On May 8 the Library Association of the City University of New York (LACUNY) Institute held its annual one-day conference, “Privacy and Surveillance: Library Advocacy for the 21st Century,” at New York City’s John Jay College of Criminal Justice in honor of Choose Privacy Week 2015, May 1–7, sponsored by the American Library Association’s Office for Intellectual Freedom (ALA OIF).
From the keynote speech by Rainey Reitman, activism director for the Electronic Frontier Foundation (EFF) and COO and cofounder of the Freedom of the Press Foundation (FPF), to the closing talk by Alison Macrina, founder of the Library Freedom Project and a 2015 LJ Mover & Shaker, the LACUNY Institute conference was enlightening, intriguing, and—appropriately enough—a bit scary. In his opening remarks Larry Sullivan, associate dean and chief librarian at John Jay, stated that while he was a strong advocate of privacy, he had no expectations of privacy. He then got straight to the point: “If you really want to be private in this world…one, use a payphone; and two, use cash.”
ACCOUNTABILITY AND WHISTLEBLOWING
Reitman, who had flown in from San Francisco (“I will travel as far as necessary to speak with librarians”), offered up a hard look at privacy policies—the legal statements that disclose how a site may gather and disclose user data. She noted that these are not, in fact, promises of protection. Instead, “they explain how your privacy will be violated.” Many contain language that is purposefully vague, especially concerning how data will be shared with the government and law enforcement.
The ever-present threat of tracking is counterproductive, she explained, because users need free access to all content. “When we have a democracy that lets people access contentious information, that’s a society that thrives,” Reitman said, adding, “Possibly I am a deeply optimistic person, but we should always err on the side of letting people make up their own minds…. But when readers believe that accessing info could be tracked, stored, and handed over to the government, we undermine the promise of the Internet.”
In 2010, Reitman joined EFF’s staff of lawyers and technologists to build its activism team. In her first year she helped develop a report, “Who Has Your Back,” which analyzed transparency criteria in the privacy policies of various social networking sites, commerce sites, and ISPs. In 2011, she recalled, only one company was actively publishing data on how it handled government requests for users’ personal data. By 2014, 20 of the 26 companies surveyed were compliant. Accountability, noted Reitman, can make for an effective campaign.
From her First Amendment work as cofounder of the Chelsea Manning Support Network, Reitman went on to help found the nonprofit FPF to help support and protect journalistic operations such as WikiLeaks—whose methodology is particularly interesting, she said, for publishing original source material, unredacted and in full (“WikiLeaks is about showing your work”). FPF is notable for obscuring the records of online donors and refusing to hand over their data.
Reitman went on to discuss whistleblower Edward Snowden, the Patriot Act, and the EFF’s lawsuit against the National Security Agency (NSA) for its monitoring of telecommunications data. EFF’s action became part of a larger American Civil Liberties Union lawsuit against the NSA. On May 7, the day before the LACUNY conference, the Court of Appeals for the Second Circuit ruled the tracking program unlawful. It’s “the beginning of the end of phone surveillance in the United States,” said Reitman, proclaiming it yet another victory for Choose Privacy Week; “I’m happy to say that librarians have been at the forefront of this battle.”
TEACHING PRIVACY LITERACY
Much of the afternoon’s proceedings centered on various forms of librarian advocacy, especially teaching students about privacy. John Buschman, dean of libraries at Seton Hall University, noted that although librarians have been aware of privacy threats for years—his 1995 article, “Libraries and the Underside of the Information Age,” had been cited earlier for its prescience—the concept has been uncoupled from its political context over the past 40 years and is currently an everyday concern that requires a different kind of attention. The contest now, he explained, is not between what should and should not be known, but how it should be known.
Sarah Lamdan, associate law library professor at the City University of New York (CUNY) Law School, discussed the instructional role of librarians as advocates for social media privacy. “In the past, we were feisty protestors for privacy,” she said. “We should harness that feisty power and take it into the digital age.” Lamdan recommended using the seven foundational principles of Privacy by Design developed in the 1990s by Dr. Ann Cavoukian, information and privacy commissioner of Ontario, to get students past the prevailing thinking of “You have zero privacy; get over it.” John Jay emerging technologies and distance services librarian Robin Camille Davis also recommended teaching students to use Google ad settings, tracking blockers such as Ghostery or Privacy Badger, and the Inspect Element tool in their browsers to examine sites’ underlying code.
Finding the weak spots
The second panel, on “Surveillance and Its Discontents,” looked at end solutions to privacy problems. Seeta Peña Gangadharan, senior research fellow at the New America Foundation’s Open Technology Institute, and Bonnie Tijerina, fellow at the Data and Society Institute (and a 2010 LJ Mover & Shaker), mapped common library practices in an infographic to visualize which are controllable by library staff, in order to help define vulnerabilities.
Tony Doyle, associate professor at the Hunter College library, explained online anonymous web searching through obfuscation, suggesting digital solutions such as the Tor network, which masks a user’s identity via encryption and multiple routers; TrackMeNot, which generates a smokescreen of dummy requests to mask each query; and DuckDuckGo, a search engine that does not store or track user information. ASA College information literacy instructor Maria Bernhey shared her privacy lesson plan, noting the importance of explaining that seeking to limit the amount of information available about oneself does not imply having something nefarious to hide. “There’s nothing wrong with taking control of your privacy, and students don’t understand that.”
Defining the boundaries
The third panel, on legal boundaries, featured a discussion of library-specific privacy policies from Percy Wise, information services coordinator for the Multnomah County Library System, OR. As a former attorney, Wise was well-versed in the finer points of policy law, and cautioned, “Remember: privacy policies are not aspirational.”
Julia Frankosky, government information librarian at Michigan State University, talked about privacy as it pertains to academic discourse. In the past, she explained, for the most part classroom discussions began and ended there; now, anything said in class is fair game, and faculty or students who make controversial statements, indulge in political rants, or even send an email too hastily can find their careers impacted.
And CUNY Graduate Center associate librarian for collections Alycia Sellie took critical aim at how digital rights management (DRM) can compromise the privacy of library ebook borrowers, noting, “DRM makes surveillance of reading habits extremely simple.” In most cases, she said, customers have a choice as to whether they wish to comply with commercial features that limit privacy—“No one is forcing us to put on a Mickey Mouse bracelet if we would rather not,” she said, citing Disneyland’s most recent optional customer tracking innovation. However it is a much bigger sacrifice to forego library electronic content to avoid accepting DRM rules, especially now that some content is available only in electronic format. So, she said, libraries should be aware of their own options for providing DRM-free e-materials.
EVERYBODY HAS SOMETHING TO HIDE
Macrina began with a friendly disclaimer: “I hope everybody’s OK with being on an FBI watch list after attending this event.” She went on to offer a brief history of library active resistance to privacy threats, including the FBI’s late–Cold War clandestine surveillance program that targeted librarians. (For a more in-depth look, see The Nation’s recent article in its May 25, 2015 edition, Librarians vs. the NSA.)
The NSA’s data retrieval system, Macrina explained, is sophisticated and can pull information from any Internet communication using a major commercial platform, including Google, Apple, Microsoft, and Skype. Section 215 of the Patriot Act, “Access to records and other items under [the Foreign Intelligence Surveillance Act of 1978]” (commonly known as the “library records” provision), authorizes government collection of broadly defined “tangible things” to assist in a security investigation. “I don’t think any of us could have anticipated just how big this [NSA] problem would be,” she said.
And privacy is important in all its permutations, stressed Macrina. “I reject the idea that people have nothing to hide,” she said. “I have something to hide, and so do all of you. You’re all wearing clothes. You don’t post your medical records…. You’re human.” She also noted that according to statistics collected by PEN America, a global association of writers devoted to defending literary free speech, one in six writers has avoided writing or speaking on a topic that they thought would subject them to surveillance. Another one in six has seriously considered doing so. “That’s a huge existential threat to libraries as far as I’m concerned,” Macrina said.
However, she added, “We’re not doomed. I’m setting up this problem because I’m setting up a solution.”
The LFP, which earlier this year won a Knight Foundation News Challenge grant, is dedicated to educating librarians on intellectual freedom issues. To that end, Macrina stated, “Technology in the liberation of social good is our best defense.” She favors encryption tools and free open source software, which both fits with libraries’ ethical framework and provides “that level of transparency [where] it becomes incredibly difficult for a malicious actor to backdoor the software.”
On a small scale, Macrina suggested that every librarian make time to assess the library’s resources, think about who might compromise it, and imagine what could be done to protect it. In addition to the previously mentioned Tor and DuckDuckGo, she mentioned several solutions that can be easily implemented: the EFF’s HTTPS Everywhere extension, which automatically provides secure authentication for every site used in a system; Textsecure, which encrypts text messages; Signal, which encrypts phone calls on Android devices; the password management utility KeePassX; and Tails, a flash drive–based Linux browser that anonymizes all data.
However, Macrina also teaches simpler versions of her tech-heavy defense at LFP for those who might find it a barrier. That way, she said, “At least you know about the law. At least you know what some of those programs are,” adding that there’s no reason why an Introduction to the Internet library class can’t use DuckDuckGo. And she will be conducting a workshop on Digital Privacy and Security: Keeping You and Your Library Safe and Secure in a Post-Snowden World at ALA’s Annual Conference in June.
Macrina acknowledges that her paranoia levels have increased along with her involvement in privacy issues, but feels that her cause—and her chance to encourage a privacy-literate population—is worth the worry. As librarians, she said in summation, we have the ability to “make privacy protection tools ubiquitous and mainstream.”