September 22, 2017

LACUNY Conference Plans Privacy Protections

ALA_Icon_180x180_BOn May 8, the Library Association of the City University of New York (LACUNY) Institute held its annual one-day conference, “Privacy and Surveillance: Library Advocacy for the 21st Century,” at New York City’s John Jay College of Criminal Justice in honor of Choose Privacy Week 2015, May 1–7, sponsored by the American Library Association’s Office for Intellectual Freedom (ALA OIF).

From the keynote speech by Rainey Reitman, activism director for the Electronic Frontier Foundation (EFF) and COO and cofounder of the Freedom of the Press Foundation (FPF), to the closing talk by Alison Macrina, founder of the Library Freedom Project (LFP) and a 2015 LJ Mover & Shaker, the LACUNY Institute conference was enlightening, intriguing, and—appropriately enough—a bit scary. In his opening remarks Larry Sullivan, associate dean and chief librarian at John Jay, stated that while he was a strong advocate of privacy, he had no expectations of privacy. He then got straight to the point: “If you really want to be private in this world…one, use a payphone, and two, use cash.”

ACCOUNTABILITY AND WHISTLE-BLOWING

Reitman, who had flown in from San Francisco (“I will travel as far as necessary to speak with librarians”), offered up a hard look at privacy policies—the legal statements that disclose how a site may gather and disclose user data. She noted that these are not, in fact, promises of protection. Instead, “they explain how your privacy will be violated.” Many contain language that is purposefully vague, especially concerning how data will be shared with the government and law enforcement.

The ever-present threat of tracking is counterproductive, she explained, because users need free access to all content. “When we have a democracy that lets people access contentious information, that’s a society that thrives,” Reitman said, adding, “possibly I am a deeply optimistic person, but we should always err on the side of letting people make up their own minds…. But when readers believe that accessing info could be tracked, stored, and handed over to the government, we undermine the promise of the Internet.”

In 2010, Reitman joined EFF’s staff of lawyers and technologists to build its activism team. In her first year she helped develop the report “Who Has Your Back,” which analyzed transparency criteria in the privacy policies of various social networking sites, commerce sites, and ISPs. In 2011, she recalled, only one company was actively publishing data on how it handled government requests for users’ personal data. By 2014, 20 of the 26 companies surveyed were compliant. Accountability, noted Reitman, can make for an effective campaign.

From her First Amendment work as cofounder of the Chelsea Manning Support Network, Reitman went on to help found the nonprofit FPF to help support and protect journalistic operations such as WikiLeaks—whose methodology is particularly interesting, she said, for publishing original source material, unredacted and in full (“WikiLeaks is about showing your work”). FPF is notable for obscuring the records of online donors and refusing to hand over their data.

Reitman went on to discuss whistle-blower Edward Snowden, the Patriot Act, and the EFF’s lawsuit against the National Security Agency (NSA) for its monitoring of telecommunications data. EFF’s action became part of a larger American Civil Liberties Union lawsuit against the NSA. On May 7, the day before the LACUNY conference, the Court of Appeals for the Second Circuit ruled the tracking program unlawful. It’s “the beginning of the end of phone surveillance in the United States,” said Reitman, proclaiming it yet another victory for Choose Privacy Week; “I’m happy to say that librarians have been at the forefront of this battle.”

TEACHING PRIVACY LITERACY

Much of the afternoon’s proceedings centered on various forms of librarian advocacy, especially teaching students about privacy. John Buschman, dean of libraries at Seton Hall University, South Orange, NJ, noted that although librarians have been aware of privacy threats for years—his 1995 article, “Libraries and the Underside of the Information Age,” had been cited earlier for its prescience—the concept has been uncoupled from its political context over the past 40 years and is currently an everyday concern that requires a different kind of attention. The contest now, he explained, is not between what should and should not be known but how it should be known.

Sarah Lamdan, associate law library professor at CUNY Law School, discussed the instructional role of librarians as advocates for social media privacy. “In the past, we were feisty protestors for privacy,” she said. “We should harness that feisty power and take it into the digital age.” Lamdan recommended using the seven foundational principles of Privacy by Design developed in the 1990s by Ann Cavoukian, information and privacy commissioner of Ontario, to get students past the prevailing thinking of “You have zero privacy; get over it.” John Jay emerging technologies and distance services librarian Robin Camille Davis also recommended teaching students to use Google ad settings, tracking blockers such as Ghostery or Privacy Badger and the Inspect Element tool in their browsers to examine sites’ underlying code.

Finding the weak spots

The second panel, on “Surveillance and Its Discontents,” looked at end solutions to privacy problems. Seeta Peña Gangadharan, senior research fellow at the New America Foundation’s Open Technology Institute, and Bonnie Tijerina, fellow at the Data and Society Institute (and a 2010 LJ Mover & Shaker), mapped common library practices in an infographic to visualize which are controllable by library staff, in order to help define vulnerabilities.

Tony Doyle, associate professor at the Hunter College library, explained online anonymous web searching through obfuscation, suggesting digital solutions such as the Tor network, which masks a user’s identity via encryption and multiple routers; TrackMeNot, which generates a smokescreen of dummy requests to mask each query; and DuckDuckGo, a search engine that does not store or track user information. ASA College information literacy instructor Maria Bernhey shared her privacy lesson plan, noting the importance of explaining that seeking to limit the amount of information available about oneself does not imply having something nefarious to hide. “There’s nothing wrong with taking control of your privacy, and students don’t understand that.”

Defining the boundaries

The third panel, on legal boundaries, featured a discussion of library-specific privacy policies from Percy Wise, information services coordinator for the Multnomah County Library System, Portland, OR. As a non-practicing attorney, Wise was well versed in the finer points of policy law and cautioned, “Remember: privacy policies are not aspirational.”

Julia Frankosky, government information librarian at Michigan State University, talked about privacy as it pertains to academic discourse. In the past, she explained, for the most part classroom discussions began and ended there; now, anything said in class is fair game, and faculty or students who make controversial statements, indulge in political rants, or even send an email too hastily can find their careers impacted.

And CUNY Graduate Center associate librarian for collections Alycia Sellie took critical aim at how digital rights management (DRM) can compromise the privacy of library ebook borrowers, noting, “DRM makes surveillance of reading habits extremely simple.” In most cases, she said, customers have a choice as to whether they wish to comply with commercial features that limit privacy—“No one is forcing us to put on a Mickey Mouse bracelet if we would rather not,” she said, citing Disneyland’s most recent optional customer tracking innovation. However, it is a much bigger sacrifice to forgo library electronic content to avoid accepting DRM rules, especially now that some content is available only in electronic format. So, she said, libraries should be aware of their own options for providing DRM-free e-materials.

EVERYONE HAS SOMETHING TO HIDE

Macrina began with a friendly disclaimer: “I hope everybody’s OK with being on an FBI watch list after attending this event.” She went on to offer a brief history of library active resistance to privacy threats, including the FBI’s late–Cold War clandestine surveillance program that targeted librarians. (For a more in-depth look, see The Nation’s recent article in its May 25, 2015, edition, Librarians vs. the NSA.)

The NSA’s data retrieval system, Macrina explained, is sophisticated and can pull information from any Internet communication using a major commercial platform, including Google, Apple, Microsoft, and Skype. Section 215 of the Patriot Act, “Access to records and other items under [the Foreign Intelligence Surveillance Act of 1978]” (commonly known as the “library records” provision), authorizes government collection of broadly defined “tangible things” to assist in a security investigation. “I don’t think any of us could have anticipated just how big this [NSA] problem would be,” she said.

And privacy is important in all its permutations, stressed Macrina. “I reject the idea that people have nothing to hide,” she said. “I have something to hide, and so do all of you. You’re all wearing clothes. You don’t post your medical records…. You’re human.” She also noted that according to statistics collected by PEN America, a global association of writers devoted to defending literary free speech, one in six writers has avoided writing or speaking on a topic that they thought would subject them to surveillance. Another one in six has seriously considered doing so. “That’s a huge existential threat to libraries as far as I’m concerned,” Macrina said.

However, she added, “We’re not doomed. I’m setting up this problem because I’m setting up a solution.”

The LFP, which earlier this year won a Knight Foundation News Challenge grant, is dedicated to educating librarians on intellectual freedom issues. To that end, Macrina stated, “Technology in the liberation of social good is our best defense.” She favors encryption tools and free open source software, which both fits with libraries’ ethical framework and provides “that level of transparency [where] it becomes incredibly difficult for a malicious actor to backdoor the software.”

On a small scale, Macrina suggested that every librarian make time to assess the library’s resources, think about who might compromise it, and imagine what could be done to protect it. In addition to the previously mentioned Tor and DuckDuckGo, she noted several solutions that can be easily implemented: the EFF’s HTTPS Everywhere extension, which automatically provides secure authentication for every site used in a system; Textsecure, which encrypts text messages; Signal, which encrypts phone calls on Android devices; the password management utility KeePassX; and Tails, a flash drive–based Linux browser that anonymizes all data.

However, Macrina also teaches simpler versions of her tech-heavy defense at LFP for those who might find it a barrier. That way, she said, “At least you know about the law. At least you know what some of those programs are,” adding that there’s no reason why an Introduction to the Internet library class can’t use DuckDuckGo. And she will be conducting a workshop on Digital Privacy and Security: Keeping You and Your Library Safe and Secure in a Post-Snowden World at ALA’s annual conference in June.

Macrina acknowledges that her paranoia levels have increased along with her involvement in privacy issues but feels that her cause—and her chance to encourage a privacy-literate population—is worth the worry. As librarians, she said in summation, we have the ability to “make privacy protection tools ubiquitous and mainstream.”

Lisa Peet About Lisa Peet

Lisa Peet is Associate Editor, News for Library Journal.

Share
Integrate Multiple Literacies Into Your Strategic Plan and Library Initiatives
The editors of Library Journal and School Library Journal have convened some of today’s leading advocates, thinkers, and doers on literacy programming in public libraries, including speakers from the March 2017 Public Library Think Tank in Miami, to discuss in actionable terms how public librarians are redefining literacy. Our Literacy Redefined online course will address literacy in its widest sense—digital, media/information, civic, reading readiness, visual, multicultural, and health literacy—and will identify tools for leveraging partnerships to fuel programming and funding.
Create a Maker Program in Your Library
School Library Journal’s newest installment of Maker Workshop will feature up-to-the-minute content to help you develop a rich maker program for your library. During this 4-week online course, you’ll hear directly from expert keynote speakers doing inspiring work that you can emulate, regardless of your library’s size or budget. Course sessions will explore culturally relevant making and how to assess your community’s needs, mobile maker spaces, multi-media, and more!

Comments

  1. Ilya Geller says:

    Good news! The Era of Absolute Privacy is coming! No need in queries, cookies or browsing history anymore. Google is over!

    I discovered and patented how to structure any data: Language has its own Internal parsing, indexing and statistics. For instance, there are two sentences:

    a) ‘Sam!’
    b) ‘A loud ringing of one of the bells was followed by the appearance of a
    smart chambermaid in the upper sleeping gallery, who, after tapping at
    one of the doors, and receiving a request from within, called over the
    balustrades -‘Sam!’.’

    Evidently, that the ‘victory’ has different importance into both sentences, in regard to extra information in both. This distinction is reflected as the phrases, which contain ‘victory’, weights: the first has 1, the second – 0.08; the greater weight signifies stronger emotional ‘acuteness’.
    First you need to parse obtaining phrases from clauses, restoring omitted words, for sentences and paragraphs.
    Next, you calculate Internal statistics, weights; where the weight refers to the frequency that a phrase occurs in relation to other phrases.
    After that data is indexed by common dictionary, like Webster, and annotated by subtexts.
    This is a small sample of the structured data:
    this – signify – : 333333
    both – are – once : 333333
    confusion – signify – : 333321
    speaking – done – once : 333112
    speaking – was – both : 333109
    place – is – in : 250000
    To see the validity of technology – pick up any sentence.

    Do you have a pencil?

    All other technologies depend on spying, on quires, on SQL, all of them on External statistics. See IBM, Oracle, Microsoft, Google and Yahoo? Apache Hadoop and NoSQL? My technology is the only one that obtains Internal statistics directly from texts themselves.
    Being structured information will search for users based on their profiles of structured data. Each and every user can get only specifically tailored for him information: there is no any privacy issue, nobody ever will know what the user got and read. (No spam!)
    The technology came from Analytic Philosophy, Internal Relations Theory.

  2. Robin Camille Davis says:

    Excellent write-up! This year’s LACUNY Institute was truly energizing. For those interested, several presenters have posted their slides or papers in the CUNY Academic Works repository: http://academicworks.cuny.edu/lacuny_conf_2015/