Libraries, Technology, and Information Privacy

Annotated Bibliography

Adams, Helen R. “The Privacy Problem.” School Library Journal 57.4 (2011): 34-37. Vocational and Career Collection (EBSCOhost). Web. 23 Apr. 2015.
<http://moe.highline.edu:2048/login?url=http://search.ebscohost.com/login.aspx?direct=true&AuthType=ip&db=voh&AN=59966458&site=ehost-live&scope=site>.

This article for school librarians describes some of the ways student privacy is endangered in school libraries, including specific concerns with technology. Contains a concise list of practical advice, from conducting a privacy audit, to protecting student records, to teaching students to reduce their digital footprint. Includes additional references related to student privacy rights.

Adams has worked as a school library media specialist and has served as president of the American Association of School Librarians; she has been writing about school library privacy for years. School librarians interested in further reading should also look at her 2005 book, Privacy in the 21st Century: Issues for Public, School, and Academic Libraries. Although it was written before public revelations of NSA mass surveillance, and is necessarily not up to date on technical matters, it discusses federal data mining programs known at the time, as well as concerns around various technologies affecting library privacy. Appendices include sample privacy policies and privacy audit outlines.

American Library Association. “Privacy Toolkit.” American Library Association. n.d. Web. 21 Apr. 2015. <http://www.ala.org/advocacy/privacyconfidentiality/toolkitsprivacy/Developing-or-Revising-a-Library-Privacy-Policy>.

This Toolkit consists of extensive guidelines, checklists, and examples to use when developing or revising your library’s privacy policy. It begins with instructions and checklists for conducting a privacy audit. Libraries gather, store, and transmit user information in numerous ways, not just in patron records, and a detailed audit checklist is a must. Also of particular relevance are the sections on emerging technologies with privacy concerns, and on data integrity and security. Also addresses privacy in school libraries, FERPA (Federal Educational Rights and Privacy Act) and COPPA (Children’s Online Privacy Protection Act). Each section includes ample links to selected resources. Also available as a PDF.

Brantley, Peter, Marshall Breeding, Eric Hellman, and Gary Price. “CNI: Swords, Dragons, and Spells: Libraries and User Privacy.” Vimeo. 15 Dec. 2014. Web. 27 Apr. 2015. <https://vimeo.com/114594592>.

Presentations by four library professionals and scholars build a picture of how, even on library websites, third parties track users, and how user data inevitably leaks as it is transmitted unencrypted. Brantley calls for libraries to be honest that they want to design services that require data gathering. Hellman demonstrates how ad networks track users across websites to build profiles. Price gives a dramatic demonstration using Wireshark to read browsing destinations and library catalog searches transmitted in the clear. Breeding proposes working with vendors to create a library privacy compliance framework modeled after the PCI framework used in ecommerce. The presenters call for libraries to examine their own websites for user tracking, to be transparent about how data is used, stored and shared, and to aim for comprehensive encryption of data.

Carpenter, Todd A., Nettie Lagace, Lisa Hinchliffe, Bonnie Tijerina, and Michael Zimmer. “Consensus Framework to Support Patron Privacy in Digital Library and Information Systems.” National Information Standards Organization. n.d. Web. 9 May 2015. <http://www.niso.org/topics/tl/patron_privacy/>.

A grant awarded to the National Information Standards Organization is bringing together librarians, publishers, and library system vendors to develop a framework of principles for managing patron data. The grant proposal discusses how protecting patron privacy has become more challenging due to the complexity of modern library systems, with data not being held or controlled exclusively by any one agency. These systems generate large amounts of data and data exchanges, which are potentially vulnerable to breaches. Libraries may also fail to use patron data to improve services, due to fears of violating privacy. To address these problems, NISO proposed a series of meetings on internal library systems, vendor systems, and publisher systems; the creation of a framework as a white paper; and follow-up discussions. The grant was awarded, the preliminary meetings have been held, and both the original proposal and the meeting materials—including video recordings, twitter conversations, and slideshows—are available to download from this page.

Choose Privacy Week. n.d. Web. 21 Apr. 2015. <https://chooseprivacyweek.org>.

Choose Privacy Week is an ongoing annual campaign by the American Library Association. The website is a rich resource for educating library users and encouraging them to make informed choices about their privacy. It offers highly produced videos 20–30 minutes in length, handouts, web banners, blog posts, announcements of events across the nation, and recommendations for advocacy action. The blog posts are not only by ALA staff but also by a variety of guest authors, from privacy advocates to IT scholars. Privacy of library users is affected constantly by new technical, commercial, and political developments, and a blog is very helpful for keeping up to date, especially when it brings together several experts. Although it’s not advertised on the site, an RSS feed is provided as well.

Givens, Cherie L. Information Privacy Fundamentals for Librarians and Information Professionals. Lanham: Rowman & Littlefield, Incorporated, 2014. Print.

If I were to recommend a single source on the topic of information privacy in libraries, this book would be it. Givens’ well-researched book is as up-to-date as it is possible to be, and ranges from practical details to broad perspectives. The book starts by covering information privacy more generally—protecting information privacy, information privacy laws, and information privacy literacy—before addressing libraries and library policies in particular. The final chapter looks at regional and global privacy initiatives. Each chapter includes notes and a bibliography for those wishing to learn more. The book also includes a short glossary and an index. Those interested may be able to use WorldCat to locate a copy of Givens’ book.

Hoffman-Andrews, Jacob. “What Every Librarian Needs to Know About HTTPS.” Deeplinks Blog. Online posting. 06 May 2015. Web. 21 May 2015. <https://www.eff.org/deeplinks/2015/05/what-every-librarian-needs-know-about-https>.

Hoffman-Andrews is a programmer who works for the Electronic Frontier Foundation on its Encrypt the Web initiative. In this blog post he recognizes librarians’ commitment to privacy. He then offers five recommendations for libraries for increasing their use of encryption to protect their users, whether those users are in the library or accessing the library’s services from home. He explains some important details about HTTPS encryption that are not found in the other sources in this bibliography. Key references to ideas, research, and tools are linked to additional information elsewhere.

Library Freedom Project. n.d. Web. 21 Apr. 2015. <https://libraryfreedomproject.org>.

The Library Freedom Project was founded by self-described ninja librarian Alison Macrina, who trains libraries on surveillance threats, privacy rights, and privacy-protecting technology tools. The website is succinct and practical. You can check the schedule of upcoming trainings and events, contact Macrina to request she visit your library, or download a teacher’s guide and slide presentation for an Online Privacy Basics workshop. The website also includes a privacy software toolkit that can be installed on library computers, links to articles by and about the Project, and a blog. And of course, the website is served over an encrypted connection.

Neiburger, Eli, Sarah Houghton-Jan, and Jason Griffey. Privacy and Freedom of Information in 21st-Century Libraries. Chicago, IL: ALA TechSource, 2010. eBook Collection (EBSCOhost). Web. 18 Apr. 2015. <http://moe.highline.edu:2048/login?url=http://search.ebscohost.com/login.aspx?direct=true&AuthType=ip&db=nlebk&AN=363215&site=ehost-live&scope=site>.

This anthology of essays edited by the American Library Association covers a few specific topics in some depth, and is still up to date enough to be of interest. The chapter “Libraries, Technology, and the Culture of Privacy” by Barbara M. Jones takes a rare, brief look at how privacy-related laws, technology, mores, and priorities differ across cultures. She recommends listening to and learning from librarians who have lived in countries without privacy protection, or under repressive rule. Eli Neiburger urges libraries to embrace user-generated content, despite the potential legal messes they can create. Sarah Houghton-Jan makes a case against Internet filtering, given its inaccuracy and chilling effects. Jason Griffey examines the paradoxical conflicts between social networking and patron privacy. And in the last chapter, Deborah Caldwell-Stone asserts the need for librarians to assume leadership in developing best practices and standards for RFID, with privacy a primary goal.

Open Technology Institute. “Massive Coalition of Security Experts, Tech Companies and Privacy Advocates Presses Obama to Oppose Surveillance Backdoors.” Open Technology Institute. 19 May 2015. Web. 20 May 2015. <https://www.newamerica.org/oti/massive-coalition-of-security-experts-tech-companies-and-privacy-advocates-presses-obama-to-oppose-surveillance-backdoors/>.

Almost 150 companies, organizations and individuals have signed an open letter to President Obama. This press release describes the content, motives, and signers of the letter, and links to the letter itself. The letter urges the President to oppose any encryption backdoors or any deliberate weakening of encryption technology. It calls for policies to promote strong encryption, which it claims will benefit not just cybersecurity but also economic growth and human rights. It does not explicitly mention libraries, but the American Library Association is one of the cosigners. The press release also links to related news stories, documents, and articles to bolster the viewpoint that U.S. government policies should support strong encryption.

Woodward, Jeannette A. What Every Librarian Should Know About Electronic Privacy. Westport, Conn: Libraries Unlimited, 2007. eBook Collection (EBSCOhost). Web. 18 Apr. 2015. <http://moe.highline.edu:2048/login?url=http://search.ebscohost.com/login.aspx?direct=true&AuthType=ip&db=nlebk&AN=218349&site=ehost-live&scope=site>.

An easy-to-read introduction to and overview of many facets of electronic privacy in the library. Woodward has worked as both an academic and public librarian and has a gift for explaining technical matters in laypersons’ terms. She covers identity theft, commercial threats to privacy, government surveillance, the Patriot Act, RFID technology, and more. A chapter on “Protecting Children and Teenagers” will interest school librarians. Another especially useful chapter, “Protecting Electronic Privacy: A Step-by-Step Plan,” offers a fairly comprehensive outline of recommendations, from creating a privacy policy to configuring computers to securing networks. Woodward stresses the vulnerability of library patrons and the importance of educating them about electronic privacy. In the last chapter, “Education and Advocacy,” she lists some do’s and don’ts to teach to library users, offers guidelines for developing an Internet education program, and discusses legal advocacy. Includes a short technical glossary.