homepromo

savedatemay
Save the Date!
Choose Privacy Week is held annually May 1 - 7. Start planning now for your library’s participation and programming. Choose Privacy Week materials are available now in the ALA Store.
allies

Voices For Privacy

FTRF and ALA join amicus brief asserting readers’ First Amendment right to be free of NSA’s online surveillance

Posted by on September 4, 2015 in FISA / PATRIOT Act, government surveillance, libraries, Protecting Privacy, reader privacy, surveillance | 0 comments

Crossposted from the Office for Intellectual Freedom’s Blog

The Freedom to Read Foundation (FTRF) and American Library Association (ALA) on Thursday joined with booksellers, international, and research librarians to file an amicus brief defending their ability – and the ability of similar organizations – to challenge on behalf of their users government actions that burden readers’ First Amendment rights. The amicus brief was filed in support of the plaintiffs in Wikimedia Foundation v. National Security Agency.

The lawsuit was filed by the American Civil Liberties Union (ACLU) on behalf of the Wikimedia Foundation and a broad coalition of educational, human rights, legal, and media organizations. It challenges the National Security Agency’s “Upstream” surveillance program. According to NSA, the “Upstream” surveillance program involves copying Internet traffic—including e-mails, chat, web browsing and other communications—as the data traverses the fiber optic backbone of the Internet.

This means that the NSA is looking over every reader’s shoulder while they’re online and compromising the privacy of every library user and bookstore patron who searches a library’s or bookseller’s online catalog, obtains an e-book, or consults online databases and journals for research, and deterring individuals from exercising their First Amendment right to obtain and read materials that are controversial or reflect deeply private concerns.

The amicus brief, written by the Electronic Frontier Foundation on behalf of the library and bookseller organizations, explains the importance of privacy to the unfettered exercise of First Amendment rights and argues that libraries, booksellers, and similar organizations can assert the rights of their users related to privacy concerns associated with government access to, and surveillance of, users’ reading habits. It further emphasizes the chill on First Amendment rights that results when the government has unrestricted access to the records of what users read and view online.

The Electronic Frontier Foundation provides more information on their website, and the full brief can be read online at this link. The ACLU has full details about Wikimedia Foundation v. NSA on its website, linked here. Other parties in the brief include the American Booksellers Association, the Association of Research Libraries, and the International Federation of Library Associations and Institutions.

New Privacy Guidelines Encourage Libraries and Vendors to Work Together to Protect Reader Privacy

Posted by on August 4, 2015 in Privacy and New Technologies, Privacy vs. Library 2.0, Protecting Privacy, reader privacy | 0 comments

By Michael Robinson
Chair, IFC Privacy Subcommittee
Head of Systems at the Consortium Library
University of Alaska – Anchorage

Libraries have a tradition of protecting the privacy of readers as the cornerstone of intellectual freedom. We recognize that freedom of thought and expression begins with freedom of inquiry, the ability to read and explore ideas without the chilling effect of government surveillance or societal disapproval. We clearly saw the Patriot Act as a threat to library users’ privacy and have earned a reputation for our efforts to reform it. However, that reputation may be in danger. A gap has grown between our tradition of protecting privacy and common practices that libraries have developed as they strive to deliver digital content, embrace the modern Web, and provide personalized services to library users. The October 2014 revelations disclosing what Adobe’s Digital Editions collects about users and their reading habits brought this gap into center stage.

ALA’s Intellectual Freedom Committee (IFC) has been concerned about online privacy for years. They worked with the Office of Intellectual Freedom to establish the annual Choose Privacy Week campaign in 2010 and recently published an updated version of the Privacy Toolkit, an extensive resource that covers the myriad of threats to privacy in a modern library. One of the goals of the IFC Privacy Subcommittee is to use the toolkit as a resource to produce a series of more concise and accessible guidelines focused on specific areas of concern about library users’ privacy.

Given the Adobe revelations, we decided to start by developing privacy guidelines for ebook lending and digital content vendors. During the process of developing the document, the Privacy Subcommittee shared it with a range of individuals and groups for review and comments. This included ALA’s Digital Content Working Group (DCWG), the LITA Patron Privacy Technologies Interest Group, and the group developing the NISO Consensus Framework to Support Patron Privacy in Digital Library and Information Systems. Online privacy is a large issue that touches on many areas of library service, and it is important that the different groups in ALA work together to develop a common set of principles and best practices that protect reader privacy. By the end of ALA’s 2015 Annual Meeting in San Francisco, the Intellectual Freedom Committee and the Digital Content Working Group both endorsed the document, entitled “Library Privacy Guidelines for E-book Lending and Digital Content Vendors.

Library Privacy Guidelines for E-book Lending and Digital Content” are intended to start a conversation within the library community and with vendors and content providers. We expect that the guidelines will need to be revised as we receive more feedback. On the whole, the guidelines represent our attempt to balance the need to protect reader privacy with the needs of libraries to collect user data and provide personalized services, while respecting and protecting the individual’s right to make their own informed decisions in regards to the privacy of their data, particularly in regard to how much privacy they are willing to trade for convenience or added benefits. That’s an ambitious goal, but if libraries and vendors can work together to develop practices based on these guidelines, it can serve as a model for how it can be done. It’s time for librarians to take up this task and to live up to our reputation as privacy defenders.

Library Privacy Guidelines for E-book Lending and Digital Content Vendors

Introduction
Protecting user privacy and confidentiality has long been an integral part of the intellectual freedom mission of libraries. The right to free inquiry as assured by the First Amendment depends upon the ability to read and access information free from scrutiny by the government or other third parties. In their provision of services to library users, librarians have an ethical obligation, expressed in the ALA Code of Ethics, to preserve users’ right to privacy and to prevent any unauthorized use of patron data (see note below). Librarians and libraries may also have a legal obligation to protect library users’ data from unauthorized disclosure.

Libraries enter into licenses or agreements with commercial vendors in order to provide library users access to digital information, including e-books, journals, and databases. Access to these resources is most often provided via networks and the internet. In the course of providing these services, most e-book and digital content vendors collect and use library patron data for a variety of reasons, including digital rights management, consumer analytics, and user personalization. Libraries and vendors must work together to ensure that the contracts and licenses governing the provision and use of digital information reflect library ethics, policies, and legal obligations concerning user privacy and confidentiality.

These guidelines are issued to provide vendors with information about appropriate data management and security practices in respect to library patrons’ personally identifiable information and data about their use of digital content.

Agreements, Ownership of User Data, and Legal Requirements
Agreements between libraries and vendors should address appropriate restrictions on the use, aggregation, retention, and dissemination of patron data, particularly information about minors. Agreements between libraries and vendors should also specify that libraries retain ownership of all data and that the vendor agrees to observe the library’s privacy policies and data retention and security policies.

Vendors are strongly encouraged to implement the principles of privacy by design, i.e. products and services should have privacy concerns “built in, not bolted on.” In addition, agreements between libraries and vendors should reflect and incorporate restrictions on the potential dissemination and use of library patrons’ records and data imposed by local, state, and federal law.

Clear Privacy Policies
Library users should be notified about vendor privacy policies when accessing a product or service. The privacy policies should be made easily available and understandable to users. Safeguarding user privacy requires that individuals know what information is gathered about them, how long it is stored, who has access to it and under what conditions, and how it is used. There should be a way to actively notify ongoing users of any changes to the vendor’s privacy policies.

User Consent
The vendor should give users options as to how much personal information is collected from them and how it may be used. Users should have choices about whether or not to opt-in to features and services that require the collection of personal information. Users should also have the ability to opt-out and have their personal information erased if they later change their minds.

Access to Personal Data
Users should have the right to access their own personal information and contest its accuracy. Verifying accuracy helps ensure that vendor services that rely on personal user information can function properly. Guidance on how the user can access their personal data should be clear and easy to find. Patrons should also have the ability to download their personal data into an open file format such as CSV for their own use.

Access to personal information should be restricted to the user and conform to the applicable state laws addressing the confidentiality of library records as well as other applicable local, state, and federal law.

Data Integrity and Security
Whenever patron data is collected, the vendor must take reasonable steps to ensure integrity and security, including compliance with applicable statutory requirements.

Security: Security involves both managerial and technical measures to protect against loss and the unauthorized access, destruction, use, or disclosure of data. Security measures should be integrated into the design, implementation, and day-to-day practices of the vendor’s entire operating environment as part of its continuing commitment to risk management. The vendor should seek compliance with published cybersecurity standards from organizations such as National Institute of Standards and Technology (NIST).

Encryption: The use of data encryption helps enhance privacy protection. All online transactions between client applications (web browsers, mobile apps, etc.) and server applications should be encrypted. In addition, any user data housed by the vendor off site (cloud-based infrastructure, tape backups, etc.) should use encrypted storage.

Anonymization: Data used for customer analytics and other types of analysis should be anonymized by removing or encrypting personally identifiable information. While data anonymization is a good practice, it is not foolproof (re-identification analysis has been used to identify individuals from anonymized data sets); therefore access should still be restricted.

Retention: User data should not be retained in perpetuity. The vendor should establish policies for how long to retain different types of data and methods for securely destroying data that is no longer needed. For example, accounts that are expired or inactive for a certain amount of time should be purged. Retention policies should also cover archival copies and backups.

Data Sharing: User data should not be shared with third-party vendors and other business associates without user consent. Most state statutes on the confidentiality of library records do not permit release of library patrons’ personally identifiable information or data about their use of library resources and services without user consent or a court order. In addition, ALA policy forbids sharing of library patron information with third parties absent a court order.

Government Requests: The vendor should develop and implement procedures for dealing with government and law enforcement requests for library patrons’ personally identifiable information and use data. The vendor should consider a government or law enforcement request only if it is issued by a court of competent jurisdiction that shows good cause and is in proper form. The vendor should inform and consult with the library when it believes is obligated to release library patrons’ information unless prevented from doing so by the operation of law. The vendor should also inform users through its privacy policies about the legal conditions under which it might be required to release personally identifiable information.

Company Sale, Merger, or Bankruptcy: In the event that the vendor is sold to another company, merges with another company, or is dissolved through bankruptcy, all personally identifiable information should be securely destroyed, or libraries and their end users must be notified and given the opportunity to request that their data be securely destroyed.

User Devices
Privacy protections for library patrons’ personally identifiable information and use data should extend to the user’s device, including the web browser or any applications provided by the vendor. All communications between the user’s device and the vendor’s services should be encrypted. If the vendor wishes to employ personalization technology such as persistent cookies on its website or allows third-party web tracking, it should inform the user and give them the chance to opt-in before initiating these features for the user. If a vendor-provided application stores personally identifiable information or use data on the user’s device, it should be encrypted. The user should be able to remove a vendor-provided application and delete any data stored on the device.
Audit and Notification
Vendors should establish and maintain effective mechanisms to enforce their privacy policies. They should conduct regular privacy audits to ensure that all operations and services comply with these policies. The results of these audits should be made available upon request to libraries that are customers or potential customers. A vendor that suffers a breach in its privacy policies through inadvertent dissemination or data theft must notify the effected libraries and users about this urgent matter as soon as the vendor is aware of the data breach.

Note: Patron data” or “user data” is any data or record that identifies the library patron or the patron’s use of library information systems and resources.

Approved by the Intellectual Freedom Committee 6/29/2015

The guidelines are now available online on the ALA website.  The IFC Privacy Subcommittee encourages anyone with comments or questions to send correspondence to its ALA staff liaison, Deborah Caldwell-Stone, at dstone@ala.org

Urgent: Help Rebury “Zombie” Cybersecurity Bill

Posted by on July 28, 2015 in cybersecurity, government surveillance, Privacy and Security, surveillance | 0 comments

by Adam Eisgrau, ALA Washington Office
Crossposted from District Dispatch

CISA FB graphicIt’s back to the “barricades” for librarians and our many civil liberties coalition allies. Just over a year ago, District Dispatch sounded the alarm about the return of privacy-hostile “cybersecurity” or AccessNow.org“information sharing” legislation. Again dubbed a “zombie” for its ability to rise from the legislative dead, the current version of the bill (S. 754) goes by the innocuous name of the “Cybersecurity Information Sharing Act” . . . but “CISA” is anything but. As detailed below, not only won’t it be effective as advertised in thwarting cyber-attacks, but it de facto grants broad new mass data collection powers to many federal, as well as state and even local, government agencies!

CISA was approved in a secret session last March by the Senate Intelligence Committee. In April, ALA and more than 50 other organizations, leading cybersecurity experts and academics called on Congress to fix its many flaws in a detailed letter. Since then, S. 754 hasn’t had a single public hearing in this Congress. Nonethe­less, Senate Majority Leader Mitch McConnell (R-KY) is pushing for a vote on S. 754 by the full Senate right now, before the Senate breaks for its summer recess in a matter of days. Sadly, unless we can stop it, this dangerously and heavily flawed bill looks to be headed for passage even if not amended at all.

Touted by its supporters as a means of preventing future large-scale data breaches like the massive one just suffered by the federal government’s Office of Personnel Management, leading security experts argue that CISA actually won’t do much, if anything, to prevent such incursions . . . and many worry that it could make things worse. As detailed by our compatriots at New America’s Open Technology Institute and the Center for Democracy and Technology, what it will do is create incentives for private companies and the government to widely share huge amounts of Americans’ personally identifiable information that will itself then be vulnerable to sophisticated hacking attacks. In the process, the bill also creates massive exemptions from liability for private companies under every major consumer privacy protection law now on the books.

Your collected personal information would be shared instantly under the bill among many federal agencies including the Office of the Director of National Intelligence, the Department of Defense, NSA and the Department of Justice. Worse yet, it also would be shared with garden variety law enforcement entities at every level of government. None of them would be required to adequately restrict how long they can retain that personal information, or limit what kinds of non-cyber offenses the information acquired could be used to prosecute. If enacted, that would be a sweeping “end run” on the Fourth Amendment and, in effect, make CISA a broad new surveillance bill.

CISA also allows both the government and private companies to take rapid unilateral “counter­measures” to retaliate against perceived threats, which may disable or disrupt many computer networks, including for example a library system’s or municipal government’s, believed to be the source of a cyber-attack.

With all of its defects and dangers, it’s no wonder that CISA’s been labelled a “zombie!” Now, it’s time for librarians to rise again, too . . . to the challenge of once more stopping CISA in its tracks. This time around, in addition to just calling on the President to threaten to veto CISA as he has in the past, ALA has partnered with more than a dozen other national groups to do it in a way so old it’s novel again: sending Senate offices thousands . . . of faxes.

Courtesy of our friends at AccessNow.org, you can join this retro campaign to protect the future of your privacy by delivering a brief, pre-written message online with just a single mouse click at www.stopcyberspying.com now! (If you prefer, you’ll also have the option of writing your own message.)

Together we can stop CISA one more time, but votes could happen anytime now. Please act today!

 Additional Information and Resources

AccessNow.org

American Civil Liberties Union

Center for Democracy and Technology

New America’s Open Technology Institute

StopCyberSpying.com