Librarians as privacy warriors
May 11, 2015 12:50 AM   Subscribe

THE FBI HAS NOT BEEN HERE
Watch very closely for the removal of this sign.
posted by Athanassiel (35 comments total) 33 users marked this as a favorite
 
For those who don't know, that's Jessamyn's sign.
posted by zachlipton at 1:13 AM on May 11, 2015 [33 favorites]


I hadn't realised but it doesn't surprise me! Thanks for the attribution, zachlipton, and thanks for the sign, jessamyn.
posted by Athanassiel at 2:13 AM on May 11, 2015 [1 favorite]


The snake eats itself.
posted by Yowser at 2:50 AM on May 11, 2015 [1 favorite]


Is there any dissent in the library world on this issue? Not that I agree with the need to hand over patron records to every badge that walks in, but I'm curious to know if there's a minority of librarians who feel some "war on terror" duty to cooperate.
posted by dr_dank at 4:46 AM on May 11, 2015


I would really like to retire the phrase "not your grandmother's...." It's lazy writing, and it's both sexist and ageist. Also, my actual grandmother was a political and cultural radical in a regime that killed its opponents, so if you're using "not your grandmother's librarian" to mean "not some apolitical old fuddy-duddy who spends all day shhhshing people," then you're kind of missing the mark.

Sorry. Back to your regularly scheduled discussion of awesome librarians.
posted by ArbitraryAndCapricious at 4:55 AM on May 11, 2015 [62 favorites]


The consensus seems to be that warrant canaries are unlikely to work anyway
posted by DreamerFi at 5:34 AM on May 11, 2015 [1 favorite]


And you get false positives. Or you get something that no one know what means like when Apple's went away. Personally, I think people read too much into the idea of a warrant canary, and the idea is that we're supposed to notice it when its there, notice when it's gone, and then what? Assume someone's records were accessed? Whose? Mine?

Want to be a real privacy warrior? Violate the order and tell your local newspaper and the people who were accessed.
posted by cjorgensen at 6:05 AM on May 11, 2015 [3 favorites]


I wonder if it would be legal/possible to attach these to individual accounts. So when you log into the library web site or wherever, it would say "We have not received a warrant for your records."
posted by If only I had a penguin... at 6:16 AM on May 11, 2015


The consensus seems to be that warrant canaries are unlikely to work anyway

Yeah, I always thought the "warrant canary" idea was a bit silly and wouldn't withstand a challenge, since it's clearly an attempt to violate gag orders by communicating their existence.

Though we won't know until one is tested, which so far hasn't happened.
posted by Sangermaine at 6:17 AM on May 11, 2015


Sorry. Back to your regularly scheduled discussion of awesome librarians.

It's weird in an article about oppressive Orwellian tactics that people are going nuts about some minor writing gaffe.

And don't blame the writer. Editors love colour and get on you for not peppering hard-hitting pieces with garbage like that. Know it from many personal experiences.

As for the article, what is there to say? The more governments draw attention to their fear with the overkill in surveillance and secrecy, the weaker they look to terror organizations and the more likely they will become a target.

The consensus seems to be that warrant canaries are unlikely to work anyway

If someone wants to tell people about a warrant, they will find a way to do it. That is childish: terrorism is against the law and people still do it just as there will be people who will find a way to circumvent dysfunctional censorship. I'll put up red curtains until one day you see blue ones. Really, Australia? Do you imagine your people to be that uncreative?

Besides, taxpayers are footing your bills and that's how you treat them? By keeping secrets from them and telling them to trust you although you don't trust them? Nice try.

What a great way to jack up people's taxes and then pretend it's for top secret scary stuff and not to fund obscenely lavish lifestyles as we put the sycophant children, friends, and mistresses of politicians in high-paying jobs they never earned.

What a racket.
posted by Alexandra Kitty at 6:21 AM on May 11, 2015 [3 favorites]


Want to be a real privacy warrior? Violate the order and tell your local newspaper and the people who were accessed.

...and end up in jail. To what end? That's a martyr, not a warrior.
posted by His thoughts were red thoughts at 6:32 AM on May 11, 2015 [3 favorites]


Is there any dissent in the library world on this issue? Not that I agree with the need to hand over patron records to every badge that walks in, but I'm curious to know if there's a minority of librarians who feel some "war on terror" duty to cooperate.

I suspect there is, as librarians are not uniformly left-wing in their politics, and there is certainly no consensus that patron privacy and intellectual freedom concerns trump every other aspect of the profession. Also, I think for most libraries the NSA is far from the primary threat to patron privacy: rather, it's the local sheriff who thinks that a patron's checkout history is relevant to an investigation or a parent demanding to know what their teen is checking out.

There are several political roads that lead to an interest in protecting patron privacy. For example, Alison Macrina is starting from an activist perspective that promotes the view that not only should libraries keep patron records confidential, but that they should go further and provide privacy infrastructure for the use of patrons. Consequently, she has offered training on how librarians can set up Tor relays.

I (as somebody who participates in some of the professional discussions around patron privacy) am sympathetic to that point of view, but I don't think it's one that is universally appealing: for one thing, a Tor relay can sound pretty remote from the concerns of a librarian who is tasked with providing user support for ebook readers and technology training for people who are not yet comfortable using a mouse. Such a librarian may prefer (say) a toolkit for privacy training that emphasizes general "online safety" and identity theft protection.

My view is that libraries should protect their patron's privacy and that it would be nice if libraries can help improve patron's privacy hygiene, by training and by example. However, as a lot of library software does a very poor job of giving patrons control over their data, my focus is on improving that.
posted by metaquarry at 6:36 AM on May 11, 2015 [7 favorites]


Yeah, I always thought the "warrant canary" idea was a bit silly and wouldn't withstand a challenge, since it's clearly an attempt to violate gag orders by communicating their existence.

If nothing else, it has given everyone an excellent illustration of Tor Nørretranders' concept of exformation.
posted by ricochet biscuit at 6:45 AM on May 11, 2015 [1 favorite]


Also, last week the American Library Association ran a "Choose Privacy Week" and published a set of blog posts examining various aspects of patron privacy. Some samples: The rest can be found at the Choose Privacy Week website.
posted by metaquarry at 6:46 AM on May 11, 2015 [4 favorites]


Really, Australia? Do you imagine your people to be that uncreative?

Yes, they honestly do.

The new Australian data retention/pervasive surveillance laws were drafted by people who have no understanding of how the fundamental technologies of the internet work. The Attorney General, who was responsible for pushing the law, couldn't explain what metadata or URLs even were.

The legislation arguably requires telcos to retain records of communications they couldn't possibly identify, like when people are posting on social media (even Facebook traffic is encrypted these days), and completely ignores communications that aren't sent using services offered by telecommunications companies. So it's a data retention law that can't be complied with, that doesn't capture webmail services like gmail, or non-SMS messages like iMessage or WhatsApp, or web-based voice or video comms like Skype or Facetime, and completely ignores the existence of VPNs. It's going to cost hundreds of millions of dollars. It's going to push up internet access costs for everyone. All for nothing. No security value at all.

You couldn't possibly underestimate how bafflingly ignorant and simultaneously arrogant these people are. So imagine what they think of the public that voted them in.
posted by His thoughts were red thoughts at 6:47 AM on May 11, 2015 [10 favorites]


I would suggest that the first thing libraries should do to protect privacy is to avoid doing harm by keeping unneeded records. You can't be forced to give up what you do not have.

Once a book comes back, you should have no record whatsoever of who checked it out. For a "self-destructing" ebook checkout, you should never create a record of who checked it out in the first place; just note that it's out until date X. When somebody leaves a computer, it should be completely wiped and restored to a known state... and the library network shouldn't be keeping any records of what it talked to. Catalogs should keep no logs of searches. And so forth.

It's actually technically challenging to do all that stuff. How do you delete a record and make sure that the backups go away too? How do you make sure that it can't be recovered by hardware forensics? You want to optimize that catalog... how are you going to do that without information on what's being searched? Did you delete the record that "Joe Blow checked out The Cat in the Hat", but keep one record that "Joe Blow's card was scanned at 12:15" and a separate record that "The Cat in the Hat was checked out at 12:15"?

There's plenty of work to do. It's probably a good idea to do that work before getting fancy with Tor relays or whatever.
posted by Hizonner at 6:54 AM on May 11, 2015 [3 favorites]


It's possible libraries are required by law to keep certain records for specified terms.
posted by Sangermaine at 7:09 AM on May 11, 2015


The wife and I have had these shirts in rotation since they popped up on boingboing back in 2009. They're great conversation starters that lead to great conversations. Sadly, I've never seen them in the wild except for our two.
posted by davelog at 7:12 AM on May 11, 2015 [3 favorites]


Seconding His thoughts were red thoughts. Our government (and mainstream media) have no idea about technology and assume that everyone else is as ignorant as they are. The Internet has been around for decades, but they treat it like some weird fad that will fade out any minute now.
posted by harriet vane at 7:14 AM on May 11, 2015


Sangermaine: but it's also possible that the requirements by law are onerous, unenforceable-as-written and (possibly deliberately) vague, as in the Australian example above.

Hizonner: the way I think of it, when a book is checked out, the library has to keep track of who has it -- there's just no way to run a lending library otherwise. But once the book is returned, there's no need to record that "Person X had the book checked out." It's definitely helpful to keep records on how many times Book Y was checked out, and over what spans of time, but there's no intrinsic reason why the names of borrowers have to be retained once the book is returned.
posted by The Pluto Gangsta at 7:18 AM on May 11, 2015 [1 favorite]


It's probably a good idea to do that work before getting fancy with Tor relays or whatever.

Not to mention that unless you're very careful to only connect via HTTPS and heed browser security warnings, you're much more likely to have your connection tampered with or recorded than if you just sidestepped Tor and made a normal HTTP connection (Tor exit nodes can be malicious and should not be trusted; TLS makes this trust unnecessary).

They are really jumping down a rabbit hole because online privacy is a hard problem.
posted by indubitable at 7:31 AM on May 11, 2015


Given that most library records are on computers, a warrant canary may provide false security. It will tell you that a local judge has not issued a warrant, but it won't tell you whether the library's computer system has been compromised, either illegally or undercover via a secret warrant.
posted by CheeseDigestsAll at 7:42 AM on May 11, 2015


My library's circulation system is set up so that checkout records are automatically erased once an item is checked in, unless you have an outstanding fine on that item (in which case we do need to know what item was due when if there are any disputes about the fine.) I don't know if checkout records are stored in some database that normal mortal librarians can't get to; but at any rate, I don't have access to that information, and I know that our circulation system is set up the way it is in part to protect patrons' privacy, both from other librarians curious about which of their neighbors has read Fifty Shades of Grey and from law enforcement.

(This has been an occasion for conflict when patrons demand to know, "What do you MEAN you don't have records of which of the books in that series I've already read?"...)
posted by Jeanne at 7:43 AM on May 11, 2015 [3 favorites]


I'm not sure if it's possible to verify privacy controls in some library systems. I know that my local library's records are managed by a 3rd party (SirsiDynix, a privately held corporation) through their website. Who knows where everything is going once it gets to Sirsi?
posted by indubitable at 7:57 AM on May 11, 2015


Hizonner - my mom was a librarian and when I was a child she told me about librarians inventing exactly that kind of self-erasing systems for exactly these reasons. It was my first awareness of privacy issues and the political nature of libraries.
posted by bile and syntax at 8:31 AM on May 11, 2015


It's possible libraries are required by law to keep certain records for specified terms.

I used to have a quite a lot of say in writing these rules for my state, and when I did the library retention schedule I made the minimum retention (we couldn't set maximums) for borrower records the bureaucratic equivalent of "destroy them as soon as you don't need them."
posted by marxchivist at 8:39 AM on May 11, 2015 [1 favorite]


"And you get false positives. Or you get something that no one know what means like when Apple's went away."

Well, we know what it means. Apple's warrant canary disappearing means that they "received an order under Section 215 of the USA Patriot Act." What's unclear about that?
posted by I-baLL at 9:48 AM on May 11, 2015


> The consensus seems to be that warrant canaries are unlikely to work anyway

They work in the sense that they get people to think about the issue and perhaps get indignant enough to contact their representatives about it, which is good enough for me. Of course one would be foolish to look at such a sign and think "Since that sign is there, everything's hunky-dory!"
posted by languagehat at 9:56 AM on May 11, 2015 [3 favorites]


Well, we know what it means. Apple's warrant canary disappearing means that they "received an order under Section 215 of the USA Patriot Act." What's unclear about that?

We don't know how many orders were received, what data was requested, how many targets were involved, and whether Apple turned it some or all of that data over, or is currently fighting the request(s). The range of possibilities is so broad as to be practically meaningless.
posted by Shmuel510 at 10:33 AM on May 11, 2015


(That said, I agree with languagehat. The main function of warrant canaries or their absence is to raise awareness of the issues, not to provide useful information in themselves.)
posted by Shmuel510 at 10:35 AM on May 11, 2015


> Apple's warrant canary disappearing means that they "received an order under Section 215 of the USA Patriot Act." What's unclear about that?

It's also not explicit that they received such an order. It's a not impossible that the clause was struck because a lawyer retired/resigned/changed jobs and their replacement disagrees with the legal assessment on the canary's legality since they have never been tested in court and doesn't want to bet the $700 billion company on an untested theory. The EFF may believe the canary is legal, but a judge that supports an National Security Letter gag order is not going to be amused.

(I think Apple received an NSL though.)
posted by fragmede at 11:33 AM on May 11, 2015 [1 favorite]


...and end up in jail. To what end? That's a martyr, not a warrior.

Plenty of people have gone to jail for civil rights. Very few became martyrs.

Well, we know what it means. Apple's warrant canary disappearing means that they "received an order under Section 215 of the USA Patriot Act." What's unclear about that?

All you know is the statement went away. You don't know why. Maybe they just decided to no longer print that. Maybe they will put it in again next year. Maybe it was an oversight. Maybe it was on purpose. Maybe they did get a letter. That's the point. Now you see it now you don't really means nothing other than it's no longer there.
posted by cjorgensen at 12:58 PM on May 11, 2015


Is there any dissent in the library world on this issue? Not that I agree with the need to hand over patron records to every badge that walks in, but I'm curious to know if there's a minority of librarians who feel some "war on terror" duty to cooperate.

The example that comes to mind for me is when The Library of Congress blocked WikiLeaks on all its computers and networks, including public access terminals, in 2010 after the diplomatic cables were released. While I recognize that federal institutions have different constraints, this was a profound violation in my mind. While I understand the ALA had some panels and discussions on the matter, no real action was taken.
posted by zachlipton at 2:34 PM on May 11, 2015 [2 favorites]


Oh hey that is me. Hi!

I (as somebody who participates in some of the professional discussions around patron privacy) am sympathetic to that point of view, but I don't think it's one that is universally appealing: for one thing, a Tor relay can sound pretty remote from the concerns of a librarian who is tasked with providing user support for ebook readers and technology training for people who are not yet comfortable using a mouse. Such a librarian may prefer (say) a toolkit for privacy training that emphasizes general "online safety" and identity theft protection.

I share this viewpoint. Alison is rad and I love the work she is doing but it's actually not something I'm totally on board with from a practicality perspective. So I support the work she does but I haven't gone so far as to try to replicate it in my local library because it's a pain in the ass. And while I think it's really important to educate people about privacy issues, if it turns out they don't actually give a shit about this stuff (some do, some don't in my informal poll) then it's not really that kosher to force everyone to use Tor if there are downsides to such a setup.

A lot of people have mixed feelings about what you do and don't tell the cops if they show up (and yeah a lot more of what we're dealing with is cops or parents wanting information about patrons) and it's far from cut and dried. All states in the US have library privacy laws but in small towns especially where you work for the (small) town government, not everyone is comfortable telling the sheriff to come back with a warrant. I am and my local libraries were when there was an ugly situation in town (missing girl, the librarians said "come back with a warrant" which they did but it wouldn't have mattered anyhow) but there were a lot of long lasting bad feelings over it and in a town where the citizens directly vote for your budget, it can be tricky.

I agree that warrant canaries are likely not super helpful in real world situations but I think awareness of them and sites like canary watch really do help people understand what is going on out there.
posted by jessamyn at 7:47 PM on May 11, 2015 [4 favorites]


I agree, Macrina knows heaps more about privacy management than I and most of my colleagues do and probably heaps more than most of our users think is necessary. The general public, in my experience, tends towards the blasé when it comes to privacy of their information. Like Jeanne, I've had patrons who actually would like us to keep records of books they've used and seem bewildered that we don't retain the info after the books are returned. They can, of course, set up their own account and keep track of everything from saved searches to items, but many people don't really take advantage of that. As for the third party software (SirsiDynix, ExLibris etc) which runs library catalogues, most of them have privacy policies with varying degrees of assurances that patron data is safe. I lack the legal knowledge and brainpower at the moment to parse those privacy statements, but it's there for anyone who's interested.

I have also had users who are anxious about the safety of our public internet PCs, wondering if things they've saved to the desktop/bank account details/facebook logins are still stored on the PC. We have DeepFreeze, which prevents any changes from being permanent - every time the computer reboots, any stored info is wiped. Since we also have session management for our internet sessions, it means that the PC reboots between users. So we cover the basics.

Mostly I just like the sign because it is clever and calls attention to something that most probably never think about. If you read it and think "warrant canary" you are probably not the intended audience, because you already know more than most.
posted by Athanassiel at 9:47 PM on May 11, 2015 [2 favorites]


« Older The Vine Nerds   |   Gay Skinhead Oi! Poster Boy Newer »


This thread has been archived and is closed to new comments