Why Your Library’s Privacy Policy Matters

Today’s ALA/Booklist webinar, Why Your Library’s Policy Matters, was led by Cherie L. Givens, author of Information Privacy Fundamentals for Librarians and Information Professionals. The webinar seemed almost like a commercial for the book, because Givens only spoke generally, pointing listeners to the book for further detail. In fairness, it would be difficult to cover the topic of library privacy policies in depth in an hour, but I was still hoping for something slightly more concrete and practical. Nevertheless, here are the points she covered:

  • When drawing up a library privacy policy, make sure you are aware of relevant federal* and state legislation. State legislation (e.g. California) may be stricter than federal legislation.

*Particularly the Children’s Online Privacy Protection Act (COPPA), Family Education Rights and Privacy Act (FERPA), Protection of Pupil Rights Amendment (PPRA), No Child Left Behind (NCLB), the PATRIOT Act, Foreign Intelligence Surveillance Act (FISA), and National Security Letters (NSLs). (If your library does receive an NSL, the lawyers at ACLU would love to hear about it.)

  • The Federal Trade Commission (FTC) is a good resource for consumer protection (“We collect complaints about hundreds of issues from data security and deceptive advertising to identity theft and Do Not Call violations”).
  • People should have control over their Personally Identifiable Information (PII), including sensitive personal data such as Social Security Numbers. People should know when, how, and what PII is being communicated to others. It’s always best to collect as little information as possible, only what is necessary; minimize data collection and retention.
  • Every library needs a privacy policy, but the policy is just step one. The next step is to make sure your procedures match the policy, and that you contract for privacy with third parties (vendors) to ensure that they handle patron data according to the same standards.*
  • Perform a privacy audit/assessment: what information do you collect and how do you use it?
  • Look at other libraries’ privacy policies, and the privacy policies of small/medium-sized businesses.
  • The library privacy policy should be visible to users: hand it out with new library cards, post it near computers, keep a copy at the reference desk. (And on the library website?)
  • Privacy is important not just for intellectual freedom, but intellectual curiosity.

*I haven’t seen the contract language, but I would imagine this is much more difficult than it sounds, especially if a library is working with Overdrive, which allows patrons to check out Kindle books through Amazon. Amazon is a data-hungry beast.

These fair information practice principles I copied directly from slide 10 of Givens’ presentation:

  • Notice/Awareness: Provide notice of information collection practices before information is collected.
  • Choice/Consent: Give the subjects of data collection options about whether and how their personal information may be used.
  • Access/Participation: Provide access to an individual’s personal information so that the individual can review and correct it.
  • Integrity/Security: The data collector must take reasonable steps to make sure the data is accurate and secure.
  • Accountability or Enforcement/Redress: There must be a mechanism for addressing and resolving complaints for failing to abide by the above four principles.

Lastly, this great article was cited by one of the webinar participants. I remember reading it before (it was a Library Link of the Day on 10/4/14): “Librarians won’t stay quiet about government surveillance,” Washington Post, Andrea Peterson, 10/3/14.

This webinar will be archived with the rest of Booklist’s webinars, probably within the next week.

 

Nothing to hide: Readers’ rights to privacy and confidentiality

One of the first arguments that comes up in the privacy debate – whether the issue at hand is a police search of your vehicle or Amazon keeping a record of every Kindle book you read – is that only people who have “something to hide” care about privacy.

To say this is disingenuous, and if the people who made this argument thought for even five minutes, I bet they could come up with a few things about their lives that aren’t illegal, or even morally or ethically wrong, but that they’d like to keep private anyway. Let’s consider the issue of library books, and what the books you check out may reveal about you. (Notice The Anarchist Cookbook is not on the following list. I don’t know the statistics about where terrorists get their bomb-making instructions, but I doubt most of it comes from the public library. There’s this thing called the Internet, you see.)

  • What to Expect When You’re Expecting, or other books that might indicate you’re trying to start a family before you’ve told anyone else.
  • Cracking the New GRE, or other test-prep books for grad school or a planned career change you aren’t ready to tell your current boss about.
  • Managing Your Depression, The Lahey Clinic Guide to Cooking Through Cancer, or other books about medical conditions you or someone close to you may be experiencing.
  • Bankruptcy for Small Business Owners might prove worrisome to your clients or your bank.
  • The Guide to Getting It On, or any books on the topics of sexuality, sexual health, safe sex, etc. (In many libraries, kids can get their own library cards at a young age, and parents aren’t allowed to monitor their accounts.) See also: It Gets Better: Coming Out, Overcoming Bullying, Creating a Life Worth Living, or Transgender Lives, etc.
  • God Is Not Great or other anti-religious texts would likely be poorly received if you’re part of a religious family or community.
  • A Gentle Path Through the Twelve Steps, or other books about personal struggle and recovery.
  • How to Buy a House; How to Sell A House, or other real estate books when you haven’t told anyone you’re thinking of moving.

These are just a few examples of information that people might justifiably want to keep personal and private, but not because of any wrongdoing. And this is why librarians strive to protect patron privacy.

“We protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.” -ALA Code of Ethics

11/1/14 Edited to add: This short graphic novel about privacy and technology from Al Jazeera America expands this idea, looking not just at people’s reading history but about all the information they share, voluntarily or not. Thanks to Library Link of the Day for the link.

"Even if you have nothing bad to hide, giving up privacy can mean giving up power over your life story and competing with others for control."

“Even if you have nothing bad to hide, giving up privacy can mean giving up power over your life story and competing with others for control.”

 

TOS42

“Maybe we’ve been given a false choice between opting in and giving up control over how that information is used–” “–between sharing and being left out.”

11/3/14 Edited to add: Kevin O’Kelly from the Somerville Public Library reminded me of Glenn Greenwald’s excellent TED Talk, “Why Privacy Matters.” In it, Greenwald says, “People who say that…privacy isn’t really important, they don’t actually believe it, and the way you know that they don’t actually believe it is that while they say with their words that privacy doesn’t matter, with their actions, they take all kinds of steps to safeguard their privacy. They put passwords on their email and their social media accounts, they put locks on their bedroom and bathroom doors, all steps designed to prevent other people from entering what they consider their private realm and knowing what it is that they don’t want other people to know.

And also: “We as human beings, even those of us who in words disclaim the importance of our own privacy, instinctively understand the profound importance of it. It is true that as human beings, we’re social animals, which means we have a need for other people to know what we’re doing and saying and thinking, which is why we voluntarily publish information about ourselves online. But equally essential to what it means to be a free and fulfilled human being is to have a place that we can go and be free of the judgmental eyes of other people.”

Greenwald is the author of No Place to Hide: Edward Snowden, the NSA, and the U.S. surveillance state (2014). His TED talk is well worth 20 minutes of your time.

 

NELA 2014: Consent of the Networked

Cross-posted on the NELA conference blog.

Intellectual Freedom Committee (IFC) Keynote: Consent of the Networked: The Worldwide Struggle for Internet Freedom, Rebecca MacKinnon (Monday, 8:30am)

MacKinnon pointed to many excellent resources during her presentation (see links below), but I’ll try to summarize a few of her key points. MacKinnon observed that “technology doesn’t obey borders.” Google and Facebook are the two most popular sites in the world, not just in the U.S., and technology companies affect citizen relationships with their governments. While technology may be a liberating force (as envisioned in Apple’s 1984 Superbowl commercial), companies also can and do censor content, and governments around the world are abusing their access to data.

“There are a lot of questions that people need to know to ask and they don’t automatically know to ask.”

MacKinnon noted that our assumption is that of a trend toward democracy, but in fact, some democracies may be sliding back toward authoritarianism: “If we’re not careful, our freedom can be eroded.” We need a global movement for digital rights, the way we need a global movement to act on climate change. If change is going to happen, it must be through an alliance of civil society (citizens, activists), companies, and politicians and policymakers. Why should companies care about digital rights? “They are afraid of becoming the next Friendster.” The work of a generation, MacKinnon said, is this: legislation, accountability, transparency, and building technology that is compatible with human rights.

It sounds overwhelming, but “everybody can start where they are.” To increase your awareness, check out a few of these links:

 

 

(Failing to) Protect Patron Privacy

Twitter_Overdrive_Adobe

On October 6, Nate Hoffelder wrote a post on The Digital Reader: “Adobe is Spying on Users, Collecting Data on Their eBook Libraries.” (He has updated the post over the past couple days.) Why is this privacy-violating spying story any more deserving of attention than the multitude of others? For librarians and library users, it’s important because Adobe Digital Editions is the software that readers who borrow e-books from the library through Overdrive (as well as other platforms) are using. This software “authenticates” users, and this is necessary because the publishers require DRM (Digital Rights Management) to ensure that the one copy/one user model is in effect. (Essentially, DRM allows publishers to mimic the physical restrictions of print books – i.e. one person can read a book at a time – on e-books, which could technically be read simultaneously by any number of people. To learn more about DRM and e-books, see Cory Doctorow’s article “A Whip to Beat Us With” in Publishers Weekly; though now more than two years old, it is still accurate and relevant.)

So how did authentication become spying? Well, it turns out Adobe was collecting more information than was strictly necessary, and was sending this information back to its servers in clear text – that is, unencrypted. Sean Gallagher has been following this issue and documenting it in Ars Technica (“Adobe’s e-book reader sends your reading logs back to Adobe – in plain text“). According to that piece, the information Adobe says it collects includes the following: user ID, device ID, certified app ID, device IP address, duration for which the book was read, and percentage of the book that was read. Even if this is all they collect, it’s still plenty of information, and transmitted in plain text, it’s vulnerable to any other spying group that might be interested.

The plain text is really just the icing on this horrible, horrible cake. The core issue goes back much further and much deeper: as Andromeda Yelton wrote in an eloquent post on the matter, “about how we default to choosing access over privacy.” She points out that the ALA Code of Ethics states, “We protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted,” and yet we have compromised this principle so that we are no longer technically able to uphold it.

Jason Griffey responded to Yelton’s piece, and part of his response is worth quoting in full:

“We need to decide whether we are angry at Adobe for failing technically (for not encrypting the information or otherwise anonymizing the data) or for failing ethically (for the collection of data about what someone is reading)….

…We need to insist that the providers of our digital information act in a way that upholds the ethical beliefs of our profession. It is possible, technically, to provide these services (digital downloads to multiple devices with reading position syncing) without sacrificing the privacy of the reader.”

Griffey linked to Galen Charlton’s post (“Verifying our tools; a role for ALA?“), which suggested several steps to take to tackle these issues in the short term and the long term. “We need to stop blindly trusting our tools,” he wrote, and start testing them. “Librarians…have a professional responsibility to protect our user’s reading history,” and the American Library Association could take the lead by testing library software, and providing institutional and legal support to others who do so.

Charlton, too, pointed back to DRM as the root of these troubles, and highlighted the tension between access and privacy that Yelton mentioned. “Accepting DRM has been a terrible dilemma for libraries – enabling and supporting, no matter how passively, tools for limiting access to information flies against our professional values.  On the other hand, without some degree of acquiescence to it, libraries would be even more limited in their ability to offer current books to their patrons.”

It’s a lousy situation. We shouldn’t have to trade privacy for access; people do too much of that already, giving personal information to private companies (remember, “if you’re not paying for a product, you are the product“), which in turn give or sell it to other companies, or turn it over to the government (or the government just scoops it up). In libraries, we still believe in privacy, and we should, as Griffey put it, “insist that the providers of our digital information act in a way that upholds the ethical beliefs of our profession.” It is possible.

10/12/14: The Swiss Army Librarian linked to another piece on this topic from Agnostic, Maybe, which is worth a read: “Say Yes No Maybe So to Privacy.”

10/14/14: The Waltham Public Library (MA) posted an excellent, clear Q&A about the implications for patrons, “Privacy Concerns About E-book Borrowing.” The Librarian in Black (a.k.a. Sarah Houghton, Director of the San Rafael Public Library in California), also wrote a piece: “Adobe Spies on eBook Readers, including Library Users.” The ALA response (and Adobe’s response to the ALA) can be found here: “Adobe Responds to ALA on egregious data breach,” and that links to LITA’s post “ADE in the Library Ebook Data Lifecycle.”

10/16/14: “Adobe Responds to ALA Concerns Over E-Book Privacy” in Publishers Weekly; Overdrive’s statement about adobe Digital Editions privacy concerns. On a semi-related note, Glenn Greenwald’s TED talk, “Why Privacy Matters,” is worth 20 minutes of your time.

 

 

“Netflix for books” already exists: it’s called the library

Even in a profession where we interact with the general public daily, it can be tricky for librarians to assess how much other people know about what we do, and what libraries offer – which is why it is so delightful to see an article by a non-librarian raising awareness of a service libraries offer. In “Why the Public Library Beats Amazon – For Now” in the Wall Street Journal, Geoffrey A. Fowler praises public libraries across the country, more than 90% of which offer e-books (according to the Digital Inclusion Study funded by the Institute of Museum and Library Services).

Noting the rise of Netflix-style subscription platforms like Oyster and Scribd, Fowler observes that libraries still have a few key advantages: they’re free, and they offer more books that people want to read.

random-house-penguin11

Graphic designer Aaron Tung’s idea for the Penguin – Random House logo

Librarians have been working with publishers for several years, negotiating various deals and trying out different models (sometimes it seems like two steps forward, one step back), but finally all of the Big Five have come on board and agreed to “sell” (license) e-books and digital audiobooks to libraries under some model. (The Big Five were formerly the Big Six, but Random House and Penguin merged and became Penguin Random House, missing a tremendous opportunity to call themselves Random Penguin House, with accompanying awesome logo.)

Thus, while Amazon’s Kindle Unlimited (KU for short – has the University of Kansas made a fuss about this yet? They should) touts its 600,000 titles, the question readers should be asking is, which 600,000 titles? All books are not created equal. The library is more likely to have the books you want to read, as Fowler points out in his article. It may be true that Amazon, Oyster, and Scribd have prettier user interfaces, and it may take fewer clicks to download the book you want (if it’s there), but library platforms – including OverDrive, 3M Cloud Library, and others – have made huge strides in this area. If you haven’t downloaded an e-book from your library recently, or at all, give it a try now – it’s leaps and bounds smoother than it used to be. You may have to wait for it – most publishers still insist on the “one copy/one user” model, rather than a simultaneous use model – but it is free. (Or if you’re impatient and solvent, you can go ahead and buy it.)

Readers' advisory desk at the Portland (ME) Public Library.

Readers’ advisory desk at the Portland (ME) Public Library.

Another way in which the library differs from for-profit book-rental platforms is that, to put it bluntly, the library isn’t spying on you. If you’re reading a Kindle book, Amazon knows how fast you read, where you stop, what you highlight. Libraries, on the other hand, have always valued privacy. The next time you’re looking for an e-book, try your local library – all you need is your library card number and PIN.

Yearly wrap-up, 2013 edition

In the spirit of those sites that do a weekly wrap-up (like Dooce’s “Stuff I found while looking around” and The Bloggess’ “Sh*t I did when I wasn’t here”), here are a few odds and ends I found while going through my work e-mail inbox and my drafts folder.

How to Search: “How to Use Google Search More Effectively” is a fantastic infographic that will teach you at least one new trick, if not several. It was developed for college students, but most of the content applies to everyday Google-users. Google has its own Tips & Tricks section as well, which is probably updated to reflect changes and new features.

How to Take Care of Your Books: “Dos and Don’ts for Taking Care of Your Personal Books at Home” is a great article by Shelly Smith, the New York Public Library’s Head of Conservation Treatment. Smith recommends shelving your books upright, keeping them out of direct sunlight and extreme temperatures, and dusting. (Sigh. Yes, dusting.)

The ARPANET Dialogues: “In the period between 1975 and 1979, the Agency convened a rare series of conversations between an eccentric cast of characters representing a wide range of perspectives within the contemporary social, political and cultural milieu. The ARPANET Dialogues is a serial document which archives these conversations.” The “eccentric cast of characters” includes Ronald Reagan, Edward Said, Jane Fonda, Jim Henson, Ayn Rand, and Yoko Ono, among others. A gem of Internet history.

All About ARCs: Some librarians over at Stacked developed a survey about how librarians, bloggers, teachers, and booksellers use Advance Reader Copies (ARCs). There were 474 responses to the survey, and the authors summarized and analyzed the results beautifully. I read a lot of ARCs, both in print and through NetGalley or Edelweiss, and I was surprised to learn the extent of the changes between the ARC stage and the finished book; I had assumed changes were copy-level ones, not substantial content-level ones, but sometimes they are. (I also miss the dedication and acknowledgements.)

E-books vs. Print books: There were, at a conservative estimate, approximately a zillion articles and blog posts this year about e-books, but I especially liked this one from The Guardian, “Why ebooks are a different genre from print.” Stuart Kelly wrote, “There are two aspects to the ebook that seem to me profoundly to alter the relationship between the reader and the text. With the book, the reader’s relationship to the text is private, and the book is continuous over space, time and reader. Neither of these propositions is necessarily the case with the ebook.” He continued, “The printed book…is astonishingly stable over time, place and reader….The book, seen this way, is a radically egalitarian proposition compared to the ebook. The book treats every reader the same way.”

On (used) bookselling: This has been languishing in my drafts folder for nearly two years now. A somewhat tongue-in-cheek but not overly snarky list, “25 Things I Learned From Opening a Bookstore” includes such amusing lessons as “If someone comes in and asks for a recommendation and you ask for the name of a book that they liked and they can’t think of one, the person is not really a reader.  Recommend Nicholas Sparks.” Good for librarians as well as booksellers (though I’d hesitate to recommend Sparks).

The-Library-Book-154x250_largeOn Libraries: Along the same lines, I really enjoyed Lucy Mangan’s essay “The Rules” in The Library Book. Mangan’s “rules” are those she would enforce in her own personal library, and they include: (2) Silence is to be maintained at all times. For younger patrons, “silence” is an ancient tradition, dating from pre-digital times. It means “the absence of sound.” Sound includes talking. (3) I will provide tea and coffee at cost price, the descriptive terms for which will be limited to “black,” “white,” “no/one/two/three sugars” and “cup.” Anyone who asks for a latte, cappuccino or anything herbal anything will be taken outside and killed. Silently.

On Weeding: It’s a truth often unacknowledged that libraries possessed of many books must be in want of space to put them – or must decide to get rid of some. Julie Goldberg wrote an excellent essay on this topic, “I Can’t Believe You’re Throwing Out Books!” I also wrote a piece for the local paper, in which I explain the “culling” of our collection (not my choice of headline).

“What We Talk About When We Talk About Public Libraries”: In an essay for In the Library with the Lead Pipe, Australian Hugh Rundle wrote about the lack of incentives for public librarians to do research to test whether public libraries are achieving their desired outcomes.

Public Journalism, Private Platforms: Dan Gillmor questions how much journalists know about security, and how much control they have over their content once it’s published online. (Article by Caroline O’Donovan at Nieman Journalism Lab)

Choose Privacy Week

ALA_ChoosePrivacy_186x292-BThis week (May 1-7) is Choose Privacy Week. Today being the 7th, I’m a little late to the game, though I do read articles, blog posts, and infographics about privacy all year round. Two recent examples are Fight for the Future’s great infographic about CISPA, and the EFF’s annual “Who Has Your Back?” report about which companies protect user data from the government.

At ChoosePrivacyWeek.org, ALA has links to a curated collection of videos on the topic of privacy. Visit the Video Gallery to explore; so far I’ve only watched “Facebook Killed the Private Life” featuring Clay Shirky, which at just over four minutes is a good jumping-off point (“Social networks are profoundly changing the definition of what we consider private”). The Choose Privacy Week documentary (see below) is also a good place to start; at 23 minutes, it’s an excellent and thought-provoking overview of the topic, including commentary from Neil Gaiman and Cory Doctorow, as well as many librarians.

By the way, if you’re wondering what the orange shape on the poster is – lamb chop? Video game controller? – it is a birds-eye view of a person walking.

Privacy is such a huge topic, there are many different aspects to it. But watching the documentary, I was reminded of an article I read in the Guardian a while ago, “Why ebooks are a different genre from print.” I have heard enough rhapsodizing about the smell of books vs. soulless electronic devices, but this article puts that argument aside in favor of a few real and important differences between print books and e-books. Author Stuart Kelly writes, “There are two aspects to the ebook that seem to me profoundly to alter the relationship between the reader and the text. With the book, the reader’s relationship to the text is private, and the book is continuous over space, time and reader. Neither of these propositions is necessarily the case with the ebook.” If you’re reading on a Kindle, you’re telling Amazon what you’re buying, what you’re reading, how long you spend on each page, where you stop reading, what you highlight, and where you make notes. Amazon has also shown it has the capability to “disappear” legally purchased books from your device, and also the capability – though I don’t know if they’ve used it yet – to make changes to books you already “own,” like pushing publishers’ corrections to your first edition file.

ALA_ChoosePrivacy_186x292-AThat is only one small example of how our privacy is eroding, sometimes without our awareness, sometimes without our consent. In light of this erosion, the Choose Privacy Week documentary I mentioned above is definitely worth watching. As I watched, I couldn’t help scribbling down quotes:

“Facebook is a conditioning system to teach you to undervalue your privacy…[it] rewards you for foolish disclosure.” -Author Cory Doctorow

“It is not for us to judge why a person wants to know something.” -Librarian Sarah Pritchard, Northwestern University

“Do not put anything on the web, at all, ever, that you would not want anybody, be it your mother, your boss, your boyfriend, your girlfriend, your girlfriend’s mother, to see.” -Author Neil Gaiman

“Privacy is one of the greatest privileges that we have. Privileges, rights – both.”

People who are “in the public eye all the time,” whose private lives are documented in magazines, tabloids, and the internet, who can’t go anywhere without being accosted by paparazzi, reporters, or fans. Fame often comes at the cost of privacy, and yet so many of us put personal information on the internet where it is available to anyone who cares to look. It’s not just “you and a screen,” it’s you and the whole world. So ask yourself: What is your privacy worth?

ChoosePrivacyWeek