Print Page   |   Contact Us   |   Report Abuse   |   Sign In   |   Register
TL v64n2: Intellectual Freedom
Share |
 

Viewpoint: Intellectual Freedom

by

 


Some Thoughts About Libraries and Privacy

Working at an urban public library, I see effects of the digital divide everyday. The internet is a revolution. Most citizens are caught in the upheaval but don’t have the tools to be in control of their own destinies. When people don’t have the knowledge to protect their privacy online, or don’t understand why they should, they get badly burned: harassment, spam, identity theft. In midst of these changes, libraries have stuck to their belief that patrons have a right to privacy. The American Library Association (ALA) Code of Ethics (ALA, 2008) asserts, “we protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted." The ALA Office of Intellectual Freedom just released the Privacy Tool Kit to help with privacy advocacy and programming (ALA, 2014), and Choose Privacy Week, an annual initiative to promote privacy rights, is in its fourth year. I am proud to share these professional values and most other librarians are too (Zimmer, 2014), but there is often a disconnect between ideals and practice. Traditionally, libraries are very good at protecting patron information collected to get a library card. As we have transitioned to online services and heavy use of mobile devices, it seems our collective commitment to privacy was lost in the upheaval of the "Internet of Things," the same as my low tech patrons’ personal privacy was lost with or without their conscious knowledge. Can libraries recommit to privacy and empower their patrons in the process?

It is useful to consider privacy in three different modes: First, your rights and responsibilities regarding your data. The aforementioned negative consequences of low--how shall we say--internet hygiene relates to this first mode. The second mode is the government’s rights and responsibilities regarding your data. At the crux of this is the balance between individual rights and public good--a very old problem but a problem now looming large in political debate because of the “war on terror” and revelations about the extent of government surveillance. Though it varies between municipalities, it is because libraries are government entities that we have done such a good job protecting patron information at the source. Ironically, it is easier for private entities to violate your privacy than the government (Ramos & Hobeck, 2013). Which brings us to the third mode: private parties’, including third parties’, rights and responsibilities regarding your data. Some examples of private parties are Amazon, Google, the pet store, etc. A third party might be a marketing firm the pet store sells its customers’ information to. A vendor or service provided by a library is also a third party. This third mode concerns the monetization of the Internet of Things--the primary commodity of which is information about yourself. I am not sure to what extent the general public understands this is the financial model at the core of free online services. Libraries have dropped the ball in regard to this third mode. Though libraries are in no way singular in this, I want to examine some instances specific to libraries wherein privacy has been pushed to the wayside.

Trina Maji (2010) has demonstrated that in academic libraries, lip service is paid to privacy of users but vendors' privacy policies often operate under a different set of parameters. Is the situation any different when we deliver popular content in public libraries? Public libraries have adopted Adobe Content Server as the technical means with which to deliver ebooks. This requires an Adobe ID. Adobe’s internal security is lax enough that they suffered a massive data breach compromising 2.9 million customer IDs and passwords (Goodin, 2014). I thought this was the most under-reported library story of 2013. For a number of years, the only way library patrons could get popular titles was through Adobe’s proprietary digital rights management (DRM) scheme. This third party could in no way guarantee the same privacy and data security to patrons that we do in house, but patrons were forced to utilize the service. This is to say nothing of Adobe’s own privacy policy, which I won’t touch on here; however, I will examine the privacy policies of a number of popular library apps later.

Library patrons were granted an alternative when Overdrive brokered a deal to lend ebooks in Amazon’s proprietary Kindle format. Amazon’s business model is diametrically opposed to librarianship’s professed professional values. Amazon keeps track of everything you read and mines as much demographic information about you as possible, solely with the intent to sell you things besides books (Packer, 2014). It has been said that a master list of every book ever read by every person is a human rights disaster (Intelligent Channel, 2013). Isn’t this what Amazon is doing by default? Library patrons have two choices if they want ebooks from the library: 1) use a third party with a known history of data leaks; 2) use a third party that knowingly does not respect their privacy. Remember we didn’t take a close look at Adobe’s privacy policy, and if Amazon did have a data breach would it be in their benefit to report it? There are no criminal penalties for lax data security though there are criminal penalties for exposing such insecurities (Clark, 2013).

Granting Adobe a pass, let’s examine the privacy policies of a few popular library applications: Overdrive, Zinio, and Freegal. Overdrive offers ebooks, digital audiobooks, and digital movies for loan. They offer a desktop media player and mobile apps for iOS and Android. Their privacy policy states they collect all, “but not limited to,” the following: your name, email address, birthday, gender, geographic location, your “online activity,” content selections, reviews, ratings, library card number, Adobe ID, device types, device identifiers, and operating systems (Overdrive, 2014). The Overdrive Android app now prompts users to create an account with an email address. This is not required but that is not stated. The library won’t give Overdrive a patron’s email address but Overdrive may trick them into divulging it themselves. Overdrive’s Android app also grants access to your phone number, specific device IDs, and remote numbers connected by a call.

Zinio is a commercial digital magazine subscription service that has partnered with Recorded Books to offer digital magazines to libraries. Zinio magazines can be accessed via web browser or custom apps for iOS, Android, and Windows 8. To use the service you have to create a Zinio account separate from your library account. By creating an account you agree to their privacy policy which states they collect your name, address, email address, any other personally identifiable information that you volunteer, your IP address, the name and ID of your computer or mobile device, and location information derived from IP address and GPS. Zinio also collects all ways you use the app including “tracking information,” and “information about you from other sources,” which will be added to your account and treated “in accordance with this Policy,” including contact information, demographic, and purchase information (Zinio, 2012). Needless to say, they share this info with publishers, “other merchants,” “other companies and individuals” as needed to perform Zinio’s service, and “trusted third parties,” though this last possibility is supposedly only done with the user’s consent. Zinio’s Android app grants access to accounts known by the phone including accounts created by apps you have installed.

Freegal is a streaming and downloadable music service provided by Library Ideas, LLC. If Freegal has a privacy policy publicly available without having to ask, I couldn’t find it. The Freegal Android app grants permission to your phone number, remote numbers connected by a call, device ID, your approximate and precise location, and information about currently running apps.

Librarians’ ethical backdoor has always been that patrons can choose not to use these services if they don’t like the terms. ALA's Privacy Tool Kit (2014, pg. 32) recommends libraries “[p]rominently post or articulate to the patron any instance where patron privacy is no longer being maintained by the library system (eg: leaving the library’s website to enter a third party database).” In other words, patrons can choose not to use the library’s most popular digital content. There is an obvious gap here between our ideals and reality. Continuous violations of privacy may have become the profit model of the Internet of Things but that does not mean the communities we serve are happy about it. Mozilla polled their worldwide user base asking what was the most important feature they wanted in an internet browser. The overwhelming majority of users said privacy was their number one concern (Mozilla, 2014). A Pew research report found that 68% of internet users polled believe current laws are not good enough in protecting people’s privacy online, and 86% of internet users polled have taken steps online to remove or mask their digital footprints (Rainie, Kiesler, Kang, & Madden, 2013). The notion that young people care little about privacy is a popular fallacy. Though marginally more willing than older generations to directly trade personal information for services, one study showed 70% of Millennials agreed that “no one should ever be allowed to have access to my personal data” (University of Southern California Annenberg Center for the Digital Future, 2013). The question is, do patrons (and librarians as citizens) have the knowledge and the tools to take the actions they want regarding their privacy? For now, citizens still have the right to make decisions about what they share on the user end. If libraries’ goal is civic engagement and the privacy of its users,  libraries should integrate best practices for privacy and data security into all our technology instruction. Here are some positive steps in that direction:

1) offer best password practice/password management tutorials
2) offer privacy setting tutorials for all popular social media
3) encourage the use of internet browser plug-ins which reveal or block online tracking; e.g., Lightbeam, Ghostery, and Privacy Badger
4) explain the concept of encryption and teach the use of PGP/GPG for email
5) demystify the Tor Browser and other Tor software that can provide true anonymity on the internet
6) participate in Choose Privacy Week to get the conversation going in your community
7) encourage the use of free/libre/open source software whose workings users can see and change

Two resources for getting started with all the above are Amber Adam’s talk at this year’s Tennessee Library Association conference, "323.4483: Online Privacy and TOR" (http://www.amberadams.co/privacy-talk/#/), and Radical Reference's handy zine We Are All Suspects: A Guide for People Navigating the Expanded Powers of Surveillance in the 21st Century (http://radicalreference.info/content/we-are-all-suspects-guide-people-navigating-expanded-powers-surveillance-21st-century). Will everyone need to use all these tools? No, but knowing they exist and how to use them empowers everyone to make better choices and is more consistent with libraries supposed commitment to privacy. Has the world gone one way and libraries gone another? The world has gone one way. Pornography is ubiquitous but that is the one type of material we are more than happy to censor.

References

Adams, A. (2014, May). 323.4483: Online Privacy and TOR. Presentation at the meeting of the Tennessee Library Association, Murfreesboro, TN. Retrieved from http://www.amberadams.co/privacy-talk/#/

American Library Association. (2008). Code of ethics of the American Library Association. Chicago: Author. Retrieved from http://www.ala.org/advocacy/proethics/codeofethics/codeethics

American Library Association Office for Intellectual Freedom & Intellectual Freedom committee. (2014). Privacy tool kit. Chicago: Author. Retrieved from http://www.ala.org/advocacy/privacyconfidentiality/toolkitsprivacy/privacy

Clark, M. (2013). The new political prisoners: Leakers, hackers and activists. Rolling Stone. Retrieved from http://www.rollingstone.com/politics/lists/the-new-political-prisoners-leakers-hackers-and-activists-20130301/andrew-auernheimer-19691231

Goodin, D. (2013). Adobe source code and customer data stolen in sustained network hack. Ars Technica. Retrieved from http://arstechnica.com/security/2013/10/adobe-source-code-and-customer-data-stolen-in-sustained-network-hack/

Intelligent Channel. (2013, January 3). Books and freedom - Richard Stallman on readers and technology. Retrieved from https://www.youtube.com/watch?v=6r6b0L412y0

Maji, T. (2010). A content analysis of library vendor privacy policies: Do they meet our standards? College & Research Libraries, 71, 254-272.

Mozilla. (2014). The Web we want. Retrieved from https://webwewant.mozilla.org/en/

OverDrive. (2014). OverDrive account privacy policy. Retrieved from https://www.overdrive.com/fine-print/account-privacy-policy

Packer, G. (2014). Amazon is good for customers. But is it good for books? The New Yorker. Retrieved from http://www.newyorker.com/reporting/2014/02/17/140217fa_fact_packer?currentPage=all

Radical Reference. (2014). We are all suspects: A guide for people navigating the expanded powers of surveillance in the 21st century. Retrieved from http://radicalreference.info/content/we-are-all-suspects-guide-people-navigating-expanded-powers-surveillance-21st-century

Rainie, L., Kiesler, S., Kang, R., & Madden, M. (2013). Anonymity, privacy, and security online. Retrieved from http://www.pewinternet.org/2013/09/05/anonymity-privacy-and-security-online/

Ramos, J. (Producer), & Hobeck, C. (Director). (2013). Terms and conditions may apply [Motion picture]. United States: Hyrax Films.

University of Southern California Annenberg Center for the Digital Future. (2013). [Infographic comparing “Millennials” versus persons aged thirty-five years or older and their attitudes towards privacy]. Is online privacy over? Findings from the USC Annenberg Center for the Digital Future show Millennials embrace a new online reality. Retrieved from http://annenberg.usc.edu/News%20and%20Events/News/~/media/news/big/Millennials_Graphic.ashx

Zimmer, M. (2014). Librarians' attitudes regarding information and internet privacy. Library Quarterly, 84(2), 123-151. http://dx.doi.org/10.1086/675329

Zinio. (2012). Privacy policy. Retrieved from http://www.zinio.com/www/legal/terms.jsp#policy

 

Bryan Neil Jones is a librarian at Nashville Public Library and Co-Chair of TLA's Intellectual Freedom Committee. He can be reached at librarianbryan@gmail.com.

 
 
creative commons attribution no commercial

 

 

 


Membership Software Powered by YourMembership.com®  ::  Legal