As part of the IMLS-funded project on “Library Values & Privacy in our National Digital Strategies,” CIPR director Michael Zimmer and Data & Society’s Bonnie Tijerina convened a group of 30 library privacy advocates at ALA Annual in Chicago to attend a “Privacy and Pizza” happy hour. The event provided an informal environment to talk about privacy and provide guidance on the direction the project should take to best support libraries and information professionals in the pursuit of protecting privacy.
Attendees were asked to provide suggestions on topics for the library privacy field guides to be produced during the grant period, and to share reflections on a set of probing questions on what the library and information professional community has had success doing, and what remains as the biggest challenges, regarding patron privacy.
Highlights of this feedback are shared below.
What topics/technologies do you believe would make the best field guides? (votes)
- data security (8)
- privacy by design (7)
- public internet and wifi services (7)
- cloud-based library systems (6)
- internal library information systems (5)
- third-party library software systems (5)
- government information requests (4)
- licensing of digital content (3)
- government surveillance (2)
- social media strategies (1)
What have you done to address privacy issues in libraries?
- Staff training (2)
- Nagging about privacy at every chance I get with patrons, staff, vendors, library community
- Participated in NISO privacy principles
- Delivered talks to publishers & libraries
- Conducted a privacy audit of our library using the guidelines & checklists
- Worked on the privacy checklists
What is one thing your library, or the library profession, is missing to better address privacy issues?
- Language to use when talking to other municipal directors (eg, police chief, city manager) (2)
- Pithy talking points for explaining privacy issues to different stakeholder groups (2)
- Tools for working with specific age groups
- Actually practicing what we preach in our internal operations, as well as in our work with vendors
What questions do you have about privacy in libraries?
- How should libraries audit all the data being collected at their institution — from their wifi networks to their vendor systems?
- How do we motivate ALA Washington Office to push harder on privacy-related legislation?
- How can we better mobilize to influence the practices and ToS of vendors? (2)
- How do we negotiate privacy with vendors?
- Hod do platform-level collection practices by the vendors benefit them? How can libraries responsibly benefit from them as well?
- Do governments subpoena library vendors?
- Are we willing to “degrade” service to preserve privacy?
- What do libraries want to negotiate with vendors?
What is the biggest challenge for addressing privacy issues in libraries?
- Getting average patrons to care (4)
- The hard challenge is reader analytics and privacy with content vendors and delivery platforms (3)
- HTTPS everywhere is crucial and there is no excuse not to do it today, but be sure to the cipher suites right! (3)
- Making it simple
- Apathy (on the part of the people we serve)
- ALA is not united in its position on privacy issues: OIF, OITP, LITA, Council, IFRT, IFC, etc
- Educating library staff (2)
- Separation between the library and the IT department
- Making library administrations prioritize patron privacy (especially with getting resources to ensure privacy)
- Convincing staff it is a priority issue they should care about
If you could have or invent one tool to address privacy, what would it be?
- A foolproof, 100% effective response to “I don’t have anything to hide” or similar attitudes toward privacy
- Money to make privacy-oriented tools work as well as the Google suite of products
- Clear tools for auditing internal privacy practices and infrastructure
- A network of library-run Tor nodes
- A bill that gave the FCC permanent control over regulating broadband (eg, institutionalizing net neutrality)