by Adam Eisgrau, ALA Washington Office
May 14, 2015
Crossposted from District Dispatch
Last night the House of Representatives voted overwhelmingly, 338 to 88, for passage of the latest version of the USA FREEDOM Act, H.R. 2048. The bill — and the battle to achieve the first meaningful reform of the USA PATRIOT Act since it was enacted 14 years ago — now shifts to the Senate. There, the outcome may well turn on the willingness of individual voters to overwhelm Congress with demands that USA FREEDOM either be passed without being weakened, or that the now infamous “library provision” of the PATRIOT Act (Section 215) and others slated for expiration on June 1 simply be permitted to “sunset” as the Act provides if Congress takes no action. Now is the time for all librarians and library supporters — for you — to send that message to both of your US Senators. Head to the action center to find out how.
For the many reasons detailed in yesterday’s post, ALA and its many private and public sector coalition partners have strongly urged Congress to pass the USA FREEDOM Act of 2015 without weakening its key, civil liberties-restoring provisions. Already a finely-tuned compromise that delivers fewer privacy protections than last year’s Senate version of the USA FREEDOM Act, this year’s bill simply cannot sustain further material dilution and retain ALA’s (and many other groups’) support. The Obama Administration also officially endorsed and called for passage of the bill.
Unfortunately, the danger of the USA FREEDOM Act being blocked entirely or materially weakened is high. The powerful leader of the Senate, Mitch McConnell of Kentucky, is vowing to bar consideration of H.R. 2048 and, instead, to provide the Senate with an opportunity to vote only on his own legislation (co-authored with the Chair of the Senate Intelligence Committee) to reauthorize the expiring provisions of the PATRIOT Act with no privacy-protecting or other changes whatsoever. Failing the ability to pass that bill, Sen. McConnell and his allies have said that they will seek one or more short-term extensions of the PATRIOT Act’s expiring provisions.
Particularly in light of last week’s ruling by a federal appellate court that the government’s interpretation of its “bulk collection” authority under Section 215 was illegally broad in all key respects, ALA and its partners from across the political spectrum vehemently oppose any extension without meaningful reform of the USA PATRIOT Act of any duration.
The looming June 1 “sunset” date provides the best leverage since 2001 to finally recalibrate key parts of the nation’s surveillance laws to again respect and protect library records and all of our civil liberties.Please, contact your Senators now!
Statement of Sen. Patrick Leahy, lead sponsor of S. 1123 (May 11, 2015)
Open Technology Institute Comparative Analysis of select USA FREEDOM Acts of 2014 and 2015
“Patriot Act in Uncharted Legal Territory as Deadline Approaches,” National Journal (May 10, 2015)
“N.S.A. Collection of Bulk Call Data Is Ruled Illegal,” New York Times (May 7, 2015)
Choose Privacy Week 2015: Creating a Digital Privacy Literacy Game to Create Safe and Secure Online Personas
by Erin Berman and Jon Worona
Ready player one? Click “Start” to begin your quest. You will venture deep into the realm of online privacy where you’ll have to navigate through an ever shifting landscape, into pools of murky policies, and across tangled webs of surveillance networks. As you begin your journey you are filled with trepidation, anxiety, and fear. You think, “How can anyone live in peace and harmony here?” So much is unknown that it is hard to know whom to trust and where to start.
Moving cautiously on the path in front of you a box drops down from the sky. Carefully, you jump and hit it to unveil its contents. Words tumble down revealing information about social media and online sharing. Digesting the information makes you feel stronger and more confident. You run forward, filled with a new zeal, and leap up to open the next box. This time a question appears. It asks you about your online needs, wants, and desires. It asks how you want to share your information on social media sites and how you want to operate in this connected world.
After careful consideration, you select an answer and a bright pulsating icon activates above you. You click on it and a bag of holding opens and out tumbles several action items. The bag is packed with resources to help you create the online identity you most desire. Each item is tailored based on your needs; the more of the world you traverse, the more questions you answer, the bigger the bag becomes. Closing the bag, you continue on this privacy adventure, leveling up and becoming a privacy expert, armed with the confidence to live in this digital universe.
With such a tumultuous online environment, San Jose Public Library (SJPL) began exploring ways to empower its users; giving them the courage to use the Internet without fear. As we began our research we discovered that people have different definitions of privacy and a wide range of needs and desires for their online personas. A small business may want to share openly and widely, while another user may want to try and remain as anonymous as possible. There is no “one size fits all” privacy path. Armed with the appropriate tools, everyone can become privacy literate and share with confidence.
In order to give people access to these tools, SJPL sought to prototype a solution and secured a grant from the Knight News Foundation for this work. Since privacy can be an intimidating topic we looked for ways to present the information to people in a non-threatening, fun, and engaging way. Our brainstorming lead us to the “platform game,” similar in style to the classic Mario games. To ensure we provide the best possible content and resources, we partnered with a team from the International Computer Science Institute in Berkeley. They have been working on the Teaching Privacy project which “aims to empower K-12 students and college undergrads in making informed choices about privacy.” We also wanted to create an amazing gaming experience and are collaborating with students from San Jose State University’s Game Development Club to create a stellar platform educational game.
Everyone deserves to live a full and rich life online. While there are many things beyond our control, we do have the ability to share and connect safely and smartly. The only way to do this is to become educated and learn best practices which are suited to each of us individually. SJPL hopes that our game will provide an outlet for people to learn about online privacy, to become empowered, and continue a discussion about privacy with their family, friends, and coworkers. Ready player one? Click “Start” to begin your quest.
Erin Berman is the Community Programs Administrator for Technology and Innovation at San Jose Public Library and Jon Worona is the Division Manager for Technology and Innovation at San Jose Public Library. Their proposal to create an online privacy literacy prototype for San Jose Public Library users won a Knight News Challenge for Libraries grant.
In today’s information ecosystem, libraries increasingly incorporate interactive, collaborative, and user-centered features of the so-called “Web 2.0” world into traditional library services, thereby creating “Library 2.0”. Examples include: providing patrons the ability to evaluate and comment on particular items in a library’s collection through discussion forums or comment threads; creating dynamic and personalized recommendation systems (“other patrons who checked out this book also borrowed these items”); using blogs, wikis, and related user-centered platforms to encourage communication and interaction among/between library staff and patrons; and interfacing various library collections and services with relevant Web 2.0 platforms, such as Wikipedia, GoodReads, and even Facebook.
Along with these user-centered technological enhancements, many libraries also commonly face challenges on how to provide the most powerful and efficient library management systems to help inform data-driven decision-making. Thus, libraries are increasingly turning to rapidly evolving cloud computing solutions to satisfy their technological needs in order to best serve patrons, while taking advantage of new opportunities for cost savings, flexibility, and enhanced data management. These cloud services are typically provided by third parties who have built robust solutions to help libraries deliver resources, services, and expertise efficiently, and encourage patrons to participate in a network that empowers them to socialize and leverage the power of the community of users. Examples of cloud computing platforms for libraries include OCLC WorldShare, Ex Libris Alma, and BiblioCommons.
The transition to cloud computing in libraries, however, has the potential to disrupt longstanding ethical norms within librarianship dedicated to protecting patron privacy. Traditionally, the context of the library brings with it specific norms of information flow regarding patron activity, including a professional commitment to patron privacy. In the library, users’ intellectual activities are protected by decades of established norms and practices intended to preserve patron privacy and confidentiality, most stemming from the ALA’s Library Bill of Rights and related interpretations. As a matter of professional ethics, most libraries protect patron privacy by engaging in limited tracking of user activities, having short-term data retention policies (many libraries actually delete the record that a patron ever borrowed a book once it is returned), and generally enable the anonymous browsing of materials (you can walk into a public library, read all day, and walk out, and there is no systematic method of tracking who you are or what you’ve read). These are the existing privacy norms within the library context.
The move towards cloud computing platforms threatens to disrupt these norms. Much of cloud computing is based upon—indeed, built upon—encouraging increased information flows and the tracking, capturing, and aggregating of data about users’ activities. The prevalence of open flows of personal information on and across cloud and Web 2.0 platforms have prompted general concerns over the impact on user privacy. In order to take full advantage of Web 2.0 and cloud-based platforms and technologies to deliver services, libraries will inevitably need to capture and retain personal information from their patrons.
Writing nearly 20 years ago, before Library 2.0 could have been contemplated, Leigh Estabrook argued that retaining patron data could help libraries improve their services: “in the name of one good—keeping patron records confidential—we are sacrificing another: targeted and tailored services to library users.” More recently, Peter Brantley has argued, perhaps provocatively, that: “In today’s digital world, libraries cannot guarantee the absolute privacy of our users. But, more importantly, for our own purposes, we shouldn’t want to.”
Media and cultural critic Neil Postman warned, “Technology giveth and technology taketh away,” and I suspect he would view the emergence of Library 2.0 and related cloud-based library represent a modern-day Faustian bargain: these powerful Web 2.0-based tools hold the promise to enhance traditional library services with innovative and personalized features, while at the same time, they pose a potential threat to the library’s traditional protection of patron privacy. Thus, it appears that libraries are at a crossroads on how to best leverage Web technology to enhance their services and whether to loosen restrictions on collecting and retaining patron data to enhance these services.
Anecdotally, many librarians appear divided on how to address this tension between preserving traditional librarian ethics and offering Library 2.0 services. My own discussions with librarians and staff at a major U.S. library system on the development of Library 2.0 platforms revealed considerable disagreement on whether collecting and using patron data was an acceptable tactic in order to provide enhanced patron services, and participants at a recent symposium on Library 2.0 shared unease on how to balance the two sides of this dilemma (for example, view the presentations at the 2009 Library 2.0 Symposium hosted by the Yale Information Society project here and here). For some, like the developers of the prototype LibraryCloud, a multi-library data service that aggregates and delivers library metadata from various partner institutions, the potential of Library 2.0 should lead libraries to make use of all available and permitted data in order to help further the interests of their users, as argued by David Weinberger: “They will do this because it advances the values core to the mission of libraries, and thus advances the value of libraries.”
While pursuing Library 2.0 might provide a path to advancing many of the core values of the mission of libraries, such as access to information, other core values, such as privacy, necessarily become imperiled. No clear and simple resolution to this ethical dilemma has been forthcoming, and professional guidance has been minimal. My analysis of over 630 professional trade press articles discussing Library 2.0 and related services revealed privacy was only discussed substantively in 47 (7.5%) articles, and of those, fewer than 10 (1.6%) had in depth discussion or suggested possible solutions to mitigating the inherent concern. Thus, we are left with little guidance on how to address the new ethical and policy challenges that arise with the emergence of Library 2.0.
Where does this leave us? As an information policy and ethics scholar, my first reaction is to point to the need for a comprehensive assessment of the motivations, design, deployment, and impact of Web 2.0-based tools and technologies within library settings. At the Center for Information Research at the University of Wisconsin-Milwaukee, we have started just such a project. Earlier this year we launched a pilot research study to help us understand how libraries are implementing third-party cloud computing services, how these implementations might impact patron privacy, and how libraries are responding to these concerns. The results of the research will include a summary report of findings, and the development of a set of best practices to guide future implementations of cloud computing in public library settings, with the goal of finding a suitable balance between the need to provide cost-effective technology-based services while also protecting patron privacy.
But more than just scholarly research, we need a more pragmatic approach. For those familiar with my broader research agenda, you’ll know that I’m very dedicated to an approach called Values-in-Design, a pragmatic intervention within design communities and environments to ensure particular ethical values – such as privacy, autonomy, justice, and freedom – are considered in the initial design of new media and information technologies, rather than retrofitted after deployment. With a Values-in-Design approach, ethical values like privacy are translated and considered in relation to various technical variables and choices, through a combined exploration between technical designers, practitioners, and ethicists. Engaging directly with developers and managers of Library 2.0 systems can provide greater clarity of how the ethical value of privacy is conceptualized and operationalized within these systems and their use.
This is why I’m extremely happy to be a collaborator on a project managed by the National Information Standards Organization (NISO), a non-profit standards organization that develops, maintains and publishes technical standards related to publishing, bibliographic and library applications, to develop a Consensus Framework to Support Patron Privacy in Digital Library and Information Systems. The project, funded by the Andrew W. Mellon Foundation, supports a series of community discussions with advocates, practitioners, and technologists, on how libraries, publishers, and information systems providers can build better privacy protection into their operations. The grant will also support creation of a draft framework to support patron privacy and subsequent publicity of the draft prior to its advancement for approval as a NISO Recommended Practice.
Through these activities — combining scholarly research with pragmatic collaborations among practitioners and designers — we can work towards creating best practices for protecting patron privacy in the Library 2.0 era. Together, we can provide greater understanding of any gaps in how issues of patron privacy are understood and addressed within the broader implementation of cloud computing within libraries. The results of these types of projects will be applicable to the entire library and information professional community, providing conceptual clarity to issues of patron privacy in the Web 2.0 era, while promoting the innovative use of technology to facilitate discovery of knowledge.
Michael Zimmer, PhD, is a privacy and Internet ethics scholar. He is an Associate Professor in the School of Information Studies at the University of Wisconsin-Milwaukee, where he also serves as Director of the Center for Information Policy Research. With a background in new media and Internet studies, the philosophy of technology, and information policy & ethics, Zimmer’s research focuses on the ethical dimensions of new media and information technologies, with particular interest in online privacy, social media & Web 2.0, Library 2.0, and internet research ethics.