
but donât read.
⢠What do we do about this? What should we do?
23. Facebook has sold...
â˘
â˘
â˘
â˘
Your phone number
Information about your purchases
Information about your social network
Information about Facebook campaigns youâve
participated in
⢠Information about what youâve âliked.â
⢠While refusing to let you opt out of the sale of this information.
⢠Your likeness, for advertisers to use on your
friends.
⢠Google ainât much better, and is getting worse.
24. Others have tried to use
Facebook to...
⢠Screen employees
⢠including by requiring applicants to hand over Facebook
passwords!
⢠(To Facebookâs credit, it actually fought this one.)
⢠Perform background checks (for employment or
other reasons)
⢠Do social-science research, sans informed consent
⢠At Harvard, some researchers made their RAs hand over their
Facebook passwords so they could see friendslocked material.
⢠How are you feeling about your Facebook?
25. Guess what?
⢠Facebook has sold MY information too, and
I refuse to use Facebook!
⢠Look up âshadow proďŹlesâ sometime.
⢠If you delete your account, Facebook keeps
and continues to sell your information.
⢠Facebook may or may not actually delete
photos when you delete them.
⢠Guess why I donât use Facebook?
⢠Should libraries? ConďŹict between privacy ethics and
âgo where the patrons are.â
26. âLikeâ buttons
⢠When you log into Facebook, Facebook knows
you visited any page with a âLikeâ button on it,
even if you do not click Like.
⢠Facebook has also been caught tracking this on logged-out
users. They claim theyâve stopped.
⢠If your library puts Like buttons on catalog
pages... (you do the math)
⢠Not just a Facebook issue, by the way.
⢠Social-media truism:
⢠âIf you are not paying for it, youâre not the customer; youâre
the product being sold.â âblue_beetle on MetaFilter
27. Amazon
⢠OverDrive signs a deal with Amazon to
lend Kindle ebooks through libraries.
⢠To do this, patrons have to tell Amazon their Kindle
identiďŹer, just as though they were buying the book.
⢠Amazon sends âhi, your loan is ending,
how about buying the book?â messages
to patrons.
⢠And is, as far as anybody knows, keeping information
about who checked out what.
28. Try it yourself: JSTOR
⢠JSTOR âRegister and Readâ program
⢠Give non-aďŹliated scholars/interested public unpaid
access to JSTOR, in return for a signup that ties reading
to the signupâs email address.
⢠Letâs look at their privacy policy.
⢠http://www.jstor.org/page/info/about/policies/privacy.jsp
⢠What info are they collecting? ReidentiďŹcation risk?
⢠What risks might there be to program participants with
respect to what they read?
⢠What do they say they can do with it?
⢠How is this diďŹerent from standard library policies,
practices, and legal protections?
29. Try it yourself: JSTOR
⢠Real reason to worry: Swartz case.
⢠Is loss of privacy an unintended side eďŹect
of library disintermediation/disruption?
⢠If so, what do we do? Without sounding like
a bunch of luddite worrywart Trithemiuses
just out to protect our own jobs?
30. Privacy in archives
⢠Boston College IRA case
⢠Oral histories collected from Northern Irish people
who fought for IRA
⢠Archivists promised informants not to release until
after those informants died.
⢠UK authorities: âFork it over, archivists.â
⢠Lawsuits ďŹew!
⢠What would you do?
⢠You need to decide this. Before something similar
happens to you.
32. What people want
⢠Control of which pieces of data they share.
⢠Choice about how their data will be used.
⢠Commitment that their personal data (i.e.,
email address, phone number) won't be
passed on to third parties. Â
⢠Compensation: Consumers also want a
reason to share data, and to understand
how they will beneďŹt.
⢠(via http://www.mediapost.com/publications/article/161410/consumerswilling-to-share-data-but-at-a-price.html)
⢠Can we do this in libraries? How?
33. More suggestions
⢠Donât collect data you donât need.
⢠And throw away data once itâs no longer of use.
⢠This includes computer logs! (IM chat ref, anyone?)
⢠Think outside your own demographic box.
⢠As Google seems to have so much trouble doing...
⢠Be transparent.
⢠Be activist. We have a bully pulpit!
⢠PAY ATTENTION to the security and privacy of
library IT infrastructure.
⢠This EMPHATICALLY includes the ramiďŹcations of thirdparty IT such as âlikeâ buttons.
⢠It also includes contracts with content providers. A privacy
review should be an intrinsic part of collection development.
34. Rule of thumb?
⢠In the absence of a warrant or subpoena,
donât keep or disclose information about
the behavior of identiďŹable patrons until
the patron has not only consented, but
ASKED YOU to retain or disclose the
information.
⢠AND MAYBE NOT EVEN THEN.
⢠We know people make poor choices here!
35. Protecting digital privacy
⢠My suggestions: encryption, deletion,
awareness.
⢠Encryption is where itâs at, folks. Itâs not perfect, but
itâs the best weâve got.
⢠Delete digital records. As often as possible. Perhaps
oftener. (Sorry, records managers and digital
archivists! Privacy comes ďŹrst!)
⢠Try to be aware of when your data are being
collected. Websites like tosdr.org (and the
associated browser plugins) help!
36. Example: cloud storage
⢠Cloud storage services almost all encrypt
data at some point.
⢠Google Drive, not so much. Just so you know.
⢠Important questions: who holds the key, and
when are the data locked up?
⢠Dropbox, Box (for now): They hold the key. This means
they can rat you out, snoop, etc. Also means that data
travel in the clear, and are vulnerable to packet-sniďŹng!
NOT SECURE.
⢠SpiderOak: YOU hold the key, and encryption happens
on YOUR machine, before data move over the network.
SpiderOak doesnât even see your data unencrypted,
canât decrypt it. Secure, but donât lose passwords!
37. Example: protecting your
web surďŹng from marketers
⢠Remember the stuďŹ I discussed last week with
respect to browser security? It can help protect your
privacy as well.
â˘
â˘
â˘
â˘
â˘
On an untrusted network, use a VPN to prevent packet-sniďŹng.
Do not let your browser accept third-party cookies.
Use adblocking, tracking-blocking browser add-ins liberally.
Grab the âHTTPS Everywhereâ browser add-in from the EFF.
Turn on the âDo Not Trackâ setting in your browser; it doesnât do
much, but it does something at least.
⢠Serious question: which of these should we install on
patron computers?
⢠Or is that too paternalistic, and patrons will be upset when
Facebook likes donât work?
⢠Can we at least raise awareness, e.g. with tosdr.org plugin?
38. Example: smartphones
⢠I DONâT EVEN KNOW, folks.
⢠Smartphone owners do not control their
phoneâs privacy/security. Either Apple or
their carrier (Android phones) does.
⢠Phones leak data all over the place!
⢠Location data particularly, but all âmetadataâ is of
concern.
⢠I donât see an answer except better law.
⢠Carriers are constrained by current legal framework
to keep metadata indeďŹnitely!
39. Bottom line:
⢠Libraries and archives generally do privacy
right. We certainly care about it!
⢠A lot of online businesses are doing privacy
very, very wrong.
⢠Not to mention the feds!
⢠And a lot of regular people are in no position
to navigate the hazards.
⢠So we have a serious problem on our hands!
⢠And we owe it to civil society to continue to set a good
example.