Patron Privacy in a Surveillance State.  Revised.

Adam Chandler
Metadata Working Group
May 1, 2014
ER&L 2014
*
July 5, 1993
ER&L 2014
*
?They are intent on making every conversation and every form of behaviour in the world known to them?  - July 2, 2013
ER&L 2014
Post-Snowden 
reality
*
ER&L 2014
*
ER&L 2014
*
ER&L 2014
*
ER&L 2014
*
Gellman, Barton, and Ashkan Soltani. ?NSA Infiltrates Links to Yahoo, Google Data Centers Worldwide, Snowden Documents Say.? The Washington Post, November 1, 2013, 
ER&L 2014
*
ER&L 2014
*
ER&L 2014
*
ER&L 2014
*
ER&L 2014
*
ER&L 2014
?First half of 2013, American authorities made 12,444 requests of 40,322 accounts. Yahoo handed over content in 37 percent of cases, whereas in 55 percent of the cases, the company handed over only ?non-content data? (NCD).?*

*Basic subscriber information including the information captured at the time of registration such as an alternate e-mail address, name, location, and IP address, login details, billing information, and other transactional information (e.g., ?to,? ?from,? and ?date? fields from e-mail headers).
*
ER&L 2014
321,000 legal orders for user data in 2013.  Of those, over 6,000 were court orders to provide metadata in real time.?

*
ER&L 2014
*
?State and federal agencies made 301,816 separate demands for data from AT&T in 2013.

?Governments asked for location-related data 37,839 times?
ER&L 2014
*
?Sprint Accused of Overcharging US for Spying Assistance.? Network World, March 4, 2014. http://www.networkworld.com/news/2014/030414-sprint-accused-of-overcharging-us-279362.html.
ER&L 2014
?What eludes Mr. Snowden ? along with most of his detractors and supporters ? is that we might be living through a transformation in how capitalism works, with personal data emerging as an alternative payment regime. The benefits to consumers are already obvious; the potential costs to citizens are not. As markets in personal information proliferate, so do the externalities ? with democracy the main victim.?
*
Evgeny Morozov
ER&L 2014
*
ER&L 2014
*
ER&L 2014
*
ER&L 2014
?When the government collects metadata on people, the government puts them under surveillance. When the government collects metadata on the entire country, they put everyone under surveillance. When Google does it, they do the same thing. Metadata equals surveillance; it's that simple.?
*
Bruce Schneier
ER&L 2014
?Surveillance is the business model of the Internet.?
*
Bruce Schneier
ER&L 2014
?With little or no revenue from its users, Google still manages to turn a healthy profit by selling advertisements within its products that rely in substantial part on users? personal identification information ? in this model, the users are the real product.?


- after dismissing a class action lawsuit brought by Google users who claimed the search giant broke the law when it combined the privacy policies of Gmail, YouTube and a variety of other services. 
*
US Magistrate Judge Paul Grewal
ER&L 2014
*
"We have a
 stalker economy." 
ER&L 2014
Um.  Since we work in libraries? what does all this mean for patron privacy?
*
ER&L 2014
Statement on Access to Personally Identifiable Information in Historical Records
Librarians should recognize an obligation to monitor their governments? legislation in regard to confidentiality of data records. In particular, librarians should support the need for privacy laws to protect library users from such abuses as government agencies monitoring their reading and research habits.  - IFLA Governing Board
*
ER&L 2014
ALA Code of Ethics
III. We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.  - American Library Association
*
ER&L 2014
*
ER&L 2014
*
ER&L 2014
*
ER&L 2014
*
ER&L 2014
*
ER&L 2014
David Weinberger, co-director of the Harvard Library Innovation Lab.
"The privacy that libraries traditionally have been preserving is not always valued by their patrons, especially in an age of social networking."
ER&L 2014
Library 2.0
*
ER&L 2014
*
?Librarian 2.0 is the guru of the information age.?
Stephen Abram
ER&L 2014
*
ER&L 2014
*
ER&L 2014
*
ER&L 2014
*
Zimmer, Michael. ?Patron Privacy in the ?2.0? Era: Avoiding the Faustian Bargain of Library 2.0.? Journal of Information Ethics 22, no. 1 (April 1, 2013): 44?59. doi:10.3172/JIE.22.1.44.
7.5%
ER&L 2014
*
Zimmer, Michael. ?Patron Privacy in the ?2.0? Era: Avoiding the Faustian Bargain of Library 2.0.? Journal of Information Ethics 22, no. 1 (April 1, 2013): 44?59. doi:10.3172/JIE.22.1.44.
1.6%
ER&L 2014
Contextual integrity
*
Nissenbaum, Helen Fay. Privacy in Context: Technology, Policy, and the Integrity of Social Life. Stanford, Calif.: Stanford Law Books, 2010.
ER&L 2014
Case study: How are these competing paradigms playing out in Cornell University Library?
*
ER&L 2014
Library systems that collect patron usage data inside Cornell campus
ER&L 2014
*
ER&L 2014
*
ER&L 2014
*
ER&L 2014
*
ER&L 2014
*
ER&L 2014
*
ER&L 2014
*
ER&L 2014
Library systems that collect patron usage data outside Cornell campus
ER&L 2014
*
ER&L 2014
*
ER&L 2014
*
ER&L 2014
*
ER&L 2014
*
ER&L 2014
*
ER&L 2014
*
ER&L 2014
*
4. Postings to Question Point Services 

You acknowledge and agree that OCLC may store all electronic transactions carried out between you and the library on this service and any information provided by you on this web form, as described in the Privacy Statement, for an indefinite period, with this exception: your name and all but the domain of your e-mail address will be deleted after 90 days. As such, OCLC may disclose the data in its possession only as described in the Privacy Statement and if required to do so by law. 

You hereby grant to OCLC the perpetual, nonexclusive, world-wide right to edit, compile, and make searchable by libraries and the public all completed question-and-answer pairs 
ER&L 2014
*
?This study used content analysis to determine the degree to which the privacy policies of 27 major vendors meet standards articulated by the library profession and information technology industry. While most vendors have privacy policies, the policy provisions fall short on many library profession standards and show little support for the library Code of Ethics? (Magi, 2010).
Magi, Trina J. ?A Content Analysis of Library Vendor Privacy Policies: Do They Meet Our Standards?? College & Research Libraries 71, no. 3 (May 1, 2010): 254?272.
ER&L 2014
*
ER&L 2014
*
ER&L 2014
Percentage polled who trust the following organizations ?not at all?
*
?For Privacy, Americans Trust Facebook Less Than The NSA.? BuzzFeed. Accessed October 9, 2013. http://www.buzzfeed.com/charliewarzel/survey-for-privacy-americans-trust-facebook-less-than-the-ns.
ER&L 2014
Is privacy online valued?
*
ER&L 2014
*
"There is a big myth out there that young people don't care about privacy, and that is about as inaccurate as you can get? Just because young people want to participate in a public doesn't mean that they want to be public.?

- Danah Boyd, Microsoft Research
ER&L 2014
*
They try to assert a form of social norms, an online ?Keep out of Room? sign. This is difficult [in services like Facebook] they quickly learn. 
ER&L 2014
*
Social steganography 
("hiding in plain site")
ER&L 2014
*
ER&L 2014
*
ER&L 2014
*
ER&L 2014
86%
*
Rainie, Lee, Sara Kiesler, Ruogu Kang, and Mary Madden. Anonymity, Privacy, and Security Online. Pew Research Center?s Internet & American Life Project, September 5, 2013. http://pewinternet.org/Reports/2013/Anonymity-online.aspx.
ER&L 2014
*
Rainie, Lee, Sara Kiesler, Ruogu Kang, and Mary Madden. Anonymity, Privacy, and Security Online. Pew Research Center?s Internet & American Life Project, September 5, 2013. http://pewinternet.org/Reports/2013/Anonymity-online.aspx.
55%
ER&L 2014
*
Kiss, Jemima. ?Privacy Tools Used by 28% of the Online World, Research Finds.? The Guardian, January 21, 2014, sec. Technology. http://www.theguardian.com/technology/2014/jan/21/privacy-tools-censorship-online-anonymity-tools.
56% say Internet is eroding their personal privacy
ER&L 2014
*
Kiss, Jemima. ?Privacy Tools Used by 28% of the Online World, Research Finds.? The Guardian, January 21, 2014, sec. Technology. http://www.theguardian.com/technology/2014/jan/21/privacy-tools-censorship-online-anonymity-tools.
28% (415 million) use tools to disguise their identity or location
ER&L 2014
*
ER&L 2014
*
ER&L 2014
Recommendations
Conduct a privacy audit, then repeat it at regular intervals
Educate library technologists and marketing staff about patron privacy
Weigh the pros and cons of adding social network features
Use alternative to Google Analytics: http://piwik.org/privacy/
Pressure vendors to implement SSL encryption
Implement SSL for our ezproxy service
Advocate for a log file/usage data anonymization best practice for library eresource vendors (i.e., LIPAA)
Learn then teach data encryption as library service?
Reorient ourselves to privacy by design
ER&L 2014
*
Is patron privacy a value or a service?
ER&L 2014
 *
How many of you know this cartoon?



"On the Internet, nobody knows you're a dog" is an adage which began as the caption of a cartoon by Peter Steiner published by The New Yorker on July 5, 1993.[1][2]


http://en.wikipedia.org/w/index.php?title=On_the_Internet,_nobody_knows_you%27re_a_dog&oldid=585921399

*
http://commons.wikimedia.org/wiki/File:Edward_Snowden.jpg

Greenwald, Glenn, Ewen MacAskill, and Laura Poitras. ?Edward Snowden: The Whistleblower behind the NSA Surveillance Revelations.? The Guardian, June 9, 2013, sec. World news. http://www.theguardian.com/world/2013/jun/09/edward-snowden-nsa-whistleblower-surveillance.


Rice-Oxley, Mark, Leila Haddou, and Frances Perraudin. ?Edward Snowden Voted Guardian Person of the Year 2013.? The Guardian, December 9, 2013. http://www.theguardian.com/world/2013/dec/09/edward-snowden-voted-guardian-person-of-year-2013.

?Edward Snowden Wins Eight ?Qualified? Public Nobel Peace Nominations.? International Business Times. Accessed February 10, 2014. http://www.ibtimes.co.in/articles/537922/20140209/edward-snowden-nobel-eight-qualified-nominations.htm.

How many of you know the name of this man?



*
*
*
*
*
Gellman, Barton, and Ashkan Soltani. ?NSA Infiltrates Links to Yahoo, Google Data Centers Worldwide, Snowden Documents Say.? The Washington Post, November 1, 2013, sec. World. http://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html?Post+generic=%3Ftid%3Dsm_twitter_washingtonpost.
*
Anderson, Nate. ?AT&T Engineer: NSA Built Secret Rooms in Our Facilities.? Ars Technica, April 12, 2006. http://arstechnica.com/uncategorized/2006/04/6585-2/.

?In 2002, when I was working in an AT&T office in San Francisco, the site manager told me to expect a visit from a National Security Agency agent, who was to interview a management-level technician for a special job. The agent came, and by chance I met him and directed him to the appropriate people.?

?In January 2003, I, along with others, toured the AT&T central office on Folsom Street in San Francisco?actually three floors of an SBC building. There I saw a new room being built adjacent to the 4ESS switch room where the public's phone calls are routed. I learned that the person whom the NSA interviewed for the secret job was the person working to install equipment in this room. The regular technician work force was not allowed in the room."


*
Farivar, Cyrus. ?New Leaks: British Intel?s Direct-from-Fiber Taps ?worse than the US.?? Ars Technica, June 21, 2013. http://arstechnica.com/tech-policy/2013/06/new-leaks-british-intels-direct-from-fiber-taps-worse-than-the-us/.

?According to new documents provided by Edward Snowden to The Guardian newspaper (but not, as yet, published in full), the British signals intelligence organization, known as the Government Communications Headquarters (GCHQ), has the ?ability to tap into and store huge volumes of data drawn from fibre-optic cables for up to 30 days so that it can be sifted and analysed.  In addition, the newspaper also reported that GCHQ is sharing this information with its American counterpart, the National Security Agency (NSA). ?
*
Ackerman, Spencer, and James Ball. ?Optic Nerve: Millions of Yahoo Webcam Images Intercepted by GCHQ.? The Guardian, February 27, 2014, sec. World news. http://www.theguardian.com/world/2014/feb/27/gchq-nsa-webcam-images-internet-yahoo.

?Britain's surveillance agency GCHQ, with aid from the US National Security Agency, intercepted and stored the webcam images of millions of internet users not suspected of wrongdoing, secret documents reveal.

GCHQ files dating between 2008 and 2010 explicitly state that a surveillance program codenamed Optic Nerve collected still images of Yahoo webcam chats in bulk and saved them to agency databases, regardless of whether individual users were an intelligence target or not.?
*
Ball, James. ?Spy Agencies in Covert Push to Infiltrate Virtual World of Online Gaming.? The Guardian, December 9, 2013. http://www.theguardian.com/world/2013/dec/09/nsa-spies-online-games-world-warcraft-second-life.
*
2013, Cyrus Farivar-Oct 2, and 7:50pm EST. ?Lavabit Got Order for Snowden?s Login Info, Then Gov?t Demanded Site?s SSL Key.? Ars Technica. Accessed October 3, 2013. http://arstechnica.com/tech-policy/2013/10/lavabit-defied-order-for-snowdens-login-info-then-govt-asked-for-sites-ssl-key/.

Ladar Levison



*
Farivar, Cyrus. ?Yahoo: US Wanted Data on 40,000 Accounts in First Half of 2013.? Ars Technica, September 6, 2013. http://arstechnica.com/tech-policy/2013/09/yahoo-us-wanted-data-on-40000-accounts-in-first-half-of-2013/.
*
Farivar, Cyrus. ?Verizon Says It Received over 321,000 Legal Orders for User Data in 2013.? Ars Technica, January 23, 2014. http://arstechnica.com/tech-policy/2014/01/verizon-says-it-received-over-321000-legal-orders-for-user-data-in-2013/.
*
Roberts, Jeff John. ?AT&T Reveals Number of NSA and Location Demands in First-Ever Transparency Report.? Gigaom, February 18, 2014. http://gigaom.com/2014/02/18/att-reveals-number-of-nsa-and-location-demands-in-first-ever-transparency-report/.

*
?Sprint Accused of Overcharging US for Spying Assistance.? Network World, March 4, 2014. http://www.networkworld.com/news/2014/030414-sprint-accused-of-overcharging-us-279362.html.

?Sprint inflated its charges by approximately 58 percent, according to the complaint. As a result, the U.S. paid over $21 million in "unallowable costs" from Jan. 1, 2007 to July 31, 2010, it said. 

The affected agencies included the Federal Bureau of Investigation, Drug Enforcement Agency, Immigration and Customs Enforcement and others. 

"Under the law, the government is required to reimburse Sprint for its reasonable costs incurred when assisting law enforcement agencies with electronic surveillance," Sprint said in a statement. "The invoices Sprint has submitted to the government fully comply with the law. We have fully cooperated with this investigation and intend to defend this matter vigorously." 
*
Morovoz, Evgeny. ?The Snowden Saga Heralds a Radical Shift in Capitalism.? Accessed January 6, 2014. http://evgenymorozov.tumblr.com/post/71228557738/my-ft-oped.

?What eludes Mr. Snowden ? along with most of his detractors and supporters ? is that we might be living through a transformation in how capitalism works, with personal data emerging as an alternative payment regime. The benefits to consumers are already obvious; the potential costs to citizens are not. As markets in personal information proliferate, so do the externalities ? with democracy the main victim.?
*
www.palantir.com ad on TCAT bus, Ithaca, NY. February 14, 2014.

?How A ?Deviant? Philosopher Built Palantir, A CIA-Funded Data-Mining Juggernaut - Forbes,? August 14, 2013. http://www.forbes.com/sites/andygreenberg/2013/08/14/agent-of-intelligence-how-a-deviant-philosopher-built-palantir-a-cia-funded-data-mining-juggernaut/.

?Palantir lives the realities of its customers: the NSA, the FBI and the CIA?an early investor through its In-Q-Tel venture fund?along with an alphabet soup of other U.S. counterterrorism and military agencies. ?

?The bottom line: A CIA-funded firm run by an eccentric philosopher has become one of the most valuable private companies in tech, priced at between $5 billion and $8 billion in a round of funding the company is currently pursuing. Karp owns roughly a tenth of the firm?just less than its largest stakeholder, Peter Thiel, the PayPal and Facebook billionaire.?
*
www.palantir.com ad on TCAT bus, Ithaca, NY. February 14, 2014.

?How A ?Deviant? Philosopher Built Palantir, A CIA-Funded Data-Mining Juggernaut - Forbes,? August 14, 2013. http://www.forbes.com/sites/andygreenberg/2013/08/14/agent-of-intelligence-how-a-deviant-philosopher-built-palantir-a-cia-funded-data-mining-juggernaut/.

?Palantir lives the realities of its customers: the NSA, the FBI and the CIA?an early investor through its In-Q-Tel venture fund?along with an alphabet soup of other U.S. counterterrorism and military agencies. ?

?The bottom line: A CIA-funded firm run by an eccentric philosopher has become one of the most valuable private companies in tech, priced at between $5 billion and $8 billion in a round of funding the company is currently pursuing. Karp owns roughly a tenth of the firm?just less than its largest stakeholder, Peter Thiel, the PayPal and Facebook billionaire.?
*
Petronzio, M. (2014, April 26). How One Woman Hid Her Pregnancy From Big Data. Mashable. Retrieved April 28, 2014, from http://mashable.com/2014/04/26/big-data-pregnancy/


For the past nine months, Janet Vertesi, assistant professor of sociology at Princeton University, tried to hide from the Internet the fact that she's pregnant ? and it wasn't easy.

Pregnant women are incredibly valuable to marketers. For example, if a woman decides between Huggies and Pampers diapers, that's a valuable, long-term decision that establishes a consumption pattern. According to Vertesi, the average person's marketing data is worth 10 cents; a pregnant woman's data skyrockets to $1.50. And once targeted advertising finds a pregnant woman, it won't let up. 

How she tried to hide:

Cash only.  
Amazon gift cards.
TOR to hide her browser activity

Problem: "Those kinds of activities, when you take them in the aggregate ... are exactly the kinds of things that tag you as likely engaging in criminal activity, as opposed to just having a baby," she said.?
*
*
Schneier, B. (2013, September 23). Schneier on Security: Metadata Equals Surveillance. Retrieved September 23, 2013, from https://www.schneier.com/blog/archives/2013/09/metadata_equals.html
*
Schneier, Bruce. Bruce Schneier Talk at MIT. Mp4. Cambridge? Massachusetts, 2014. https://d1baxxa0joomi3.cloudfront.net/20010d06fe480b67ae457c7e947b2caf/basic.mp4.

Roberts, Jeff John. ?Judge Throws out Google Privacy Policy Case, Notes ?users Are the Real Product.?? Gigaom, December 4, 2013. http://gigaom.com/2013/12/04/judge-throws-out-google-privacy-policy-case-notes-users-are-the-real-product/.
*
Wyatt, Nelson. ?Former U.S. Vice-President Al Gore Predicts Lawmakers Will Rein in Surveillance.? Www.vancouversun.com, November 7, 2013. http://www.vancouversun.com/news/Former+vicepresident+Gore+predicts+lawmakers+will+rein/9129866/story.html.


Tktru, Al_Gore_at_SapphireNow_2010 jpg: Tom Rafteryderivative work: Al Gore Giving One of the Keynotes at SapphireNow 2010, 04:04 (UTC). Al_Gore_at_SapphireNow_2010.jpg. http://commons.wikimedia.org/wiki/File:Al_Gore_at_SapphireNow_2010_cropped.jpg.
*
*
*
IFLA Governing Board. ?International Federation of Library Associations Statement on Access to Personally Identifiable Information in Historical Records,? December 3, 2008. http://www.ifla.org/publications/ifla-statement-on-access-to-personally-identifiable-information-in-historical-records.
*
American Library Association. ?Code of Ethics of the American Library Association.? Intellectual Freedom Manual, 8th Edition.? Accessed September 12, 2013. http://ifmanual.org/codeethics.
*
Stop Watching Us. ?Stop Watching Us | Stop Watching Us,? 2013. https://optin.stopwatching.us/.
*
Wikipedia. ?Connecticut Four.? Wikipedia, the Free Encyclopedia, August 12, 2013. http://en.wikipedia.org/w/index.php?title=Connecticut_Four&oldid=568251941.
*
Electronic Frontier Foundation. ?Internet Archive et Al v Mukasey et Al.? Electronic Frontier Foundation, 2008. https://www.eff.org/cases/archive-v-mukasey.

?The Archive remained open to settlement and the FBI (through its counsel at the Department of Justice) eventually agreed to withdraw the unconstitutional NSL including the unconstitutional gag imposed with the NSL. The negotiations took approximately four months. Once the case was settled the Archive and the FBI jointly moved to unseal the case and filed redacted versions of the key documents on the public docket.?

?The Archive?s challenge was the first case to assert the protections for libraries set forth the NSL reforms of 2006. While the government issues tens of thousands of NSLs each year only three NSL recipients - to our knowledge - have ever challenged an NSL and this is the first public instance where a recipient of an NSL successfully pushed back and got the government to withdraw an unconstitutional demand issued under the revised statute.?
*
*
Parry, Marc. ?As Libraries Go Digital, Sharing of Data Is at Odds With Tradition of Privacy.? The Chronicle of Higher Education, November 5, 2012, sec. Technology. http://chronicle.com/article/As-Libraries-Go-Digital/135514.
*
Zimmer, Michael. ?Patron Privacy in the ?2.0? Era: Avoiding the Faustian Bargain of Library 2.0.? Journal of Information Ethics 22, no. 1 (April 1, 2013): 44?59. doi:10.3172/JIE.22.1.44.

"Examples include providing patrons with the ability to evaluate and comment on particular items in a library?s collection through discussion forums or comment threads; creating dynamic and personalized recommendation systems (?other patrons who checked out this book also borrowed these items?); using blogs, wikis, and related user-centered platforms to encourage communication and interaction among/between library staff and patrons; and interfacing various library collections and services with relevant Web 2.0 platforms, such as Delicious, GoodReads, and Facebook."
*
?Librarian 2.0 is the guru of the information age.?

Abram, Stephen. ?Web 2.0 - Huh?! Library 2.0, Librarian 2.0.? Information Outlook 9, no. 12 (December 2005): 44?46.
*
http://d.lib.ncsu.edu/myhuntlibrary Accessed February, 2014

North Caorlina State University Libraries. ?Lentil.? GitHub, 2013. https://github.com/NCSU-Libraries/lentil.
*
*
*
Zimmer, Michael. ?Patron Privacy in the ?2.0? Era: Avoiding the Faustian Bargain of Library 2.0.? Journal of Information Ethics 22, no. 1 (April 1, 2013): 44?59. doi:10.3172/JIE.22.1.44.

 
"An analysis of over 630 professional trade press articles discussing Library 2.0 and related services revealed privacy was only discussed substantively in 47 (7.5%) articles, and of those, fewer than 10 (1.6%) had in depth discussion or suggested possible solutions to mitigating the inherent concern (Zimmer & Blacks, 2012)" (p. 52).
*
Zimmer, Michael. ?Patron Privacy in the ?2.0? Era: Avoiding the Faustian Bargain of Library 2.0.? Journal of Information Ethics 22, no. 1 (April 1, 2013): 44?59. doi:10.3172/JIE.22.1.44.

 
"An analysis of over 630 professional trade press articles discussing Library 2.0 and related services revealed privacy was only discussed substantively in 47 (7.5%) articles, and of those, fewer than 10 (1.6%) had in depth discussion or suggested possible solutions to mitigating the inherent concern (Zimmer & Blacks, 2012)" (p. 52).
*
 Nissenbaum, Helen Fay. Privacy in Context: Technology, Policy, and the Integrity of Social Life. Stanford, Calif.: Stanford Law Books, 2010.

?Finely calibrated systems of social norms, or rules, govern the flow of personal information in distinct social contexts (e.g., education, health care, and politics).? These norms, which I shall call context-relative informational norms, define and sustain essential activities and key relationships and interests, protect people and groups against harm, and balance the distribution of power?? (p. 3).

?Responsive to historical, cultural, and even geographic contingencies, informational norms evolve over time in distinct patterns from society to society.? Information technologies alarm us when they flout these informational norms -- when, in the words of the framework, they violate contextual integrity? (Nissenbaum , p. 3).

"As troubled as we might be by technologies that diminish control over information about ourselves, even more troubling are those that disregard entrenched norms because, as such, they threaten disruption to the very fabric of social life."

*
*
Overview:


Cornell library catalog - Voyager:
We have a page on our website, ?Library Practices on the collection, use, disclosure, maintenance and protection of personally-identifiable information,? that says: ?an aggregated abstract of the data is prepared each night that anonymizes session data so that searches cannot be linked to specific IP addresses or network IDs.  This data is then used to analyze and improve system features.? This generation of library software was designed to protect patron privacy.

ejournal and database lists:

The logs for this service are automatically deleted either by time or by log file size.  Like Voyager, this software Innovative Interfaces Inc OPAC was designed to protect patron privacy.


library websites and digital collections: 

Most if not all of our website logs are ingested into open source software called awstats.  Awstats retains IP addresses.

Some of our websites also use Google Scholar.

A small number of our websites are ingested into a homegrown system designed to protect patron privacy.


ezproxy logs:

To my knowledge, these files are being removed after 90 days.  I was not able to confirm.

arXiv and Project Euclid:

?Raw log files are normally maintained for 90 days for security purposes.  (Two exceptions are arXiv and Project Euclid, which retain complete log files permanently.)? I do not know why these two services are exempted from the normal library practice.

*
Logs
GA
AWSTATS
*
*
*
*
*
*
Overview:


Cornell library catalog - OCLC WorldCat Local:

It appears that as of this week, OCLC?s WorldCat Local software now uses HTTPS to encrypt searching.

Borrow Direct is a consortium of libraries.  Search service run by a Canadian company called http://www.relais-intl.com/

Brown University Libraries
Columbia University Libraries
Cornell University Libraries
Dartmouth College Libraries
Harvard University Libraries
Massachusetts Institute of Technology Libraries
Princeton University Libraries
University of Pennsylvania Libraries
Yale University Libraries


Borrow Direct uses HTTPS to send requests to a system hosted in Canada.  

I could not determine if Borrow Direct has a data retention policy.


Interlibrary loan:

Our Illiad service is hosted by a company called Atlas Systems in Virginia.  Patron identifying information has been retained since 1996.  In part for copyright compliance, and in another part because the system has no capability to remove only the patron identifying information from a transaction, as is done with our library system, Voyager.


databases, ejournals, ebooks

Hosted on servers across the U.S. and world.  COUNTER reports do not include the users IP address.  What is unknown is what vendors do with the raw logs. 



Serials Solutions Summon (article search service from Serials Solutions):

IP addresses are retained and offered as a report in the Library?s Administration Dashboard


Serials Solutions link resolver:

I can?t find an IP address report.  I assume, however, that they are retaining the logs.

social networking:

"An analysis of over 630 professional trade press articles discussing Library 2.0 and related services revealed privacy was only discussed substantively in 47 (7.5%) articles, and of those, fewer than 10 (1.6%) had in depth discussion or suggested possible solutions to mitigating the inherent concern (Zimmer & Blacks, 2012)" (p. 52)
*
*
*
*
*
*
*
4. Postings to Question Point Services 

You acknowledge and agree that OCLC may store all electronic transactions carried out between you and the library on this service and any information provided by you on this web form, as described in the Privacy Statement, for an indefinite period, with this exception: your name and all but the domain of your e-mail address will be deleted after 90 days. As such, OCLC may disclose the data in its possession only as described in the Privacy Statement and if required to do so by law. 

You hereby grant to OCLC the perpetual, nonexclusive, world-wide right to edit, compile, and make searchable by libraries and the public all completed question-and-answer pairs 
*
Magi, Trina J. ?A Content Analysis of Library Vendor Privacy Policies: Do They Meet Our Standards?? College & Research Libraries 71, no. 3 (May 1, 2010): 254?272.
*
Nicholson, Scott, and Catherine Arnott Smith. ?Using Lessons from Health Care to Protect the Privacy of Library Users: Guidelines for the de-Identification of Library Data Based on HIPAA.? Journal of the American Society for Information Science and Technology 58, no. 8 (2007): 1198?1206. doi:10.1002/asi.20600.

?Although libraries have employed policies to protect the data about use of their services, these policies are rarely specific or standardized. Since 1996, the U.S. health care system has been grappling with the Health Insurance Portability and Accountability Act (HIPAA; Health Insurance Portability and Accountability Act, 1996), which is designed to provide those handling personal health information with standardized, definitive instructions as to the protection of data. In this work, the authors briefly discuss the present situation of privacy policies about library use data, outline the HIPAA guidelines to understand parallels between the two, and finally propose methods to create a de-identified library data warehouse based on HIPAA for the protection of user privacy.?
*
*
?For Privacy, Americans Trust Facebook Less Than The NSA.? BuzzFeed. Accessed October 9, 2013. http://www.buzzfeed.com/charliewarzel/survey-for-privacy-americans-trust-facebook-less-than-the-ns.
*
Rainie, Lee, Sara Kiesler, Ruogu Kang, and Mary Madden. Anonymity, Privacy, and Security Online. Pew Research Center?s Internet & American Life Project, September 5, 2013. http://pewinternet.org/Reports/2013/Anonymity-online.aspx.
*
Danah Boyd on Teen Privacy Strategies in Networked Publics. (2011, June 21). Presented at the Hyper-Public: A symposium on designing privacy and public space, Berkman Center, Harvard University. Retrieved from http://www.youtube.com/watch?v=bdLCKdjClFw&feature=youtube_gdata_player
*
Danah Boyd on Teen Privacy Strategies in Networked Publics. (2011, June 21). Presented at the Hyper-Public: A symposium on designing privacy and public space, Berkman Center, Harvard University. Retrieved from http://www.youtube.com/watch?v=bdLCKdjClFw&feature=youtube_gdata_player

Examples:

1.    One teen in her study used Facebook Lists to separate two different kinds of people in his life.  he would only post certain types of information to one of the lists because he knew that the people on the other list would give him crap about it.
  
2.  Another girl logs in and deletes any comments that people leave for her after she's read them. She then deletes comments she's written other other walls a day after she posts. Her goal was to make it harder for others to bring her comments back into the public.
*
Danah Boyd on Teen Privacy Strategies in Networked Publics. (2011, June 21). Presented at the Hyper-Public: A symposium on designing privacy and public space, Berkman Center, Harvard University. Retrieved from http://www.youtube.com/watch?v=bdLCKdjClFw&feature=youtube_gdata_player


Examples:

They post messages that only those in their circle who are in the know understand.? Rather than controlling access to content, young people are controlling access to meaning. 

1. One teen in study, who was feeling down, but didn't want her mother to overreact, posted song lyrics to "Always Look on the Bright Side of Life" from Monty Python?s Life of Brian (song is about looking on bright side while being executed).? She knew her mother would not understand the reference, but her friends would, and they did.? This is social steganography ("hiding in plain site") 
*
*
?The app is not limited to smartphones.
Doesn't need a data plan ? if you can find a wi-fi hotspot, you're good to go. 
The photo and writing app lets you be creative and self-destructive images give you the freedom to share it with a closed group.?

Plus

Private, ephemeral
Boyd adds that it is the way it focuses attention and design of acknowledgement

*
A Big Win for Student Privacy. (2014, April 4). Campaign for a Commercial-Free Childhood. Retrieved April 22, 2014, from http://commercialfreechildhood.org/blog/big-win-student-privacy
*
Rainie, Lee, Sara Kiesler, Ruogu Kang, and Mary Madden. Anonymity, Privacy, and Security Online. Pew Research Center?s Internet & American Life Project, September 5, 2013. http://pewinternet.org/Reports/2013/Anonymity-online.aspx.

?86% of internet users have taken steps online to remove or mask their digital footprints?ranging from clearing cookies to encrypting their email.?
*
Rainie, Lee, Sara Kiesler, Ruogu Kang, and Mary Madden. Anonymity, Privacy, and Security Online. Pew Research Center?s Internet & American Life Project, September 5, 2013. http://pewinternet.org/Reports/2013/Anonymity-online.aspx.

?55% of internet users have taken steps to avoid observation by specific people, organizations, or the government.?
*
Kiss, Jemima. ?Privacy Tools Used by 28% of the Online World, Research Finds.? The Guardian, January 21, 2014, sec. Technology. http://www.theguardian.com/technology/2014/jan/21/privacy-tools-censorship-online-anonymity-tools.
*
Kiss, Jemima. ?Privacy Tools Used by 28% of the Online World, Research Finds.? The Guardian, January 21, 2014, sec. Technology. http://www.theguardian.com/technology/2014/jan/21/privacy-tools-censorship-online-anonymity-tools.
*
?Academics Against Mass Surveillance.? Accessed January 3, 2014. http://academicsagainstsurveillance.net/.

Over 300 signatures
*
Kiss, Jemima. ?An Online Magna Carta: Berners-Lee Calls for Bill of Rights for Web.? The Guardian, March 11, 2014, sec. Technology. http://www.theguardian.com/technology/2014/mar/12/online-magna-carta-berners-lee-web.

Principles of privacy, free speech and responsible anonymity would be explored in the Magna Carta scheme. "These issues have crept up on us," Berners-Lee said. "Our rights are being infringed more and more on every side, and the danger is that we get used to it. So I want to use the 25th anniversary for us all to do that, to take the web back into our own hands and define the web we want for the next 25 years."
*
Overview:


- Conduct a privacy audit.  Delete what you don't absolutely need.

what data is recorded
where is it located
who has access
how long is data kept
evaluate existing privacy policy



- Think critically before adding social network features

Michael Zimmer, a professor at the University Wisconsin: "An analysis of over 630 professional trade press articles discussing Library 2.0 and related services revealed privacy was only discussed substantively in 47 (7.5%) articles, and of those, fewer than 10 (1.6%) had in depth discussion or suggested possible solutions to mitigating the inherent concern (Zimmer & Blacks, 2012)" (p. 52).


- Stop using Google Analytics

In the past 6 years at least 10 articles have appeared in the library literature advocating the use of google analytics.  None of these articles address the patron privacy implications of using this tool.  There are other locally hosted systems that can be used instead.

- Educate library technologists about patron privacy tradition.  Consider teaching data encryption?


- Encourage libraries and vendors to implement SSL encryption

The ezproxy software used by most libraries does support SSL, but not all libraries implement this feature, because it adds complexity. 
Same problem on the vendor side. It is more complicated to implement SSL.  
Our instance of OCLC?s WorldCat Local does not support SSL.  
Web of Science does not.
Elsevier ScienceDirect help page says: ?To protect your private data, some transactions are accepted only through Secure Sockets Layer (SSL) protected channels. Transactions protected by SSL include online registration and accessing documents from non-subscribed titles.? (http://help.sciencedirect.com/Content/ssl.htm)
EBSCO does not.


- Build local usage data systems that aggregate up from the IP address.  Develop a log file/usage data anonymization best practice  for library eresource vendors.  Scott Nicholson, a professor in the Syracuse Information School, proposed a solution to this problem back in 2006:

"The first method is for the vendors to adopt these guidelines. Just as medical systems can be HIPAA-compliant, library automation systems can become LIPAA-compliant. This would require a larger standards group to examine the guidelines proposed in this document and adopt them for vendor use. This method would require little work by libraries, but would require library policy-makers to meet and agree upon the components that need to be removed in library systems" (p. 1205).

Nicholson, Scott, and Catherine Arnott Smith. ?Using Lessons from Health Care to Protect the Privacy of Library Users: Guidelines for the de-Identification of Library Data Based on HIPAA.? Journal of the American Society for Information Science and Technology 58, no. 8 (2007): 1198?1206. doi:10.1002/asi.20600.





Kathryn. (2014). Banksy in Cheltenham? Retrieved from http://www.flickr.com/photos/kathryn-wright/13844037173/
*