Privacy vs. security
• A security problem can violate privacy, sure.
• But the violation is inadvertent! And often
involves some illegality!
• We’re not talking about that today; we’ve
done so already.
• We’re talking about perfectly legal (usually)
uses of information that still (potentially or
actually) violate privacy.
• This is a mineﬁeld. I don’t have all the answers.
We MUST still ask the questions.
What is privacy, really?
• “Exposure of personal information” is too
easy an answer.
• Exposure of what to whom, exactly?
• danah boyd: “respecting context”
• Consider your social circles. You have several
of them. What happens to them online?
• So privacy is partly the ability to practice “selective
disclosure” (another boyd-ism).
• Privacy is also trust that those we interact
with will not betray us.
• What’s betrayal in a library context, and how do libraries
Why do we care?
• Privacy of information use is a cornerstone of
• ALA Code of Ethics:
• III. We protect each library user's right to privacy and
conﬁdentiality with respect to information sought or
received and resources consulted, borrowed, acquired or
• Additional concerns include:
• Privacy of research subjects in collected data
• Privacy of living individuals mentioned in archival materials
• Privacy of conﬁdential business records
• Privacy for especially vulnerable individuals
What is “freedom to read?”
• Historically: preventing Big Brother from
watching patrons’ checkout histories
• Remember the Patriot Act? How ‘bout that NSA?
• What happens to circ records nowadays? How did
moving circ records digital help privacy?
• Today: is Big Brother the only threat?
• Who else wants information, and will pay and/or bug
to get it?
• Historically: censorship and book banning
• Today: is that all that keeps good
information out of the hands of patrons?
Do we have privacy laws?
• Not in the US. Not really.
• We have libel and slander laws, and laws about
children’s information online (remember those?).
Limited “invasion of physical space” laws.
• Consumer-privacy laws have been introduced in
Congress. No joy... yet.
• We often have laws/ordinances around
library patron information.
• And even in the absence of law we SHOULD (and
usually do) have policy.
• KNOW THE LAW AND POLICY where you are.
• It’s diﬀerent in Canada and Europe.
• Canada has even taken Facebook to the cleaners once
Why do privacy problems happen?
• Monetary beneﬁt
• Accident or ineptitude (see thedailywtf.com)
• Privilege and associated thoughtlessness
• Google Buzz: testing with its own (white, male, healthy, wealthy,
educated) engineers and no one else.
• Collapse of realspace social boundaries on the web
• This is a service-design problem! Human beings manage just ﬁne
in realspace. Our online tools don’t give us the aﬀordances we
need to replicate that success online.
• Web is more than the sum of its parts.
• Most scarily: DESIRE TO OFFER GOOD SERVICE,
e.g. recommender engines.
Libraries and privacy
• It’s not as simple as “always protect
• What about libraries and social media? Will we wipe
librarians oﬀ the Web? Really?
• What about user studies for service improvement?
• What about patron communities that form around
our materials and services?
• What about users who WANT to share what they
read, watch, and listen to? Will we shake our
paternalistic ﬁngers at them and tell them no?
• What about digitization projects? Research?
• “How” is getting harder to ﬁgure out too.
Law hinders privacy research
• If there’s information about you on a machine you
own (or even one you don’t), and the only way you
can ﬁnd out about it is to hack the machine...
• These lawsuits have happened.
• Often they go away very quickly as the vocal tech
community shames the plaintiﬀ.
• But Ed Felten of Princeton has been in and out of
court so many times...
• Back in the day, if you wanted a public
record, you went to a physical building,
combed through ﬁle cabinets, and paid for
• This is a variant on security-by-obscurity.
• Now many public records are online. Easy
discovery and easy access make them A
LOT MORE PUBLIC.
• How should we, as citizens, respond?
• As records managers/archivists/librarians, how should
we educate, train, and refer?
• So how ‘bout that Petraeus guy?
• Email is only very loosely legally protected at present.
• Larger point: we have the privacy protections we do
because they are enshrined in law, not because
they’re societal norms. They’re pretty clearly not.
• Email is sent in the clear unless you take
• Even then it may be readable if your inbox is hacked.
• Your employer owns its email systems and
email sent on them. Behave accordingly.
• Students: using non-university email may
bypass FERPA protections.
What is “reidentiﬁcation” or
• Imagine this scenario:
• One website has your name, age, zipcode, and gender.
• Another has your age, gender, zipcode, pseudonym, and
dubious or sensitive taste in entertainment.
• If the info from both sites can be collated,
you can be pegged to your taste.
• And your pseudonym just got exposed. Hope you
weren’t using it anywhere else...
• We aren’t as unique as we think!
• “Anonymizing” data doesn’t ﬁx this.
• We can be identiﬁed by our attributes, friends, and
behavior almost as easily as by regular identiﬁers.
• What price public records NOW?
Reidentiﬁcation horror scenarios
• Health information
• Wouldn’t your insurance company like to know...?
• Becoming a major issue in health research!
• “Character witnessing”
• Are you an atheist? A gamer (this came up in a 2012
political campaign)? GLBTQ and not out? A person of
color who’s passing? A woman in IT? A whistleblower?
• A target for harm
• Physical, legal, ﬁnancial, employment, mental/emotional
• Where could library-patron information
ﬁgure in to this? Archives informants?
What information does the
web collect about us?
• “Personal information”
• Including health information, demography.
• Financial information
• Information about our habits
• Purchasing habits
• Entertainment habits (including, yes, reading habits)
• Search habits
• Information about our physical location
• through IP addresses or through web services like
• Information about our social lives
• And then it correlates as much of this as it can!
How is this information collected?
• Through server and search logs (IP addresses)
• Through sign-ins
• some of which are “real name required”
• Geolocation of our gadgetry
• Browser “ﬁngerprinting”
• Which version, with what add-ons, on which OS... unique!
• Human error (and exploitation thereof )
• Through observation of our behavior on individual
websites and across websites
• Cookies, Flash cookies, “web bugs.” Worst case: “keyloggers.”
• Our online associates’ behavior
• Which we obviously don’t control!
• How much of this are we actually aware of? How
much do sites disclose? Let us control?
• ... on citizenship
• ... on open discourse
• ... on vulnerable populations
• ... on markets
• is privacy-endangerment a winner-take-all market?
• what about online redlining?
Privacy and ebooks
• Ebook vendors, unlike libraries, do not
necessarily purge records of what you read.
• You are entirely at their mercy as far as who they share those
records with and what they do with them.
• Are they collecting info from library patrons too? Unclear!
• Because of this and DRM, they can also take
away what you want to read.
• And then there’s what you search for, or look at,
but don’t read.
• What do we do about this? What should we do?
Facebook has sold...
Your phone number
Information about your purchases
Information about your social network
Information about Facebook campaigns you’ve
• Information about what you’ve “liked.”
• While refusing to let you opt out of the sale of this information.
• Your likeness, for advertisers to use on your
• Google ain’t much better, and is getting worse.
Others have tried to use
• Screen employees
• including by requiring applicants to hand over Facebook
• (To Facebook’s credit, it actually fought this one.)
• Perform background checks (for employment or
• Do social-science research, sans informed consent
• At Harvard, some researchers made their RAs hand over their
Facebook passwords so they could see friendslocked material.
• How are you feeling about your Facebook?
• Facebook has sold MY information too, and
I refuse to use Facebook!
• Look up “shadow proﬁles” sometime.
• If you delete your account, Facebook keeps
and continues to sell your information.
• Facebook may or may not actually delete
photos when you delete them.
• Guess why I don’t use Facebook?
• Should libraries? Conﬂict between privacy ethics and
“go where the patrons are.”
• When you log into Facebook, Facebook knows
you visited any page with a “Like” button on it,
even if you do not click Like.
• Facebook has also been caught tracking this on logged-out
users. They claim they’ve stopped.
• If your library puts Like buttons on catalog
pages... (you do the math)
• Not just a Facebook issue, by the way.
• Social-media truism:
• “If you are not paying for it, you’re not the customer; you’re
the product being sold.” —blue_beetle on MetaFilter
• OverDrive signs a deal with Amazon to
lend Kindle ebooks through libraries.
• To do this, patrons have to tell Amazon their Kindle
identiﬁer, just as though they were buying the book.
• Amazon sends “hi, your loan is ending,
how about buying the book?” messages
• And is, as far as anybody knows, keeping information
about who checked out what.
Try it yourself: JSTOR
• JSTOR “Register and Read” program
• Give non-aﬃliated scholars/interested public unpaid
access to JSTOR, in return for a signup that ties reading
to the signup’s email address.
• What info are they collecting? Reidentiﬁcation risk?
• What risks might there be to program participants with
respect to what they read?
• What do they say they can do with it?
• How is this diﬀerent from standard library policies,
practices, and legal protections?
Try it yourself: JSTOR
• Real reason to worry: Swartz case.
• Is loss of privacy an unintended side eﬀect
of library disintermediation/disruption?
• If so, what do we do? Without sounding like
a bunch of luddite worrywart Trithemiuses
just out to protect our own jobs?
Privacy in archives
• Boston College IRA case
• Oral histories collected from Northern Irish people
who fought for IRA
• Archivists promised informants not to release until
after those informants died.
• UK authorities: “Fork it over, archivists.”
• Lawsuits ﬂew!
• What would you do?
• You need to decide this. Before something similar
happens to you.
What people want
• Control of which pieces of data they share.
• Choice about how their data will be used.
• Commitment that their personal data (i.e.,
email address, phone number) won't be
passed on to third parties.
• Compensation: Consumers also want a
reason to share data, and to understand
how they will beneﬁt.
• (via http://www.mediapost.com/publications/article/161410/consumerswilling-to-share-data-but-at-a-price.html)
• Can we do this in libraries? How?
• Don’t collect data you don’t need.
• And throw away data once it’s no longer of use.
• This includes computer logs! (IM chat ref, anyone?)
• Think outside your own demographic box.
• As Google seems to have so much trouble doing...
• Be transparent.
• Be activist. We have a bully pulpit!
• PAY ATTENTION to the security and privacy of
library IT infrastructure.
• This EMPHATICALLY includes the ramiﬁcations of thirdparty IT such as “like” buttons.
• It also includes contracts with content providers. A privacy
review should be an intrinsic part of collection development.
Rule of thumb?
• In the absence of a warrant or subpoena,
don’t keep or disclose information about
the behavior of identiﬁable patrons until
the patron has not only consented, but
ASKED YOU to retain or disclose the
• AND MAYBE NOT EVEN THEN.
• We know people make poor choices here!
Protecting digital privacy
• My suggestions: encryption, deletion,
• Encryption is where it’s at, folks. It’s not perfect, but
it’s the best we’ve got.
• Delete digital records. As often as possible. Perhaps
oftener. (Sorry, records managers and digital
archivists! Privacy comes ﬁrst!)
• Try to be aware of when your data are being
collected. Websites like tosdr.org (and the
associated browser plugins) help!
Example: cloud storage
• Cloud storage services almost all encrypt
data at some point.
• Google Drive, not so much. Just so you know.
• Important questions: who holds the key, and
when are the data locked up?
• Dropbox, Box (for now): They hold the key. This means
they can rat you out, snoop, etc. Also means that data
travel in the clear, and are vulnerable to packet-sniﬃng!
• SpiderOak: YOU hold the key, and encryption happens
on YOUR machine, before data move over the network.
SpiderOak doesn’t even see your data unencrypted,
can’t decrypt it. Secure, but don’t lose passwords!
Example: protecting your
web surﬁng from marketers
• Remember the stuﬀ I discussed last week with
respect to browser security? It can help protect your
privacy as well.
On an untrusted network, use a VPN to prevent packet-sniﬃng.
Do not let your browser accept third-party cookies.
Use adblocking, tracking-blocking browser add-ins liberally.
Grab the “HTTPS Everywhere” browser add-in from the EFF.
Turn on the “Do Not Track” setting in your browser; it doesn’t do
much, but it does something at least.
• Serious question: which of these should we install on
• Or is that too paternalistic, and patrons will be upset when
Facebook likes don’t work?
• Can we at least raise awareness, e.g. with tosdr.org plugin?
• I DON’T EVEN KNOW, folks.
• Smartphone owners do not control their
phone’s privacy/security. Either Apple or
their carrier (Android phones) does.
• Phones leak data all over the place!
• Location data particularly, but all “metadata” is of
• I don’t see an answer except better law.
• Carriers are constrained by current legal framework
to keep metadata indeﬁnitely!
• Libraries and archives generally do privacy
right. We certainly care about it!
• A lot of online businesses are doing privacy
very, very wrong.
• Not to mention the feds!
• And a lot of regular people are in no position
to navigate the hazards.
• So we have a serious problem on our hands!
• And we owe it to civil society to continue to set a good