1. Privacy Issues �and the �Protection of Patron Privacy Rights Bob Bocher
robert.bocher@dpi.state.wi.us
Dept. of Public Instruction, Public Library Development WAPL Program Summary: This program will review some of the issues related to the use of the Internet and individual privacy. It will also look more specifically at legal issues related to patron privacy and patron rights when using a library’s resources, including the Internet.WAPL Program Summary: This program will review some of the issues related to the use of the Internet and individual privacy. It will also look more specifically at legal issues related to patron privacy and patron rights when using a library’s resources, including the Internet.
2. Library Privacy
Bob Bocher
2 Topics to Cover An overview of privacy concerns and issues
Federal laws, protections and actions
State statutory protections for libraries
Actions libraries can take
3. Library Privacy
Bob Bocher
3 Privacy Concerns and PII�(Personally Identifiable Information) Privacy concerns are high on consumer polls. �Key concerns include:
Identity theft and fraud
.Coms selling or misusing your PII
Government misuse of your PII
Security of your medical and financial data
Privacy concerns increase as
More people are online, and shop and �conduct business online
Residential broadband access increases (now about 25%)
Use of wireless communication increases
Use of GPS and RFID increases FTC 2003 survey: #1 issue = Identity Theft - 43%;
Internet auctions - 13%
Shady loan programs – 11%
Sweepstakes, lotteries - 9%
FTC’s Identify theft clearing house: 1,300 in 1999; 161,000 in 2002FTC 2003 survey: #1 issue = Identity Theft - 43%;
Internet auctions - 13%
Shady loan programs – 11%
Sweepstakes, lotteries - 9%
FTC’s Identify theft clearing house: 1,300 in 1999; 161,000 in 2002
4. Library Privacy
Bob Bocher
4 Tips on Personal Privacy Read closely any Website’s privacy policy
Keep a “clean” email address
Home cable and DSL users are especially vulnerable
Never enter sensitive PII without a secure connection
Enter only minimal data, look for opt-out check boxes
Look for compliance with groups like� BBBOnline, TRUSTe and HON
Be aware of your surroundings
Security cameras in Times Square
5. Library Privacy
Bob Bocher
5 Personally Identifiable Information (PII) Typical PII includes
Name
Address (work, residence)
Email address
Telephone number
Other ID
Library card #, SSN, etc.
6. Library Privacy
Bob Bocher
6 Federal Protections and Actions Constitutional and judicial
4th, 5th and 14th amendments
Supreme Court
e.g., Griswold v. Connecticut (1965); Lawrence v. Texas (2003)
Federal Trade Commission is lead privacy agency
Recent major federal laws with privacy provisions
Children’s Online Privacy Protection Act (COPPA, 1998)
Gramm-Leach-Bliley Act (GLBA, 1999)
Health Insurance Portability and Accountability Act (HIPAA, 1996)
More than 30 privacy-related bills are pending in Congress
US vs. EU views on privacy
Opt-out vs. opt-in HIPPA only came into effect in April 2003. COPPA in 2002.
14th Amendment: The Court used the due process clause to extend to the states the protection against limitations on the right of privacy and women's right to an abortion (see Roe v. Wade ). The 1986 case of Bowers v. Hardwick, however, came as a blow to the right of privacy; the Court ruled that individual state sodomy laws were constitutional, and thus that the right of privacy was not violated by laws criminalizing homosexual acts in those states. �HIPPA only came into effect in April 2003. COPPA in 2002.
14th Amendment: The Court used the due process clause to extend to the states the protection against limitations on the right of privacy and women's right to an abortion (see Roe v. Wade ). The 1986 case of Bowers v. Hardwick, however, came as a blow to the right of privacy; the Court ruled that individual state sodomy laws were constitutional, and thus that the right of privacy was not violated by laws criminalizing homosexual acts in those states.
7. Library Privacy
Bob Bocher
7 USA PATRIOT Act*�(PL107–56) Quickly passed following Sept 11, 2001
Revises more than 15 other laws
Expands Foreign Intelligence Surveillance �Act (FISA) and FISC
All 1228 applications to FISC in 2002�were approved
Communities and libraries are passing�PATRIOT Act resolutions
ALA advises librarians to “avoid �creating unnecessary records” USA Patriot Act, signed into law on Oct. 26, 2001—weakens privacy online.
432 pages long
Law had 4 different names & 5 different versions before signed by Pres.
Completed in 5 weeks, normal committee & hearing processes suspended
Amended 15 federal laws Privacy advocates have concerns
Major concerns re: surveillance w/less checks and balances
*FBI/CIA may place a wiretap on any person nationwide (not just local jurisdiction whether person is named in the court order.
*Law increases info gov’t may obtain about users from ISPs
expands records gov’t may seek with subpoena,(no court review required) for online times, durations, IP addresses, payments of accounts, email to/from
Provisions extend beyond terrorism through whole judicial system
appear less related to terrorism & more to nonviolent computer crim
Including:
*spying on computer trespassers without court order
*increased penalties for suspects violating Computer Fraud & Abuse Act (penalties for 1st offense 10 years prison, 20 yrs. 2nd offense)
>>>>>>>>>>>>>>>>>>
A May 17 opinion by the court that oversees the Foreign Intelligence Surveillance Act (FISA) alleges that Justice Department and FBI officials supplied erroneous information to the court in more than 75 applications for search warrants and wiretaps, including one signed by then-FBI Director Louis J. Freeh.
The FISA court agreed with other proposed rule changes. But Ashcroft filed an appeal yesterday over the rejected procedures that would constitute the first formal challenge to the FISA court in its 23-year history, officials said.
“We believe the court’s action unnecessarily narrowed the Patriot Act and limited our ability to fully utilize the authority Congress gave us,” the Justice Department said in a statement.
The documents released yesterday also provide a rare glimpse into the workings of the almost entirely secret FISA court, composed of a rotating panel of federal judges from around the United States and, until yesterday, had never jointly approved the release of one of its opinions. Ironically, the Justice Department itself had opposed the release.
Stewart Baker, former general counsel of the National Security Agency, called the opinion a “a public rebuke.”
“The message is you need better quality control,” Baker said. “The judges want to ensure they have information they can rely on implicitly.”
A senior Justice Department official said that the FISA court has not curtailed any investigations that involved misrepresented or erroneous information, nor has any court suppressed evidence in any related criminal case. He said that many of the misrepresentations were simply repetitions of earlier errors, because wiretap warrants must be renewed every 90 days. The FISA court approves about 1,000 warrants a year.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
(CBS/AP) A federal judge has declared unconstitutional a portion of the USA Patriot Act that bars giving expert advice or assistance to groups designated foreign terrorist organizations. ��The ruling marks the first court decision to declare a part of the post-Sept. 11 anti-terrorism statute unconstitutional, said David Cole, a Georgetown University law professor who argued the case on behalf of the Humanitarian Law Project. ��In a ruling handed down late Friday and made available Monday, U.S. District Judge Audrey Collins said the ban on providing "expert advice or assistance" is impermissibly vague, in violation of the First and Fifth Amendments. ��"The ruling is a setback for the government, but it's a problem that Congress can fix by simply revising the Patriot Act to make more clear what is permissible expert advice and what is not," reports CBS News Legal Analyst Andrew Cohen. "And truthfully this is precisely the sort of problem that should have been flagged by the lawyers before the Act was passed and signed into law." ��
WI’s Sen. Feingold only senator to vote against the bill.
USA Patriot Act, signed into law on Oct. 26, 2001—weakens privacy online.
432 pages long
Law had 4 different names & 5 different versions before signed by Pres.
Completed in 5 weeks, normal committee & hearing processes suspended
Amended 15 federal laws Privacy advocates have concerns
Major concerns re: surveillance w/less checks and balances
*FBI/CIA may place a wiretap on any person nationwide (not just local jurisdiction whether person is named in the court order.
*Law increases info gov’t may obtain about users from ISPs
expands records gov’t may seek with subpoena,(no court review required) for online times, durations, IP addresses, payments of accounts, email to/from
Provisions extend beyond terrorism through whole judicial system
appear less related to terrorism & more to nonviolent computer crim
Including:
*spying on computer trespassers without court order
*increased penalties for suspects violating Computer Fraud & Abuse Act (penalties for 1st offense 10 years prison, 20 yrs. 2nd offense)
>>>>>>>>>>>>>>>>>>
A May 17 opinion by the court that oversees the Foreign Intelligence Surveillance Act (FISA) alleges that Justice Department and FBI officials supplied erroneous information to the court in more than 75 applications for search warrants and wiretaps, including one signed by then-FBI Director Louis J. Freeh.
The FISA court agreed with other proposed rule changes. But Ashcroft filed an appeal yesterday over the rejected procedures that would constitute the first formal challenge to the FISA court in its 23-year history, officials said.
“We believe the court’s action unnecessarily narrowed the Patriot Act and limited our ability to fully utilize the authority Congress gave us,” the Justice Department said in a statement.
The documents released yesterday also provide a rare glimpse into the workings of the almost entirely secret FISA court, composed of a rotating panel of federal judges from around the United States and, until yesterday, had never jointly approved the release of one of its opinions. Ironically, the Justice Department itself had opposed the release.
Stewart Baker, former general counsel of the National Security Agency, called the opinion a “a public rebuke.”
“The message is you need better quality control,” Baker said. “The judges want to ensure they have information they can rely on implicitly.”
A senior Justice Department official said that the FISA court has not curtailed any investigations that involved misrepresented or erroneous information, nor has any court suppressed evidence in any related criminal case. He said that many of the misrepresentations were simply repetitions of earlier errors, because wiretap warrants must be renewed every 90 days. The FISA court approves about 1,000 warrants a year.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
(CBS/AP) A federal judge has declared unconstitutional a portion of the USA Patriot Act that bars giving expert advice or assistance to groups designated foreign terrorist organizations.
8. Library Privacy
Bob Bocher
8 USA Patriot Act: Some Privacy Issues Expands monitoring to include Internet traffic
Email addresses, IP addresses/routing, Web search terms
Expands surveillance with less judicial review
Former “probable cause” changed to � “relevant to an ongoing investigation”
SAFE bill: Must have "specific facts” that a person is �a suspected terrorist or a spy
Allows nationwide warrants
Library staff cannot disclose existence of warrant
Is this a new Library Awareness or COINTELPRO program?
Law does not override WI library privacy law “The number of times the Government has requested or the Court has approved requests under this section since passage of the PATRIOT Act, is classified.” AG Ashcroft to House Judiciary Committee, 7-02.
Before the Patriot Act, Jaffer explained, National Security Letters could be issued only against people who were reasonably suspected of espionage. The Patriot Act allows the Attorney General to issue National Security Letters even against people who are not suspected of criminal activity or of acting on behalf of a foreign power. (http://www.aclu.org/SafeandFree/SafeandFree.cfm?ID=12166&c=206)
Two such surveillance and profiling systems are currently under design or development by the US government: 1) the Total Information Awareness (TIA) system; and, 2) the Terrorist Threat Integration Center (TTIC). The later system was announced by George W. Bush during his State of the Union Address. These systems will weave together strands of data from various sources--such as travel, credit card, bank, electronic toll and driver's license databases, as well as information collected domestically by police and internationally by spy agencies--with the stated purpose of identifying terrorists before they strike.� (http://www.rtp.nc.us/events.htm)�“The number of times the Government has requested or the Court has approved requests under this section since passage of the PATRIOT Act, is classified.” AG Ashcroft to House Judiciary Committee, 7-02.
Before the Patriot Act, Jaffer explained, National Security Letters could be issued only against people who were reasonably suspected of espionage. The Patriot Act allows the Attorney General to issue National Security Letters even against people who are not suspected of criminal activity or of acting on behalf of a foreign power. (http://www.aclu.org/SafeandFree/SafeandFree.cfm?ID=12166&c=206)
Two such surveillance and profiling systems are currently under design or development by the US government: 1) the Total Information Awareness (TIA) system; and, 2) the Terrorist Threat Integration Center (TTIC). The later system was announced by George W. Bush during his State of the Union Address. These systems will weave together strands of data from various sources--such as travel, credit card, bank, electronic toll and driver's license databases, as well as information collected domestically by police and internationally by spy agencies--with the stated purpose of identifying terrorists before they strike. (http://www.rtp.nc.us/events.htm)
9. Library Privacy
Bob Bocher
9 Related Federal Programs, Activities Patriot Act II (drafted, not introduced)
Some parts incorporated into other bills, like the Intelligence Authorization Act for Fiscal Year 2004
Terrorism (aka Total) Information �Awareness (TIA)
Building large-scale counter-terrorism databases
DCS1000 (aka Carnivore)
Intelligent software filtering tools �used to intercept Net traffic
Policy Analysis Market (PAM)
Traders could buy and sell futures contracts �on, for example, the assassination of Yasser �Arafat or an anthrax attack on Disney World.
Canceled in July PATRIOT ACT II
- Provides immunity for businesses, including ISPs, that voluntarily turn over PII to law enforcement
- FISC can authorize search warrants with no connection to foreign governments or terrorist organizations
- FBI can issue a subpoena to require third parties (e.g., your ISP, library, doctor, etc.) to turn over information about you
TIA
DARPA to report to Congress by May 20
S.188 places moratorium on TIA datamining (Feingold)
"You can change the name, but the danger is the same. TIA is a real menace to our privacy, and it is an expensive distraction from the real on-the-ground intelligence that will actually root out terrorists and their cells. "While DARPA plans privacy safeguards now, history shows that once this type of system is in place, there will be ever mounting pressure to expand it. The opportunity for abuse is astounding, whether it's renegade federal employees or outside hackers. "Build it, and it will be abused. Tens of millions of your tax dollars are at work to develop the ultimate Big Brother platform. TIA has the potential to undermine our privacy and our freedom. The only real safeguard with TIA is program termination."
Policy Analysis Market
From the trading patterns, the Pentagon agency, known as DARPA, hoped to gain clues about possible terrorist attacks. In statements Monday and Tuesday, it said markets are often better than experts in making predictions. FutureMAP, or "Futures Markets Applied to Predictions.PATRIOT ACT II
- Provides immunity for businesses, including ISPs, that voluntarily turn over PII to law enforcement
- FISC can authorize search warrants with no connection to foreign governments or terrorist organizations
- FBI can issue a subpoena to require third parties (e.g., your ISP, library, doctor, etc.) to turn over information about you
TIA
DARPA to report to Congress by May 20
S.188 places moratorium on TIA datamining (Feingold)
"You can change the name, but the danger is the same. TIA is a real menace to our privacy, and it is an expensive distraction from the real on-the-ground intelligence that will actually root out terrorists and their cells. "While DARPA plans privacy safeguards now, history shows that once this type of system is in place, there will be ever mounting pressure to expand it. The opportunity for abuse is astounding, whether it's renegade federal employees or outside hackers. "Build it, and it will be abused. Tens of millions of your tax dollars are at work to develop the ultimate Big Brother platform. TIA has the potential to undermine our privacy and our freedom. The only real safeguard with TIA is program termination."
Policy Analysis Market
From the trading patterns, the Pentagon agency, known as DARPA, hoped to gain clues about possible terrorist attacks. In statements Monday and Tuesday, it said markets are often better than experts in making predictions. FutureMAP, or "Futures Markets Applied to Predictions.
10. Library Privacy
Bob Bocher
10 State and Local Privacy Protections 48 states have library privacy laws
WI library privacy law, 43.30
WI Personal Information�Practices law, 19.62
Local library policy
Local policies can be stronger �than state protections
Sample policy available at: http://www.dpi.state.wi.us/dltcl/pld/policies.html
11. Library Privacy
Bob Bocher
11 WI Library Privacy Law
12. Library Privacy
Bob Bocher
12 Other 43.30 Provisions Use of library resources can be released
By consent of library patron
By court order
For administration of library or library system business (e.g., to other libraries for interloan)
To custodial parents if patron is under 16 (pending, AB 169)
13. Library Privacy
Bob Bocher
13 Access to Children's Library Records�(AB 169, SB 128)
14. Library Privacy
Bob Bocher
14 Actions Libraries Can Take Conduct a privacy audit
Under WI Personal Information Practices Act (19.62)
Libraries must develop procedures to protect the privacy of patron PII
Libraries must develop rules for staff involved in collecting, maintaining, using, and providing access to patron PII
Educate and inform
Library staff, library board, city attorney, local law enforcement
Contact the DPI’s Library Division on any privacy questions
15. Privacy Issues �and the �Protection of Patron Privacy Rights Questions ? WAPL Program Summary: This program will review some of the issues related to the use of the Internet and individual privacy. It will also look more specifically at legal issues related to patron privacy and patron rights when using a library’s resources, including the Internet.WAPL Program Summary: This program will review some of the issues related to the use of the Internet and individual privacy. It will also look more specifically at legal issues related to patron privacy and patron rights when using a library’s resources, including the Internet.
16. Library Privacy
Bob Bocher
16
17. Library Privacy
Bob Bocher
17
18. Library Privacy
Bob Bocher
18
