Introduction to Cyber Security

FutureLearnThis fall, I enrolled in, and completed, my first first MOOC (massive open online course), Introduction to Cyber Security at the Open University (UK) through their FutureLearn program. I found out about the course almost simultaneously through Cory Doctorow at BoingBoing and the Radical Reference listserv (thanks, Kevin).

Screen shot from course "trailer," featuring Cory Doctorow
Screen shot from course “trailer,” featuring Cory Doctorow

The free eight-week course started on October 15 and ended on December 5. Each week started with a short video, featuring course guide Cory Doctorow, and the rest of the week’s course materials included short articles and videos. Transcripts of the videos were made available, and other materials were available to download in PDF. Each step of each week included a discussion area, but only some of the steps included specific prompts or assignments to research and comment; facilitators from OU moderated the discussions and occasionally answered questions. Each week ended with a quiz; students had three tries to get each answer, earning successively fewer points for each try.

Week 1: [Security] Threat Landscape: Learn basic techniques for protecting your computers and your online information.
Week 2: Authentication and passwords
Week 3: Malware basics
Week 4: Networking and Communications: How does the Internet work?
Week 5: Cryptography basics
Week 6: Network security and firewalls
Week 7: “When your defenses fail”: What to do when things go wrong
Week 8: Managing and analyzing security risks

The FutureLearn website was incredibly easy to use, with a clean and intuitive design, and each week of the course was broken down into little bite-size chunks so it was easy to do a little bit at a time, or plow through a whole week in one or two sessions. I tended to do most of the work on Thursdays and Fridays, so there were plenty of comments in the discussions by the time I got there.

Anyone can still take the course, so I won’t go too in-depth here, but the following are some tips, facts, and resources I found valuable or noteworthy during the course:

  • Identify your information assets: these include school, work, and personal documents; photos; social media account information and content; e-mail; and more, basically anything you store locally on your computer or in the cloud. What is the value (high/medium/low) of this information to you? What are the relevant threats?
  • Passwords are how we identify ourselves (authentication). Passwords should be memorable, long, and unique (don’t use the same password for different sites or accounts). Password managers such as LastPass or KeyPass can help, but that is placing a lot of trust in them. Password managers should: require a password, lock up if inactive, be encrypted, and use 2-factor authentication.
  • Use 2-factor authentication whenever it is available.
  • 85% of all e-mail sent in 2011 was spam.
  • Anti-virus software uses two techniques: signatures (distinctive patterns of data) and heuristics (rules based on previous knowledge about known viruses).
  • The Sophos “Threatsaurus” provides an “A-Z of computer and data security threats” in plain English.
  • The Internet is “a network of networks.” Protocols (e.g. TCP/IP) are conventions for communication between computers. All computers understand the same protocols, even in different networks.
  • Wireless networks are exposed to risks to Confidentiality, Integrity, and Availability (CIA); thus, encryption is necessary. The best option currently is Wireless Protected Access (WPA2).
  • The Domain Name Server (DNS) translates URLs to IP addresses.
  • Any data that can be represented in binary format can be encrypted by a computer.
  • Symmetric encryption: 2 copies of 1 shared key. But how to transmit the shared key safely? Asymmetric encryption (a.k.a. public key cryptography) uses two keys and the Diffie-Hellman key exchange. (The video to explain this was very helpful.)
  • Pretty Good Privacy (PGP) is a collection of crypto techniques. In the course, we sent and received encrypted e-mail with Mailvelope.
  • Transport Layer Security (TLS) has replaced Secure Sockets Layer (SSL) as the standard crypto protocol to provide communication security over the Internet.
  • Firewalls block dangerous information/communications from spreading across networks. A personal firewall protects the computer it’s installed on.
  • Virtual Private Networks (VPNs) allow a secure connection across an untrusted network. VPNs use hashes, digital signatures, and message authentication codes (MACs).
  • Data loss is often due to “insider attacks”; these make up 36-37% of information security breaches.
  • Data is the representation of information (meaning).
  • The eight principles of the Data Protection Act (UK). Much of the information about legislation in Week 7 was specific to the UK, including the Computer Misuse Act (1990), the Regulation of Investigatory Powers Act (2000), and the Fraud Act (2006).
  • File permissions may be set to write (allows editing), read (allows copying), and execute (run program).
  • Use a likelihood-impact matrix to analyze risk: protect high-impact, high-likelihood data like e-mail, passwords, and online banking data.

Now that I’ve gained an increased awareness of cyber security, what’s changed? Partly due to this course and partly thanks to earlier articles, conference sessions, and workshops, here are the tools I use now:

See also this excellent list of privacy tools from the Watertown Free Library. Privacy/security is one of those topics you can’t just learn about once and be done; it’s a constant effort to keep up. But as more and more of our data becomes electronic, it’s essential that we keep tabs on threats and do our best to protect our online privacy.

Why Your Library’s Privacy Policy Matters

Today’s ALA/Booklist webinar, Why Your Library’s Policy Matters, was led by Cherie L. Givens, author of Information Privacy Fundamentals for Librarians and Information Professionals. The webinar seemed almost like a commercial for the book, because Givens only spoke generally, pointing listeners to the book for further detail. In fairness, it would be difficult to cover the topic of library privacy policies in depth in an hour, but I was still hoping for something slightly more concrete and practical. Nevertheless, here are the points she covered:

  • When drawing up a library privacy policy, make sure you are aware of relevant federal* and state legislation. State legislation (e.g. California) may be stricter than federal legislation.

*Particularly the Children’s Online Privacy Protection Act (COPPA), Family Education Rights and Privacy Act (FERPA), Protection of Pupil Rights Amendment (PPRA), No Child Left Behind (NCLB), the PATRIOT Act, Foreign Intelligence Surveillance Act (FISA), and National Security Letters (NSLs). (If your library does receive an NSL, the lawyers at ACLU would love to hear about it.)

  • The Federal Trade Commission (FTC) is a good resource for consumer protection (“We collect complaints about hundreds of issues from data security and deceptive advertising to identity theft and Do Not Call violations”).
  • People should have control over their Personally Identifiable Information (PII), including sensitive personal data such as Social Security Numbers. People should know when, how, and what PII is being communicated to others. It’s always best to collect as little information as possible, only what is necessary; minimize data collection and retention.
  • Every library needs a privacy policy, but the policy is just step one. The next step is to make sure your procedures match the policy, and that you contract for privacy with third parties (vendors) to ensure that they handle patron data according to the same standards.*
  • Perform a privacy audit/assessment: what information do you collect and how do you use it?
  • Look at other libraries’ privacy policies, and the privacy policies of small/medium-sized businesses.
  • The library privacy policy should be visible to users: hand it out with new library cards, post it near computers, keep a copy at the reference desk. (And on the library website?)
  • Privacy is important not just for intellectual freedom, but intellectual curiosity.

*I haven’t seen the contract language, but I would imagine this is much more difficult than it sounds, especially if a library is working with Overdrive, which allows patrons to check out Kindle books through Amazon. Amazon is a data-hungry beast.

These fair information practice principles I copied directly from slide 10 of Givens’ presentation:

  • Notice/Awareness: Provide notice of information collection practices before information is collected.
  • Choice/Consent: Give the subjects of data collection options about whether and how their personal information may be used.
  • Access/Participation: Provide access to an individual’s personal information so that the individual can review and correct it.
  • Integrity/Security: The data collector must take reasonable steps to make sure the data is accurate and secure.
  • Accountability or Enforcement/Redress: There must be a mechanism for addressing and resolving complaints for failing to abide by the above four principles.

Lastly, this great article was cited by one of the webinar participants. I remember reading it before (it was a Library Link of the Day on 10/4/14): “Librarians won’t stay quiet about government surveillance,” Washington Post, Andrea Peterson, 10/3/14.

This webinar will be archived with the rest of Booklist’s webinars, probably within the next week.

 

Nothing to hide: Readers’ rights to privacy and confidentiality

One of the first arguments that comes up in the privacy debate – whether the issue at hand is a police search of your vehicle or Amazon keeping a record of every Kindle book you read – is that only people who have “something to hide” care about privacy.

To say this is disingenuous, and if the people who made this argument thought for even five minutes, I bet they could come up with a few things about their lives that aren’t illegal, or even morally or ethically wrong, but that they’d like to keep private anyway. Let’s consider the issue of library books, and what the books you check out may reveal about you. (Notice The Anarchist Cookbook is not on the following list. I don’t know the statistics about where terrorists get their bomb-making instructions, but I doubt most of it comes from the public library. There’s this thing called the Internet, you see.)

  • What to Expect When You’re Expecting, or other books that might indicate you’re trying to start a family before you’ve told anyone else.
  • Cracking the New GRE, or other test-prep books for grad school or a planned career change you aren’t ready to tell your current boss about.
  • Managing Your Depression, The Lahey Clinic Guide to Cooking Through Cancer, or other books about medical conditions you or someone close to you may be experiencing.
  • Bankruptcy for Small Business Owners might prove worrisome to your clients or your bank.
  • The Guide to Getting It On, or any books on the topics of sexuality, sexual health, safe sex, etc. (In many libraries, kids can get their own library cards at a young age, and parents aren’t allowed to monitor their accounts.) See also: It Gets Better: Coming Out, Overcoming Bullying, Creating a Life Worth Living, or Transgender Lives, etc.
  • God Is Not Great or other anti-religious texts would likely be poorly received if you’re part of a religious family or community.
  • A Gentle Path Through the Twelve Steps, or other books about personal struggle and recovery.
  • How to Buy a House; How to Sell A House, or other real estate books when you haven’t told anyone you’re thinking of moving.

These are just a few examples of information that people might justifiably want to keep personal and private, but not because of any wrongdoing. And this is why librarians strive to protect patron privacy.

“We protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.” -ALA Code of Ethics

11/1/14 Edited to add: This short graphic novel about privacy and technology from Al Jazeera America expands this idea, looking not just at people’s reading history but about all the information they share, voluntarily or not. Thanks to Library Link of the Day for the link.

"Even if you have nothing bad to hide, giving up privacy can mean giving up power over your life story and competing with others for control."
“Even if you have nothing bad to hide, giving up privacy can mean giving up power over your life story and competing with others for control.”

 

TOS42

“Maybe we’ve been given a false choice between opting in and giving up control over how that information is used–” “–between sharing and being left out.”

11/3/14 Edited to add: Kevin O’Kelly from the Somerville Public Library reminded me of Glenn Greenwald’s excellent TED Talk, “Why Privacy Matters.” In it, Greenwald says, “People who say that…privacy isn’t really important, they don’t actually believe it, and the way you know that they don’t actually believe it is that while they say with their words that privacy doesn’t matter, with their actions, they take all kinds of steps to safeguard their privacy. They put passwords on their email and their social media accounts, they put locks on their bedroom and bathroom doors, all steps designed to prevent other people from entering what they consider their private realm and knowing what it is that they don’t want other people to know.

And also: “We as human beings, even those of us who in words disclaim the importance of our own privacy, instinctively understand the profound importance of it. It is true that as human beings, we’re social animals, which means we have a need for other people to know what we’re doing and saying and thinking, which is why we voluntarily publish information about ourselves online. But equally essential to what it means to be a free and fulfilled human being is to have a place that we can go and be free of the judgmental eyes of other people.”

Greenwald is the author of No Place to Hide: Edward Snowden, the NSA, and the U.S. surveillance state (2014). His TED talk is well worth 20 minutes of your time.

 

NELA 2014: Consent of the Networked

Cross-posted on the NELA conference blog.

Intellectual Freedom Committee (IFC) Keynote: Consent of the Networked: The Worldwide Struggle for Internet Freedom, Rebecca MacKinnon (Monday, 8:30am)

MacKinnon pointed to many excellent resources during her presentation (see links below), but I’ll try to summarize a few of her key points. MacKinnon observed that “technology doesn’t obey borders.” Google and Facebook are the two most popular sites in the world, not just in the U.S., and technology companies affect citizen relationships with their governments. While technology may be a liberating force (as envisioned in Apple’s 1984 Superbowl commercial), companies also can and do censor content, and governments around the world are abusing their access to data.

“There are a lot of questions that people need to know to ask and they don’t automatically know to ask.”

MacKinnon noted that our assumption is that of a trend toward democracy, but in fact, some democracies may be sliding back toward authoritarianism: “If we’re not careful, our freedom can be eroded.” We need a global movement for digital rights, the way we need a global movement to act on climate change. If change is going to happen, it must be through an alliance of civil society (citizens, activists), companies, and politicians and policymakers. Why should companies care about digital rights? “They are afraid of becoming the next Friendster.” The work of a generation, MacKinnon said, is this: legislation, accountability, transparency, and building technology that is compatible with human rights.

It sounds overwhelming, but “everybody can start where they are.” To increase your awareness, check out a few of these links:

 

 

(Failing to) Protect Patron Privacy

Twitter_Overdrive_Adobe

On October 6, Nate Hoffelder wrote a post on The Digital Reader: “Adobe is Spying on Users, Collecting Data on Their eBook Libraries.” (He has updated the post over the past couple days.) Why is this privacy-violating spying story any more deserving of attention than the multitude of others? For librarians and library users, it’s important because Adobe Digital Editions is the software that readers who borrow e-books from the library through Overdrive (as well as other platforms) are using. This software “authenticates” users, and this is necessary because the publishers require DRM (Digital Rights Management) to ensure that the one copy/one user model is in effect. (Essentially, DRM allows publishers to mimic the physical restrictions of print books – i.e. one person can read a book at a time – on e-books, which could technically be read simultaneously by any number of people. To learn more about DRM and e-books, see Cory Doctorow’s article “A Whip to Beat Us With” in Publishers Weekly; though now more than two years old, it is still accurate and relevant.)

So how did authentication become spying? Well, it turns out Adobe was collecting more information than was strictly necessary, and was sending this information back to its servers in clear text – that is, unencrypted. Sean Gallagher has been following this issue and documenting it in Ars Technica (“Adobe’s e-book reader sends your reading logs back to Adobe – in plain text“). According to that piece, the information Adobe says it collects includes the following: user ID, device ID, certified app ID, device IP address, duration for which the book was read, and percentage of the book that was read. Even if this is all they collect, it’s still plenty of information, and transmitted in plain text, it’s vulnerable to any other spying group that might be interested.

The plain text is really just the icing on this horrible, horrible cake. The core issue goes back much further and much deeper: as Andromeda Yelton wrote in an eloquent post on the matter, “about how we default to choosing access over privacy.” She points out that the ALA Code of Ethics states, “We protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted,” and yet we have compromised this principle so that we are no longer technically able to uphold it.

Jason Griffey responded to Yelton’s piece, and part of his response is worth quoting in full:

“We need to decide whether we are angry at Adobe for failing technically (for not encrypting the information or otherwise anonymizing the data) or for failing ethically (for the collection of data about what someone is reading)….

…We need to insist that the providers of our digital information act in a way that upholds the ethical beliefs of our profession. It is possible, technically, to provide these services (digital downloads to multiple devices with reading position syncing) without sacrificing the privacy of the reader.”

Griffey linked to Galen Charlton’s post (“Verifying our tools; a role for ALA?“), which suggested several steps to take to tackle these issues in the short term and the long term. “We need to stop blindly trusting our tools,” he wrote, and start testing them. “Librarians…have a professional responsibility to protect our user’s reading history,” and the American Library Association could take the lead by testing library software, and providing institutional and legal support to others who do so.

Charlton, too, pointed back to DRM as the root of these troubles, and highlighted the tension between access and privacy that Yelton mentioned. “Accepting DRM has been a terrible dilemma for libraries – enabling and supporting, no matter how passively, tools for limiting access to information flies against our professional values.  On the other hand, without some degree of acquiescence to it, libraries would be even more limited in their ability to offer current books to their patrons.”

It’s a lousy situation. We shouldn’t have to trade privacy for access; people do too much of that already, giving personal information to private companies (remember, “if you’re not paying for a product, you are the product“), which in turn give or sell it to other companies, or turn it over to the government (or the government just scoops it up). In libraries, we still believe in privacy, and we should, as Griffey put it, “insist that the providers of our digital information act in a way that upholds the ethical beliefs of our profession.” It is possible.

10/12/14: The Swiss Army Librarian linked to another piece on this topic from Agnostic, Maybe, which is worth a read: “Say Yes No Maybe So to Privacy.”

10/14/14: The Waltham Public Library (MA) posted an excellent, clear Q&A about the implications for patrons, “Privacy Concerns About E-book Borrowing.” The Librarian in Black (a.k.a. Sarah Houghton, Director of the San Rafael Public Library in California), also wrote a piece: “Adobe Spies on eBook Readers, including Library Users.” The ALA response (and Adobe’s response to the ALA) can be found here: “Adobe Responds to ALA on egregious data breach,” and that links to LITA’s post “ADE in the Library Ebook Data Lifecycle.”

10/16/14: “Adobe Responds to ALA Concerns Over E-Book Privacy” in Publishers Weekly; Overdrive’s statement about adobe Digital Editions privacy concerns. On a semi-related note, Glenn Greenwald’s TED talk, “Why Privacy Matters,” is worth 20 minutes of your time.

 

 

“Netflix for books” already exists: it’s called the library

Even in a profession where we interact with the general public daily, it can be tricky for librarians to assess how much other people know about what we do, and what libraries offer – which is why it is so delightful to see an article by a non-librarian raising awareness of a service libraries offer. In “Why the Public Library Beats Amazon – For Now” in the Wall Street Journal, Geoffrey A. Fowler praises public libraries across the country, more than 90% of which offer e-books (according to the Digital Inclusion Study funded by the Institute of Museum and Library Services).

Noting the rise of Netflix-style subscription platforms like Oyster and Scribd, Fowler observes that libraries still have a few key advantages: they’re free, and they offer more books that people want to read.

random-house-penguin11
Graphic designer Aaron Tung’s idea for the Penguin – Random House logo

Librarians have been working with publishers for several years, negotiating various deals and trying out different models (sometimes it seems like two steps forward, one step back), but finally all of the Big Five have come on board and agreed to “sell” (license) e-books and digital audiobooks to libraries under some model. (The Big Five were formerly the Big Six, but Random House and Penguin merged and became Penguin Random House, missing a tremendous opportunity to call themselves Random Penguin House, with accompanying awesome logo.)

Thus, while Amazon’s Kindle Unlimited (KU for short – has the University of Kansas made a fuss about this yet? They should) touts its 600,000 titles, the question readers should be asking is, which 600,000 titles? All books are not created equal. The library is more likely to have the books you want to read, as Fowler points out in his article. It may be true that Amazon, Oyster, and Scribd have prettier user interfaces, and it may take fewer clicks to download the book you want (if it’s there), but library platforms – including OverDrive, 3M Cloud Library, and others – have made huge strides in this area. If you haven’t downloaded an e-book from your library recently, or at all, give it a try now – it’s leaps and bounds smoother than it used to be. You may have to wait for it – most publishers still insist on the “one copy/one user” model, rather than a simultaneous use model – but it is free. (Or if you’re impatient and solvent, you can go ahead and buy it.)

Readers' advisory desk at the Portland (ME) Public Library.
Readers’ advisory desk at the Portland (ME) Public Library.

Another way in which the library differs from for-profit book-rental platforms is that, to put it bluntly, the library isn’t spying on you. If you’re reading a Kindle book, Amazon knows how fast you read, where you stop, what you highlight. Libraries, on the other hand, have always valued privacy. The next time you’re looking for an e-book, try your local library – all you need is your library card number and PIN.

Yearly wrap-up, 2013 edition

In the spirit of those sites that do a weekly wrap-up (like Dooce’s “Stuff I found while looking around” and The Bloggess’ “Sh*t I did when I wasn’t here”), here are a few odds and ends I found while going through my work e-mail inbox and my drafts folder.

How to Search: “How to Use Google Search More Effectively” is a fantastic infographic that will teach you at least one new trick, if not several. It was developed for college students, but most of the content applies to everyday Google-users. Google has its own Tips & Tricks section as well, which is probably updated to reflect changes and new features.

How to Take Care of Your Books: “Dos and Don’ts for Taking Care of Your Personal Books at Home” is a great article by Shelly Smith, the New York Public Library’s Head of Conservation Treatment. Smith recommends shelving your books upright, keeping them out of direct sunlight and extreme temperatures, and dusting. (Sigh. Yes, dusting.)

The ARPANET Dialogues: “In the period between 1975 and 1979, the Agency convened a rare series of conversations between an eccentric cast of characters representing a wide range of perspectives within the contemporary social, political and cultural milieu. The ARPANET Dialogues is a serial document which archives these conversations.” The “eccentric cast of characters” includes Ronald Reagan, Edward Said, Jane Fonda, Jim Henson, Ayn Rand, and Yoko Ono, among others. A gem of Internet history.

All About ARCs: Some librarians over at Stacked developed a survey about how librarians, bloggers, teachers, and booksellers use Advance Reader Copies (ARCs). There were 474 responses to the survey, and the authors summarized and analyzed the results beautifully. I read a lot of ARCs, both in print and through NetGalley or Edelweiss, and I was surprised to learn the extent of the changes between the ARC stage and the finished book; I had assumed changes were copy-level ones, not substantial content-level ones, but sometimes they are. (I also miss the dedication and acknowledgements.)

E-books vs. Print books: There were, at a conservative estimate, approximately a zillion articles and blog posts this year about e-books, but I especially liked this one from The Guardian, “Why ebooks are a different genre from print.” Stuart Kelly wrote, “There are two aspects to the ebook that seem to me profoundly to alter the relationship between the reader and the text. With the book, the reader’s relationship to the text is private, and the book is continuous over space, time and reader. Neither of these propositions is necessarily the case with the ebook.” He continued, “The printed book…is astonishingly stable over time, place and reader….The book, seen this way, is a radically egalitarian proposition compared to the ebook. The book treats every reader the same way.”

On (used) bookselling: This has been languishing in my drafts folder for nearly two years now. A somewhat tongue-in-cheek but not overly snarky list, “25 Things I Learned From Opening a Bookstore” includes such amusing lessons as “If someone comes in and asks for a recommendation and you ask for the name of a book that they liked and they can’t think of one, the person is not really a reader.  Recommend Nicholas Sparks.” Good for librarians as well as booksellers (though I’d hesitate to recommend Sparks).

The-Library-Book-154x250_largeOn Libraries: Along the same lines, I really enjoyed Lucy Mangan’s essay “The Rules” in The Library Book. Mangan’s “rules” are those she would enforce in her own personal library, and they include: (2) Silence is to be maintained at all times. For younger patrons, “silence” is an ancient tradition, dating from pre-digital times. It means “the absence of sound.” Sound includes talking. (3) I will provide tea and coffee at cost price, the descriptive terms for which will be limited to “black,” “white,” “no/one/two/three sugars” and “cup.” Anyone who asks for a latte, cappuccino or anything herbal anything will be taken outside and killed. Silently.

On Weeding: It’s a truth often unacknowledged that libraries possessed of many books must be in want of space to put them – or must decide to get rid of some. Julie Goldberg wrote an excellent essay on this topic, “I Can’t Believe You’re Throwing Out Books!” I also wrote a piece for the local paper, in which I explain the “culling” of our collection (not my choice of headline).

“What We Talk About When We Talk About Public Libraries”: In an essay for In the Library with the Lead Pipe, Australian Hugh Rundle wrote about the lack of incentives for public librarians to do research to test whether public libraries are achieving their desired outcomes.

Public Journalism, Private Platforms: Dan Gillmor questions how much journalists know about security, and how much control they have over their content once it’s published online. (Article by Caroline O’Donovan at Nieman Journalism Lab)

Choose Privacy Week

ALA_ChoosePrivacy_186x292-BThis week (May 1-7) is Choose Privacy Week. Today being the 7th, I’m a little late to the game, though I do read articles, blog posts, and infographics about privacy all year round. Two recent examples are Fight for the Future’s great infographic about CISPA, and the EFF’s annual “Who Has Your Back?” report about which companies protect user data from the government.

At ChoosePrivacyWeek.org, ALA has links to a curated collection of videos on the topic of privacy. Visit the Video Gallery to explore; so far I’ve only watched “Facebook Killed the Private Life” featuring Clay Shirky, which at just over four minutes is a good jumping-off point (“Social networks are profoundly changing the definition of what we consider private”). The Choose Privacy Week documentary (see below) is also a good place to start; at 23 minutes, it’s an excellent and thought-provoking overview of the topic, including commentary from Neil Gaiman and Cory Doctorow, as well as many librarians.

By the way, if you’re wondering what the orange shape on the poster is – lamb chop? Video game controller? – it is a birds-eye view of a person walking.

Privacy is such a huge topic, there are many different aspects to it. But watching the documentary, I was reminded of an article I read in the Guardian a while ago, “Why ebooks are a different genre from print.” I have heard enough rhapsodizing about the smell of books vs. soulless electronic devices, but this article puts that argument aside in favor of a few real and important differences between print books and e-books. Author Stuart Kelly writes, “There are two aspects to the ebook that seem to me profoundly to alter the relationship between the reader and the text. With the book, the reader’s relationship to the text is private, and the book is continuous over space, time and reader. Neither of these propositions is necessarily the case with the ebook.” If you’re reading on a Kindle, you’re telling Amazon what you’re buying, what you’re reading, how long you spend on each page, where you stop reading, what you highlight, and where you make notes. Amazon has also shown it has the capability to “disappear” legally purchased books from your device, and also the capability – though I don’t know if they’ve used it yet – to make changes to books you already “own,” like pushing publishers’ corrections to your first edition file.

ALA_ChoosePrivacy_186x292-AThat is only one small example of how our privacy is eroding, sometimes without our awareness, sometimes without our consent. In light of this erosion, the Choose Privacy Week documentary I mentioned above is definitely worth watching. As I watched, I couldn’t help scribbling down quotes:

“Facebook is a conditioning system to teach you to undervalue your privacy…[it] rewards you for foolish disclosure.” -Author Cory Doctorow

“It is not for us to judge why a person wants to know something.” -Librarian Sarah Pritchard, Northwestern University

“Do not put anything on the web, at all, ever, that you would not want anybody, be it your mother, your boss, your boyfriend, your girlfriend, your girlfriend’s mother, to see.” -Author Neil Gaiman

“Privacy is one of the greatest privileges that we have. Privileges, rights – both.”

People who are “in the public eye all the time,” whose private lives are documented in magazines, tabloids, and the internet, who can’t go anywhere without being accosted by paparazzi, reporters, or fans. Fame often comes at the cost of privacy, and yet so many of us put personal information on the internet where it is available to anyone who cares to look. It’s not just “you and a screen,” it’s you and the whole world. So ask yourself: What is your privacy worth?

ChoosePrivacyWeek

Amazon buys Goodreads

I experienced that sinking feeling as soon as I saw the link, even before I clicked on it: http://techcrunch.com/2013/03/28/amazon-acquires-social-reading-site-goodreads/. The full headline from Tech Crunch is “Amazon Acquires Social Reading Site Goodreads, Which Gives the Company A Social Advantage Over Apple.”

My immediate and unconsidered reaction is that this can only be bad news. Goodreads is a site I have been using since 2007: the user experience is excellent, the communication from the company is of high quality and transparency, and they seem trustworthy and reliable in the way that they handle their users’ information (unlike, say, facebook, which has made a number of massive missteps where users’ private information is concerned).

Amazon, on the other hand, mines its users’ data voraciously: they know not just what you’ve bought, but what you’ve considered buying, and what other people who bought the thing you’re looking at bought. If you have a Kindle, they know not just what you’re reading, but what you’ve highlighted, where you’ve made notes and comments, where you’ve stopped reading, where you’ve lingered – far more than I, for one, really want them to know. (Part of the reason I don’t have a Kindle.)

In a PaidContent article, “Amazon acquires book-based social network Goodreads,” Laura Hazard Owen writes, “Goodreads has served as a fairly “neutral” hub for readers until now — a place where publishers and authors can market and promote their books without being tied to a specific retailer. Until 2012, Goodreads sourced all of its book data from Amazon, but it then decided that the company’s API had become too restrictive and switched its data provider to the book wholesaler Ingram. “Our goal is to be an open place for all readers to discover and buy books from all retailers, both online and offline,” Goodreads told me at the time of the switch. While being an “open place for all readers” may still be Goodreads’ goal, it’s now clearly tied to promoting books for sale on Amazon.”

Below is a screenshot I took today, 3/28/13. You can see the page for Homeland by Cory Doctorow; there’s the cover image, a blurb (usually provided by the publisher), the cataloging data (publisher, publication year, language, format, etc.), and below that, my review, because I was logged in at the time I took the screenshot and I’ve read and reviewed Homeland (I recommend it).

 

goodreads_getacopy

Between the book info and my review, it says “Get a copy” and there are three buttons. The first one goes to Barnes & Noble; the third one goes to WorldCat, so you can find the book in a library near you, wherever you are in the world (very cool!); the middle one, “online stores,” has a drop-down menu, which includes the following retailers in this order: Kobo, Indigo, Abebooks, Half.com, Audible, Alibris, iBookstore, Sony, Better World Books, Target.com, Google Play, IndieBound, and last of all, Amazon. (If you click “more” after that, it takes you to a page where you can compare booksellers’ prices for used and new editions.)

goodreads_dropdown

 

I don’t know what else will change once Amazon is in charge of Goodreads, but I bet Amazon moves up that list from the bottom. Will Goodreads even continue linking to other booksellers? I hope so.

There is an open letter on Goodreads now from the founder, Otis Chandler, rhapsodizing about bringing Goodreads to the Kindle. There’s a press release on Amazon where VP of Kindle content Russ Grandinetti talks about Goodreads and Amazon’s “share[d] passion for reinventing reading.” All of it makes me more wary than excited, but we’ll see what happens.  Meanwhile, I’ll be backing up my data more religiously than usual (if you have an account, you can export all the content you’ve added to Goodreads from the import/export page).

Cory Doctorow at the Harvard Bookstore (or, Cory Doctorow gave me a high five!)

20130304_twitter_repliesThe first thing I noticed, looking around at the other audience members before the event began, was that there were more men in the audience than women. If you have ever book to an author event before, you’ll realize this is unusual. But of course, Cory Doctorow isn’t just an author; he’s also an activist, the co-editor of Boing Boingand an all-around nerd hero (see xkcd comics featuring him here and here). Plus, the Harvard Bookstore is a stone’s throw from Harvard and just two stops from MIT on the red line.

Doctorow started off by complimenting the Harvard Bookstore as “one of the most awesome-sauce dispensaries in the northeast,” and saying that he wasn’t actually going to read from his new book, Homeland; there was an audio clip of him reading online (Internet Archive), and there were other things to talk about.

homeland_doctorowFirst, he outlined the case of Robbins vs. Lower Merion School District (PA), wherein the school equipped its students’ laptops with spyware and took pictures of the students in their rooms at home, unbeknownst to students or their parents. The school denied wrongdoing.

Next, Doctorow talked about the German Chaos Computer Club’s (CCC) discovery and cracking of government spyware, which was not only illegal but also, apparently, dangerously easy to hack.

Then there was the case of spyware on rent-to-own laptops. Allegedly, the spyware was installed in order to prevent theft – one of the same reasons there was spyware on the students’ laptops in Lower Merion – but of course it was used more nefariously than that.

Next, Doctorow moved on to those long, impenetrable Terms of Service we all sign, which he called “weird” and “totally objectionable.” Signing a contract with an employer is one thing, he said, but since when have consumers signed contracts with manufacturers?

Now, of course, it’s almost impossible not to. Do you use facebook? iTunes? Online banking? Twitter or Tumblr? Then you might have a vague memory of scrolling through a vast amount of fine print to get to that “I Agree” button so that you can use the service in question. (Ed Bayley at the Electronic Frontier Foundation proposes that the buttons should read “I Agree” and “I Have No Idea What This Says.” Read the white paper, “The Clicks That Bind.”)

We might all skim and disregard the Terms of Service or Terms & Conditions, but under the 1998 Digital Millennium Copyright Act (DCMA), breaking ToS/T&C “isn’t a little illegal, it’s a lot illegal” (Doctorow’s words, not the legislation).

The scary part is that even though most people don’t read before agreeing, it’s still a legally binding document (though there is some question about the enforceability), and breaking the agreement is a felony under the Computer Fraud and Abuse Act (CFAA). After Aaron Swartz’s suicide, two years after being charged under the CFAA, Rep. Zoe Lofgren (D-CA) introduced “Aaron’s Law,” which would amend it.

Doctorow then segued into speaking about the late Aaron Swartz, computer programmer and activist; Aaron was involved with the development of RSS, the Creative Commons, and reddit (he also wrote an afterword for Homeland). By now, most will be familiar with the JSTOR debacle, but before that, Aaron was involved with an attempt to liberate U.S. legal documents from the PACER (Public Access to Court Electronic Records) database. For a relatively short overview of that case, see the New York Times article from February 2009; for more in-depth (and fascinating) explanations, check out Steve Schultze’s article (February 2011) and Tim Lee’s piece on Ars Technica (February 2013).

Lee points out, “The documents in PACER—motions, legal briefs, scheduling orders, and the like—are public records. Most of these documents are free of copyright restrictions, yet the courts charge hefty fees for access” (reminiscent of the way that government (i.e. taxpayer)-funded science research ends up behind paywalls). What Aaron did was help Schultze with the code to download a high volume of documents from PACER during a free trial; with those documents, RECAP (“turning PACER around”) was born. RECAP is still going strong.

Aaron was also involved in leading a grassroots campaign to fight the Stop Online Piracy Act (SOPA). The bill was defeated when, as Doctorow put it, “Congress realized that as hard as it is to get reelected without campaign finance, it is really hard to get reelected without votes.”

Finally, there was the JSTOR case. JSTOR is a database that contains a tremendous volume of research, much of which was funded directly or indirectly by the federal government. However, this research resides behind a paywall. Aaron had access through MIT, and downloaded a vast quantity of articles. The government cracked down, with federal agents charging Aaron under the CFAA. Two years later, facing jail (“You’re gonna put me in jail for 35 years for checking too many books out of the library?”), and seeing no other way out, Aaron committed suicide.

Doctorow emphasized the importance Aaron’s cause: that people have the right to access information, whether or not they happen to be affiliated with an institution of higher education. “We never know where the next great thing is going to come from,” he said. “This isn’t GOING to be a matter of life and death, it IS a matter of life and death….This is the beginning of the future.”

Doctorow referred to computers and the internet as “the nervous system of our world. The world is made of computers…We put our bodies in computers [e.g. cars]…we put computers in our bodies [e.g. headphones, medical equipment]….We’ve gotta get this right….And it matters. It matters a lot.” He is concerned, to say the least, about regulating this technology and making sure it is secure. (A recent article about NASA highlights the danger of collecting personal data and failing to protect is closely.) Doctorow said, “I’m not interested in how something succeeds, I’m interested in how it fails.” His sincere and urgent concern doesn’t prevent him from using colorful, humorous language to make his case: “We regulate them like…a fax machine attached to a waffle iron.”

It can all seem like an overwhelming problem, too large to tackle, too impossible to change. But the campaigns against SOPA (and PIPA) were powerful; they proved that people do care about their rights, and about the worst case scenario consequences un-thought-out legislation can have on the internet and other technology. There has been an outpouring of support for Aaron’s cause since his suicide (he also had strong supporters before his death). The open access (OA) movement is gaining power in higher education, especially as journal prices continue to skyrocket and become unaffordable for even the Harvard Libraries. And awareness is growing as consumers begin to wonder who really owns the content they produce (on facebook, twitter, etc.) and the digital products they buy (or are they really only licensing?). One thing you can do, Doctorow said, is “refuse to use technology that takes away your freedom.”

littlebrotherOther gems from the evening:

“Information doesn’t want to be free. If anything it wants us to stop anthropomorphizing it.

Referring to smartphones: “A police tracking device that happens to make phone calls.”

“Don’t talk to cops without a lawyer present.”

After the energetic and inspiring talk, Doctorow stayed around to sign books. I hadn’t read Homeland yet, but I read its prequel, Little Brother, and I told him that I’d recommended it to many people in my capacity as a librarian…at which point he gave me a high five.