“Cyber Bill Could Let Feds Spy On Library Users, Advocate Warns” (and Some Comments About Library Privacy)
F)rom The Hill:
Librarians are warning that a cybersecurity bill about to hit the Senate floor could help the government spy on people using library computers.
On Wednesday, the head of the country’s largest advocate for libraries urged senators to oppose the “privacy-hostile” bill known as the Cybersecurity Information Sharing Act (CISA).
The measure is meant to boost the exchange of data about hackers between companies and the government.
“When librarians oppose a bill with ‘information sharing’ in its name you can be sure that the bill is decidedly more than advertised,” said Sari Feldman, president of the American Library Association (ALA).
CISA-related lobbying has ramped up in recent weeks as the measure inches closer to the Senate floor. It could come up as early as next week.
Read the Complete Article via The Hill
Comment From Gary Price, infoDOCKET Founder and Editor:
While it’s important that ALA is lobbying about the CISA legislation it’s important to remember that being able to see what a user is searching for (they keywords they use) using many of the digital resources a library provides (databases, catalogs, etc.) has gone on and continues to go on without much effort or technical know how to get to the data.
In other words, with a couple of open source software tools anyone (including the government) can see what someone is searching for because many of these resources do not encrypt the data as it move across the Internet.
Moreover, these open source tools tie the queries to the unique ID (MAC address) of the device or computer. Even more troubling is that in some cases, depending on the configuration of the device or computer, the name of the user might also be able to be easily tied to the search.
We’ve pointed this out many times on infoDOCKET and while things are improving in terms of encryption they are still not where they should be at this point in time. We also need to ask why we are so late making changes so it doesn’t happen again when new technology comes into play.
Finally, we have to once again mention an issue we’ve also posted about on infoDOCKET many times and for many years.
When an ebook is borrowed on OverDrive (via a library) and placed on a Kindle device, the record of the loan is shared with Amazon. The same goes for any notes someone makes in the book. This information is permanently stored by Amazon UNLESS the user goes in and manually deletes it. It’s not hard to delete the data but are we explaining to users that this is going on in the first place?
Finally, what’s important is to be transparent (what we ask of others) to users about this and related privacy issues. We also can and should instruct users on how to remove the data if they have an issue with it being kept by a third party, Amazon.
All of this and other privacy issues are an ideal opportunity for the library to provide awareness and education (that’s being constantly updated) about these issue to our users and communities. Things change quickly in the online world and no one method of keeping things private, including encryption, solves the complete problem.
Bottom Line: The privacy that the public expects (and respects) from libraries has not kept pace with the rise of online digital databases and tools. We need and must do better.
While technology can and will help solve some of these issues I believe that it’s also about the education of ourselves, our colleagues, and our users.
See Also: New and Old: Serious Reader Privacy Concerns Both Inside and Outside the Library (October 7, 2014)
See Also: Adding Transparency to the Ebook Transaction (June 25, 2013)
About Gary Price
Gary Price (email@example.com) is a librarian, writer, consultant, and frequent conference speaker based in the Washington D.C. metro area. He earned his MLIS degree from Wayne State University in Detroit. Price has won several awards including the SLA Innovations in Technology Award and Alumnus of the Year from the Wayne St. University Library and Information Science Program. From 2006-2009 he was Director of Online Information Services at Ask.com. Gary is also the co-founder of infoDJ an innovation research consultancy supporting corporate product and business model teams with just-in-time fact and insight finding.