Blog

Choose Privacy Week 2017 Webinar: Learn Practical Privacy Practices on April 13

Posted by on April 6, 2017 in Choose Privacy Week, cybersecurity, Encryption, libraries, Privacy and Security, Privacy Education, Protecting Privacy | 0 comments

Defending patron privacy in the library means more than advocating against the PATRIOT Act; it also requires a commitment to utilizing practical privacy tools and tactics that secure patron data and help counter unwanted online data collection.  Learn more about these tools and tactics during the 2017 Choose Privacy Week webinar, Practical Privacy Practices, which will take place on Thursday, April 13, 2013 at 2:00 p.m. Eastern/1:00 p.m. Central/12:00 pm Mountain and 11:00 a.m. Pacific.  Featuring three experienced technical services librarians, the webinar will outline three actionable steps your library can take today to improve your users’ privacy:

  • How to configure and manage the integrated library system
  • How to install free HTTPS certificates on your websites using Let’s Encrypt
  • How to provide anonymous web browsing using TOR and other tools

Our featured speakers include:

Michael Robinson, Chair of the ALA’s Intellectual Freedom Privacy Subcommittee and Head of Systems at the Consortium Library at the University of Alaska Anchorage. He has worked with technology in academic, public, and special libraries and is keenly interested how libraries use technology to provide access to information and services to users.

Marshall Breeding, an independent consultant, speaker, and author. He is the creator and editor of Library Technology Guides and the libraries.org online directory of libraries on the Web. His monthly column Systems Librarian appears in Computers in Libraries; he is the Editor for Smart Libraries Newsletter published by the American Library Association, and has authored the annual Library Systems Report published by American Libraries since 2014. Breeding was the 2010 recipient of the LITA LITA/Library Hi Tech Award for Outstanding Communication for Continuing Education in Library and Information Science. Read his Guideposts blog on Library Technology Guides at: http://librarytechnology.org

Alison Macrina, a librarian, internet activist, the founder and director of the Library Freedom Project, and a core contributor to The Tor Project. Alison is passionate about connecting surveillance issues to larger global struggles for justice, demystifying privacy and security technologies for ordinary users, and resisting an internet controlled by a handful of intelligence agencies and giant multinational corporations.

The webinar is co-sponsored by the Office for Intellectual Freedom and the IFC Privacy Subcommittee.  Registration and access to the recorded presentation is FREE.   Register by completing the webinar registration form.  Full details about the webinar are available at the Office for Intellectual Freedom’s online learning web page.

Choose Privacy Week is the American Library Association’s annual, week-long event  that promotes the importance of individual privacy rights and celebrates libraries and librarians’ unique role in protecting privacy in the library and in society as a whole.

How Libraries Can Respond to the Repeal of the FCC Privacy Rules

Posted by on March 31, 2017 in Choose Privacy Week, cybersecurity, Encryption, Legislation, Privacy Education, Protecting Privacy, state law, who's tracking you? | 0 comments

by Deborah Caldwell-Stone and Michael Robinson

This week Congress, voting along party lines, passed a resolution that repealed the groundbreaking privacy rules adopted by the Federal Communications Commission last October under the Obama administration.  The new rules would have required ISPs to adopt fair information privacy practices in regards to their customers’ data, including a requirement that the ISP obtain affirmative “opt-in” consent from their customers before using, sharing or selling sensitive information, including geo-location information, financial information, health information, children’s information, social security numbers, web browsing history, app usage history and the content of communications.  In addition, the rules would have imposed data breach notification requirements and required ISPs to adopt reasonable data security measures.

If the privacy rules had been left alone, they would have gone into effect at the end of this year. But because of the way the new resolution was written, the FCC will likely be barred from writing any similar rules in the future.  And the Federal Trade Commission, which otherwise has broad authority to regulate unfair and deceptive business practices like inadequate privacy protections or deceptive privacy policies, is likely barred from regulating ISPs, which are classified as telecommunication common carriers only subject to FCC regulation.  Thus, those Congressional representatives voting to roll back the FCC privacy rules have likely skewed the privacy playing field in favor of the ISPs for a long time to come.

This means service providers are free to collect a user’s IP address, mobile number, device identifier, device type and operating system, location information, installed apps, and contacts and share that information with advertisers without the customer’s consent.CPW Logo Practical Privacy Practices

How can libraries respond to the rollback of the FCC privacy rules?   Start with the Library Privacy Guidelines and the accompanying Library Privacy Checklists, which outline the steps libraries should take to protect users’ data and provide a secure online experience in the library.
More specific steps libraries can take to protect themselves and help users protect themselves from data collection by ISPs include:

  • Participating in the movement to encrypt all web traffic by moving library websites and services to HTTPS, a protocol which prevents intermediaries like ISPs from eavesdropping.  ALA is a sponsor of the Let’s Encrypt initiative which provides free and easy to install certificates for HTTPS websites.
  • Negotiating contracts with ISPs that forbid the collection of browser history and other activity data of Internet users in the library.
  • Providing anonymous Internet access in library using the Tor browser or similar technologies.
  • Teaching users to protect themselves from online surveillance by using technologies such as public proxies, Virtual Private Networks (VPNs) services, and anonymity networks such as Tor, as well as educating and encouraging patrons to exercise their ability to opt-out of behavioral tracking, adopt do-not-track tools, and employ encryption technologies.  San Jose Public Library’s Virtual Privacy Lab provides one model for providing patrons with the information they need to protect their privacy.

For those who are interested in learning more about these tools and tactics, the Office for Intellectual Freedom and the IFC Privacy Subcommittee are sponsoring a webinar on Practical Privacy Practices for Choose Privacy Week on Thursday, April 13 at 2:00 PM Eastern/1:00 PM Central/12 Noon Mountain/11:00 AM Pacific.  The webinar will provide information on how to configure and manage your integrated library system to preserve patron privacy, how to install free HTTPS certificates on your websites using the Let’s Encrypt services, and how to provide anonymous web browsing using TOR and other tools.

Finally, advocacy on behalf of data privacy, transparency, and customer choice is always an option.  Minnesota and Illinois have already introduced legislation that would require ISPs providing services in those states to abide by a set of rules comparable to the FCC privacy rules repealed by Congress.   While the FCC may be barred from adopting new privacy rules, Congress itself can propose and adopt a privacy regime that will protect individuals’ data.  Librarians and patrons alike can let their elected officials know that they support laws that protect individuals’ online privacy.

Data Privacy Day 2017

Posted by on January 28, 2017 in Uncategorized | 0 comments

Data Privacy Day- Respecting Privacy, Safeguarding Data, Enabling Trust

Today is Data Privacy Day, an annual effort sponsored by the National Cyber Security Alliance (NCSA) to educate individuals about protecting their personal information and managing their privacy.  It also strives to helping organizations understand why good data privacy practices are an important part of protecting their clients, customers, and users.

The NCSA provides numerous resources to help educate both individuals, organizations, and businesses improve their privacy practices.  Check out their on their online privacy library that includes information about the importance of privacy and protecting yourself from identity theft as well as information about student privacy, international privacy or privacy basics for families.