2. Privacy vs. security
ā¢ A security problem can violate privacy, sure.
ā¢ But the violation is inadvertent! And often
involves some illegality!
ā¢ Weāre not talking about that today; weāve
done so already.
ā¢ Weāre talking about perfectly legal (usually)
uses of information that still (potentially or
actually) violate privacy.
ā¢ This is a mineļ¬eld. I donāt have all the answers.
We MUST still ask the questions.
3. What is privacy, really?
ā¢ āExposure of personal informationā is too
easy an answer.
ā¢ Exposure of what to whom, exactly?
ā¢ danah boyd: ārespecting contextā
ā¢ Consider your social circles. You have several
of them. What happens to them online?
ā¢ So privacy is partly the ability to practice āselective
disclosureā (another boyd-ism).
ā¢ Privacy is also trust that those we interact
with will not betray us.
ā¢ Whatās betrayal in a library context, and how do libraries
avoid it?
4. Why do we care?
ā¢ Privacy of information use is a cornerstone of
intellectual freedom.
ā¢ ALA Code of Ethics:
ā¢ III. We protect each library user's right to privacy and
conļ¬dentiality with respect to information sought or
received and resources consulted, borrowed, acquired or
transmitted.
ā¢ Additional concerns include:
ā¢ Privacy of research subjects in collected data
ā¢ Privacy of living individuals mentioned in archival materials
ā¢ Privacy of conļ¬dential business records
ā¢ Privacy for especially vulnerable individuals
5. What is āfreedom to read?ā
ā¢ Historically: preventing Big Brother from
watching patronsā checkout histories
ā¢ Remember the Patriot Act? How ābout that NSA?
ā¢ What happens to circ records nowadays? How did
moving circ records digital help privacy?
ā¢ Today: is Big Brother the only threat?
ā¢ Who else wants information, and will pay and/or bug
to get it?
ā¢ Historically: censorship and book banning
ā¢ Today: is that all that keeps good
information out of the hands of patrons?
6. Do we have privacy laws?
ā¢ Not in the US. Not really.
ā¢ We have libel and slander laws, and laws about
childrenās information online (remember those?).
Limited āinvasion of physical spaceā laws.
ā¢ Consumer-privacy laws have been introduced in
Congress. No joy... yet.
ā¢ We often have laws/ordinances around
library patron information.
ā¢ And even in the absence of law we SHOULD (and
usually do) have policy.
ā¢ KNOW THE LAW AND POLICY where you are.
ā¢ Itās diļ¬erent in Canada and Europe.
ā¢ Canada has even taken Facebook to the cleaners once
or twice.
7. Why do privacy problems happen?
ā¢ Monetary beneļ¬t
ā¢ Accident or ineptitude (see thedailywtf.com)
ā¢ Privilege and associated thoughtlessness
ā¢ Google Buzz: testing with its own (white, male, healthy, wealthy,
educated) engineers and no one else.
ā¢ Collapse of realspace social boundaries on the web
ā¢ This is a service-design problem! Human beings manage just ļ¬ne
in realspace. Our online tools donāt give us the aļ¬ordances we
need to replicate that success online.
ā¢ Web is more than the sum of its parts.
ā¢ Most scarily: DESIRE TO OFFER GOOD SERVICE,
e.g. recommender engines.
8. Libraries and privacy
ā¢ Itās not as simple as āalways protect
patron privacy!ā
ā¢ What about libraries and social media? Will we wipe
librarians oļ¬ the Web? Really?
ā¢ What about user studies for service improvement?
ā¢ What about patron communities that form around
our materials and services?
ā¢ What about users who WANT to share what they
read, watch, and listen to? Will we shake our
paternalistic ļ¬ngers at them and tell them no?
ā¢ What about digitization projects? Research?
ā¢ āHowā is getting harder to ļ¬gure out too.
10. Law hinders privacy research
ā¢ DMCA!
ā¢ If thereās information about you on a machine you
own (or even one you donāt), and the only way you
can ļ¬nd out about it is to hack the machine...
ā¢ These lawsuits have happened.
ā¢ Often they go away very quickly as the vocal tech
community shames the plaintiļ¬.
ā¢ But Ed Felten of Princeton has been in and out of
court so many times...
11. Public records
ā¢ Back in the day, if you wanted a public
record, you went to a physical building,
combed through ļ¬le cabinets, and paid for
the privilege.
ā¢ This is a variant on security-by-obscurity.
ā¢ Now many public records are online. Easy
discovery and easy access make them A
LOT MORE PUBLIC.
ā¢ How should we, as citizens, respond?
ā¢ As records managers/archivists/librarians, how should
we educate, train, and refer?
14. Email
ā¢ So how ābout that Petraeus guy?
ā¢ Email is only very loosely legally protected at present.
ā¢ Larger point: we have the privacy protections we do
because they are enshrined in law, not because
theyāre societal norms. Theyāre pretty clearly not.
ā¢ Email is sent in the clear unless you take
encryption precautions.
ā¢ Even then it may be readable if your inbox is hacked.
ā¢ Your employer owns its email systems and
email sent on them. Behave accordingly.
ā¢ Students: using non-university email may
bypass FERPA protections.
15. What is āreidentiļ¬cationā or
āde-anonymizationā?
ā¢ Imagine this scenario:
ā¢ One website has your name, age, zipcode, and gender.
ā¢ Another has your age, gender, zipcode, pseudonym, and
dubious or sensitive taste in entertainment.
ā¢ If the info from both sites can be collated,
you can be pegged to your taste.
ā¢ And your pseudonym just got exposed. Hope you
werenāt using it anywhere else...
ā¢ We arenāt as unique as we think!
ā¢ āAnonymizingā data doesnāt ļ¬x this.
ā¢ We can be identiļ¬ed by our attributes, friends, and
behavior almost as easily as by regular identiļ¬ers.
ā¢ What price public records NOW?
16. Reidentiļ¬cation horror scenarios
ā¢ Health information
ā¢ Wouldnāt your insurance company like to know...?
ā¢ Becoming a major issue in health research!
ā¢ āCharacter witnessingā
ā¢ Are you an atheist? A gamer (this came up in a 2012
political campaign)? GLBTQ and not out? A person of
color whoās passing? A woman in IT? A whistleblower?
ā¢ A target for harm
ā¢ Physical, legal, ļ¬nancial, employment, mental/emotional
(bullying)
ā¢ Where could library-patron information
ļ¬gure in to this? Archives informants?
18. What information does the
web collect about us?
ā¢ āPersonal informationā
ā¢ Including health information, demography.
ā¢ Financial information
ā¢ Information about our habits
ā¢ Purchasing habits
ā¢ Entertainment habits (including, yes, reading habits)
ā¢ Search habits
ā¢ Information about our physical location
ā¢ through IP addresses or through web services like
Foursquare
ā¢ Information about our social lives
ā¢ And then it correlates as much of this as it can!
19. How is this information collected?
ā¢ Through server and search logs (IP addresses)
ā¢ Through sign-ins
ā¢ some of which are āreal name requiredā
ā¢ Geolocation of our gadgetry
ā¢ Browser āļ¬ngerprintingā
ā¢ Which version, with what add-ons, on which OS... unique!
ā¢ Human error (and exploitation thereof )
ā¢ Through observation of our behavior on individual
websites and across websites
ā¢ Cookies, Flash cookies, āweb bugs.ā Worst case: ākeyloggers.ā
ā¢ Our online associatesā behavior
ā¢ Which we obviously donāt control!
ā¢ How much of this are we actually aware of? How
much do sites disclose? Let us control?
20. Eļ¬ects
ā¢ ... on citizenship
ā¢ ... on open discourse
ā¢ ... on vulnerable populations
ā¢ ... on markets
ā¢ is privacy-endangerment a winner-take-all market?
ā¢ what about online redlining?
22. Privacy and ebooks
ā¢ Ebook vendors, unlike libraries, do not
necessarily purge records of what you read.
ā¢ You are entirely at their mercy as far as who they share those
records with and what they do with them.
ā¢ Are they collecting info from library patrons too? Unclear!
ā¢ Because of this and DRM, they can also take
away what you want to read.
ā¢ And then thereās what you search for, or look at,
but donāt read.
ā¢ What do we do about this? What should we do?
23. Facebook has sold...
ā¢
ā¢
ā¢
ā¢
Your phone number
Information about your purchases
Information about your social network
Information about Facebook campaigns youāve
participated in
ā¢ Information about what youāve āliked.ā
ā¢ While refusing to let you opt out of the sale of this information.
ā¢ Your likeness, for advertisers to use on your
friends.
ā¢ Google aināt much better, and is getting worse.
24. Others have tried to use
Facebook to...
ā¢ Screen employees
ā¢ including by requiring applicants to hand over Facebook
passwords!
ā¢ (To Facebookās credit, it actually fought this one.)
ā¢ Perform background checks (for employment or
other reasons)
ā¢ Do social-science research, sans informed consent
ā¢ At Harvard, some researchers made their RAs hand over their
Facebook passwords so they could see friendslocked material.
ā¢ How are you feeling about your Facebook?
25. Guess what?
ā¢ Facebook has sold MY information too, and
I refuse to use Facebook!
ā¢ Look up āshadow proļ¬lesā sometime.
ā¢ If you delete your account, Facebook keeps
and continues to sell your information.
ā¢ Facebook may or may not actually delete
photos when you delete them.
ā¢ Guess why I donāt use Facebook?
ā¢ Should libraries? Conļ¬ict between privacy ethics and
āgo where the patrons are.ā
26. āLikeā buttons
ā¢ When you log into Facebook, Facebook knows
you visited any page with a āLikeā button on it,
even if you do not click Like.
ā¢ Facebook has also been caught tracking this on logged-out
users. They claim theyāve stopped.
ā¢ If your library puts Like buttons on catalog
pages... (you do the math)
ā¢ Not just a Facebook issue, by the way.
ā¢ Social-media truism:
ā¢ āIf you are not paying for it, youāre not the customer; youāre
the product being sold.ā āblue_beetle on MetaFilter
27. Amazon
ā¢ OverDrive signs a deal with Amazon to
lend Kindle ebooks through libraries.
ā¢ To do this, patrons have to tell Amazon their Kindle
identiļ¬er, just as though they were buying the book.
ā¢ Amazon sends āhi, your loan is ending,
how about buying the book?ā messages
to patrons.
ā¢ And is, as far as anybody knows, keeping information
about who checked out what.
28. Try it yourself: JSTOR
ā¢ JSTOR āRegister and Readā program
ā¢ Give non-aļ¬liated scholars/interested public unpaid
access to JSTOR, in return for a signup that ties reading
to the signupās email address.
ā¢ Letās look at their privacy policy.
ā¢ http://www.jstor.org/page/info/about/policies/privacy.jsp
ā¢ What info are they collecting? Reidentiļ¬cation risk?
ā¢ What risks might there be to program participants with
respect to what they read?
ā¢ What do they say they can do with it?
ā¢ How is this diļ¬erent from standard library policies,
practices, and legal protections?
29. Try it yourself: JSTOR
ā¢ Real reason to worry: Swartz case.
ā¢ Is loss of privacy an unintended side eļ¬ect
of library disintermediation/disruption?
ā¢ If so, what do we do? Without sounding like
a bunch of luddite worrywart Trithemiuses
just out to protect our own jobs?
30. Privacy in archives
ā¢ Boston College IRA case
ā¢ Oral histories collected from Northern Irish people
who fought for IRA
ā¢ Archivists promised informants not to release until
after those informants died.
ā¢ UK authorities: āFork it over, archivists.ā
ā¢ Lawsuits ļ¬ew!
ā¢ What would you do?
ā¢ You need to decide this. Before something similar
happens to you.
32. What people want
ā¢ Control of which pieces of data they share.
ā¢ Choice about how their data will be used.
ā¢ Commitment that their personal data (i.e.,
email address, phone number) won't be
passed on to third parties. Ā
ā¢ Compensation: Consumers also want a
reason to share data, and to understand
how they will beneļ¬t.
ā¢ (via http://www.mediapost.com/publications/article/161410/consumerswilling-to-share-data-but-at-a-price.html)
ā¢ Can we do this in libraries? How?
33. More suggestions
ā¢ Donāt collect data you donāt need.
ā¢ And throw away data once itās no longer of use.
ā¢ This includes computer logs! (IM chat ref, anyone?)
ā¢ Think outside your own demographic box.
ā¢ As Google seems to have so much trouble doing...
ā¢ Be transparent.
ā¢ Be activist. We have a bully pulpit!
ā¢ PAY ATTENTION to the security and privacy of
library IT infrastructure.
ā¢ This EMPHATICALLY includes the ramiļ¬cations of thirdparty IT such as ālikeā buttons.
ā¢ It also includes contracts with content providers. A privacy
review should be an intrinsic part of collection development.
34. Rule of thumb?
ā¢ In the absence of a warrant or subpoena,
donāt keep or disclose information about
the behavior of identiļ¬able patrons until
the patron has not only consented, but
ASKED YOU to retain or disclose the
information.
ā¢ AND MAYBE NOT EVEN THEN.
ā¢ We know people make poor choices here!
35. Protecting digital privacy
ā¢ My suggestions: encryption, deletion,
awareness.
ā¢ Encryption is where itās at, folks. Itās not perfect, but
itās the best weāve got.
ā¢ Delete digital records. As often as possible. Perhaps
oftener. (Sorry, records managers and digital
archivists! Privacy comes ļ¬rst!)
ā¢ Try to be aware of when your data are being
collected. Websites like tosdr.org (and the
associated browser plugins) help!
36. Example: cloud storage
ā¢ Cloud storage services almost all encrypt
data at some point.
ā¢ Google Drive, not so much. Just so you know.
ā¢ Important questions: who holds the key, and
when are the data locked up?
ā¢ Dropbox, Box (for now): They hold the key. This means
they can rat you out, snoop, etc. Also means that data
travel in the clear, and are vulnerable to packet-sniļ¬ng!
NOT SECURE.
ā¢ SpiderOak: YOU hold the key, and encryption happens
on YOUR machine, before data move over the network.
SpiderOak doesnāt even see your data unencrypted,
canāt decrypt it. Secure, but donāt lose passwords!
37. Example: protecting your
web surļ¬ng from marketers
ā¢ Remember the stuļ¬ I discussed last week with
respect to browser security? It can help protect your
privacy as well.
ā¢
ā¢
ā¢
ā¢
ā¢
On an untrusted network, use a VPN to prevent packet-sniļ¬ng.
Do not let your browser accept third-party cookies.
Use adblocking, tracking-blocking browser add-ins liberally.
Grab the āHTTPS Everywhereā browser add-in from the EFF.
Turn on the āDo Not Trackā setting in your browser; it doesnāt do
much, but it does something at least.
ā¢ Serious question: which of these should we install on
patron computers?
ā¢ Or is that too paternalistic, and patrons will be upset when
Facebook likes donāt work?
ā¢ Can we at least raise awareness, e.g. with tosdr.org plugin?
38. Example: smartphones
ā¢ I DONāT EVEN KNOW, folks.
ā¢ Smartphone owners do not control their
phoneās privacy/security. Either Apple or
their carrier (Android phones) does.
ā¢ Phones leak data all over the place!
ā¢ Location data particularly, but all āmetadataā is of
concern.
ā¢ I donāt see an answer except better law.
ā¢ Carriers are constrained by current legal framework
to keep metadata indeļ¬nitely!
39. Bottom line:
ā¢ Libraries and archives generally do privacy
right. We certainly care about it!
ā¢ A lot of online businesses are doing privacy
very, very wrong.
ā¢ Not to mention the feds!
ā¢ And a lot of regular people are in no position
to navigate the hazards.
ā¢ So we have a serious problem on our hands!
ā¢ And we owe it to civil society to continue to set a good
example.