1 / 34

Protecting User Privacy: The Library's Role in Digital Security

This article explores how public libraries can educate users about online surveillance and protect their personal information. It discusses the importance of privacy, the role of libraries, and strategies for developing effective privacy policies.

merrillj
Download Presentation

Protecting User Privacy: The Library's Role in Digital Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. The Library and Digital Privacy How Public Libraries Can Educate and Protect Users from Online Surveillance and Collection of Information

  2. Data Breaches and Records Exposed Identity Theft Resource Centre. https://www.iii.org/fact-statistic/facts-statistics-identity-theft-and-cybercrime. Retrieved Jan. 9, 2019.

  3. The Thomas Family

  4. A Story About Theft • The Thomas family's photo was taken from their blog and used in adverts around the world. Gordon, James. “Family’s photo ‘stolen’ from their blog and used in adverts around the world from greeting cards to political campaigns.” Daily Mail. Nov. 4, 2014.

  5. What Can We Learn? • The story of the Thomas family is a reminder of how personal information can be stolen and used. • It is difficult to control the distribution of content and information once it goes online. • Examples of individual information being collected: • Edward Snowden’s information leaks; • Google and Facebook collecting user data; • Data-mining of internet users.

  6. Why Libraries Care • The library’s role is to offer authentic information, while protecting the personal information of users. • American Library Association’sCode of Ethics, states: “we protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.” ALA Council. Code of ethics of the American Library Association. www.ala.org/united/sites/ala.org.united/files/content/trustees/orgtools/policies/ALA-code-of-ethics.pdf June 28, 1995. Retrieved June 9, 2019.

  7. Privacy & Intellectual Freedom • “Privacy is essential to the exercise of free speech, free thought, and free association,” -American Library Association’s Interpretation of the Library Bill of Rights. • This core value should now fuel the conversation of how libraries can help our communities cope with ever-changing realities around privacy. American Library Association. Interpretation of the Library Bill of Rights. www.ala.org/advocacy/intfreedom/librarybill/interpretations. Retrieved Jan. 9, 2019.

  8. Definitions • User data/information: any information related to user identity or behaviour in an information system. Name, address, checkouts, etc. • Digital privacy: The privacy of digital information, specifically information concerning personal identity shared over public networks.

  9. Concerns • Social engineering • Data Mining • Online Surveillance

  10. Let’s Talk About Cats • https://iknowwhereyourcatlives.com/

  11. I Know Where Your Cat Lives • “I Know Where Your Cat Lives is a data visualization experiment that locates a sample of one million public images of cats on a world map by the latitude and longitude coordinates embedded in their metadata.” About “I know where your cat lives.” https://iknowwhereyourcatlives.com/about/. Retrieved Jan. 9, 2019.

  12. Surveillance • Online surveillance infringes on individual privacy. • This surveillance especially targets marginalized populations whose rights to intellectual freedom are most often challenged.

  13. So…what can libraries do about digital privacy?

  14. Develop Appropriate Privacy Policies • Ensure that your system has a privacy policy that includes digital resources. • Make it available for users to see. • State how personal information is being used and with what organizations it is being shared (e.g. Overdrive, Ancestry). • Make sure privacy policies prohibit the unlawful sharing of patron records and user information. Resources for libraries to protect and promote privacy. Retrieved from https://chooseprivacyeveryday.org/wp-content/uploads/2013/04/CPWResourceGuideResources.pdf. Retrieved Jan. 9, 2019.

  15. Content of Privacy Policy • A list of definitions. • A notice to users of their rights to privacy and confidentiality. • An explanation of how all technology applications in your library are secured to protect the privacy of users. • A listing of what information is gathered about users, why it is collected, and how long it is kept. • An explanation of any optional library services that do require the collection of information. • Purchases of software, hardware, and systems should include privacy expectations. Resources for libraries to protect and promote privacy. Retrieved from https://chooseprivacyeveryday.org/wp-content/uploads/2013/04/CPWResourceGuideResources.pdf. Retrieved Jan. 9, 2019.

  16. An Affective Privacy Policy • 1. Limit the collection and retention of user information. • 2. Maintain policies and procedures for responding to requests for information. • 3. Maintain accurate, accessible privacy policies, and notify users when they change. Gebhart, Gennie and Sheehan, Kerry. “Librarians, act now to protect your users (before it’s too late).” Dec. 5, 2016. www.eff.org/deeplinks/2016/12/librarians-act-now-protect-your-users-its-too-late. Retrieved Jan. 9, 2019.

  17. An Affective Privacy Policy (cont’d) • 4. Use HTTPS for your whole website (and push your vendors to do the same). • 5. Secure library computer browsers. • 6.  Require third-party vendors to match library privacy practices for patron data.

  18. Transnational Data Flow • William Fishman defined this as “electronic movement of data between countries.” • There is a growing concern surrounding these data flows and issues of personal privacy and political freedom. • Investigate: are your library digital services providing user information to transnational organizations? Fishman, William L. “Introduction to transborder data flows.” Standford Journal of International Law, V. 16. 1980.

  19. Data Flow Concerns • Privacy and security of personal information being shared to another country or organization with lower standards of privacy and security. • The increasing international dependence created by sharing data between countries. • The danger of concentrating data processing facilities in some countries.

  20. What To Look For in a Third-Party • These service providers/vendors should have privacy policies that protect user information, and prohibit sharing or selling such information. • Research the policies regarding information being shared between your organization’s country and that of the service provider. • Investigate laws regarding data collection and privacy in country housing user information.

  21. Is It Enough? • What else can public library systems do to maximize user privacy while using digital library services?

  22. User Education • Educate users about their privacy rights. • Inform about the risks of online surveillance and retention of information (datamining, phishing, etc.). • Teach appropriate online tools and programs to use. • Also, provide access to secure networks and disable options that easily allow organizations to track and collection your information.

  23. Common Online Privacy Concerns • Viruses and Malware • Data-mining and analytics • Stolen passwords and login information • Tracing history and location of users • Profiling and information leaks to businesses and government

  24. Digital Privacy Workshops • A method to inform the public about digital privacy and online security. • These workshops inform users of their rights, appropriate online tools to use, how to use secure networks, and how to disable options that allow entities to collect information.

  25. Workshop Topics • Common online security concerns (phishing, viruses, etc.). • The Personal Information Protection and Electronic Documents Act (PIPEDA). • What Sensitive or Personally Identifiable Information (PII) is protected under the law. • The legality of companies collecting personal information. • The importance of reading User Agreements. “Personal Information Protection and Electronic Documents Act (PIPEDA).” Office of the Privacy Commissioner of Canada. www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/ Retrieved Jan. 09, 2019.

  26. User Agreements • Facebook: “you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook (IP License). This IP License ends when you delete your IP content or your account unless your content has been shared with others, and they have not deleted it.” “Terms of use.” Facebook.com. https://www.facebook.com/terms.php. Retrieved Jan. 09, 2019

  27. Retention of Information • These workshops detailed what information major online entities extract from users. • Facebook: stores every message sent or been sent, every file sent or been sent (including photos), login locations, and all the contacts in your phone. • Google: stores where you’ve logged in, everything you’ve ever searched (or deleted), which apps you use, and your YouTube history. Google also keeps an advertisement profile of you and can access your webcam and microphone

  28. Who Is Sharing Your Information? • A study by Global Privacy Enforcement Network found: • 67% of websites and apps collected personal information such as names, photos, addresses and phone numbers. • 51% indicated they may disclose personal information to a third party. • 71% had no simple way to delete account information. • 58% sometimes directed children to other sites, often via contests or ads, including some that were inappropriate for children. “Annual report for 2015.”Global Privacy Enforcement Network. www.privacyenforcement.net/content/annual-report-2015. Retrieved Jan. 09, 2019.

  29. Just Don’t Scare…Empower! • Behavioral analytics reveal the behavior of consumers online. Services like NoScript, Privacy Badger, and uBlock Origin block spying, ads, and invisible trackers. • Offer alternative search engines (DuckDuckGo does not collect user information) instead of Google or Bing. • Teach users how to avoid Malware and recommend Anti-Malware programs. • Instruct users how to secure Mobile Devices. • Recommend safe browsers, networks, and programs to use to minimize the collection of PII.

  30. Digital Workshops Feedback • Immediate feedback was positive from participants. • Many discovered online risks they were previously unaware of. • Survey participants.

  31. Planning Your Own Workshop • Library Freedom Project: https://libraryfreedomproject.org/ • Data Privacy Project:https://dataprivacyproject.org/ • Media Smarts: • http://mediasmarts.ca/ • …and make sure to know your library’s privacy policy!

  32. Why Security and Privacy Matters • All citizens are entitled to private and secure information. • Prevention of personal information theft • Equitable access to information and communication.

More Related