National security letters do not need to be approved by judges, are distributed secretly, and forbid institutions from disclosing these activities,^[3] meaning that sensitive information, such as financial records, may be released to the FBI without the consent or knowledge of the people whose personal information is contained in these records, such as credit card holders or bank customers. Concerns have been raised in several court cases that national security letters might violate the First Amendment by imposing “prior restraint” and “content-based restrictions” upon speech.^[4]

The American Library Association and several other organizations have written a letter in opposition to the Intelligence Authorization Act. The authors of this letter are concerned that sensitive information (medical information, personal beliefs, or political opinions) could be disclosed without a court order. In some instances, national security letters may have collected information from people even when there was no ongoing FBI investigation, which raises concerns about possible invasions of privacy.^[5]

While there are obvious needs to protect national security, ensure public safety, and prevent terrorism, protocols to protect individual privacy also seem necessary, particularly in situations where an individual accesses information for personal reasons that have no correlation to acts of violence or other illegal activities. It appears that more distinctions and restrictions need to be made so that individuals do not fear undue surveillance when pursuing information as private citizens (e.g. reading an article about a health issue) because it is important to protect the right to read without fears of censorship. Libraries will continue to need to examine their policies in accordance with new developments to state, federal, and local information laws and to protect patron privacy and content censorship and seek legal counsel in the event that a national security letter or court order is issued.

Resources

House Intelligence Committee Passes Fiscal Year 2017 Intelligence Authorization Bill

Wyden Opposes 2017 Intelligence Authorization Act that Expands Government Surveillance and Undermines Independent Oversight Board

References

[1] “National Security Letters: FAQ,” Electronic Frontier Foundation, accessed July 19, 2016.

[2] Ibid.

[3] Ibid.

[4] Ibid.

[5] Access Now, et al., “ECTR Coalition Letter,” American Civil Liberties Union, June 6, 2016.

The post Patron Privacy, Internet Usage, and New Proposed Legislation first appeared on Public Libraries Online.

Is this possible through some kind of sophisticated body scan, or something that detects and reads the library card in his pocket? No. A simple computer program simply scans the faces of everyone who comes through the door and matches them with the library’s own database. How far away is this future? Really, it’s right around the corner.

Big data, or the huge piles of information much too vast for standard computers to catalog and analyze, is becoming more and more vital to nearly every industry. Most of this data is created by users of social media, the Internet, smartphones, and almost any app that is location enabled.  The White House has even become involved, with the creation of the Office of Data Science, and appointing the first chief data scientist in US history.[1]

Our faces are a part of big data. According to an article in The Atlantic titled “Who Owns Your Face?” the FBI has a facial recognition database with 52 million faces and up to one-third of Americans.[2] It’s easy to imagine facial recognition technology used against high-profile criminals: spies, fugitives, assassins. But we’re not legally far off from using facial recognition to catch people breaking ordinances and committing misdemeanors. Many  states, in fact, have already embraced this kind of enforcement.

With some libraries reporting patrons to the police who owe library fines, the above scenario could be closer than we think. And there are other possible benefits, too. What if facial recognition software let library staff know if a dangerous individual, such as a pedophile, has entered the building? This technology could make us more secure no matter where we were. But there are immediate legal and ethical concerns.

Legal consent: To run facial recognition on an individual, do you need their permission? According to most, security and law enforcement uses would be exempt from the consent issue. But where is the line drawn? What about non-law enforcement applications and consumers? Where would libraries fall? Many say a transparency clause such as a sign letting patrons know facial recognition is being used would be enough. But would it really?

Ethical conduct: Facial recognition is a part of the larger debate about the ethics of big data in general.[3] The simplified guidelines state:

• Collect minimal data: collect only the data absolutely needed
• Aggregate data: strip the data of personal information while still retaining its usefulness
• Identify and scrub sensitive data: know how to deal with sensitive personal data
• Let users opt out: allow users to deny use of the data you collect about them

The problems with facial recognition as big data?

• Your face is not minimal data. It is the only data in facial recognition.
• You face cannot be stripped of its attributes and aggregated.
• Your face identifies you, and so does other sensitive data.

Sure, people can opt out, in a sense. However, in a public institution where facial recognition is being used, such as a library, the only way to opt out is to not visit that place at all.

Accuracy: How accurate is the software anyway? Alarmingly and amazingly so. In a project entitled “Your face is big data,” Rodchenko Art School student Egor Tsvetkov began photographing about a hundred people who happened to sit across from him on the subway at some point.[4]

Using a simple facial recognition program called FindFace and the Russian social network VK, he found 60 to 70 percent of those aged 18–35. For older people, the experiment was a little less efficient, possibly due to lack of social media presence.

The Atlantic points to a study by Carnegie Mellon’s Professor Alessandro Acquisti that found about one-third of people walking around a college campus could be identified simply by using Facebook profile pictures as the data source. “In other words, 33 percent of people on any given street can be recognized by jury rigging a webcam, Facebook, and using Google’s reverse image search.”[5]

“From a technological perspective, the ability to successfully conduct mass-scale facial recognition in the wild seems inevitable,” Acquisti said. “Whether as a society we will accept that technology, however, is another story.”[6]

As big data gets larger, as facial recognition databases get more complete, and as the searching and analysis of them gets better, the uses of this technology will get broader, and libraries will be faced with choices about how and where to use it.

Your patrons’ faces belong to them. But they are not the only ones who consider and track those unique features that make them look like themselves. It is our responsibility not only to use this technology wisely and protect ourselves but also to protect the privacy of those who use our services. It’s a challenge we will face sooner rather than later.

References

[1] “The White House & The Booming Data Industry – Master of Information,” Rutgers Online, accessed May 16, 2016.

[2] Robinson Meyer, “Who Owns Your Face?” Atlantic, July 2, 2015.

[3] “The Ethics of Big Data,” Villanova University, 2016.

[4] Katherine Noyes, “‘Your face is big data:’ The title of this photographer’s experiment says it all,” PCWorld, April 13, 2016.

[5] Alessandro Acquisti, “Who Owns Your Face?” by Robinson Meyer, Atlantic, July 2, 2015.

[6] Ibid.

The post Facing Privacy Issues: Your Face as Big Data first appeared on Public Libraries Online.

This post provides a short list of resources for public libraries to consider when dealing with privacy policies and cases.

A survey was conducted of the laws of the thirteen states encompassing the Southeastern Library Association. The survey covers what constitutes a library, what indeed is a library record, and differences in the laws of the thirteen states.[1]  According to the survey, all of these states’ library record laws deal with circulation records, but some laws address other items like the use of computers, email, and chat.

A serious law protecting these records was enacted in Michigan; a librarian cannot reveal a child’s reading to a parent or third party[2], and the librarian can be fined if he/she does so; other libraries privacy policies in other states say they will if required.[3] ALA’s book, Fundamentals of Children’s Services discusses the very real conflicts between privacy law, library programs, and parents’ interest and need to know of their child’s reading habits. A discussion of the conflict between parent rights and children’s rights can be found here.

Some libraries are struggling with policies because of the National Rifle Association, FBI, Freedom of Information Act, and other probing by the courts. Others are deleting records so they won’t be available.[4] A source for some privacy information can be found at the Privacy Library of Morrison Foerster (The library indicates they may not have the most current information, and do not include all information related to libraries).

Most states have privacy laws relating to libraries, not just dealing with social, court records and other activities. The succinct rendering of these state laws can be found here: State and Territorial Library Privacy Laws.

References:

[1] Bryan M. Carson, “Surveying Privacy: Library Privacy Laws in the Southeastern United States,” The Southeastern Librarian 49, no. 3 (2001): 18–28, accessed online March 10, 2016.

[2] State of Michigan Legislative Council, “397.604: Violation of MCL 397.603; liability; civil action; damages; attorney fees and costs,” The Library Privacy Act, MI Act 455 (1982), § 397.604, sec. 4, accessed March 10, 2016.

[3] “Privacy and confidentiality of library records: Parents and children,” Multnomah County Library, May 7, 2015.

[4] Sam Thielman, “You are not what you read: librarians purge user data to protect privacy,” Guardian (Manchester), January 13, 2016.

Further Reading:

Lucy Kelly, “Library Records, Patron Privacy, and Library Policies,” Public Libraries Online.

The post Privacy Laws, Libraries, and Librarians first appeared on Public Libraries Online.

The confidentiality of patron records is a long-standing issue, particularly since the Patriot Act spurred concerns about patrons’ reading histories, who has access to these records, and under what circumstances the records might be disclosed to authorities. These questions are still being explored, as very few cases on the exact issue of library patron records and privacy have been brought before the courts (though it is also worth considering that other recent library litigation cases have addressed related issues in the broader sense, such as computer use in libraries and censorship; both are matters that could conceivably tie into the patron record).

Obviously, the ILL record is just one aspect of the patron’s information resource accessing experience; as librarians observe, many patrons check out books from their local branch and/or use library Internet connections, electronic research resources and library software programs. Each one of these activities arguably necessitates separate discussion in the portions of a library policy that cover topics such as data use and procedures for responding to requests from law enforcement authorities.

Another notable feature of the recent article is the librarian’s observation that no specific event precipitated the decision to purge user data from ILL records; instead, the general intention to protect patron privacy apparently motivated this action.[1] A library is also responsible for safeguarding patron information so it does not get disclosed to outside sources, both because the reading history is private and because a patron record has personal information that could make an individual susceptible to identity theft or other intrusions into their personal domains.

One reason for these protections is that a library is a place of free exploration, and if privacy is compromised, then it could have “chilling effects” on information-seeking behavior; for example, a patron might decide not to request controversial material due to fears for their privacy, which would be an unfortunate situation that a library is advised to take steps to avoid by making patrons aware of the library’s policies on data privacy and protection.

As I read this article, the conclusion I reached was this: it is a good idea to keep informed on the latest developments in library patron privacy laws and policies. Each state has its own laws on library environments, and state law libraries provide excellent resources on recent state-level legislation and court cases. In addition, it appears that patron privacy correlates with a library’s central mission of encouraging reading and library use. That said, while patron records are generally protected and confidential, there may be certain, very rare exceptions where a library does need to disclose information to authorities, but again, it is important to remember that these occasions are very much the exception and not a frequent occurrence.

Seeking Counsel

Library directors may wish to seek counsel from municipal attorneys or attorneys who serve on their boards in order to prepare for these situations, educate their staff, and update policies. Here are some suggestions:

• Contact your local bar association and request a free or low-cost consultation with an attorney who has experience in library policies and data privacy.
• Seek out a law professor who researches data privacy and might be interested in speaking to the library community.
• Request that a local judge address the library so that patrons and library staff are able to learn important information on the legal process.
• Contact federal and state representatives and request listening sessions for staff and/or patrons. This representative could educate staff and the public on the latest developments in data privacy laws as they relate to public libraries.

References:

[1] Sam Thielman. “You are not what you read: librarians purge user data to protect privacy,” Guardian, January 13, 2016.

Resources:

Library Freedom Project

Developing or Revising a Library Privacy Policy

Questions and Answers on Privacy and Confidentiality

The post Library Records, Patron Privacy, and Library Policies first appeared on Public Libraries Online.

Protecting Patron Privacy

It’s a known fact that libraries collect personal data about patrons or volunteers, whether it is information for a library card, a name on a public access computer sign-up sheet, or a digital record of websites visited. The Pew Report found that “91% of adults agree or strongly agree that consumers have lost control of how personal information is collected and used by companies.”[1] Furthermore, the report found that Americans have “a deep lack of faith in organizations of all kinds, public or private, in protecting the personal information they collect.”[2]

How do libraries keep the faith of patrons and ensure that the library is a trusted organization? We know how committed libraries are to privacy, but our patrons might not.

Interestingly, Pew’s panel of experts interviewed for this report argued that privacy is no longer a “condition” of American life but rather that it is becoming a commodity to be purchased. The American Library Association (ALA) addresses the conundrum of the expectation of privacy in a public place: “To the greatest extent possible, the user should be able to work independently, both to afford privacy and to reduce the quantity of confidential records for which the library must be responsible.”[3] What if the library was a place where privacy was not only a condition, but a right?

A Policy and a Pledge for Digital Privacy

The ALA advises libraries to create a privacy policy to ensure that patron data is protected. The privacy policy should communicate your library’s commitment to protecting user data and should be shared with your community. The ALA recommends consulting with an attorney to craft a policy.[4]

Another step your library can take to keep the privacy faith among your community is by taking the Library Freedom Project’s Library Digital Privacy Pledge of 2015-2016. If aren’t familiar with the Library Freedom Project already, it is an excellent resource for public libraries looking to more deeply explore tools and resources on privacy and surveillance.

This year’s pledge focuses on the use of HTTPS for delivering library and information services. The Library Freedom Project writes that “HTTPS is a privacy prerequisite, not a privacy solution.” [5] HTTPS is a protocol for secure communication over a computer network. It is becoming a standard for modern websites, particularly with Mozilla announcing its intention to phase out Firefox support for HTTP in favor of the secure HTTPS protocol.

An Opportunity for Education

When it comes to educating users about privacy, American public libraries have a huge opportunity. Pew reports that “some 86% of Internet users have taken steps online to remove or mask their digital footprints, but many say they would like to do more or are unaware of the tools they could use.”

After the Snowden revelations, the San Francisco Public Library hosted an event on encryption tools with the Electronic Frontier Foundation, a nonprofit dedicated to fighting for citizen digital rights. Both the Philadelphia Free Library and the Monroe County Library in Indiana have also held classes and workshops on privacy and online safety (which you can read more about in the links).

The entire Pew report is worth reading as it provides a look into the behavior, concerns, and knowledge surrounding privacy and surveillance. Public libraries not only have the unique opportunity to educate communities but also to be leaders in privacy practices and technology.

References:

[1]Rainie, Lee. “The State of Privacy in America: What We Learned.” Pew Research Center. January 20, 2016. Accessed February 11, 2016. http://www.pewresearch.org/fact-tank/2016/01/20/the-state-of-privacy-in-america/

[2] Ibid.

[3] “Questions and Answers on Privacy and Confidentiality.” American Library Association. July 1, 2014. Accessed February 11, 2016. http://www.ala.org/advocacy/intfreedom/librarybill/interpretations/qa-privacy

[4] Ibid.

[5] “The Library Digital Privacy Pledge.” Library Freedom Project. Accessed February 11, 2016. https://libraryfreedomproject.org/ourwork/digitalprivacypledge/

The post How Public Libraries Play a Role in the State of Privacy in America first appeared on Public Libraries Online.

The pendulum, it swings. Eight years ago, my charge as a technology librarian was to herd the cats — to introduce new technology and ways of serving the digital patron to an organization that was largely skeptical of change. Cut to now, and I’m … still herding cats. Only, this time, it’s the folks at all levels of the organization who want to incorporate tech into every service they can think of. Sunrise, sunset.

Does that mean we’ve had a complete polar shift in the way technology operates in libraries? Yes, but also no. Maybe we’ll even throw a “maybe” in there for good measure. The pendulum will keep swinging, meaning we’ve got to be ready for shifts in either direction. Sound confusing? Of course it is. There’s a tremendous tension between the wish to provide stability and the urge to forge new ground. In our quest to provide quality service and access to all, it’s no wonder we feel pulled in all directions at once.

So here’s the thing: it’s our users who are jumping from one side of the spectrum to the other. And they often make that leap without even realizing it. A recent study of retail shopping trends by marketing firm Deloitte Digital [1] shows a dramatic fluidity between the way customers interact with a store’s virtual and physical spaces. Without any clear distinction between online and offline shopers, stores must focus on creating customer experiences that can successfully cross over. If we apply this to libraries, its’ a question of making our place-based services as welcoming as possible, while extending the ongoing conversation to the corners of the virtual realm we deem appropriate.

Designing experiences that navigate this tension (while acknowledging that it’s constantly shifting!) will be key for libraries as they engage with emerging trends in technology and service. Below are two situations where this tension is in full effect.

The Personal and the Protected
I’ve been following the work of the Library Freedom Project  with a great deal of interest. Project leader Alison Macrina received a Knight Foundation News Challenge grant earlier this year to spark a conversation on digital privacy in libraries. By installing anonymous browsing tools on public PCs and creating training resources for library staff and patrons alike, the Library Freedom Project seeks to raise awareness about online surveillance, and to help libraries preserve individual anonymity as they provide essential access to the Internet.

At the same time, there’s a strong urging to use digital tools to enhance the connection between libraries and patrons, offering personalized services founded on the retention of patron data.

Is it possible for these two approaches to coexist? Is it fair for libraries to say “we’re protecting your privacy” while simulatneously collecting significant amounts of information in order to provide better experiences? What happens when we bring third parties into this mix? If we are to find a balance in this discussion, it’s by providing transparency and context. People have a lot of trust in libraries, and that creates an opportunity to build a deeply personalized relationship with our users. By exposing the mechanics of personal data tracking, we might be able to provide the context for why this stuff matters. And if we can give our users control over their own data (by offering encrypted spaces where they can track — and selectively delete — their own library activity), we could get more people asking why they don’t have the same level of control when they visit other websites. Doing so offers our users a valuable object lesson in the value exchange that comes with any type of data collection, and gives them the tools to make informed decisions for dealing with other, potentially more invasivie entities.

Solidifying the Ephemeral
I’ve been hosting an event every few months at my library called Show Your Work, where I invite community members to make pitches for their creative, technological, or entrepreneurial works-in-progress. They take questions from the audience, and receive advice from a panel of local experts.

I’m always impressed with the variety of submissions we get. We’ve had people with established businesses, such as a company manufacturing guitars with interchangeable faceplates. Others are taking a more philanthropic bent, creating a mobile app to help restaurants and grocery stores wishing to donate to local food banks find people to make deliveries. What surpised me most where the projects that garnered the most enthusiastic responses: each one a proposal for a digital archive collecting ephemera from very specific local micro-communities.

In the wake of so many creative projects, why did these archives (one for artists, one for the city’s punk music scene) strike such a chord with our audience? Amid the robots and other cutting-edge creations being pitched, these collections seemed incongruous — even more so for us, as an institution looking to make its mark as a place known for the creation of new things. Show Your Work was designed to carve out space for the library as a place for makers, coders, and entrepreneurs. How is it that these digital pop-up libraires are resonating so well?

The fact that these archives stood out on two separate occasions seems to indicate that these niche-interest, extremely personal, born-digital colelctions are a space worth exploring. This pent-up demand may represent an underlying desire for someone to exist as chronicler of a city’s living history. The only things that have changed are the artifacts. This becomes all the more important as time catches up with our existing archives, and more of the material worth documenting only exists in a digital form. Without a traditional space for collecting these “ephemeral” digital creations, members of the community are rising up to meet the need.

As libraries seek to fill in the blank on the “books + ____” equation, this act of documentation can serve as a virtuous cycle, providing a near-instant cycle of community knowledge creation and preservation. As the rush to create, design, and iterate heats up, building collections in the moment can help add that element of reflection to the whole process.

Walking the Line
Finding the nuance in these polarized sitations can be incredibly difficult. As you seek out the right path for your organization, it’s important to remember that these aren’t dichotomies. Both sidees of the equation will always exist. There will be a place for libraries on each end of the debate. (After all, isn’t representing the many sides of an argument a core part of what we do?) These inconsistencies are what make the digital realm increasingly human. Carving a path through this analog divide is how we can make better places to live.

This is Where I Leave You
This is my last column for Public Libraries. I’ve been truly fortunate to have been given this platform to explore some of these foundational issues surrounding library technology. I’m grateful to each of you for reading, and I hope you’ll continue to share your stories of how your are adapting your libaries for the perpetually connected world. I wish you nothing more than the best of luck

Reference
1. Kasey Lobaugh and Jeff Simpson, “Deloitte Digital Study: Digitally-Influenced Sales in Retail Brick-and-Mortar Stores to Reach $2.2 Trillion by Year-End,” Deloitte Digital press release, May 13, 2015, accessed August 4, 2015.

The post The Wired Library – Tech Trends and Tension first appeared on Public Libraries Online.