ruminating about privacy

I was emailing with a friend this week and he was saying how it seems strange that librarans are so aggressive in their defense of privacy while at the same time the population seems to be more and more shifting towards openness and “hey here’s my list of books” behavior outside of their library. I always draw the line between what people reveal about themselves versus what their institutions reveal, or must legally disclose, about them.

I also often feel that one of the reasons we’re in this strange place is because many privacy issues are ones that technology could be solving for us. Yet, at the same time the technology we’re working with doesn’t allow us the granularity of making, for example, patron reading information available in the aggregate while still keeping the patron’s identity completely private. We have many patrons

Patron 1 wants to make sure no one ever knows what they are reading. Tells the OPAC to not keep his reading list. Knows his PIN. Wants to make sure the public access PCs don’t retain records of the sites he’s visited. Is a bit horrified that the library data we do keep isn’t in some way encrypted or otherwise protected.
Patron 2 wants to know every book she has ever checked out. Wants the library to leave the name of the book she has on hold on her answering machine. Wants her friend to be able to pick the book up for her at the library. Doesn’t remember her PIN and finds it vaguely annoying that she needs more than her library card number to use the OPAC.

A privacy solution that works for Patron 1 becomes a usability impediment to Patron 2. While libraries have the responsibility to keep both patrons’ data safe, they also have the responsibility to be usable and accomodating to both patrons. Technology, in my opinion, can address these issues but librarians have to a) embrace it b) request it from their vendors c) be willing to tolerate the learning curve that comes with any new technology.

I’m off to the tiny library today to help them with their slow automation project. In the meantime, these are the articles I have been reading about privacy lately. They’re about the information the mailman has, not the librarian, but it could apply to any of us at our job as well. The blog post is about an NPR story following a mail carrier on her route. She talks about what she knows about the world and the economy based on what people are getting delivered. She is supposed to keep people’s mail private, and she never mentions any names. Yet, there’s a lot of metadata in mail delivery, things the mailman knows. The blog’s author wonders how simple it would be to identify the people getting mail delivered from the information the mail carrier imparts. Feel free to read the rest.

protecting privacy in libraries

Judah Hamer, the current president of the Vermont Library Association, wrote a good opinion piece in the Burlington Free Press responding to a parent’s editorial concerned about Vermont’s new patron privacy laws. I think it’s always a good idea that official-type library people spend the time to outline just why we feel privacy is important and speaking up in order to dispell rumors that spread about what did and did not happen in a given library dispute.

thinky paper about facebook and privacy and the law

My friend James Grimmelman, New York Law School professor, has published a paper about Facebook and Privacy which is my Labor Day reading. In it he asserts that while Facebook is partially culpable for having bad privacy policies and practices, a more nefarious side-effect of the Facebook universe is that the model encourages people to violate each other’s privacy. When you share information about yourself, you wind up sharing information about others who may have different approaches to personal privacy than you do. If you’re interested in understanding more about the Facebook mechanisms from someone who both uses and studies it, I suggest giving this article a read.

You think you’re my friend; I disagree. We may be able to work together in real life without needing to confront the basic fact that you like me but not vice versa. But if you Facebook-add me and say “We dated,” what am I supposed to do? Uncheck that box and check “I don’t even know this person?” Divergences are made manifest, sometimes to mutual chagrin.

Facebook’s reputation on privacy matters is terrible. When people use “Facebook” and “privacy” in the same sentence, the word in between is never “protects.” Facebook’s privacy missteps haven’t just drawn the attention of bloggers, journalists, scholars, watchdog groups, and regulators, they’ve also sparked mass outrage among Facebook users. An anti-Beacon group attracted over 70,000 members. and an anti-News Feed group over 700,000. Facebook’s pattern—launch a problematic feature, offer a ham-handed response to initial complaints, and ultimately make a partial retreat—hasn’t given it much privacy credibility. In short, consumers don’t, can’t, couldn’t, and shouldn’t rely on Facebook’s privacy policy to protect their personal information as they use it.

If you read all the way down to page 40 or so, you’ll get some analysis of legal attempts at social networking site use restrictions including DOPA which many librarians should be familiar with.

FBI takes library computers without a warrant

That’s what it looks like to me from reading this news article. Even though I’m not thrilled about that, I don’t see anything in the library’s policies that woud prevent this from happening. Does your library have a privacy policy? Some more discussion on Slashdot.

Library computer seizure makes the bigtime

The incident with the library computers being taken by law enforcement that I mentioned a few weeks back has now made a splash in the big media. Girl’s case had library, cops in privacy standoff. It’s interesting to see how the headline of the same AP article changes depending on who is using it. In another place it’s titled Library confrontation points up privacy dilemma or Kimball Library required warrant to view Brooke Bennett’s record’s

a difficult time, a difficult task

I work occasionally as a fill-in librarian at a local public library that serves a community of about 5,000 people. This is the community I am moving to next month, up the road from where I live now, and while technically it puts me out of the “rural” designation, it’s still pretty rural. Last week and the week before there was a horrible tragedy that rocked the whole community. Short form: a local girl Brooke Bennett, went missing and her body was discovered a few days ago. The most likely suspect at this point is an uncle who is on the state sex offender list.

First off let me say that I’m quoting from news stories only. Our official staff position is “no comment” and I’m sticking to that. Here is why this is a library issue.

  • The initial reports, when the girl was simply missing, was that she had met a sexual predator online via her MySpace page. That garnered the predictable media outcry as well as some very good stories about safety online.
  • It also resulted in law enforcement coming to the library to take the public PCs. You can read the library director’s statements about this in this article in the Burlington Free Press. The librarians waited for a court order, and gave the computers to the police once they received one. The computers have since been returned. The library had an internet policy in place to guide their actions in this situation.
  • As more details emerged it became clear that the MySpace angle was not just untrue, it was the opposite of what people had thought. The person who abducted Brooke had actually logged in to her MySpace page to try to create a fake scenario where she was meeting a “predator” when in reality she was meeting him. IP addresses from these interactions were given to law enforcement by MySpace and were, as near as I can tell, instrumental in helping them determine the sequence of events of this crime and narrow down the suspect list considerably. The older articles still reflect the “internet predator” angle when, like most abductions, the criminal was someone from the victim’s own family.
  • And as far as data goes, danah boyd has a very good article about MySpace when DOPA was more on the table in 2006. One of her useful facts “Statistically speaking, kids are more at risk at a church picnic or a boy scout outing than they are when they go on MySpace. Less than .01% of all youth abductions nationwide are stranger abductions and as far as we know, no stranger abduction has occurred because of social network services.”
  • The accused man is being charged, as of this writing, with kidnaping. This is because kidnaping at a federal level carries a possible death penalty sentence and is, I assume, a bargaining chip. The law regarding this is one that I wasn’t totally aware of “the 2006 Adam Walsh law — named for another abducted child — allowed federal prosecution of such crimes when they are facilitated by the Internet.” Worth knowing for any of us who provide Internet access to the public, I think.
  • The library has set up a book display dealing with this very difficult topic — books on MySpace, the death of a child, dealing with grief — and encouraging conversations.

So, this is all incredibly upsetting and destabilizing to the community here. While I hope that you never have to deal with something like this at your library, there may be some instructive or useful pieces of information here that I felt might be worthwhile to pass on.

the thing about privacy

Now that I’ve gotten back from ALA and gotten some sleep, I’ve been ruminating over privacy topics some more. The panel went well. I also read Cory Doctorow’s book Little Brother on the way home — they were giving away copies at the panel — and enjoyed it quite a lot. It’s a YA just-barely-dystopian book about a terrorist-seeming event and the Bay Area lockdown that follows and how a group of tech savvy teens respond, and how others respond. It’s a good book.

During the panel, we were talking about things you’d want to keep private that you don’t necessarily need to keep secret. Sex and bathroom activities were two obvious examples. This then led to a discussion, more like hitting on a few points, about library records and how there is a difference between trashing them — so you can legitimately say “we don’t have any records to show you” — and obscuring them, say through encryption, so that the records are available to, say, patrons and yet not to librarians or, it follows, to law enforcement. I found this idea intriguing. Now that we’ve done a decent job making the point that patron library data is data that we protect, maybe we can make that protection more sophisticated so we don’t have to protect it by completely eradicating it. Maybe.

Anyhow, I got grabbed outside of the panel by Library Journal and I talked a little bit about this.

Also can I just say that Library Journal’s coverage of ALA was really engaging and worth reading this year? I haven’t been following ALA conferences in a while but I was surprised how much I enjoyed reading about this one in addition to attending it.

Privacy Revolution – not quite live-blogging

I enjoyed the panel presentation. Jenny Levine and Kate Sheehan were both there blogging along with me. It was fun to keep an eye on twitter/chat/email and still pay enough attention to manage to ask a few questions and just learn things. Here is a slightly edited version of what I was writing during the event. My apologies of the lateness of this post. As I was heading home my own local library where I am a sometimes employee was dealing with their own privacy and law enforcement issue. Tough stuff. Click through for details, didn’t want to put this all on the front page. (more…)

Blogging the ALA Privacy Panel

I was invited to be a blogger for the Privacy: Is it Time for a Revolution? panel happening this Sunday from 1:30-3:00 in room 201D at the convention center. Speakers will be Cory Doctorow, Dan Roth from Wired, and Beth Givens, the director of the Privacy Rights Clearinghouse. This is supposed to be a “debate” but I really sort of think it’s mostly going to be a discussion of the erosion of the idea of privacy and what librarians are or should be doing about it. I’m looking forward to hearing it all three of these speakers have years (decades?) of experience and sharp minds. Cory I know is an engaging and at times provocative speaker.

I’m assuming they got some grant money for this, because I got a very slick looking concept paper about the idea with a lot of good backgrounder information (email me if you’d like me to send you a copy) and they ponied up money for a domain: PrivacyRevolution.org. Unfortunately, the domain has been parked at GoDaddy until pretty much today, so my blogging about it is going to be minimal since I’m getting on a plane in 12 hours and will have minimal net access until sometime Friday. There is a survey there that I encourage you to take.

You can also follow their twitter stream and they will be following the Librarian Society of the World Meebo chatroom. I’ve offered to pose some questions to the panelists from people who can’t be there [i.e. you, dear readers] though I’m a little worried this is late in the game for anyone heading to ALA. In any case, if there is a privacy-and-librarians topic that you are dying to ask a question about to these panelists, please put it in the comments here and I’ll be happy to do my best. Jenny Levine is the other guest blogger so stay tuned here and there for more information about this as it comes in.

VLA and VSLA pass library confidentiality bill

This is big news. The Vermont Library Association and the Vermont School Library Association have succeeded in passing “An Act Related to the Confidentiality of Library Patron Records” which tightens up some loose areas in Vermont’s current patron confidentiality laws. The governor signed the bill on Tuesday, just in time for the Vermont Library Conference.

You can read more about the process of getting the bill drafted and passed by looking at the Intellectual Freedom section of the Vermont Library Association website. Minor point of pride: I designed the VLA website, enabling just this sort of information sharing and updates and it makes me happy to see it being used to announce such good news.