Nothing to hide: Readers’ rights to privacy and confidentiality

One of the first arguments that comes up in the privacy debate – whether the issue at hand is a police search of your vehicle or Amazon keeping a record of every Kindle book you read – is that only people who have “something to hide” care about privacy.

To say this is disingenuous, and if the people who made this argument thought for even five minutes, I bet they could come up with a few things about their lives that aren’t illegal, or even morally or ethically wrong, but that they’d like to keep private anyway. Let’s consider the issue of library books, and what the books you check out may reveal about you. (Notice The Anarchist Cookbook is not on the following list. I don’t know the statistics about where terrorists get their bomb-making instructions, but I doubt most of it comes from the public library. There’s this thing called the Internet, you see.)

  • What to Expect When You’re Expecting, or other books that might indicate you’re trying to start a family before you’ve told anyone else.
  • Cracking the New GRE, or other test-prep books for grad school or a planned career change you aren’t ready to tell your current boss about.
  • Managing Your Depression, The Lahey Clinic Guide to Cooking Through Cancer, or other books about medical conditions you or someone close to you may be experiencing.
  • Bankruptcy for Small Business Owners might prove worrisome to your clients or your bank.
  • The Guide to Getting It On, or any books on the topics of sexuality, sexual health, safe sex, etc. (In many libraries, kids can get their own library cards at a young age, and parents aren’t allowed to monitor their accounts.) See also: It Gets Better: Coming Out, Overcoming Bullying, Creating a Life Worth Living, or Transgender Lives, etc.
  • God Is Not Great or other anti-religious texts would likely be poorly received if you’re part of a religious family or community.
  • A Gentle Path Through the Twelve Steps, or other books about personal struggle and recovery.
  • How to Buy a House; How to Sell A House, or other real estate books when you haven’t told anyone you’re thinking of moving.

These are just a few examples of information that people might justifiably want to keep personal and private, but not because of any wrongdoing. And this is why librarians strive to protect patron privacy.

“We protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.” -ALA Code of Ethics

11/1/14 Edited to add: This short graphic novel about privacy and technology from Al Jazeera America expands this idea, looking not just at people’s reading history but about all the information they share, voluntarily or not. Thanks to Library Link of the Day for the link.

"Even if you have nothing bad to hide, giving up privacy can mean giving up power over your life story and competing with others for control."

“Even if you have nothing bad to hide, giving up privacy can mean giving up power over your life story and competing with others for control.”

 

TOS42

“Maybe we’ve been given a false choice between opting in and giving up control over how that information is used–” “–between sharing and being left out.”

11/3/14 Edited to add: Kevin O’Kelly from the Somerville Public Library reminded me of Glenn Greenwald’s excellent TED Talk, “Why Privacy Matters.” In it, Greenwald says, “People who say that…privacy isn’t really important, they don’t actually believe it, and the way you know that they don’t actually believe it is that while they say with their words that privacy doesn’t matter, with their actions, they take all kinds of steps to safeguard their privacy. They put passwords on their email and their social media accounts, they put locks on their bedroom and bathroom doors, all steps designed to prevent other people from entering what they consider their private realm and knowing what it is that they don’t want other people to know.

And also: “We as human beings, even those of us who in words disclaim the importance of our own privacy, instinctively understand the profound importance of it. It is true that as human beings, we’re social animals, which means we have a need for other people to know what we’re doing and saying and thinking, which is why we voluntarily publish information about ourselves online. But equally essential to what it means to be a free and fulfilled human being is to have a place that we can go and be free of the judgmental eyes of other people.”

Greenwald is the author of No Place to Hide: Edward Snowden, the NSA, and the U.S. surveillance state (2014). His TED talk is well worth 20 minutes of your time.

 

NELA 2014: Consent of the Networked

Cross-posted on the NELA conference blog.

Intellectual Freedom Committee (IFC) Keynote: Consent of the Networked: The Worldwide Struggle for Internet Freedom, Rebecca MacKinnon (Monday, 8:30am)

MacKinnon pointed to many excellent resources during her presentation (see links below), but I’ll try to summarize a few of her key points. MacKinnon observed that “technology doesn’t obey borders.” Google and Facebook are the two most popular sites in the world, not just in the U.S., and technology companies affect citizen relationships with their governments. While technology may be a liberating force (as envisioned in Apple’s 1984 Superbowl commercial), companies also can and do censor content, and governments around the world are abusing their access to data.

“There are a lot of questions that people need to know to ask and they don’t automatically know to ask.”

MacKinnon noted that our assumption is that of a trend toward democracy, but in fact, some democracies may be sliding back toward authoritarianism: “If we’re not careful, our freedom can be eroded.” We need a global movement for digital rights, the way we need a global movement to act on climate change. If change is going to happen, it must be through an alliance of civil society (citizens, activists), companies, and politicians and policymakers. Why should companies care about digital rights? “They are afraid of becoming the next Friendster.” The work of a generation, MacKinnon said, is this: legislation, accountability, transparency, and building technology that is compatible with human rights.

It sounds overwhelming, but “everybody can start where they are.” To increase your awareness, check out a few of these links:

 

 

(Failing to) Protect Patron Privacy

Twitter_Overdrive_Adobe

On October 6, Nate Hoffelder wrote a post on The Digital Reader: “Adobe is Spying on Users, Collecting Data on Their eBook Libraries.” (He has updated the post over the past couple days.) Why is this privacy-violating spying story any more deserving of attention than the multitude of others? For librarians and library users, it’s important because Adobe Digital Editions is the software that readers who borrow e-books from the library through Overdrive (as well as other platforms) are using. This software “authenticates” users, and this is necessary because the publishers require DRM (Digital Rights Management) to ensure that the one copy/one user model is in effect. (Essentially, DRM allows publishers to mimic the physical restrictions of print books – i.e. one person can read a book at a time – on e-books, which could technically be read simultaneously by any number of people. To learn more about DRM and e-books, see Cory Doctorow’s article “A Whip to Beat Us With” in Publishers Weekly; though now more than two years old, it is still accurate and relevant.)

So how did authentication become spying? Well, it turns out Adobe was collecting more information than was strictly necessary, and was sending this information back to its servers in clear text – that is, unencrypted. Sean Gallagher has been following this issue and documenting it in Ars Technica (“Adobe’s e-book reader sends your reading logs back to Adobe – in plain text“). According to that piece, the information Adobe says it collects includes the following: user ID, device ID, certified app ID, device IP address, duration for which the book was read, and percentage of the book that was read. Even if this is all they collect, it’s still plenty of information, and transmitted in plain text, it’s vulnerable to any other spying group that might be interested.

The plain text is really just the icing on this horrible, horrible cake. The core issue goes back much further and much deeper: as Andromeda Yelton wrote in an eloquent post on the matter, “about how we default to choosing access over privacy.” She points out that the ALA Code of Ethics states, “We protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted,” and yet we have compromised this principle so that we are no longer technically able to uphold it.

Jason Griffey responded to Yelton’s piece, and part of his response is worth quoting in full:

“We need to decide whether we are angry at Adobe for failing technically (for not encrypting the information or otherwise anonymizing the data) or for failing ethically (for the collection of data about what someone is reading)….

…We need to insist that the providers of our digital information act in a way that upholds the ethical beliefs of our profession. It is possible, technically, to provide these services (digital downloads to multiple devices with reading position syncing) without sacrificing the privacy of the reader.”

Griffey linked to Galen Charlton’s post (“Verifying our tools; a role for ALA?“), which suggested several steps to take to tackle these issues in the short term and the long term. “We need to stop blindly trusting our tools,” he wrote, and start testing them. “Librarians…have a professional responsibility to protect our user’s reading history,” and the American Library Association could take the lead by testing library software, and providing institutional and legal support to others who do so.

Charlton, too, pointed back to DRM as the root of these troubles, and highlighted the tension between access and privacy that Yelton mentioned. “Accepting DRM has been a terrible dilemma for libraries – enabling and supporting, no matter how passively, tools for limiting access to information flies against our professional values.  On the other hand, without some degree of acquiescence to it, libraries would be even more limited in their ability to offer current books to their patrons.”

It’s a lousy situation. We shouldn’t have to trade privacy for access; people do too much of that already, giving personal information to private companies (remember, “if you’re not paying for a product, you are the product“), which in turn give or sell it to other companies, or turn it over to the government (or the government just scoops it up). In libraries, we still believe in privacy, and we should, as Griffey put it, “insist that the providers of our digital information act in a way that upholds the ethical beliefs of our profession.” It is possible.

10/12/14: The Swiss Army Librarian linked to another piece on this topic from Agnostic, Maybe, which is worth a read: “Say Yes No Maybe So to Privacy.”

10/14/14: The Waltham Public Library (MA) posted an excellent, clear Q&A about the implications for patrons, “Privacy Concerns About E-book Borrowing.” The Librarian in Black (a.k.a. Sarah Houghton, Director of the San Rafael Public Library in California), also wrote a piece: “Adobe Spies on eBook Readers, including Library Users.” The ALA response (and Adobe’s response to the ALA) can be found here: “Adobe Responds to ALA on egregious data breach,” and that links to LITA’s post “ADE in the Library Ebook Data Lifecycle.”

10/16/14: “Adobe Responds to ALA Concerns Over E-Book Privacy” in Publishers Weekly; Overdrive’s statement about adobe Digital Editions privacy concerns. On a semi-related note, Glenn Greenwald’s TED talk, “Why Privacy Matters,” is worth 20 minutes of your time.

 

 

“Netflix for books” already exists: it’s called the library

Even in a profession where we interact with the general public daily, it can be tricky for librarians to assess how much other people know about what we do, and what libraries offer – which is why it is so delightful to see an article by a non-librarian raising awareness of a service libraries offer. In “Why the Public Library Beats Amazon – For Now” in the Wall Street Journal, Geoffrey A. Fowler praises public libraries across the country, more than 90% of which offer e-books (according to the Digital Inclusion Study funded by the Institute of Museum and Library Services).

Noting the rise of Netflix-style subscription platforms like Oyster and Scribd, Fowler observes that libraries still have a few key advantages: they’re free, and they offer more books that people want to read.

random-house-penguin11

Graphic designer Aaron Tung’s idea for the Penguin – Random House logo

Librarians have been working with publishers for several years, negotiating various deals and trying out different models (sometimes it seems like two steps forward, one step back), but finally all of the Big Five have come on board and agreed to “sell” (license) e-books and digital audiobooks to libraries under some model. (The Big Five were formerly the Big Six, but Random House and Penguin merged and became Penguin Random House, missing a tremendous opportunity to call themselves Random Penguin House, with accompanying awesome logo.)

Thus, while Amazon’s Kindle Unlimited (KU for short – has the University of Kansas made a fuss about this yet? They should) touts its 600,000 titles, the question readers should be asking is, which 600,000 titles? All books are not created equal. The library is more likely to have the books you want to read, as Fowler points out in his article. It may be true that Amazon, Oyster, and Scribd have prettier user interfaces, and it may take fewer clicks to download the book you want (if it’s there), but library platforms – including OverDrive, 3M Cloud Library, and others – have made huge strides in this area. If you haven’t downloaded an e-book from your library recently, or at all, give it a try now – it’s leaps and bounds smoother than it used to be. You may have to wait for it – most publishers still insist on the “one copy/one user” model, rather than a simultaneous use model – but it is free. (Or if you’re impatient and solvent, you can go ahead and buy it.)

Readers' advisory desk at the Portland (ME) Public Library.

Readers’ advisory desk at the Portland (ME) Public Library.

Another way in which the library differs from for-profit book-rental platforms is that, to put it bluntly, the library isn’t spying on you. If you’re reading a Kindle book, Amazon knows how fast you read, where you stop, what you highlight. Libraries, on the other hand, have always valued privacy. The next time you’re looking for an e-book, try your local library – all you need is your library card number and PIN.

Yearly wrap-up, 2013 edition

In the spirit of those sites that do a weekly wrap-up (like Dooce’s “Stuff I found while looking around” and The Bloggess’ “Sh*t I did when I wasn’t here”), here are a few odds and ends I found while going through my work e-mail inbox and my drafts folder.

How to Search: “How to Use Google Search More Effectively” is a fantastic infographic that will teach you at least one new trick, if not several. It was developed for college students, but most of the content applies to everyday Google-users. Google has its own Tips & Tricks section as well, which is probably updated to reflect changes and new features.

How to Take Care of Your Books: “Dos and Don’ts for Taking Care of Your Personal Books at Home” is a great article by Shelly Smith, the New York Public Library’s Head of Conservation Treatment. Smith recommends shelving your books upright, keeping them out of direct sunlight and extreme temperatures, and dusting. (Sigh. Yes, dusting.)

The ARPANET Dialogues: “In the period between 1975 and 1979, the Agency convened a rare series of conversations between an eccentric cast of characters representing a wide range of perspectives within the contemporary social, political and cultural milieu. The ARPANET Dialogues is a serial document which archives these conversations.” The “eccentric cast of characters” includes Ronald Reagan, Edward Said, Jane Fonda, Jim Henson, Ayn Rand, and Yoko Ono, among others. A gem of Internet history.

All About ARCs: Some librarians over at Stacked developed a survey about how librarians, bloggers, teachers, and booksellers use Advance Reader Copies (ARCs). There were 474 responses to the survey, and the authors summarized and analyzed the results beautifully. I read a lot of ARCs, both in print and through NetGalley or Edelweiss, and I was surprised to learn the extent of the changes between the ARC stage and the finished book; I had assumed changes were copy-level ones, not substantial content-level ones, but sometimes they are. (I also miss the dedication and acknowledgements.)

E-books vs. Print books: There were, at a conservative estimate, approximately a zillion articles and blog posts this year about e-books, but I especially liked this one from The Guardian, “Why ebooks are a different genre from print.” Stuart Kelly wrote, “There are two aspects to the ebook that seem to me profoundly to alter the relationship between the reader and the text. With the book, the reader’s relationship to the text is private, and the book is continuous over space, time and reader. Neither of these propositions is necessarily the case with the ebook.” He continued, “The printed book…is astonishingly stable over time, place and reader….The book, seen this way, is a radically egalitarian proposition compared to the ebook. The book treats every reader the same way.”

On (used) bookselling: This has been languishing in my drafts folder for nearly two years now. A somewhat tongue-in-cheek but not overly snarky list, “25 Things I Learned From Opening a Bookstore” includes such amusing lessons as “If someone comes in and asks for a recommendation and you ask for the name of a book that they liked and they can’t think of one, the person is not really a reader.  Recommend Nicholas Sparks.” Good for librarians as well as booksellers (though I’d hesitate to recommend Sparks).

The-Library-Book-154x250_largeOn Libraries: Along the same lines, I really enjoyed Lucy Mangan’s essay “The Rules” in The Library Book. Mangan’s “rules” are those she would enforce in her own personal library, and they include: (2) Silence is to be maintained at all times. For younger patrons, “silence” is an ancient tradition, dating from pre-digital times. It means “the absence of sound.” Sound includes talking. (3) I will provide tea and coffee at cost price, the descriptive terms for which will be limited to “black,” “white,” “no/one/two/three sugars” and “cup.” Anyone who asks for a latte, cappuccino or anything herbal anything will be taken outside and killed. Silently.

On Weeding: It’s a truth often unacknowledged that libraries possessed of many books must be in want of space to put them – or must decide to get rid of some. Julie Goldberg wrote an excellent essay on this topic, “I Can’t Believe You’re Throwing Out Books!” I also wrote a piece for the local paper, in which I explain the “culling” of our collection (not my choice of headline).

“What We Talk About When We Talk About Public Libraries”: In an essay for In the Library with the Lead Pipe, Australian Hugh Rundle wrote about the lack of incentives for public librarians to do research to test whether public libraries are achieving their desired outcomes.

Public Journalism, Private Platforms: Dan Gillmor questions how much journalists know about security, and how much control they have over their content once it’s published online. (Article by Caroline O’Donovan at Nieman Journalism Lab)

Choose Privacy Week

ALA_ChoosePrivacy_186x292-BThis week (May 1-7) is Choose Privacy Week. Today being the 7th, I’m a little late to the game, though I do read articles, blog posts, and infographics about privacy all year round. Two recent examples are Fight for the Future’s great infographic about CISPA, and the EFF’s annual “Who Has Your Back?” report about which companies protect user data from the government.

At ChoosePrivacyWeek.org, ALA has links to a curated collection of videos on the topic of privacy. Visit the Video Gallery to explore; so far I’ve only watched “Facebook Killed the Private Life” featuring Clay Shirky, which at just over four minutes is a good jumping-off point (“Social networks are profoundly changing the definition of what we consider private”). The Choose Privacy Week documentary (see below) is also a good place to start; at 23 minutes, it’s an excellent and thought-provoking overview of the topic, including commentary from Neil Gaiman and Cory Doctorow, as well as many librarians.

By the way, if you’re wondering what the orange shape on the poster is – lamb chop? Video game controller? – it is a birds-eye view of a person walking.

Privacy is such a huge topic, there are many different aspects to it. But watching the documentary, I was reminded of an article I read in the Guardian a while ago, “Why ebooks are a different genre from print.” I have heard enough rhapsodizing about the smell of books vs. soulless electronic devices, but this article puts that argument aside in favor of a few real and important differences between print books and e-books. Author Stuart Kelly writes, “There are two aspects to the ebook that seem to me profoundly to alter the relationship between the reader and the text. With the book, the reader’s relationship to the text is private, and the book is continuous over space, time and reader. Neither of these propositions is necessarily the case with the ebook.” If you’re reading on a Kindle, you’re telling Amazon what you’re buying, what you’re reading, how long you spend on each page, where you stop reading, what you highlight, and where you make notes. Amazon has also shown it has the capability to “disappear” legally purchased books from your device, and also the capability – though I don’t know if they’ve used it yet – to make changes to books you already “own,” like pushing publishers’ corrections to your first edition file.

ALA_ChoosePrivacy_186x292-AThat is only one small example of how our privacy is eroding, sometimes without our awareness, sometimes without our consent. In light of this erosion, the Choose Privacy Week documentary I mentioned above is definitely worth watching. As I watched, I couldn’t help scribbling down quotes:

“Facebook is a conditioning system to teach you to undervalue your privacy…[it] rewards you for foolish disclosure.” -Author Cory Doctorow

“It is not for us to judge why a person wants to know something.” -Librarian Sarah Pritchard, Northwestern University

“Do not put anything on the web, at all, ever, that you would not want anybody, be it your mother, your boss, your boyfriend, your girlfriend, your girlfriend’s mother, to see.” -Author Neil Gaiman

“Privacy is one of the greatest privileges that we have. Privileges, rights – both.”

People who are “in the public eye all the time,” whose private lives are documented in magazines, tabloids, and the internet, who can’t go anywhere without being accosted by paparazzi, reporters, or fans. Fame often comes at the cost of privacy, and yet so many of us put personal information on the internet where it is available to anyone who cares to look. It’s not just “you and a screen,” it’s you and the whole world. So ask yourself: What is your privacy worth?

ChoosePrivacyWeek

Amazon buys Goodreads

I experienced that sinking feeling as soon as I saw the link, even before I clicked on it: http://techcrunch.com/2013/03/28/amazon-acquires-social-reading-site-goodreads/. The full headline from Tech Crunch is “Amazon Acquires Social Reading Site Goodreads, Which Gives the Company A Social Advantage Over Apple.”

My immediate and unconsidered reaction is that this can only be bad news. Goodreads is a site I have been using since 2007: the user experience is excellent, the communication from the company is of high quality and transparency, and they seem trustworthy and reliable in the way that they handle their users’ information (unlike, say, facebook, which has made a number of massive missteps where users’ private information is concerned).

Amazon, on the other hand, mines its users’ data voraciously: they know not just what you’ve bought, but what you’ve considered buying, and what other people who bought the thing you’re looking at bought. If you have a Kindle, they know not just what you’re reading, but what you’ve highlighted, where you’ve made notes and comments, where you’ve stopped reading, where you’ve lingered – far more than I, for one, really want them to know. (Part of the reason I don’t have a Kindle.)

In a PaidContent article, “Amazon acquires book-based social network Goodreads,” Laura Hazard Owen writes, “Goodreads has served as a fairly “neutral” hub for readers until now — a place where publishers and authors can market and promote their books without being tied to a specific retailer. Until 2012, Goodreads sourced all of its book data from Amazon, but it then decided that the company’s API had become too restrictive and switched its data provider to the book wholesaler Ingram. “Our goal is to be an open place for all readers to discover and buy books from all retailers, both online and offline,” Goodreads told me at the time of the switch. While being an “open place for all readers” may still be Goodreads’ goal, it’s now clearly tied to promoting books for sale on Amazon.”

Below is a screenshot I took today, 3/28/13. You can see the page for Homeland by Cory Doctorow; there’s the cover image, a blurb (usually provided by the publisher), the cataloging data (publisher, publication year, language, format, etc.), and below that, my review, because I was logged in at the time I took the screenshot and I’ve read and reviewed Homeland (I recommend it).

 

goodreads_getacopy

Between the book info and my review, it says “Get a copy” and there are three buttons. The first one goes to Barnes & Noble; the third one goes to WorldCat, so you can find the book in a library near you, wherever you are in the world (very cool!); the middle one, “online stores,” has a drop-down menu, which includes the following retailers in this order: Kobo, Indigo, Abebooks, Half.com, Audible, Alibris, iBookstore, Sony, Better World Books, Target.com, Google Play, IndieBound, and last of all, Amazon. (If you click “more” after that, it takes you to a page where you can compare booksellers’ prices for used and new editions.)

goodreads_dropdown

 

I don’t know what else will change once Amazon is in charge of Goodreads, but I bet Amazon moves up that list from the bottom. Will Goodreads even continue linking to other booksellers? I hope so.

There is an open letter on Goodreads now from the founder, Otis Chandler, rhapsodizing about bringing Goodreads to the Kindle. There’s a press release on Amazon where VP of Kindle content Russ Grandinetti talks about Goodreads and Amazon’s “share[d] passion for reinventing reading.” All of it makes me more wary than excited, but we’ll see what happens.  Meanwhile, I’ll be backing up my data more religiously than usual (if you have an account, you can export all the content you’ve added to Goodreads from the import/export page).