1) Hi! I am Bryan. I am a systems librarian NPL / Library Freedom Project. I became a librarian because I love the freedom to read. That's what I care about. So just real quick, let's go around a say your name, what library you work at, and something you care about... This title is kinda boring.
PRI VACYI BRARI ES
Ar LA / SELA
Bryan NeI l JonesI lle.govI lle PublI c LI braryI brary Freedom Project
2) I use this one sometimes. This confirms to ALA's rebranding of choose privacy week, to choose privacy everyday. And really, I do want you think about privacy everyday.
EVERYDAYI VACY
Ar LA / SELA
Bryan NeI l Jones
3) This is good because it reminds us the that policies we write effect the people around us, the ones we love.
PRI VACY
Ar LA / SELA
Bryan NeI l Jones
4) No. Don't use this one.
I T'S ABOUTI VACY,I D.
(DON'T USE THI S ONE)
5) Okay, I guess this one is pretty good. Sometimes it is good to clear. Green "i"'s are you. You matter. You voice counts. You have a say about what happens in your community, in your workplace. We going to talk about a lot of things today, and some of them will we disagree about and that is good, as long as we respectful and sincere.
Three parts today: 1) ethics; 2) technolgy 3) how they relate
Spectrum exercise:
- Are you a privacy vegan or a privacy nihilist?
- A parent without ID wants to see their child’s record…
- A law enforcement officer with ID, but no warrant, wants
to see a patron record…
- A “bounty hunter” wants to see a patron record...
PRI VACYI BRARI ES
Ar LA / SELA
Bryan NeI l Jones
6) This is of particular interest to libraries because our professional ethics emphasize privacy. At least since 1939 libraries have protected privacy to preserve the intellectual freedom of their communities. Most public libraries are government entities. The way the public works department is out after a storm fixing the power lines, the way that firefighters are risk themselves to fight fires, they way police are keeping us safe, the way public defenders are represent the rights of those charged with crimes, we have a unique duty to protect privacy. This is a public good and transcends commercial interests.
ETHI CS
7) There are a few big takeaways. This is one of them. Ethics need to be considers at the beginning. If we build our systems, policies, our procedures to be ethical from the start we avoid a lot of problems down the line. Here are a few examples of people considers ethics from the beginning.
Ethi csi deredi deati on
8) Article 12: No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
UN DeclaratI onI ghts
9) Code of Ethics for Librarians and Other Information Professionals, Item 3: Librarians and other information workers respect personal privacy, and the protection of personal data, necessarily shared between individuals and institutions.The relationship between the library and the user is one of confidentiality and librarians and other information workers will take appropriate measures to ensure that user data is not shared beyond the original transaction. Librarians and other information workers support and participate in transparency so that the workings of government, administration and business are opened to the scrutiny of the general public. They also recognize that it is in the public interest that misconduct, corruption and crime be exposed by what constitute breaches of confidentiality by so-called ‘whistleblowers’.
I FLA CodeI csI brarI ans
&I nformatI on
10) U.S. Constitution Amendemnt #1
The right to publish also includes the right to receive information. This also includes the right to assemble. Court has intrepreted this as the right to receive this information and assemble in private. If not there might be a "chilling effect" and you self-censor.
US ConstI tutI on Amendment #1
11) U.S. Constitution Amendemnt #4
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
US ConstI tutI on Amendment #4
12) ALA Code of Ethics Article #3
We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.
ALA Code of EthI cs Article #3
13) ALA Bill of Rights Articl #7
All people, regardless of origin, age, background, or views, possess a right to privacy and confidentiality in their library use. Libraries should advocate for, educate about, and protect people’s privacy, safeguarding all library use data, including personally identifiable information.
ALA BI ll of RI ghts Article #7
14) ArLA Policy Manual-Intellectual Freedom Charter
Proposed or actual restrictions of intellectual freedom.2.Legislation which mightplace library collections, activities, and services in jeopardy or which might restrict the freedom of information.3.Continuing education of the community in intellectual freedom matters
Ar LA PolI cy
Intellectual Freedom
15) There are ethics and then there is the law.
ETHI CS
& THE LAW
16) Arkansas Code Title 13 says you have to get a warrant. If not it's a misdemeanor, $200 fine, 30 days in jail. There are some smart exceptions in AR's law.
17) These are immediate. Make sure it is from your state, signed, and dated. Make sure they are only looking for what the warrant says.
warrant
18) Sometimes law enforcement have "exigent circumstances." That's their call. Do not physically interfere, but make it known verbally that you do not consent.
no warrant
WHAT!
19) These usually have a time frame and want specific information. Refer these to your legal council.
subpoena
20) These have a built in gag order, but you can talk to your attorney thanks to the brave librarians known as the Connecticut Four. Call an attorney.
natI onalI ty
WHAT!
21) You should have a policy about how to handle visits from law enforcement, especially for front line staff.
22) More privacy = more work! Default is no privacy, right now you must make a conscious effort to control your data.Consider the source. What are the goals of developers? Why do they want your info? What are they going to do with it? Some pundits who say privacy is dead. Who do they work for? What’s our role in the community as a non-commercial entity?
Remember two thI ngs:
more prI vacy
consI der the source
23) Who knows what "FLOSS" means?
FLOSS
24) You can see the code so you can see the bugs and generally have more control. Security standards should be transparent. The values of libraries are synonymous with FLOSS software movement.
FLOSS Free / LI bre
25) Four freedoms. 1) Run 2) Edit 3) Contribute 4) Share
This enables people to have agency over their devices. What are the civil rights implications of phone you can't control? What are the civil rights implications of the home assistant you cannot control?
Free as I n Freedom: Run
EdI t
ContrI bute
Share
26) This is the basis for all open access repositories and legal basis for all organization whose goal it is expand the public commons Wikipedia, Internet Archive, Hathi Trust, DPLA. This is also required if we are to have political sovernity when our day to day lives are mediated by technology.
What doesi s have to doi th li brari es?
27) Diceware exercise Part 1. Take these six works are write a one sentence story using them. Who thinks they wrote a good story? Okay take a moment or two to memorize your story. I so want to take that crinkle up or throw it away.
wI zard
28) Privacy and security and related concepts that often overlap but not always.
prI vacyI ty
29) This diagram is a good way to think about it. Because I am a privacy teacher, and I way over here. Your IT folks might be way over here. Classic exmaple: security cameras. Another why to think about it is risk vs. reward.
30) Is the risk of a feature or an action worth the reward? Classic example: it is very easy to not have a PIN on your phone, but then your phone is very insecure. It goes the opposite direction too, is the risk of abuse of security feature worth the reward. Okay for the next slide everyone shout it!
31) Good job! Does anyone know what it means?
POLP!
32) The principle of least privilege every user can access only the information and resources they need to do their job.
1) Does a volunteer need a login to your ILS
2) If you have a spread sheet of patrons, their library card numbers, who should have access to that?
prI ncI pleI vI lege
33) Pie! Who doesn't love pie! Someone tell me what this means.
PI I
34) "Personally identifiable information" or "Pee Eye Eye." This is your most valuable asset.
PersonallyI dentI fI able
I nformatI on
35) Anonymize your PII. Scrubed database. Firewalls. IP Authentication.
AnonymI zeI t!
36) What is it? The process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot access it. This is essential for the internet to work and privacy.
ENCRYPTI ON
37) This stands for "HyperText Transfer Protocol Secure." This encrypts communications over the internet. It also ensure you are communicating with the website you think you are.
HTTPS://
38) Virtual Private Network. This encrypt all your traffic and help obscure your location, but you are trusting the provider.
VPNs VI rtual PrI vate Networks
39) Your password needs to be:
- the longer the better
- no words connecting to your personal life
- a different for each service
- changed on the regular.
This last one is debatable. The library has staff change theirs every six weeks. Also, what?! That's impossible.Let us help you out a little.
yr pw I s bd
40) Diceware Exercise, Part 2
Okay who remembers their story? Can some tell it. Alright. That's how easy it is remember a long passphrase.
Now you can create your own.
diceware what is it?
- a fun way to ensure mathmatically complex passwords.
- roll dice and look up the word, do this six times
- might have to dirty it up a little bit
"dI ceware"
41) Wait?! Make a one of these for every site? Nope, use a password manager. One that is free and open source is KeepassXC. It is totally cross platform. Password database is stored locally.
KeePassXC
42) LastPass is a popular, online cloud manager. There are lots of others.
LastPass, etc
43) Is this okay? Yes, as long as you keep it in a secure place.
I s thI s okay?
44) Besides your password, a second piece of info is needed for access; e.g., a code, a security question, a file. Security questions are insecure as they are easy to guess.
Two Factor AuthentI cation
45) The other more secure 2FA methods besides texts. One is software autheticator tokens. One open source crossplatform on is FreeOTP. In this case, after syncing the app, it can deliver a code without the internet.
FreeOTP
46) This is what FreeOTP looks like.
47) You can also use hardware autheticator tokens and these will make you feel like a wizard. A popular one is called a Yubikey. Demonstrate on LastPass
---
YubI key, etc.
48) Threat Models exercise. Threat models are a way to think about what information you need to protect and how you are going to protect it.
1) What do you want to protect?
2) Who do you want to protect if from?
3) How likely is it that you will need to protect it?
4) How bad are the consequences if you fail?
5) How much trouble are you willing to go through to prevent those consequences?
Exercise 1: Let's do a threat model for ourselves
Exercise 2: Let's break into groups a create threat models for patrons
THREAT MODELS
PRI VACY I S DEAD
Can i have your password?
50) The "privacy paradox" is that people say they care about their privacy and are freaked by the current state of constant surveillance but don't do anything normative to protect their privacy. Amazon records you everything read, down to the page number. They also know everything you buy. Overdrive and Hoopla are very upfront about recording everything you read, but they will it hide it from you if you insist.
The
Pri vacy
PARADOX
51) How did we get here? Certain companies figured out that could monetize information about your behavior. Other companies where like "show me the money." You generate data all the time just by being "on the grid." Where does this data come from?
HOW DI D WE
52) Internet tracking. Between April 30 and August 17, I visited 401 sites and 1053 third party sites. Notice the third party sites. That's nearly two and half times the sites I actually saw in my browser window. One study found 55% of website load time was loading third party trackers.
53) 'Dark Patterns' trick people into giving away information about themselves. They make it hard not to. They use "fear of missing out" (FOMO) or straigt up deception to get you to make the choices they want. Here's an example from my own library. Other examples: are you sure you don't want enable desktop notifications? Or resetting all your preferences between updates. Or just subtle psychological shaming of Overdrive or Hoopla.
dark patterns
54) Thanks to EU's GDPR (General Data Protection Regulation) we know that Spotify collects every click, what headphones you use, window size, what files you dropped and dropped. It is not a music playing machine. It is a recording machine. This is the desktop app. If we consider the same data collection on via phone app, it also knows where you are at what time, when you sleep, if your moving fast and slow, etc. Your phone is literally an extention of yourself and we are all, no joke, cyborgs. That is a different talk.
55) Phones are fundamentally insecure. If you are using a phone your phone company knows your general location at all times. And we know now the sell this info. The text function in your phone is unencrypted unless you use a special app. We know on Android many apps collect data even without you knowing. Apple isn't open source so it is harder to study. A lot of apps have remote microphone access. The phone knows when you sleep, when you poop, who your friends are, who you work with, that what you think about, what music and tv shows you like, what porn you like, what church you feel guilty about not going to, and if you wear a fitness tracker it knows when you dream, it knows a lot more. No one has more info about you than your phone. Not your doctor, not your mom, not your spouse. Well, maybe Google if your phone was made by Google. DMCA makes it illegal for you to root your phone. You are only allowed to root your phone and change its software because of a special exception to DMCA determined by Librarian of Congress as recommended by the Register of Copyrights.
Phones are a dumpster fi re.
56) Facebook is always watching you. Even when you are not on Facebook. Non-PII data from coookies can be reverse engineered via the mosaic effect. Academic studies have shown this for years. If this wasn't the case, Facebook would have no reason to track you when you don't use their site. The Yale Privacy Lab found that many popular apps on Android, like Weather Channel, Lyft, and Tinder (to name a few) are loaded with third-party trackers. Privacy International found that 61% of apps they tested sent data to Facebook whether you had a Facebook account or not. We know this because Android is open source. If these researchers found the same results with iOS it would illegal to share it because of the DMCA.
57) What is bad about it?
What i s badi t?
58) You get a bunch of crappy ads. These are annoying and distracting, but if you walk near a hotdog stand you want a notification that hotdogs are on sale right?. Sure. What if the same scenario was framed as "yes, I will give away my Constitutional 4th amend rights, the rights that made the U.S. the envy of world, to see an ad for hotdogs." This what "personalization" means: total surveillance so you can get ads.
59) Most malware comes from ads. More sinister are phishing attacks that lead to data breaches or doxing. Hey give us your email? Every time you do this you expose yourself to more phishing attempts. Types harm that can come from privacy violations: identity theft, medical identity theft, doxing (blackmail, sextortion, swatting), stalking / partner abuse. Which is to say nothing of the qualitive costs: social isolation, emotional costs.
malware / phi shi ng / doxi ng
60) Nation-state scale psyops; e.g., targeted disinformation campaigns to manipulate elections. My mother is a white, working class voter with a relatively low education level in western PA. She was a real hot commodity during the last presidential election. More about my mother later. What if you got the data you got was wrong? I should note Cambridge Analytica got their data in a clandestine manner, and we know about it because of a whistle blower. They just got caught. This kind of profiling is happening all the time, mostly to target ads at you, or have just in case because they might want to target ads at you in the future.
61) Reverse redlining. This when you deliberately target people in geographic region. The most notorious example was during the subprime mortage crisis when bad loans were heavily pushed at African Americans. Mosiac effect can be used to reverse engineer non-PII. You can learn someone's sex, gender, race, political affiliation, income, health info. This can lead to employment, housing, and education discrimination directly or indirectly.
62) In short, the above were all the reasons we don't record what people read.
What doesi s have to doi th li brari es?
63) We respect our patrons privacy a lot but vendors really don't. Or to put it another way, we have crappy vendor contracts. Look at this one here. They can do whatever they want with your data. This one goes on to say it will track you even when you are not signed in. Products created specifically for libraries are little better, but they still broadly define non-PII and then often shared with third parties.
crappy vendor contracts
64) We offer public internet.
publi c i nternet
65) Perhaps these would be better called "public nets." People use our internet. If your software is not configured properly your computers are just fly traps for patron info. If you have not been the victim of idenity theft it is because of the camoflage of the herd. Who are weakest members of the herd? It is often the most vulernable that use our computers. This is a double whammy.
publi c nets
66) Anyone recognize this. That's right that is the logo for Rakuten the company that owns Overdrive. They have been described as the Amazon of Japan. This is my one tin foil hat slide. The last time I looked at Overdrive app permissions they were pretty good.
I 'll just leavei s here.
67) We need to mitigate the risks to our patrons. I am going to give a few quick suggestions of varying scope and difficulty. This in no means comprehensive. Only collect what you absolutely need, make it as anonymous as possible, and protect it righteously when it can't be anonymized.
What can wei t?
68) DuckDuckGo is a search engine that doesn't track you! One of many companies that have proven that privacy can be part of successful business model.
DuckDuckGo
69) Bounces internet traffic around to different Tor relays. No add-ons necessary, it is preconfigured to be anonymous as possible. Tor Browser is like a submarine. Other browsers are like a boat with holes and patches. Consider the source--it's made by a nonprofit human rights org. Who funds Tor: Google, Mozilla, National Science Foundation, Open Technology Fund, Media Democracy Fund, State Dept., SRI International, US Department of State-Bureau of Democracy, Human Rights, and Labor, Fastly, Team Cymru.
Tor Browser
70) We use Deep Freeze at NPL. At least set Firefox to always run in private mode.
Wi pe'em!Wi pe'em good!
71) Put clauses in the vendor contracts with strict rules about patron data even non-PII. Here is an example from Seattle Public Library.
gnarly vendor contracts
72) GA represents a devil’s bargain. The devil offers you something for free and then you rely on it. Check out the National Web Forum - Action Handbook for details.
Google Analyti cs
73) Here are some ways you can mitigate the risk of Google Analytics, though this is in no way comprehensive.
Turn off 'Di splay Features' Turn off 'Remarketi ng' Turn off 'Adverti si ng Reporti ng' Anonymi ze I P setti ngs Set the data retenti oni od Make opti ng-outi ble
THE SEQUEL
75) This is the basic shape. How you protect it--a lot of folks don't have that but it forces you to transparent. Making "opting-in" the default, that is a cultural shift.
What you collect & why
Who you share i t wi th
How you protect i t
Make "opt-i n" the default
Make "opt-out" easy
76) This is a quote from James English, a developer for LYRASIS. There is policy and they is practice. There is what the policy says and what we actually do. Currently we use the Apple model. We don't neccessarily collect data about our users, but what about the apps from third party vendors. I am getting ahead of myself a bit.
"Pri vacy poli ci es are legal statements to get us outi cal obli gati ons ."
77) There are a few big takeaways. This is one of them. Ethics need to be considers at the beginning. Here are a few examples of people considers ethics from the beginning.
Ethi csi deredi deati on
78) Communities trust libraries. If we don't protect patrons' privacy we violate that trust. Not only in digital spaces. The physical space of the library should be a non-surveilled space. You might hear that privacy is dead. This ship has sailed. Well, can I have your password? Climate change is bad, does that mean we are going to stop? A few high profile men have brought to justice for sex crimes, does that mean we've solved the problem of sexual violence? Grand juries rarely recommend charges against the police. Does that mean were going stop fighting for justice in our communities? We're libraries. We fight. I love and respect my mom. She's a senior citizen with a high school education. She uses an Android tablet that no longer gets security updates. She doesn't deserve annoying, misleading ads. She does not deserve her 4th amendment rights violated for ads. She does not deserve malware, identity theft, fakes news or a loan with criminally bad terms. More importantly she has a human right not be surveilled.
I love and
79) Exercise: Colored stickers on Venn diagrams
1) Privacy vs. security
- Example: employer scanning email for content
Features List:
(PINK) Facial recognition-enabled, internet linked CCTV cameras
(YELLOW) Using software to be anonymous on the internet
(BLUE) The ability to sign on to devices, or access locations, with biometrics (like fingerprints)
2) Risk vs. Reward (Is the risk worth the reward?)
- Example:
Features List:
(GREEN) Facial recognition technology that automatically scans photographs and suggests people in them
(RED) Ability to remotely turn on or off items in a home and check their usage
(BLACK) Map or GPS software/apps that store common travel patterns
80) I dunno were to put this slide.
i don't know wherei s sli de.
Choose prI vacy everyday! bryan.n.jones@nashvI lle.gov
BONUS SECTION: userland privacy tools
YOUR PRI VACYI S PRECI OUS BONUS DI SC
Linux
Apple
Settings > Privacy
Settings > Privacy
Purism Librem5
Lineage OS
F-Droid
Android
iOS
"diceware"
KeePassXC
LastPass, etc
Two Factor Authentication
FreeOTP
Yubikey
VPNs Virtual Private Networks
LUKSLinux Unified Key Setup
FileVault(OSX)
BitLocker(Windows)
Veracrypt
iOS
Android
Tor Browser
Firefox
Privacy Badger
HTTPS Everywhere
uBlock Origin
Multi-Account Containers
Brave
Signal
Orbot(Android)
Tor Browser(Android)
Onion Browser(iOS)
Resume presentation
1) Hi! I am Bryan. I am a systems librarian NPL / Library Freedom Project. I became a librarian because I love the freedom to read. That's what I care about. So just real quick, let's go around a say your name, what library you work at, and something you care about... This title is kinda boring.
PRIVACY
FOR
LIBRARIES
ArLA / SELA
2019
Bryan NeIl Jones
bryan.n.jones@nashvIlle.gov
NashvIlle PublIc LIbrary
LIbrary Freedom Project
gnarly vendor contracts
