1 / 17

Privacy Issues and the Protection of Patron Privacy Rights

Library PrivacyBob Bocher. 2. Topics to Cover. An overview of privacy concerns and issuesFederal laws, protections and actions State statutory protections for libraries Actions libraries can take. . Library PrivacyBob Bocher. 3. Privacy Concerns and PII (Personally Identifiable Information)

malory
Download Presentation

Privacy Issues and the Protection of Patron Privacy Rights

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


    1. Privacy Issues and the Protection of Patron Privacy Rights Bob Bocher robert.bocher@dpi.state.wi.us Dept. of Public Instruction, Public Library Development WAPL Program Summary: This program will review some of the issues related to the use of the Internet and individual privacy. It will also look more specifically at legal issues related to patron privacy and patron rights when using a library’s resources, including the Internet.WAPL Program Summary: This program will review some of the issues related to the use of the Internet and individual privacy. It will also look more specifically at legal issues related to patron privacy and patron rights when using a library’s resources, including the Internet.

    2. Library Privacy Bob Bocher 2 Topics to Cover An overview of privacy concerns and issues Federal laws, protections and actions State statutory protections for libraries Actions libraries can take

    3. Library Privacy Bob Bocher 3 Privacy Concerns and PII (Personally Identifiable Information) Privacy concerns are high on consumer polls. Key concerns include: Identity theft and fraud .Coms selling or misusing your PII Government misuse of your PII Security of your medical and financial data Privacy concerns increase as More people are online, and shop and conduct business online Residential broadband access increases (now about 25%) Use of wireless communication increases Use of GPS and RFID increases FTC 2003 survey: #1 issue = Identity Theft - 43%; Internet auctions - 13% Shady loan programs – 11% Sweepstakes, lotteries - 9% FTC’s Identify theft clearing house: 1,300 in 1999; 161,000 in 2002FTC 2003 survey: #1 issue = Identity Theft - 43%; Internet auctions - 13% Shady loan programs – 11% Sweepstakes, lotteries - 9% FTC’s Identify theft clearing house: 1,300 in 1999; 161,000 in 2002

    4. Library Privacy Bob Bocher 4 Tips on Personal Privacy Read closely any Website’s privacy policy Keep a “clean” email address Home cable and DSL users are especially vulnerable Never enter sensitive PII without a secure connection Enter only minimal data, look for opt-out check boxes Look for compliance with groups like BBBOnline, TRUSTe and HON Be aware of your surroundings Security cameras in Times Square

    5. Library Privacy Bob Bocher 5 Personally Identifiable Information (PII) Typical PII includes Name Address (work, residence) Email address Telephone number Other ID Library card #, SSN, etc.

    6. Library Privacy Bob Bocher 6 Federal Protections and Actions Constitutional and judicial 4th, 5th and 14th amendments Supreme Court e.g., Griswold v. Connecticut (1965); Lawrence v. Texas (2003) Federal Trade Commission is lead privacy agency Recent major federal laws with privacy provisions Children’s Online Privacy Protection Act (COPPA, 1998) Gramm-Leach-Bliley Act (GLBA, 1999) Health Insurance Portability and Accountability Act (HIPAA, 1996) More than 30 privacy-related bills are pending in Congress US vs. EU views on privacy Opt-out vs. opt-in HIPPA only came into effect in April 2003. COPPA in 2002. 14th Amendment: The Court used the due process clause to extend to the states the protection against limitations on the right of privacy and women's right to an abortion (see Roe v. Wade ). The 1986 case of Bowers v. Hardwick, however, came as a blow to the right of privacy; the Court ruled that individual state sodomy laws were constitutional, and thus that the right of privacy was not violated by laws criminalizing homosexual acts in those states. HIPPA only came into effect in April 2003. COPPA in 2002. 14th Amendment: The Court used the due process clause to extend to the states the protection against limitations on the right of privacy and women's right to an abortion (see Roe v. Wade ). The 1986 case of Bowers v. Hardwick, however, came as a blow to the right of privacy; the Court ruled that individual state sodomy laws were constitutional, and thus that the right of privacy was not violated by laws criminalizing homosexual acts in those states.

    7. Library Privacy Bob Bocher 7 USA PATRIOT Act* (PL107–56) Quickly passed following Sept 11, 2001 Revises more than 15 other laws Expands Foreign Intelligence Surveillance Act (FISA) and FISC All 1228 applications to FISC in 2002 were approved Communities and libraries are passing PATRIOT Act resolutions ALA advises librarians to “avoid creating unnecessary records” USA Patriot Act, signed into law on Oct. 26, 2001—weakens privacy online. 432 pages long Law had 4 different names & 5 different versions before signed by Pres. Completed in 5 weeks, normal committee & hearing processes suspended Amended 15 federal laws Privacy advocates have concerns Major concerns re: surveillance w/less checks and balances *FBI/CIA may place a wiretap on any person nationwide (not just local jurisdiction whether person is named in the court order. *Law increases info gov’t may obtain about users from ISPs expands records gov’t may seek with subpoena,(no court review required) for online times, durations, IP addresses, payments of accounts, email to/from Provisions extend beyond terrorism through whole judicial system appear less related to terrorism & more to nonviolent computer crim Including: *spying on computer trespassers without court order *increased penalties for suspects violating Computer Fraud & Abuse Act (penalties for 1st offense 10 years prison, 20 yrs. 2nd offense) >>>>>>>>>>>>>>>>>> A May 17 opinion by the court that oversees the Foreign Intelligence Surveillance Act (FISA) alleges that Justice Department and FBI officials supplied erroneous information to the court in more than 75 applications for search warrants and wiretaps, including one signed by then-FBI Director Louis J. Freeh. The FISA court agreed with other proposed rule changes. But Ashcroft filed an appeal yesterday over the rejected procedures that would constitute the first formal challenge to the FISA court in its 23-year history, officials said. “We believe the court’s action unnecessarily narrowed the Patriot Act and limited our ability to fully utilize the authority Congress gave us,” the Justice Department said in a statement. The documents released yesterday also provide a rare glimpse into the workings of the almost entirely secret FISA court, composed of a rotating panel of federal judges from around the United States and, until yesterday, had never jointly approved the release of one of its opinions. Ironically, the Justice Department itself had opposed the release. Stewart Baker, former general counsel of the National Security Agency, called the opinion a “a public rebuke.” “The message is you need better quality control,” Baker said. “The judges want to ensure they have information they can rely on implicitly.” A senior Justice Department official said that the FISA court has not curtailed any investigations that involved misrepresented or erroneous information, nor has any court suppressed evidence in any related criminal case. He said that many of the misrepresentations were simply repetitions of earlier errors, because wiretap warrants must be renewed every 90 days. The FISA court approves about 1,000 warrants a year. >>>>>>>>>>>>>>>>>>>>>>>>>>>>> (CBS/AP) A federal judge has declared unconstitutional a portion of the USA Patriot Act that bars giving expert advice or assistance to groups designated foreign terrorist organizations. The ruling marks the first court decision to declare a part of the post-Sept. 11 anti-terrorism statute unconstitutional, said David Cole, a Georgetown University law professor who argued the case on behalf of the Humanitarian Law Project. In a ruling handed down late Friday and made available Monday, U.S. District Judge Audrey Collins said the ban on providing "expert advice or assistance" is impermissibly vague, in violation of the First and Fifth Amendments. "The ruling is a setback for the government, but it's a problem that Congress can fix by simply revising the Patriot Act to make more clear what is permissible expert advice and what is not," reports CBS News Legal Analyst Andrew Cohen. "And truthfully this is precisely the sort of problem that should have been flagged by the lawyers before the Act was passed and signed into law." WI’s Sen. Feingold only senator to vote against the bill. USA Patriot Act, signed into law on Oct. 26, 2001—weakens privacy online. 432 pages long Law had 4 different names & 5 different versions before signed by Pres. Completed in 5 weeks, normal committee & hearing processes suspended Amended 15 federal laws Privacy advocates have concerns Major concerns re: surveillance w/less checks and balances *FBI/CIA may place a wiretap on any person nationwide (not just local jurisdiction whether person is named in the court order. *Law increases info gov’t may obtain about users from ISPs expands records gov’t may seek with subpoena,(no court review required) for online times, durations, IP addresses, payments of accounts, email to/from Provisions extend beyond terrorism through whole judicial system appear less related to terrorism & more to nonviolent computer crim Including: *spying on computer trespassers without court order *increased penalties for suspects violating Computer Fraud & Abuse Act (penalties for 1st offense 10 years prison, 20 yrs. 2nd offense) >>>>>>>>>>>>>>>>>> A May 17 opinion by the court that oversees the Foreign Intelligence Surveillance Act (FISA) alleges that Justice Department and FBI officials supplied erroneous information to the court in more than 75 applications for search warrants and wiretaps, including one signed by then-FBI Director Louis J. Freeh. The FISA court agreed with other proposed rule changes. But Ashcroft filed an appeal yesterday over the rejected procedures that would constitute the first formal challenge to the FISA court in its 23-year history, officials said. “We believe the court’s action unnecessarily narrowed the Patriot Act and limited our ability to fully utilize the authority Congress gave us,” the Justice Department said in a statement. The documents released yesterday also provide a rare glimpse into the workings of the almost entirely secret FISA court, composed of a rotating panel of federal judges from around the United States and, until yesterday, had never jointly approved the release of one of its opinions. Ironically, the Justice Department itself had opposed the release. Stewart Baker, former general counsel of the National Security Agency, called the opinion a “a public rebuke.” “The message is you need better quality control,” Baker said. “The judges want to ensure they have information they can rely on implicitly.” A senior Justice Department official said that the FISA court has not curtailed any investigations that involved misrepresented or erroneous information, nor has any court suppressed evidence in any related criminal case. He said that many of the misrepresentations were simply repetitions of earlier errors, because wiretap warrants must be renewed every 90 days. The FISA court approves about 1,000 warrants a year. >>>>>>>>>>>>>>>>>>>>>>>>>>>>> (CBS/AP) A federal judge has declared unconstitutional a portion of the USA Patriot Act that bars giving expert advice or assistance to groups designated foreign terrorist organizations.

    8. Library Privacy Bob Bocher 8 USA Patriot Act: Some Privacy Issues Expands monitoring to include Internet traffic Email addresses, IP addresses/routing, Web search terms Expands surveillance with less judicial review Former “probable cause” changed to “relevant to an ongoing investigation” SAFE bill: Must have "specific facts” that a person is a suspected terrorist or a spy Allows nationwide warrants Library staff cannot disclose existence of warrant Is this a new Library Awareness or COINTELPRO program? Law does not override WI library privacy law “The number of times the Government has requested or the Court has approved requests under this section since passage of the PATRIOT Act, is classified.” AG Ashcroft to House Judiciary Committee, 7-02. Before the Patriot Act, Jaffer explained, National Security Letters could be issued only against people who were reasonably suspected of espionage. The Patriot Act allows the Attorney General to issue National Security Letters even against people who are not suspected of criminal activity or of acting on behalf of a foreign power. (http://www.aclu.org/SafeandFree/SafeandFree.cfm?ID=12166&c=206) Two such surveillance and profiling systems are currently under design or development by the US government: 1) the Total Information Awareness (TIA) system; and, 2) the Terrorist Threat Integration Center (TTIC). The later system was announced by George W. Bush during his State of the Union Address. These systems will weave together strands of data from various sources--such as travel, credit card, bank, electronic toll and driver's license databases, as well as information collected domestically by police and internationally by spy agencies--with the stated purpose of identifying terrorists before they strike. (http://www.rtp.nc.us/events.htm) “The number of times the Government has requested or the Court has approved requests under this section since passage of the PATRIOT Act, is classified.” AG Ashcroft to House Judiciary Committee, 7-02. Before the Patriot Act, Jaffer explained, National Security Letters could be issued only against people who were reasonably suspected of espionage. The Patriot Act allows the Attorney General to issue National Security Letters even against people who are not suspected of criminal activity or of acting on behalf of a foreign power. (http://www.aclu.org/SafeandFree/SafeandFree.cfm?ID=12166&c=206) Two such surveillance and profiling systems are currently under design or development by the US government: 1) the Total Information Awareness (TIA) system; and, 2) the Terrorist Threat Integration Center (TTIC). The later system was announced by George W. Bush during his State of the Union Address. These systems will weave together strands of data from various sources--such as travel, credit card, bank, electronic toll and driver's license databases, as well as information collected domestically by police and internationally by spy agencies--with the stated purpose of identifying terrorists before they strike. (http://www.rtp.nc.us/events.htm)

    9. Library Privacy Bob Bocher 9 Related Federal Programs, Activities Patriot Act II (drafted, not introduced) Some parts incorporated into other bills, like the Intelligence Authorization Act for Fiscal Year 2004 Terrorism (aka Total) Information Awareness (TIA) Building large-scale counter-terrorism databases DCS1000 (aka Carnivore) Intelligent software filtering tools used to intercept Net traffic Policy Analysis Market (PAM) Traders could buy and sell futures contracts on, for example, the assassination of Yasser Arafat or an anthrax attack on Disney World. Canceled in July PATRIOT ACT II - Provides immunity for businesses, including ISPs, that voluntarily turn over PII to law enforcement - FISC can authorize search warrants with no connection to foreign governments or terrorist organizations - FBI can issue a subpoena to require third parties (e.g., your ISP, library, doctor, etc.) to turn over information about you TIA DARPA to report to Congress by May 20 S.188 places moratorium on TIA datamining (Feingold) "You can change the name, but the danger is the same. TIA is a real menace to our privacy, and it is an expensive distraction from the real on-the-ground intelligence that will actually root out terrorists and their cells. "While DARPA plans privacy safeguards now, history shows that once this type of system is in place, there will be ever mounting pressure to expand it. The opportunity for abuse is astounding, whether it's renegade federal employees or outside hackers. "Build it, and it will be abused. Tens of millions of your tax dollars are at work to develop the ultimate Big Brother platform. TIA has the potential to undermine our privacy and our freedom. The only real safeguard with TIA is program termination." Policy Analysis Market From the trading patterns, the Pentagon agency, known as DARPA, hoped to gain clues about possible terrorist attacks. In statements Monday and Tuesday, it said markets are often better than experts in making predictions. FutureMAP, or "Futures Markets Applied to Predictions.PATRIOT ACT II - Provides immunity for businesses, including ISPs, that voluntarily turn over PII to law enforcement - FISC can authorize search warrants with no connection to foreign governments or terrorist organizations - FBI can issue a subpoena to require third parties (e.g., your ISP, library, doctor, etc.) to turn over information about you TIA DARPA to report to Congress by May 20 S.188 places moratorium on TIA datamining (Feingold) "You can change the name, but the danger is the same. TIA is a real menace to our privacy, and it is an expensive distraction from the real on-the-ground intelligence that will actually root out terrorists and their cells. "While DARPA plans privacy safeguards now, history shows that once this type of system is in place, there will be ever mounting pressure to expand it. The opportunity for abuse is astounding, whether it's renegade federal employees or outside hackers. "Build it, and it will be abused. Tens of millions of your tax dollars are at work to develop the ultimate Big Brother platform. TIA has the potential to undermine our privacy and our freedom. The only real safeguard with TIA is program termination." Policy Analysis Market From the trading patterns, the Pentagon agency, known as DARPA, hoped to gain clues about possible terrorist attacks. In statements Monday and Tuesday, it said markets are often better than experts in making predictions. FutureMAP, or "Futures Markets Applied to Predictions.

    10. Library Privacy Bob Bocher 10 State and Local Privacy Protections 48 states have library privacy laws WI library privacy law, 43.30 WI Personal Information Practices law, 19.62 Local library policy Local policies can be stronger than state protections Sample policy available at: http://www.dpi.state.wi.us/dltcl/pld/policies.html

    11. Library Privacy Bob Bocher 11 WI Library Privacy Law

    12. Library Privacy Bob Bocher 12 Other 43.30 Provisions Use of library resources can be released By consent of library patron By court order For administration of library or library system business (e.g., to other libraries for interloan) To custodial parents if patron is under 16 (pending, AB 169)

    13. Library Privacy Bob Bocher 13 Access to Children's Library Records (AB 169, SB 128)

    14. Library Privacy Bob Bocher 14 Actions Libraries Can Take Conduct a privacy audit Under WI Personal Information Practices Act (19.62) Libraries must develop procedures to protect the privacy of patron PII Libraries must develop rules for staff involved in collecting, maintaining, using, and providing access to patron PII Educate and inform Library staff, library board, city attorney, local law enforcement Contact the DPI’s Library Division on any privacy questions

    15. Privacy Issues and the Protection of Patron Privacy Rights Questions ? WAPL Program Summary: This program will review some of the issues related to the use of the Internet and individual privacy. It will also look more specifically at legal issues related to patron privacy and patron rights when using a library’s resources, including the Internet.WAPL Program Summary: This program will review some of the issues related to the use of the Internet and individual privacy. It will also look more specifically at legal issues related to patron privacy and patron rights when using a library’s resources, including the Internet.

    16. Library Privacy Bob Bocher 16

    17. Library Privacy Bob Bocher 17

    18. Library Privacy Bob Bocher 18

More Related