Tagged with " privacy"
As part of the IMLS-funded project on “Library Values & Privacy in our National Digital Strategies,” CIPR director Michael Zimmer and Data & Society’s Bonnie Tijerina convened a group of 30 library privacy advocates at ALA Annual in Chicago to attend a “Privacy and Pizza” happy hour. The event provided an informal environment to talk about privacy and provide guidance on the direction the project should take to best support libraries and information professionals in the pursuit of protecting privacy.
Attendees were asked to provide suggestions on topics for the library privacy field guides to be produced during the grant period, and to share reflections on a set of probing questions on what the library and information professional community has had success doing, and what remains as the biggest challenges, regarding patron privacy.
Highlights of this feedback are shared below.
What topics/technologies do you believe would make the best field guides? (votes)
- data security (8)
- privacy by design (7)
- public internet and wifi services (7)
- cloud-based library systems (6)
- internal library information systems (5)
- third-party library software systems (5)
- government information requests (4)
- licensing of digital content (3)
- government surveillance (2)
- social media strategies (1)
What have you done to address privacy issues in libraries?
- Staff training (2)
- Nagging about privacy at every chance I get with patrons, staff, vendors, library community
- Participated in NISO privacy principles
- Delivered talks to publishers & libraries
- Conducted a privacy audit of our library using the guidelines & checklists
- Worked on the privacy checklists
What is one thing your library, or the library profession, is missing to better address privacy issues?
- Language to use when talking to other municipal directors (eg, police chief, city manager) (2)
- Pithy talking points for explaining privacy issues to different stakeholder groups (2)
- Tools for working with specific age groups
- Actually practicing what we preach in our internal operations, as well as in our work with vendors
What questions do you have about privacy in libraries?
- How should libraries audit all the data being collected at their institution — from their wifi networks to their vendor systems?
- How do we motivate ALA Washington Office to push harder on privacy-related legislation?
- How can we better mobilize to influence the practices and ToS of vendors? (2)
- How do we negotiate privacy with vendors?
- Hod do platform-level collection practices by the vendors benefit them? How can libraries responsibly benefit from them as well?
- Do governments subpoena library vendors?
- Are we willing to “degrade” service to preserve privacy?
- What do libraries want to negotiate with vendors?
What is the biggest challenge for addressing privacy issues in libraries?
- Getting average patrons to care (4)
- The hard challenge is reader analytics and privacy with content vendors and delivery platforms (3)
- HTTPS everywhere is crucial and there is no excuse not to do it today, but be sure to the cipher suites right! (3)
- Making it simple
- Apathy (on the part of the people we serve)
- ALA is not united in its position on privacy issues: OIF, OITP, LITA, Council, IFRT, IFC, etc
- Educating library staff (2)
- Separation between the library and the IT department
- Making library administrations prioritize patron privacy (especially with getting resources to ensure privacy)
- Convincing staff it is a priority issue they should care about
If you could have or invent one tool to address privacy, what would it be?
- A foolproof, 100% effective response to “I don’t have anything to hide” or similar attitudes toward privacy
- Money to make privacy-oriented tools work as well as the Google suite of products
- Clear tools for auditing internal privacy practices and infrastructure
- A network of library-run Tor nodes
- A bill that gave the FCC permanent control over regulating broadband (eg, institutionalizing net neutrality)
In 2015, CIPR engaged in a pilot research study to help us understand how libraries are implementing third-party cloud computing services, how these implementations might impact patron privacy, and how libraries are responding to these concerns.
The pilot study focused on 38 libraries who implemented BiblioCommons, and the results have now been published in the Journal of Intellectual Freedom & Privacy, co-authored by Katie Chamberlain Kritikos and CIPR director Michael Zimmer. From the article’s abstract:
Privacy Policies and Practices with Cloud-Based Services in Public Libraries: An Exploratory Case of BiblioCommons
Public libraries are increasingly turning to cloud-based and Library 2.0 solutions to provide patrons more user-focused, interactive, and social platforms from which to explore and use library resources. These platforms – such as BiblioCommons – often rely on the collection and aggregation of patron data, and have the potential to disrupt longstanding ethical norms within librarianship dedicated to protecting patron privacy. This article reports on the results of a pilot research study investigating how libraries are implementing third-party cloud computing services, how these implementations might impact patron privacy, and how libraries are responding to these concerns. The results of this research provide insights to guide the development of a set of best practices for future implementations of cloud-based Library 2.0 platforms in public library settings.
The article references 3 appendices, which are provided here for readers’ convenience:
This week, CIPR hosted the first cross-institutional team meeting for the NSF EAGER (EArly-concept Grants for Exploratory Research) grant to pursue a research collaboration on “Mapping Privacy and Surveillance Dynamics in Emerging Mobile Ecosystems: Practices and Contexts in the Netherlands and US“.
Participants were: Dr. Jessica Vitak, Priya Kumar, and Yuting Liao (University of Maryland); Dr. Jason Pridmore, Dr. Daniel Trottier, and Anouk Mols (Erasmus University); and Dr. Michael Zimmer and Katie Chamberlain Kritikos (UW-Milwaukee).
The US-based team reported on preliminary results from their study on privacy, mobile health, and fitness trackers, while the Dutch team reported on their initial study on privacy and mobile messaging apps. The two teams will next coordinate on a cross-cultural study of user interactions with intelligent digital personal assistants (such as Siri or Alexa). A stakeholder workshop is planned for summer 2018 in College Park, MD. Stay tuned for details!
The Center for Information Policy Research has been awarded a National Leadership Grants for Libraries award from the Institute of Museum and Library Services (IMLS) for the project “Library Values & Privacy in our National Digital Strategies: Field guides, Convenings, and Conversations.”
CIPR will be partnering with Data & Society, along with the American Library Association’s Office of Intellectual Freedom and the New York Public Library, to host a national forum exploring what the library value of privacy means in the digital world. The forum will bring together library practitioners and administrators, along with technology, policy, and privacy experts, to establish a national roadmap for a digital privacy strategy for libraries.
Along with the roadmap, the project will produce a series of field guides for librarians that clearly lay out important privacy and security issues. Field guides will include topics such as: privacy by design, internal library information systems, third-party library software systems, cloud-based library systems, public internet and wifi services, licensing of digital content, data security, government information requests, and social media strategies
CIPR director Dr. Michael Zimmer will be working with Bonnie Tijerina, a researcher at Data & Society, to facilitate the project. The award was one of 25 projects funded out of 90 applications.
CIPR director Michael Zimmer has been appointed Editor of the Journal of Intellectual Freedom and Privacy (JIFP), published by the American Library Association’s Office of Intellectual Freedom.
Journal of Intellectual Freedom & Privacy incorporates many of the features of the Newsletter on Intellectual Freedom. Readers will still read in each issue about the latest incidents of book banning in “censorship dateline,” the latest court rulings in “from the bench,” legal controversies in “is it legal?” and, of course, “success stories.” New ALA intellectual freedom policies and reports to the ALA Council from the Intellectual Freedom Committee and the Freedom to Read Foundation will also continue to appear.
The new journal will add refereed essays and peer-reviewed articles on intellectual freedom and privacy, as well as book reviews, legal briefs and opinion pieces. The goal is to have JIFP at the center of discourse on intellectual freedom and privacy issues in libraries.
CIPR director Michael Zimmer has been awarded an NSF EAGER (EArly-concept Grants for Exploratory Research) grant to pursue a research collaboration with Dr. Jessica Vitak (University of Maryland) and Drs. Jason Pridmore and Daniel Trottier (Erasmus University) on “Mapping Privacy and Surveillance Dynamics in Emerging Mobile Ecosystems: Practices and Contexts in the Netherlands and US“. Each of the institutions has won a separate research award for the collaboration.
From the award abstract:
The increasing ubiquity of mobile technologies creates unique privacy and surveillance challenges for users. These problems are global, but the way users, organizations, and governments approach these challenges varies based on cultural norms around privacy. This cross-cultural project evaluates how mobile users in the U.S. and the Netherlands think about and make decisions about their privacy when using mobile apps. The project’s primary goal is to inform both ways of thinking about privacy in the digital age and practical implementations that pertain to the digital self, with an emphasis on tensions between privacy, disclosure, mobility and surveillance. Furthermore, this study highlights privacy practices across different legal and cultural frameworks, providing important implications for broad-based policy decisions.
In collaboration with researchers at Erasmus University in the Netherlands, this project has three phases. Phase 1 develops a preliminary understanding of privacy awareness and practices across three emerging mobile ecosystems: health and fitness tracking (e.g., Fitbit), mobile messaging apps (e.g., Whatsapp), and intelligent digital personal assistants (e.g., Siri). Building on these findings, Phase 2 involves cross-cultural data collection and analysis using “privacy vignettes,” which allows for identification and comparison of individuals’ privacy norms across contexts and cultures. Phase 3 focuses on dissemination of findings to key stakeholders and policymakers, and building an international working group of researchers active in this space. The focus on unpacking how privacy is conceptualized and implemented across two countries with very different cultural conceptions of privacy expands our understanding of the contextual nature of mobile privacy—enabling an extension of Helen Nissenbaum’s work on privacy as contextual integrity—while also providing practical implications for researchers and designers employing a Privacy by Design framework.
This collaborative research grant was awarded from a joint call for proposals by the U.S. National Science Foundation (NSF) and the Netherlands Organisation for Scientific Research (NWO), seeking collaborations between US- and Netherlands-based researchers on research topics that fit the privacy research goals of NSF’s Secure and Trustworthy Cyberspace (SaTC) program. Only 5 awards were jointly made by both NSF and NWO.
Assisting Zimmer during this 2-year project will be Katie Chamberlain Kritikos, a SOIS PhD student, and a research assistant at the Center for Information Policy Research.
A group of Danish researchers, led by Aarhus University graduate student Emil O. W. Kirkegaard, recently publicly released a dataset of nearly 70,000 users of the online dating site OkCupid, including usernames, age, gender, location, what kind of relationship (or sex) they’re interested in, personality traits, and answers to thousands of profiling questions used by the site.
When asked whether the researchers attempted to anonymize the dataset, Kirkegaard replied bluntly: “No. Data is already public.” This sentiment is repeated in the accompanying draft paper, “The OKCupid dataset: A very large public dataset of dating site users,” posted to the online peer-review forums of Open Differential Psychology, an open-access online journal also run by Kirkegaard:
Some may object to the ethics of gathering and releasing this data. However, all the data found in the dataset are or were already publicly available, so releasing this dataset merely presents it in a more useful form.
To those concerned about privacy, research ethics, and the growing practice of publicly releasing large data sets, this logic of “but the data is already public” is an all-too-familiar refrain used to gloss over thorny ethical concerns,.
In response to this problematic data release, CIPR director Michael Zimmer published an editorial in Wired: “OkCupid Study Reveals the Perils Of Big-Data Science” (Wired, May 14, 2016). He states, in part:
The OkCupid data release reminds us that the ethical, research, and regulatory communities must work together to find consensus and minimize harm. We must address the conceptual muddles present in big data research. We must reframe the inherent ethical dilemmas in these projects. We must expand educational and outreach efforts. And we must continue to develop policy guidance focused on the unique challenges of big data studies. That is the only way can ensure innovative research—like the kind Kirkegaard hopes to pursue—can take place while protecting the rights of people an the ethical integrity of research broadly.
Zimmer also appeared on the WUWM Milwaukee Public Radio show Lake Effect to discuss “Big Data Research Creates Ethical Concerns”, noting that:
So when a researcher like this says, ‘Well this stuff was already public,’ what he kind of really means is like, ‘This stuff was visible to other users who happen to also create a profile,’ and those aren’t the same thing,” says Zimmer. “Psychologically I think it’s important for users when they sign up for this thing to have this assumption, or these set of expectations, that I know this data is kind of public but it’s meant for this community… Doing this kind of research sometimes violates that assumption.
CIPR Director Michael Zimmer has been named a co-chair of the RDA/NISO Privacy Implications of Research Data Sets Working Group, a joint NISO and Research Data Alliance project, focusing on the privacy implications of shared research data. Zimmer will be joining Todd Carpenter (NISO) and Bonnie Tijerina as co-chairs leading this effort.
The working group will explore issues related to scientific research data sets that contains human subject information, as well as related datasets that have the potential to be combined in a way that can expose private information. The goal of the group is to develop a framework for how researchers and repositories should appropriately manage human-subject datasets, to develop a metadata set to describe the privacy-related aspects of research datasets, and to build awareness of the privacy implications of research data sharing. While privacy is related to the ethical, legal and data publishing issues surrounding data management of which privacy is a part, this working group is focused specifically on privacy-related concerns.
The group will focus on world-wide legal frameworks and the impacts these frameworks have on data sharing, especially with human-subject data. After gathering these legal strictures and comparing the differences and similarities, the group will begin crafting a set of principles that will provide guidance to the researcher and repository communities on how to manage these data when they are received. Building on these, the group will craft a set of use cases on how the principles will be applied. After these elements are completed, an effort to advance the principles through promotion and community outreach will be developed and executed.
The group has released a case statement that is open for comment.
The National Information Standards Organization (NISO), a non-profit standards organization that develops, maintains and publishes technical standards related to publishing, bibliographic and library applications, has been awarded a grant from the Andrew W. Mellon Foundation to develop a Consensus Framework to Support Patron Privacy in Digital Library and Information Systems. The grant will support a series of community discussions on how libraries, publishers, and information systems providers can build better privacy protection into their operations. The grant will also support creation of a draft framework to support patron privacy and subsequent publicity of the draft prior to its advancement for approval as a NISO Recommended Practice.
In support of the project, NISO has convened a steering committee of practitioners, consultants, and advocates dedicated to supporting patron privacy. CIPR director Michael Zimmer has accepted an invitation to join the steering committee, and will contribute to project’s three phases.
The first will be a pre-meeting discussion phase, which will consist of four virtual forums to discuss privacy of internal library systems, privacy of publisher systems, privacy of provider systems, and legal aspects influencing data sharing and policies. Each of the discussion sessions will be a three-hour web-based session designed to lay the groundwork for a productive in-person meeting at the conclusion of the American Library Association meeting in San Francisco, CA in June 2015. Following the in-person meeting, a Framework document will be completed detailing the privacy principles and recommendations agreed to by the participants, and then circulated for public comment and finalization.
Additional information is available at the NISO website.
The UW-Milwaukee Center for Information Policy Research is excited to welcome Prof. Neil Richards for a talk about his new book Intellectual Privacy in celebration of Choose Privacy Week, the annual initiative of the American Library Association that invites the public into a national conversation about privacy rights in a digital age.
Choose Privacy Week 2015 with Prof. Neil Richards
Monday, May 4, 2015
Alumni Fireside Lounge
UW-Milwaukee Student Union
2200 East Kenwood Boulevard, Milwaukee WI 53211
About Intellectual Privacy:
Most people believe that the right to privacy is inherently at odds with the right to free speech. Courts all over the world have struggled with how to reconcile the problems of media gossip with our commitment to free and open public debate for over a century. The rise of the Internet has made this problem more urgent. We live in an age of corporate and government surveillance of our lives. And our free speech culture has created an anything-goes environment on the web, where offensive and hurtful speech about others is rife. (More…)
Neil Richards is an internationally-recognized expert in privacy law, information law, and freedom of expression. He is a professor of law at Washington University School of Law, a member of the Advisory Board of the Future of Privacy Forum, and a consultant and expert in privacy cases. He graduated in 1997 from the University of Virginia School of Law, and served as a law clerk to Chief Justice William H. Rehnquist. His first book, Intellectual Privacy, was published by Oxford University Press in 2015.
The Center for Information Policy has been a proud supporter of Choose Privacy Week since its inception in 2010. Past events have included a panel discussion on “Emerging Privacy and Ethical Challenges for Libraries in the 2.0 Era” (2010), participation in an ALA webinar on “Youth Privacy” (2011), the screening of the documentary “Big Brother, Big Business: The Data-Mining and Surveillance Industries” (2012), and hosting a talk by Dr. Kelly Gates on “The Computational Work of Policing” (2013).