2. Privacy vs. security
• A security problem can violate privacy, sure.
• But the violation is inadvertent! And often
involves some illegality!
• We’re not talking about that today; we’ve
done so already.
• We’re talking about perfectly legal (usually)
uses of information that still (potentially or
actually) violate privacy.
• This is a minefield. I don’t have all the answers.
We MUST still ask the questions.
3. What is privacy, really?
• “Exposure of personal information” is too
easy an answer.
• Exposure of what to whom, exactly?
• danah boyd: “respecting context”
• Consider your social circles. You have several
of them. What happens to them online?
• So privacy is partly the ability to practice “selective
disclosure” (another boyd-ism).
• Privacy is also trust that those we interact
with will not betray us.
• What’s betrayal in a library context, and how do libraries
avoid it?
4. Why do we care?
• Privacy of information use is a cornerstone of
intellectual freedom.
• ALA Code of Ethics:
• III. We protect each library user's right to privacy and
confidentiality with respect to information sought or
received and resources consulted, borrowed, acquired or
transmitted.
• Additional concerns include:
• Privacy of research subjects in collected data
• Privacy of living individuals mentioned in archival materials
• Privacy of confidential business records
• Privacy for especially vulnerable individuals
5. What is “freedom to read?”
• Historically: preventing Big Brother from
watching patrons’ checkout histories
• Remember the Patriot Act? How ‘bout that NSA?
• What happens to circ records nowadays? How did
moving circ records digital help privacy?
• Today: is Big Brother the only threat?
• Who else wants information, and will pay and/or bug
to get it?
• Historically: censorship and book banning
• Today: is that all that keeps good
information out of the hands of patrons?
6. Do we have privacy laws?
• Not in the US. Not really.
• We have libel and slander laws, and laws about
children’s information online (remember those?).
Limited “invasion of physical space” laws.
• Consumer-privacy laws have been introduced in
Congress. No joy... yet.
• We often have laws/ordinances around
library patron information.
• And even in the absence of law we SHOULD (and
usually do) have policy.
• KNOW THE LAW AND POLICY where you are.
• It’s different in Canada and Europe.
• Canada has even taken Facebook to the cleaners once
or twice.
7. Why do privacy problems happen?
• Monetary benefit
• Accident or ineptitude (see thedailywtf.com)
• Privilege and associated thoughtlessness
• Google Buzz: testing with its own (white, male, healthy, wealthy,
educated) engineers and no one else.
• Collapse of realspace social boundaries on the web
• This is a service-design problem! Human beings manage just fine
in realspace. Our online tools don’t give us the affordances we
need to replicate that success online.
• Web is more than the sum of its parts.
• Most scarily: DESIRE TO OFFER GOOD SERVICE,
e.g. recommender engines.
8. Libraries and privacy
• It’s not as simple as “always protect
patron privacy!”
• What about libraries and social media? Will we wipe
librarians off the Web? Really?
• What about user studies for service improvement?
• What about patron communities that form around
our materials and services?
• What about users who WANT to share what they
read, watch, and listen to? Will we shake our
paternalistic fingers at them and tell them no?
• What about digitization projects? Research?
• “How” is getting harder to figure out too.
10. Law hinders privacy research
• DMCA!
• If there’s information about you on a machine you
own (or even one you don’t), and the only way you
can find out about it is to hack the machine...
• These lawsuits have happened.
• Often they go away very quickly as the vocal tech
community shames the plaintiff.
• But Ed Felten of Princeton has been in and out of
court so many times...
11. Public records
• Back in the day, if you wanted a public
record, you went to a physical building,
combed through file cabinets, and paid for
the privilege.
• This is a variant on security-by-obscurity.
• Now many public records are online. Easy
discovery and easy access make them A
LOT MORE PUBLIC.
• How should we, as citizens, respond?
• As records managers/archivists/librarians, how should
we educate, train, and refer?
14. Email
• So how ‘bout that Petraeus guy?
• Email is only very loosely legally protected at present.
• Larger point: we have the privacy protections we do
because they are enshrined in law, not because
they’re societal norms. They’re pretty clearly not.
• Email is sent in the clear unless you take
encryption precautions.
• Even then it may be readable if your inbox is hacked.
• Your employer owns its email systems and
email sent on them. Behave accordingly.
• Students: using non-university email may
bypass FERPA protections.
15. What is “reidentification” or
“de-anonymization”?
• Imagine this scenario:
• One website has your name, age, zipcode, and gender.
• Another has your age, gender, zipcode, pseudonym, and
dubious or sensitive taste in entertainment.
• If the info from both sites can be collated,
you can be pegged to your taste.
• And your pseudonym just got exposed. Hope you
weren’t using it anywhere else...
• We aren’t as unique as we think!
• “Anonymizing” data doesn’t fix this.
• We can be identified by our attributes, friends, and
behavior almost as easily as by regular identifiers.
• What price public records NOW?
16. Reidentification horror scenarios
• Health information
• Wouldn’t your insurance company like to know...?
• Becoming a major issue in health research!
• “Character witnessing”
• Are you an atheist? A gamer (this came up in a 2012
political campaign)? GLBTQ and not out? A person of
color who’s passing? A woman in IT? A whistleblower?
• A target for harm
• Physical, legal, financial, employment, mental/emotional
(bullying)
• Where could library-patron information
figure in to this? Archives informants?
18. What information does the
web collect about us?
• “Personal information”
• Including health information, demography.
• Financial information
• Information about our habits
• Purchasing habits
• Entertainment habits (including, yes, reading habits)
• Search habits
• Information about our physical location
• through IP addresses or through web services like
Foursquare
• Information about our social lives
• And then it correlates as much of this as it can!
19. How is this information collected?
• Through server and search logs (IP addresses)
• Through sign-ins
• some of which are “real name required”
• Geolocation of our gadgetry
• Browser “fingerprinting”
• Which version, with what add-ons, on which OS... unique!
• Human error (and exploitation thereof )
• Through observation of our behavior on individual
websites and across websites
• Cookies, Flash cookies, “web bugs.” Worst case: “keyloggers.”
• Our online associates’ behavior
• Which we obviously don’t control!
• How much of this are we actually aware of? How
much do sites disclose? Let us control?
20. Effects
• ... on citizenship
• ... on open discourse
• ... on vulnerable populations
• ... on markets
• is privacy-endangerment a winner-take-all market?
• what about online redlining?
22. Privacy and ebooks
• Ebook vendors, unlike libraries, do not
necessarily purge records of what you read.
• You are entirely at their mercy as far as who they share those
records with and what they do with them.
• Are they collecting info from library patrons too? Unclear!
• Because of this and DRM, they can also take
away what you want to read.
• And then there’s what you search for, or look at,
but don’t read.
• What do we do about this? What should we do?
23. Facebook has sold...
•
•
•
•
Your phone number
Information about your purchases
Information about your social network
Information about Facebook campaigns you’ve
participated in
• Information about what you’ve “liked.”
• While refusing to let you opt out of the sale of this information.
• Your likeness, for advertisers to use on your
friends.
• Google ain’t much better, and is getting worse.
24. Others have tried to use
Facebook to...
• Screen employees
• including by requiring applicants to hand over Facebook
passwords!
• (To Facebook’s credit, it actually fought this one.)
• Perform background checks (for employment or
other reasons)
• Do social-science research, sans informed consent
• At Harvard, some researchers made their RAs hand over their
Facebook passwords so they could see friendslocked material.
• How are you feeling about your Facebook?
25. Guess what?
• Facebook has sold MY information too, and
I refuse to use Facebook!
• Look up “shadow profiles” sometime.
• If you delete your account, Facebook keeps
and continues to sell your information.
• Facebook may or may not actually delete
photos when you delete them.
• Guess why I don’t use Facebook?
• Should libraries? Conflict between privacy ethics and
“go where the patrons are.”
26. “Like” buttons
• When you log into Facebook, Facebook knows
you visited any page with a “Like” button on it,
even if you do not click Like.
• Facebook has also been caught tracking this on logged-out
users. They claim they’ve stopped.
• If your library puts Like buttons on catalog
pages... (you do the math)
• Not just a Facebook issue, by the way.
• Social-media truism:
• “If you are not paying for it, you’re not the customer; you’re
the product being sold.” —blue_beetle on MetaFilter
27. Amazon
• OverDrive signs a deal with Amazon to
lend Kindle ebooks through libraries.
• To do this, patrons have to tell Amazon their Kindle
identifier, just as though they were buying the book.
• Amazon sends “hi, your loan is ending,
how about buying the book?” messages
to patrons.
• And is, as far as anybody knows, keeping information
about who checked out what.
28. Try it yourself: JSTOR
• JSTOR “Register and Read” program
• Give non-affiliated scholars/interested public unpaid
access to JSTOR, in return for a signup that ties reading
to the signup’s email address.
• Let’s look at their privacy policy.
• http://www.jstor.org/page/info/about/policies/privacy.jsp
• What info are they collecting? Reidentification risk?
• What risks might there be to program participants with
respect to what they read?
• What do they say they can do with it?
• How is this different from standard library policies,
practices, and legal protections?
29. Try it yourself: JSTOR
• Real reason to worry: Swartz case.
• Is loss of privacy an unintended side effect
of library disintermediation/disruption?
• If so, what do we do? Without sounding like
a bunch of luddite worrywart Trithemiuses
just out to protect our own jobs?
30. Privacy in archives
• Boston College IRA case
• Oral histories collected from Northern Irish people
who fought for IRA
• Archivists promised informants not to release until
after those informants died.
• UK authorities: “Fork it over, archivists.”
• Lawsuits flew!
• What would you do?
• You need to decide this. Before something similar
happens to you.
32. What people want
• Control of which pieces of data they share.
• Choice about how their data will be used.
• Commitment that their personal data (i.e.,
email address, phone number) won't be
passed on to third parties.
• Compensation: Consumers also want a
reason to share data, and to understand
how they will benefit.
• (via http://www.mediapost.com/publications/article/161410/consumerswilling-to-share-data-but-at-a-price.html)
• Can we do this in libraries? How?
33. More suggestions
• Don’t collect data you don’t need.
• And throw away data once it’s no longer of use.
• This includes computer logs! (IM chat ref, anyone?)
• Think outside your own demographic box.
• As Google seems to have so much trouble doing...
• Be transparent.
• Be activist. We have a bully pulpit!
• PAY ATTENTION to the security and privacy of
library IT infrastructure.
• This EMPHATICALLY includes the ramifications of thirdparty IT such as “like” buttons.
• It also includes contracts with content providers. A privacy
review should be an intrinsic part of collection development.
34. Rule of thumb?
• In the absence of a warrant or subpoena,
don’t keep or disclose information about
the behavior of identifiable patrons until
the patron has not only consented, but
ASKED YOU to retain or disclose the
information.
• AND MAYBE NOT EVEN THEN.
• We know people make poor choices here!
35. Protecting digital privacy
• My suggestions: encryption, deletion,
awareness.
• Encryption is where it’s at, folks. It’s not perfect, but
it’s the best we’ve got.
• Delete digital records. As often as possible. Perhaps
oftener. (Sorry, records managers and digital
archivists! Privacy comes first!)
• Try to be aware of when your data are being
collected. Websites like tosdr.org (and the
associated browser plugins) help!
36. Example: cloud storage
• Cloud storage services almost all encrypt
data at some point.
• Google Drive, not so much. Just so you know.
• Important questions: who holds the key, and
when are the data locked up?
• Dropbox, Box (for now): They hold the key. This means
they can rat you out, snoop, etc. Also means that data
travel in the clear, and are vulnerable to packet-sniffing!
NOT SECURE.
• SpiderOak: YOU hold the key, and encryption happens
on YOUR machine, before data move over the network.
SpiderOak doesn’t even see your data unencrypted,
can’t decrypt it. Secure, but don’t lose passwords!
37. Example: protecting your
web surfing from marketers
• Remember the stuff I discussed last week with
respect to browser security? It can help protect your
privacy as well.
•
•
•
•
•
On an untrusted network, use a VPN to prevent packet-sniffing.
Do not let your browser accept third-party cookies.
Use adblocking, tracking-blocking browser add-ins liberally.
Grab the “HTTPS Everywhere” browser add-in from the EFF.
Turn on the “Do Not Track” setting in your browser; it doesn’t do
much, but it does something at least.
• Serious question: which of these should we install on
patron computers?
• Or is that too paternalistic, and patrons will be upset when
Facebook likes don’t work?
• Can we at least raise awareness, e.g. with tosdr.org plugin?
38. Example: smartphones
• I DON’T EVEN KNOW, folks.
• Smartphone owners do not control their
phone’s privacy/security. Either Apple or
their carrier (Android phones) does.
• Phones leak data all over the place!
• Location data particularly, but all “metadata” is of
concern.
• I don’t see an answer except better law.
• Carriers are constrained by current legal framework
to keep metadata indefinitely!
39. Bottom line:
• Libraries and archives generally do privacy
right. We certainly care about it!
• A lot of online businesses are doing privacy
very, very wrong.
• Not to mention the feds!
• And a lot of regular people are in no position
to navigate the hazards.
• So we have a serious problem on our hands!
• And we owe it to civil society to continue to set a good
example.