If you have ever wanted to use the wifi at a coffee shop or library, you have probably had to click through a screen to do it. This screen might have shown you the network’s Terms of Service and prompted you to click an “I agree” button. These kinds of screens are called captive portals, and they interfere with wireless security without providing many user benefits. Captive portals are to blame for a number of security issues, especially when it comes to HTTPS websites. HTTPS is meant to prevent traffic interception, alteration, and impersonation by a third party. But captive portals work by doing exactly that: they intercept and alter the connection between the user and the site they are trying to visit. On an unencrypted HTTP connection, the user would not even notice this. But for sites secured with HTTPS, the web browser detects something or someone hijacking the connection (similar to a man-in-the-middle attack). This causes “untrusted connection” warnings about fake certificates for websites that users otherwise expect to be safe. Those copious unexplained “untrusted connection” warnings on a network with captive portals—essentially false-positive warnings about websites that are actually safe—can train users to adopt the dangerous habit of ignoring security warnings.

How Captive Portals Interfere With Wireless Security and Privacy | Electronic Frontier Foundation

Privacy Policies and Practices with Cloud-Based Services in Public Libraries: An Exploratory Case of BiblioCommons

Kritikos, K. C., & Zimmer, M. (2017). Privacy Policies and Practices with Cloud-Based Services in Public Libraries: An Exploratory Case of BiblioCommons. Journal of Intellectual Freedom and Privacy, 2(1), 23-37.

PDF 

Abstract

Public libraries are increasingly turning to cloud-based and Library 2.0 solutions to provide patrons more user-focused, interactive, and social platforms from which to explore and use library resources.  These platforms – such as BiblioCommons – often rely on the collection and aggregation of patron data, and have the potential to disrupt longstanding ethical norms within librarianship dedicated to protecting patron privacy.  This article reports on the results of a pilot research study investigating how libraries are implementing third-party cloud computing services, how these implementations might impact patron privacy, and how libraries are responding to these concerns.  The results of this research provide insights to guide the development of a set of best practices for future implementations of cloud-based Library 2.0 platforms in public library settings.

Protecting Patron Privacy: A LITA Guide.

Newman, B., & Tijerina, B. (eds) (2017)  Protecting Patron Privacy: A LITA Guide.  Rowman & Littlefield

Making the case for privacy in libraries after an atrocity

“ There is never a harder time to argue in defence of civil liberties than in the aftermath of a horrific and deadly terrorist attack. It’s easy to argue for universal rights during periods of relative stability, after all, what harm could possibly come to pass? But during times of bloodshed, of anger and of disgust, it’s somewhat harder to step back and make the case for civil liberties, even when that case appears to suggest a lack of will to tackle the cause of the bloodshed. But it is important that we do so, because we can be sure that those that are the enemies of liberty and freedom will be seizing the opportunity (whilst simultaneously failing to see who they share that cause with). “

Blog post by Ian Clark

How much is your privacy worth to you? Would you trade some of it for 20 cents off a gallon of gas at the market? Most people would say, “Absolutely not!” Privacy is a right that needs to be protected. I feel very strongly about protecting individual privacy, both personally and as a librarian — then I look down at the store loyalty cards hanging from my keychain and realize that I have compromised for the sake of convenience, too.

Libraries strive to protect your privacy

Privacy of patrons in libraries is a major component of intellectual freedom. This is especially true of students who use school libraries. Students should be afforded the same level of patron privacy in a school library as they would receive in a public library. This statement from the Library Privacy Guidelines for students should be the foundation of a school library student privacy policy: Safeguarding user privacy requires that staff keep all in-library use and reference questions confidential and assure that there is no monitoring by staff or peers of what students are reading, viewing, or researching while in the library. If there must be security cameras in a school library, they should be placed so they do not monitor the circulation desk so that student use of materials can be kept confidential. Additionally, if cameras are placed to view computers, they should not be placed in a way that the screens of monitors can be viewed. Most importantly, there should be clear policies that safeguard student privacy and specifically outline cameras and their usage in the school library setting.

Surveillance in the School Library - Intellectual Freedom Blog

Questions about how Google might use data gleaned from students’ online activities have dogged the company for years. “Unless we know what is collected, why it is collected, how it is used and a review of it is possible, we can never understand with certainty how this information could be used to help or hurt a kid,” said Bill Fitzgerald of Common Sense Media, a children’s advocacy group, who vets the security and privacy of classroom apps. Google declined to provide a breakdown of the exact details the company collects from student use of its services. Bram Bout, director of Google’s education unit, pointed to a Google privacy notice listing the categories of information that the company’s education services collect, like location data and “details of how a user used our service.”

How Google Took Over the Classroom - The New York Times

Now that our privacy is worth something, every side of it is being monetized. We can either trade it for cheap services or shell out cash to protect it. It is increasingly seen not as a right but as a luxury good. When Congress recently voted to allow internet service providers to sell user data without users’ explicit consent, talk emerged of premium products that people could pay for to protect their browsing habits from sale. And if they couldn’t afford it? As one congressman told a concerned constituent, “Nobody’s got to use the internet.” Practically, though, everybody’s got to.

How Privacy Became a Commodity for the Rich and Powerful - The New York Times

Increasingly, though, the library is the place where people trust—and use—not just the librarian at the help desk, but also the search engine, online catalogs, digital archives, and electronic databases. So when patrons come into the library to find out about a sexually transmitted disease, for example, they will likely find themselves interacting with the online library—a messy mixture of library-specific digital tools and broader Internet resources that create all sorts of privacy risks for patrons.

Taking the Fight for Digital Rights to Our Libraries

This means that cameras, software and algorithms aren’t neutral, as they specifically target and observe marginalized groups such as the African-American and Latino population of the United States. They were programmed by people who were, either consciously or subconsciously, biased towards people of a different skin colour, minorities or marginalised groups. The time has come to defend ourselves: Mitchell recommends the community network WeCopWatch as a tool for monitoring police abuse of power, as well as racial profiling.

Privacy, Poverty and Big Data: A Matrix of Vulnerabilities for Poor Americans

Madden, M., Gilman, M. E., Levy, K. E., & Marwick, A. E. (2017). Privacy, Poverty and Big Data: A Matrix of Vulnerabilities for Poor Americans.

PDF

This Article reports on original empirical findings from a large, nationally-representative telephone survey with an oversample of low-income American adults and highlights how these patterns make particular groups of low-status internet users uniquely vulnerable to various forms of surveillance and networked privacy-related problems. In particular, a greater reliance on mobile connectivity, combined with lower usage of privacy-enhancing strategies may contribute to various privacy and security-related harms. The article then discusses three scenarios in which big data – including data gathered from social media inputs – is being aggregated to make predictions about individual behavior: employment screening, access to higher education, and predictive policing. Analysis of the legal frameworks surrounding these case studies reveals a lack of legal protections to counter digital discrimination against low-income people.

Privacy Literacy at Your Library

A webinar about the Virtual Privacy Lab, a privacy literacy resource available to all, which helps library patrons feel safe and confident online.

If you create an account and log in you can watch the recording and access the materials. 

Recording and materials 

A School Librarian Caught In The Middle of Student Privacy Extremes

...asking hard, fundamental questions. “We can use technology to do this, but should we? Is it giving us the same results as something non-technological?” Angela asked. “We need to see the big picture. How do we take advantage of these tools while keeping information private and being aware of what we might be giving away?”

School librarians are uniquely positioned to navigate this middle ground and advocate for privacy, both within the school library itself and in larger school- or district-wide conversations about technology. Often, school librarians are the only staff members trained as educators, privacy specialists, and technologists, bringing not only the skills but a professional mandate to lead their communities in digital privacy and intellectual freedom. On top of that, librarians have trusted relationships across the student privacy stakeholder chain, from working directly with students to training teachers to negotiating with technology vendors.

Read More

How to enable/disable privacy protection in Google Analytics (it's easy to get wrong!)

If you care about library privacy but can't do without Google Analytics, read on!

Patrons of Erie County's public libraries have new tools at their disposal to better track their reading habits and manage their accounts.  But anyone who attempted to access some of the new features for the first time throughout January - such as saved title lists, saved searches, and borrowing histories - received the following message: "The feature you have selected is associated with personal data in your patron account. Such data may be accessed by law enforcement personnel without your consent. Do you wish to continue?" That message has since been amended for clarity. Mary Rennie, executive director of the Erie County Public Library, said law enforcement officials need a warrant to access the data, and that the library rarely gets requests for such records.

In digital age, privacy remains a priority for Erie County libraries

Library Privacy Checklists

This set of seven checklists is intended to help libraries of all capacities take practical steps to implement the principles that are laid out in the ALA Library Privacy Guidelines. Each checklist is organized into three priority groups. Priority 1 are actions that hopefully all libraries can take to improve privacy practices. Priority 2 and Priority 3 actions may be more difficult for libraries to implement depending on their technical expertise, available resources, and organizational structure.

These checklists were created by a group of volunteers from the LITA Patron Privacy Interest Group and the ALA Intellectual Freedom Committee's Privacy Subcommittee.

Overview

Data Exchange Between Networked Devices and Services

E-book Lending and Digital Content Vendors

Library Management Systems / Integrated Library Systems

Library Websites, OPACs, and Discovery Services

Public Access Computers and Networks

Students in K-12 Schools

Free ebook download “The future of reputation: Gossip, rumor, and privacy on the Internet.”

Solove, D. J. (2007). The future of reputation: Gossip, rumor, and privacy on the Internet. New Haven: Yale University Press. 

Download