Working at an urban public library, I see effects of the digital divide everyday. The internet is a revolution. Most citizens are caught in the upheaval but don’t have the tools to be in control of their own destinies. When people don’t have the knowledge to protect their privacy online, or don’t understand why they should, they get badly burned: harassment, spam, identity theft. In midst of these changes, libraries have stuck to their belief that patrons have a right to privacy. The American Library Association (ALA) Code of Ethics (ALA, 2008) asserts, “we protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted." The ALA Office of Intellectual Freedom just released the Privacy Tool Kit to help with privacy advocacy and programming (ALA, 2014), and Choose Privacy Week, an annual initiative to promote privacy rights, is in its fourth year. I am proud to share these professional values and most other librarians are too (Zimmer, 2014), but there is often a disconnect between ideals and practice. Traditionally, libraries are very good at protecting patron information collected to get a library card. As we have transitioned to online services and heavy use of mobile devices, it seems our collective commitment to privacy was lost in the upheaval of the "Internet of Things," the same as my low tech patrons’ personal privacy was lost with or without their conscious knowledge. Can libraries recommit to privacy and empower their patrons in the process?
It is useful to consider privacy in three different modes: First, your rights and responsibilities regarding your data. The aforementioned negative consequences of low--how shall we say--internet hygiene relates to this first mode. The second mode is the government’s rights and responsibilities regarding your data. At the crux of this is the balance between individual rights and public good--a very old problem but a problem now looming large in political debate because of the “war on terror” and revelations about the extent of government surveillance. Though it varies between municipalities, it is because libraries are government entities that we have done such a good job protecting patron information at the source. Ironically, it is easier for private entities to violate your privacy than the government (Ramos & Hobeck, 2013). Which brings us to the third mode: private parties’, including third parties’, rights and responsibilities regarding your data. Some examples of private parties are Amazon, Google, the pet store, etc. A third party might be a marketing firm the pet store sells its customers’ information to. A vendor or service provided by a library is also a third party. This third mode concerns the monetization of the Internet of Things--the primary commodity of which is information about yourself. I am not sure to what extent the general public understands this is the financial model at the core of free online services. Libraries have dropped the ball in regard to this third mode. Though libraries are in no way singular in this, I want to examine some instances specific to libraries wherein privacy has been pushed to the wayside.
Librarians’ ethical backdoor has always been that patrons can choose not to use these services if they don’t like the terms. ALA's Privacy Tool Kit (2014, pg. 32) recommends libraries “[p]rominently post or articulate to the patron any instance where patron privacy is no longer being maintained by the library system (eg: leaving the library’s website to enter a third party database).” In other words, patrons can choose not to use the library’s most popular digital content. There is an obvious gap here between our ideals and reality. Continuous violations of privacy may have become the profit model of the Internet of Things but that does not mean the communities we serve are happy about it. Mozilla polled their worldwide user base asking what was the most important feature they wanted in an internet browser. The overwhelming majority of users said privacy was their number one concern (Mozilla, 2014). A Pew research report found that 68% of internet users polled believe current laws are not good enough in protecting people’s privacy online, and 86% of internet users polled have taken steps online to remove or mask their digital footprints (Rainie, Kiesler, Kang, & Madden, 2013). The notion that young people care little about privacy is a popular fallacy. Though marginally more willing than older generations to directly trade personal information for services, one study showed 70% of Millennials agreed that “no one should ever be allowed to have access to my personal data” (University of Southern California Annenberg Center for the Digital Future, 2013). The question is, do patrons (and librarians as citizens) have the knowledge and the tools to take the actions they want regarding their privacy? For now, citizens still have the right to make decisions about what they share on the user end. If libraries’ goal is civic engagement and the privacy of its users, libraries should integrate best practices for privacy and data security into all our technology instruction. Here are some positive steps in that direction:
1) offer best password practice/password management tutorials
2) offer privacy setting tutorials for all popular social media
3) encourage the use of internet browser plug-ins which reveal or block online tracking; e.g., Lightbeam, Ghostery, and Privacy Badger
4) explain the concept of encryption and teach the use of PGP/GPG for email
5) demystify the Tor Browser and other Tor software that can provide true anonymity on the internet
6) participate in Choose Privacy Week to get the conversation going in your community
7) encourage the use of free/libre/open source software whose workings users can see and change
Adams, A. (2014, May). 323.4483: Online Privacy and TOR. Presentation at the meeting of the Tennessee Library Association, Murfreesboro, TN. Retrieved from http://www.amberadams.co/privacy-talk/#/
American Library Association. (2008). Code of ethics of the American Library Association. Chicago: Author. Retrieved from http://www.ala.org/advocacy/proethics/codeofethics/codeethics
American Library Association Office for Intellectual Freedom & Intellectual Freedom committee. (2014). Privacy tool kit. Chicago: Author. Retrieved from http://www.ala.org/advocacy/privacyconfidentiality/toolkitsprivacy/privacy
Clark, M. (2013). The new political prisoners: Leakers, hackers and activists. Rolling Stone. Retrieved from http://www.rollingstone.com/politics/lists/the-new-political-prisoners-leakers-hackers-and-activists-20130301/andrew-auernheimer-19691231
Goodin, D. (2013). Adobe source code and customer data stolen in sustained network hack. Ars Technica. Retrieved from http://arstechnica.com/security/2013/10/adobe-source-code-and-customer-data-stolen-in-sustained-network-hack/
Intelligent Channel. (2013, January 3). Books and freedom - Richard Stallman on readers and technology. Retrieved from https://www.youtube.com/watch?v=6r6b0L412y0
Maji, T. (2010). A content analysis of library vendor privacy policies: Do they meet our standards? College & Research Libraries, 71, 254-272.
Mozilla. (2014). The Web we want. Retrieved from https://webwewant.mozilla.org/en/
Packer, G. (2014). Amazon is good for customers. But is it good for books? The New Yorker. Retrieved from http://www.newyorker.com/reporting/2014/02/17/140217fa_fact_packer?currentPage=all
Radical Reference. (2014). We are all suspects: A guide for people navigating the expanded powers of surveillance in the 21st century. Retrieved from http://radicalreference.info/content/we-are-all-suspects-guide-people-navigating-expanded-powers-surveillance-21st-century
Rainie, L., Kiesler, S., Kang, R., & Madden, M. (2013). Anonymity, privacy, and security online. Retrieved from http://www.pewinternet.org/2013/09/05/anonymity-privacy-and-security-online/
Ramos, J. (Producer), & Hobeck, C. (Director). (2013). Terms and conditions may apply [Motion picture]. United States: Hyrax Films.
University of Southern California Annenberg Center for the Digital Future. (2013). [Infographic comparing “Millennials” versus persons aged thirty-five years or older and their attitudes towards privacy]. Is online privacy over? Findings from the USC Annenberg Center for the Digital Future show Millennials embrace a new online reality. Retrieved from http://annenberg.usc.edu/News%20and%20Events/News/~/media/news/big/Millennials_Graphic.ashx
Zimmer, M. (2014). Librarians' attitudes regarding information and internet privacy. Library Quarterly, 84(2), 123-151. http://dx.doi.org/10.1086/675329
Bryan Neil Jones is a librarian at Nashville Public Library and Co-Chair of TLA's Intellectual Freedom Committee. He can be reached at firstname.lastname@example.org.