Protecting Patron Privacy

Recently, I was teaching a privacy class for librarians, and the topic turned to the privacy versus convenience trade-off—the occasional annoyances of using privacy-enhancing technologies online. An audience member laid out what she felt I was asking of the group. “You’re telling us to start selling granola when everyone else is running a candy store.”

The Republican-controlled U.S. Senate and U.S. House of Representatives have both voted to repeal restrictions on the sale of customer data by internet service providers (ISPs). President Donald Trump is expected to sign the bill into law. The restrictions were short-lived, enacted by the Federal Communications Commission (FCC) in October 2016, days before the election. Still, as Gary Price, editor of LJ infoDOCKET notes, "This troubling event is an opportunity for the library community to become a clearinghouse of awareness, education, and knowledge about digital privacy to those we serve." This article by Alison Macrina, founder and director of the Library Freedom Project, was originally published in July 2016. Macrina's site libraryfreedomproject.org features a wealth of resources and links to resources to help libraries educate or work with concerned patrons. Libraries can also direct concerned patrons to the Electronic Frontier Foundation's Surveillance Self Defense page at ssd.eff.org.

Recently, I was teaching a privacy class for librarians, and the topic turned to the privacy versus convenience trade-off—the occasional annoyances of using privacy-enhancing technologies online. An audience member laid out what she felt I was asking of the group. “You’re telling us to start selling granola when everyone else is running a candy store.”

I thought about her comment for a moment. “Yes, but don’t you see? There’s about to be a huge demand for granola, and no one else will have it.”

It’s true that the candy stores abound. We rely on dozens of free digital services for everything from email to document storage—“free” at the expense of signing over our personal data. Advertising covers the costs of our favorite blogs and news outlets—but ad trackers follow us all over the web, often without our knowledge or consent. The huge amount of data collected and stored in plain text makes it easy for intelligence agencies and law enforcement to Hoover up all that information using one of their many overbroad surveillance authorizations—whether or not we’ve been accused of a crime.

Just like the sweet stuff, all of these free services are gratifying in the moment but come with long-term costs. In fact, digital privacy is analogous to health in a number of ways—regularly seeing a doctor, paying attention to nutritional content, and making time for exercise can be inconvenient, but the costs of neglecting your health can be grave and irreversible. Maybe you’ll never have a heart attack, or maybe you’ll never get hacked, but if you do, you’ll probably be wishing you had taken some precautions to protect yourself.

I hear often from people who think that privacy can’t be salvaged, that the toothpaste is already out of the tube, and we should just give in to our Google overlords. While it’s true that the situation is dire, I’m personally not ready to give up such an essential civil liberty. Privacy matters; without privacy, we don’t actually have free speech: you can’t read, write, research, or talk freely if your every move is being monitored. There’s a reason why libraries have championed privacy alongside intellectual freedom since as far back as the 1939 American Library Association (ALA) Code of Ethics.

Furthermore, violations of privacy, much like other injustices, disproportionately affect people who are already vulnerable or marginalized. Police surveillance targets black and brown communities. Queer students are often in danger when their schools or parents monitor their digital communications. Politically dissident views are chilled. And, of course, paid alternatives to free but invasive services may be out of reach for poor or working class users—unless they come through the library. Privacy is vital to intellectual freedom, and although it might seem like a lost cause, the sooner we take steps to safeguard our digital privacy, the better we’ll be in the long run.

So where do we begin? Here are some fairly simple steps to get you started on bringing digital privacy into your library:

1Teach strong password strategies: My good friend Nima, Library Freedom Project’s technologist, likes to say that passwords are “the biggest vulnerability on the Internet.” What he means is that most people use incredibly insecure passwords—weak, not complex, nonrandom, and not unique (the same password for everything)—and this makes for a very simple entry point for any attacker who wants to compromise you. Strong passwords require randomness, in the true mathematical sense. My preferred password strategy uses the Diceware word list to create strong, memorable master passphrases. Using a regular six-sided die, you roll the die five times to get the first word from the ­Diceware word list. Repeat this process until you have a total of five, six, or seven words—you’ve now got a strong, memorable master passphrase that you can use to log in to a password manager, like 1password.com or lastpass.com, and store the rest of your passwords there. Password managers have built-in password generators, so you can create strong, random passwords for all the other accounts you need without having to think of a jumble of letters and numbers yourself. I recommend changing all of your passwords to new, unique, random passwords as soon as you set up the password manager.

Finally, whenever possible, you should set up two-factor authentication. Two-factor authentication is a way to add security by including a second thing that only the user knows or possesses. For example, a common form of two-factor authentication is receiving an SMS message with a secret code that you have to enter after entering your username and password for a service. Two-factor authentication isn’t available for everything, but you should set it up if you see it available.

2Teach secure texting and calling: Using plain SMS for texting is like sending your text messages on a postcard. Apple has done a lot to prioritize privacy and security on its devices, including making iMessage end-to-end encrypted, i.e., no one can read the messages but the parties sending them. Apple does not have copies of the encryption keys. But what about folks with Android phones (or texting between iOS and Android)? Signal, from whispersystems.org, enables end-to-end encrypted calls and texts for both iOS and Android users, and it works just like any other texting app, offering group texts, emoji, animated gifs, and more. Make sure to verify the fingerprint of the person you’re communicating with—read it out loud to them after long-pressing their name in the text message view, and make sure the one they see is identical to what you see.

3Update software and remove Flash: Software updates often contain patches for critical security vulnerabilities. The longer we wait to update software, the more we run the risk of serious exploitation. No one should use Flash for anything, ever. It’s horribly insecure. There is no way to use Flash safely—just remove it. Your patrons might ask for it if it’s gone, so I recommend making signs in the library about why Flash isn’t available. If you encounter any services that require it such as AdobeConnect, write a strongly worded email to whoever is in charge.

4Offer online anonymity with Tor Browser: Tor Browser is an incredibly sophisticated tool to protect privacy on the web. When you use Tor Browser, websites don’t know anything about who you are unless you log in and tell them. It protects your location privacy—anyone who observes your network traffic can’t see where in the world you’re really coming from. It also prevents websites from knowing which other websites you are visiting, making it harder to be tracked from site to site, and it includes a bunch of other built-in privacy protections.

Don’t make Tor Browser the default browser for any public access computers, however. Sometimes websites can behave in unexpected ways over Tor. For example, Google Maps may render content in non-English languages. Also, some sites block Tor. So offer it as a backup browser for privacy-minded patrons.

5Use HTTPS for all library digital services: All websites should use strong HTTPS encryption, not just banking or shopping sites. HTTPS encryption helps ensure three things:

Confidentiality—no one can eavesdrop on what’s being transmitted between you and the website you’re visiting. Authenticity—assurance that you are visiting the site you intended to visit and not a malicious interloper. Integrity—encryption prevents would-be attackers from injecting something malicious into your traffic.

Sadly, an overwhelming majority of the web is still unencrypted, partly because most people don’t recognize how important HTTPS is and partly because HTTPS implementation can be difficult. But it has become much easier with ­letsencrypt.org, a new initiative to encourage the use of HTTPS by default for all websites. There’s even a client called CertBot that deploys Let’s Encrypt certificates automatically.

If your library is ready to start using HTTPS for all services under your control, please sign Library Freedom Project’s Digital Privacy Pledge. We’re encouraging libraries, membership organizations, and vendors to help make libraries the industry leader in using HTTPS across all of our services.

Just as we introduce our patrons to other new technologies, we can offer privacy education and tools in the library and assist our communities in identifying libraries as privacy-protective spaces in the 21st century. Let’s have the best granola stores our constituents have ever seen.

Alison Macrina is a Librarian, Privacy Activist, and the Founder and Director of the Library Freedom Project. She is also a 2015 LJ Mover & Shaker