13 Aug 2015

Reflections on online privacy


Guest post by Tom Maher who works with The Forgotten Zine Archive , likes long walks on the beach and enjoys Italian food....

Alison Macrina - of The Library Freedom Project - and Eoin O'Dell - Associate Professor of Law, TCD - led a discussion last Thursday evening in the RIA on the topic of digital privacy. The event, organised by A&SL attracted a large number of information professionals, from a variety of backgrounds, all eager to hear how this recent social concern would affect the services they provide. Although Macrina and O'Dell delivered great insight and sound recommendations, those professionals in attendance quickly understood the burden of change that lay before them. It would be up to them to maintain the dignity and rights of their patrons in the years to come, and to maintain the trust that allows the library/patron relationship to flourish.

The discussion began with a simple enough question: "Why privacy?"

Why should anyone, librarian or not, care about who has access to their data? Sure, if you have nothing to hide why be concerned? The answers developed along three lines:

- One, awareness of privacy-related issues gives people who are already giving implied consent to their personal data being collected the power to either give informed consent instead, or take steps to avoid that collection in the first place.

- Two, the ways in which personal data is currently being collected and used often violates our human right to privacy.

- Three, to allow recent disclosures of mass surveillance and non-transparancy in government to go ignored and under-discussed would be to allow the culture that spawned these practices to metastasize into further civil liberty violations.

Addressed to those that still needed convincing were further tales of such violations which, although thrilling to hear about, ultimately set my mind thinking about the CBS sci-fi crime drama 'Person of Interest'. The show tracks the weekly exploits of a former CIA agent and presumed-dead billionaire surveillance developer who have both taken it upon themselves to save lives using the godly power of well-indexed metadata. The show's duo also, rather auspiciously, operate out of an abandoned library in midtown Manhattan. What could be more fitting! Well worth a watch.

Returning to the talk, we were granted comparison views of the state of privacy in Ireland, the UK, Europe and the US. Unsurprisingly, Ireland is relatively ill-equipped and inexperienced in this area - though still at the mercy of larger spy agencies whose activities know no borders. Although mouthpieces may vary, a common feature of Western government policies is the commission of infringement in the name of tackling boogeymen - most notably, and vaguely, those classified as terrorists or extremists. O'Dell and Macrina also stressed the importance of not falling for the fear-mongering rhetoric - actively blocking, reviewing and/or repealing legislation imposed on this basis through mechanisms in the justice system instead. Although courts such as FISA have proven to be inept when it matters most, they do provide valuable structural legitimacy to acts of resistance.

Law reform takes time, however, so a number of ways were recommended in which libraries could effect change and protect the interests of their patrons outside the courts in the short term. The first is a piece of legal theatre known as a warrant canary - a method by which your library can communicate that they have not been served with a subpoena for patron information, and which can be removed in the event of such a serving taking place in order to alert patrons without violating a potential gag order. They usually take the form of a simple sign. If nothing else, it will spark questions!


Among the more practical recommendations Macrina made are the following (all free):

CCleaner for securely and permanently deleting sensitive (or not so sensitive) local files from a computer. Although the delete key and Recycle Bin seem to do the business on anything you aim them at, files deleted in this manner can still be retrieved using specialist software.

DuckDuckGo is a search engine alternative to Google that doesn't offer personalised search results and notably emphasises searcher privacy in its policies.

Mozilla Firefox is a browser very similar to your Internet Explorers and Chromes of the world, with one major difference - it is open-source. This means that its code is available for all to inspect and review, and this keeps Mozilla honest and transparent about the way they handle your data.

KeePassX (https://www.keepassx.org/) or LastPass for secure password generation - a vital element of any security routine.

Tor Browser, a piece of software which bounces your communication from node to node around the globe in such a fashion as to make it almost impossible for a third party to track your true location or identity - perhaps more applicable to libraries is how the Library Freedom Project have themselves have begun a pilot programme of setting Tor exit relays up in libraries.

Using a Tor Browser, however, can be a red flag for authorities and can result in you becoming a target of greater surveillance. Although one ought to possess the bravery to wave this concern, it is not always the sensible choice. Consider VPN services such as those recommended in this article:

Loaded up with food for thought (and nightmares of a dystopian surveillance state, no doubt), the librarians in attendance eventually dispersed and stumbled off into the night. Whether the warnings of O'Dell and Macrina will take hold is anyone's guess, but at least now a few dozen more people are aware of what small changes they can make to protect themselves, their patrons and the privacy of all of their data.

Further reading:

Assange, J. (2014). When Google met WikiLeaks.

Foerstel, H. N. (1991). Surveillance in the stacks: The FBI's library awareness program. New York: Greenwood Press.

Library Freedom Project Resources. Including further recommendations, teaching guides and a few other tidbits.

OpenCourseWare|MIT - Computer Systems Security. A free online course covering the basics and beyond of cyber security. Available at: http://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-858-computer-systems-security-fall-2014/