by Adam Eisgrau, ALA Washington Office
Crossposted from District Dispatch
It’s back to the “barricades” for librarians and our many civil liberties coalition allies. Just over a year ago, District Dispatch sounded the alarm about the return of privacy-hostile “cybersecurity” or AccessNow.org“information sharing” legislation. Again dubbed a “zombie” for its ability to rise from the legislative dead, the current version of the bill (S. 754) goes by the innocuous name of the “Cybersecurity Information Sharing Act” . . . but “CISA” is anything but. As detailed below, not only won’t it be effective as advertised in thwarting cyber-attacks, but it de facto grants broad new mass data collection powers to many federal, as well as state and even local, government agencies!
CISA was approved in a secret session last March by the Senate Intelligence Committee. In April, ALA and more than 50 other organizations, leading cybersecurity experts and academics called on Congress to fix its many flaws in a detailed letter. Since then, S. 754 hasn’t had a single public hearing in this Congress. Nonetheless, Senate Majority Leader Mitch McConnell (R-KY) is pushing for a vote on S. 754 by the full Senate right now, before the Senate breaks for its summer recess in a matter of days. Sadly, unless we can stop it, this dangerously and heavily flawed bill looks to be headed for passage even if not amended at all.
Touted by its supporters as a means of preventing future large-scale data breaches like the massive one just suffered by the federal government’s Office of Personnel Management, leading security experts argue that CISA actually won’t do much, if anything, to prevent such incursions . . . and many worry that it could make things worse. As detailed by our compatriots at New America’s Open Technology Institute and the Center for Democracy and Technology, what it will do is create incentives for private companies and the government to widely share huge amounts of Americans’ personally identifiable information that will itself then be vulnerable to sophisticated hacking attacks. In the process, the bill also creates massive exemptions from liability for private companies under every major consumer privacy protection law now on the books.
Your collected personal information would be shared instantly under the bill among many federal agencies including the Office of the Director of National Intelligence, the Department of Defense, NSA and the Department of Justice. Worse yet, it also would be shared with garden variety law enforcement entities at every level of government. None of them would be required to adequately restrict how long they can retain that personal information, or limit what kinds of non-cyber offenses the information acquired could be used to prosecute. If enacted, that would be a sweeping “end run” on the Fourth Amendment and, in effect, make CISA a broad new surveillance bill.
CISA also allows both the government and private companies to take rapid unilateral “countermeasures” to retaliate against perceived threats, which may disable or disrupt many computer networks, including for example a library system’s or municipal government’s, believed to be the source of a cyber-attack.
With all of its defects and dangers, it’s no wonder that CISA’s been labelled a “zombie!” Now, it’s time for librarians to rise again, too . . . to the challenge of once more stopping CISA in its tracks. This time around, in addition to just calling on the President to threaten to veto CISA as he has in the past, ALA has partnered with more than a dozen other national groups to do it in a way so old it’s novel again: sending Senate offices thousands . . . of faxes.
Courtesy of our friends at AccessNow.org, you can join this retro campaign to protect the future of your privacy by delivering a brief, pre-written message online with just a single mouse click at www.stopcyberspying.com now! (If you prefer, you’ll also have the option of writing your own message.)
Together we can stop CISA one more time, but votes could happen anytime now. Please act today!
Additional Information and Resources
Privacy is on the agenda at the 2015 ALA Annual Meeting in San Francisco June 26 – June 30, 2015.
- RUSA President’s Program speaker danah boyd will discuss her research on youth culture, the “big data” phenomenon, and the role of libraries and librarians in a data-soaked world on Saturday, June 27, at 4:00 p.m. in the Moscone Convention Center West, Room 3014-16.
- Privacy law scholar Neil Richards and Electronic Frontier Foundation Senior Counsel David Greene discuss “Principles & Politics: Intellectual Privacy and Surveillance in the Digital Age” on Monday, June 29 at 10:30 a.m. in the Moscone Convention Center South, Room 236-238. Richards will sign copies of his new book, Intellectual Privacy: Rethinking Civil Liberties in the Digital Age, following the program.
- Journalist Glenn Greenwald will talk via Skype about the state of surveillance in the United States, the failure of the mainstream media to investigate government survellance and the need to safeguard whistleblowers on Sunday, June 28 at 1:00 p.m. in Moscone Convention Center West, Room 2012.
- The IFC Privacy Subcommittee will discuss proposed privacy guidelines for E-book and digital content vendors at its meeting on Sunday, June 29 at 8:30 a.m. in Moscone Convention Center South, Room 220, while Todd Carpenter of NISO will talk about the NISO project, “Building A Consensus Framework for Patron Privacy in Library and Information Systems” immediately following the IFC Privacy Subcommittee meeting at 10:30 a.m. in the Moscone Convention Center West, Room 3012.
- Blake Carver from LYRASIS and Alison Macrina from the Library Freedom Project will discuss and teach strategies for securing your data and internet use from digital surveillance on Saturday, June 27 at 4:30 p.m. in Moscone Convention Center North, Room 120.
The list below collects all the programs, meetings, and events tagged as “privacy,” “surveillance,” “data” and “data security.”
SATURDAY, JUNE 27
8:30am – 10:00am
Washington Office Update Session – Frenetic, Fraught and Front Page:
An Up-to-the-Second Update from the Front Lines of Libraries’ Fight in Washington
Moscone Convention Center 2001 (W)
With millions in federal library funding, overhauls of the nation’s copyright and surveillance laws, mission-critical legislation to help save school libraries, the fate of net neutrality, and revisions to the Freedom of Information Act all hot in the current Congress only one thing is certain. Material for this Annual’s Washington Office Update is guaranteed to come straight from the day’s headlines. Get the inside scoop, and tips on how you can help fight for what libraries need and believe, at this perennially popular program (speakers to be determined). Don’t miss it! (Will include discussion of the USA FREEDOM Act.)
10:30am – 11:30am
All the Data: Privacy, Service Quality, and Analytics
Moscone Convention Center 2020 (W)
ACRL’s The Value of Academic Libraries report emphasized the need for libraries to systematically collect user data in planning and decisionmaking activities. Indeed, many libraries are seeking ways to use such data as part of institutional efforts to better understand and measure library impact and educational outcomes. These efforts have raised many questions about user privacy, anonymity, policy, library values, and service development. This program will prepare librarians to actively engage with these issues. Speakers: Andrew Asher, Assessment Librarian, Indiana University Bloomington; Lisa Hinchliffe, Coordinator for Information Literacy Services and Instruction, University of Illinois at Urbana-Champaign. Sponsored by ACRL.
Collect Building Census Without Effort
Moscone Convention Center 3002 (W)
Through careful analysis of wireless (“wifi”) controller logs it is possible to understand a great deal about patron locations and visit times in a Library building(s). The exact types and numbers of wireless devices carried can be known, as well as the nature of their use. The data are available on demand, do not harm patron privacy, and can replace manual headcounts. Sponsored by LITA.
Don’t Freak Out: Fracking the Customer Data Goldmine
Moscone Convention Center 2002 (W)
Borrower privacy is a “third rail” for most librarians. Is it time for a change? Customers have come to expect highly-personalized service based on past use; they get recommendations now for everything from shoes to music. Is it time for libraries to leverage their “big data” to provide personalized service? How can we do this without compromising our principles? In this panel discussion, we will recap privacy concerns; outline opportunities for customizing service; and share concrete examples from libraries that have repurposed borrower data to provide value-added services. Moderator: Stephanie Chase, Director, Hillsboro (Ore.) Public Library; Speakers: Brian Auger, County Library Administrator, Somerset County (N.J.) Library System; John Blyberg, Assistant Director – Innovation and UX, Darien (Conn.) Library; Mark Lewis, Product & Innovations Practice Lead, Slalom Consulting; Toby Greenwalt, Director of Digital Strategy and Technology Integration, Carnegie Library of Pittsburgh. Sponsored by PLA.
Rethinking Patron Engagement: Making Data-Driven Decisions
Moscone Convention Center 3003 (W)
Public libraries are looking past circulation statistics and program counts to gather richer, more holistic information about current (and potential) users. In this session, learn how Brooklyn Public Library’s “Power User” program, Seattle Public Library’s “Millennial Factor Project,” and Chicago Public Library’s “Outcome Based Measurements” initiative are engaging patrons more intimately by translating data into targeted programs and services. Speakers: Amy Mikel, Outreach Librarian, Brooklyn Public Library; Daniel Tilton, Teen/Adult Services Librarian, Seattle Public Library; Diana Plunkett, Manager, Strategic Initiatives, Brooklyn Public Library; Michelle Frisque, Chief of Technology, Content and Innovation, Chicago Public Library; Tess Mayer, Director of Public Services, Mobile Services, King County (Wash.) Library System. Sponsored by PLA.
1:00pm – 2:30pm
LITA Patron and Privacy Technologies Interest Group
Hilton San Francisco Union Square, Continental 7
Business Meeting of the LITA Patron and Privacy Technologies Interest Group
What Every Director Needs to Know About Credit Cards & Patron Privacy
Moscone Convention Center 121 (N)
The issue of privacy and security is not just an issue facing libraries today but is a worldwide problem as seen in the recent security breaches with companies like Target and Home Depot. Clearly companies like these thought they were protected given the sophistication and security resources available to them, however this turned out to be incorrect. In reality the issues of “Privacy and Security” is a relatively new phenomenon beginning with identity theft and credit card fraud. And, now as libraries begin to move towards these new frontiers you must understand your role for protecting your patrons’ private data and credit card numbers. So what are the issues you need to be aware of? Let us show you where to start: 1. What is the PCI-Data Security Standard? 2. Who are the PCI Stakeholders? Merchants…libraries like you! 3. The 1, 2, 3 Best PCI Practices. 2015 does brings with it new and expanded requirements under PCI-DSS Version 3.0, learn about these changes. Speakers: Daniel Curtin and Diane Weinberger. Sponsored by the Exhibits Round Table.
4:00pm – 5:30pm
RUSA President’s Program
It’s Complicated: Navigating the dynamic landscapes of digital literacy, collapsing contexts, and big data
Moscone Convention Center 3014-3016 (W)
We have more access to more information than ever before, while others have more access to data about us than ever before. This ecosystem of “big data” introduces a myriad of challenges as the public grapples with privacy, digital literacy, the politics of algorithms, and collapsing contexts across social media. Librarians, long the patron saint of information, have a crucial role to play in helping guide the conversation. In this talk, danah boyd will weave together her research on youth culture with her analysis of the “big data” phenomenon to discuss the role of libraries and librarians in a data-soaked world. Speaker: danah boyd, founder, Data & Society.
4:30pm – 5:30pm
Digital Privacy and Security: Keeping You And Your Library Safe and Secure In A Post-Snowden World
Moscone Convention Center 120 (N)
Join Blake Carver from LYRASIS and Alison Macrina from the Library Freedom Project to learn strategies for security from digital surveillance. We’ll teach tools that keep data safe inside the library and out — securing your network, website, and PCs, and tools you can teach to patrons in computer classes. We’ll tackle security myths, passwords, tracking, malware, and more, covering a range of tools from basic to advanced, making this session ideal for any library staff. Sponsored by the Exhibits Round Table.
SUNDAY, JUNE 28
8:30am – 10:00am
Intellectual Freedom Committee Privacy Subcommittee
Moscone Convention Center 220 (S)
Business meeting for the Intellectual Freedom Privacy Subcommittee. The subcommittee will be discussing its final draft of the “Library Privacy Guidelines for E-book Lending and Digital Content Vendors” in preparation for recommending its adoption as as an official document of the Intellectual Freedom Committee. The subcommittee invites and welcomes comments and suggestions concerning the proposed guidelines prior to their adoption. The document can be viewed on ALA Connect at https://shar.es/12UzVD and comments can be left on that page.
10:30am – 11:30am
Building A Consensus Framework for Patron Privacy in Library and Information Systems
Moscone Convention Center 3012 (W)
In the Spring, NISO announced the launch of a project to develop a consensus framework for privacy of patron data in library, publisher and vendor systems. With support via a generous grant from the Andrew W. Mellon Foundation, NISO is gathering input from stakeholders and leaders within the information systems community to craft a set of principles for how suppliers of end-user systems for content or services should address concerns around privacy. In the month of May 2015, NISO will have convened a series of four virtual conferences in preparation for an invitational meeting following the ALA conference. This session will describe the project, the four component discussion themes and will discuss NISO’s plans for the resulting framework. During the session, there will be an opportunity for the community to provide comment and input on the developing framework themes. A final report for the project and potential next steps will be made available this Fall. Speaker: Todd Carpenter.
1:00pm – 2:00pm
No Place to Hide: Whistleblowers Expose the Surveillance State
Moscone Convention Center 2012 (W)
Glenn Greenwald will participate by Skype from his home in Rio de Janeiro. His recent book explains the importance of Edward Snowden’s dramatic revelations on how the U.S. government is collecting massive amounts of material about everything we do. He will talk about the failure of the mainstream media to actively investigate what the U.S. government is doing, and the need therefore to vigorously support whistleblowers. Sponsored by SRRT.
MONDAY, JUNE 29
10:30am – 11:30am
Principles & Politics: Intellectual Privacy and Surveillance in the Digital Age
Moscone Convention Center 236-238 (S)
Librarians defend privacy on the grounds that one’s intellectual activity should be free from surveillance. Now legal scholars and advocates are now championing the notion that in a free society, anyone should be able to read, learn, and debate without being monitored and recorded. Professor Neil Richards will explain the importance of ‘intellectual privacy,’ the right to be protected from surveillance or interference when we are engaged in reading or thinking, and how pervasive online tracking and data collection has made protection of intellectual privacy an imperative. EFF senior attorney David Greene will review the federal government’s suspicionless surveillance programs, EFF’s First Amendment lawsuits challenging these programs, and what opportunities exist for grass roots advocacy. We’ll close with a lively discussion about what librarians can do and are doing to protect reader privacy and end unjustified surveillance. Speakers: Neil Richards Washington UniversitySchool of Law; David Greene, Senior Staff Attorney, Electronic Frontier Foundation.
Following the program, Professor Richards will be signing copies of his new book, Intellectual Privacy: Rethinking Civil Liberties in the Digital Age (Oxford Press 2015).
1:30pm – 3:30pm
Now Showing @ ALA: CitizenFour
Moscone Convention Center 123 (N)
CITIZENFOUR is a real life thriller, unfolding by the minute, giving audiences unprecedented access to filmmaker Laura Poitras and journalist Glenn Greenwald’s encounters with Edward Snowden in Hong Kong, as he hands over classified documents providing evidence of mass indiscriminate and illegal invasions of privacy by the National Security Agency (NSA). Poitras had already been working on a film about surveillance for two years when Snowden contacted her, using the name “CITIZENFOUR,” in January 2013. He reached out to her because he knew she had long been a target of government surveillance, stopped at airports numerous times, and had refused to be intimidated. When Snowden revealed he was a high-level analyst driven to expose the massive surveillance of Americans by the NSA, Poitras persuaded him to let her film. Runtime: 114 minutes Preview: citizenfourfilm.com/trailer
by Adam Eisgrau, ALA Washington Office
May 14, 2015
Crossposted from District Dispatch
Last night the House of Representatives voted overwhelmingly, 338 to 88, for passage of the latest version of the USA FREEDOM Act, H.R. 2048. The bill — and the battle to achieve the first meaningful reform of the USA PATRIOT Act since it was enacted 14 years ago — now shifts to the Senate. There, the outcome may well turn on the willingness of individual voters to overwhelm Congress with demands that USA FREEDOM either be passed without being weakened, or that the now infamous “library provision” of the PATRIOT Act (Section 215) and others slated for expiration on June 1 simply be permitted to “sunset” as the Act provides if Congress takes no action. Now is the time for all librarians and library supporters — for you — to send that message to both of your US Senators. Head to the action center to find out how.
For the many reasons detailed in yesterday’s post, ALA and its many private and public sector coalition partners have strongly urged Congress to pass the USA FREEDOM Act of 2015 without weakening its key, civil liberties-restoring provisions. Already a finely-tuned compromise that delivers fewer privacy protections than last year’s Senate version of the USA FREEDOM Act, this year’s bill simply cannot sustain further material dilution and retain ALA’s (and many other groups’) support. The Obama Administration also officially endorsed and called for passage of the bill.
Unfortunately, the danger of the USA FREEDOM Act being blocked entirely or materially weakened is high. The powerful leader of the Senate, Mitch McConnell of Kentucky, is vowing to bar consideration of H.R. 2048 and, instead, to provide the Senate with an opportunity to vote only on his own legislation (co-authored with the Chair of the Senate Intelligence Committee) to reauthorize the expiring provisions of the PATRIOT Act with no privacy-protecting or other changes whatsoever. Failing the ability to pass that bill, Sen. McConnell and his allies have said that they will seek one or more short-term extensions of the PATRIOT Act’s expiring provisions.
Particularly in light of last week’s ruling by a federal appellate court that the government’s interpretation of its “bulk collection” authority under Section 215 was illegally broad in all key respects, ALA and its partners from across the political spectrum vehemently oppose any extension without meaningful reform of the USA PATRIOT Act of any duration.
The looming June 1 “sunset” date provides the best leverage since 2001 to finally recalibrate key parts of the nation’s surveillance laws to again respect and protect library records and all of our civil liberties.Please, contact your Senators now!
Statement of Sen. Patrick Leahy, lead sponsor of S. 1123 (May 11, 2015)
Open Technology Institute Comparative Analysis of select USA FREEDOM Acts of 2014 and 2015
“Patriot Act in Uncharted Legal Territory as Deadline Approaches,” National Journal (May 10, 2015)
“N.S.A. Collection of Bulk Call Data Is Ruled Illegal,” New York Times (May 7, 2015)