Thursday 28 September 2017

Supporting citizens with protecting their privacy online

This post is based on my talk at the CILIP Conference on 6th July, which I wrote-up for K & IM Refer: Journal of the Knowledge and Information Management Group (CILIP). This article has been published online as part of K & IM Refer Autumn 2017 issue.

All the technology around us - cameras, phones, our internet use, online communications, etc. - collects data about us. For example: most of us carry a smartphone around all the time. How many of us are fully aware that if the GPS is on, our phone company can pinpoint where we are with an accuracy of 5 to 8 meters? If the phone company knows, who may also have access to our location data? Are we comfortable with this situation? Would you change your behaviour and turn off your GPS when you don't use it now you know this, or would you decide the convenience outweighs the disadvantages?

Privacy is about choice. As citizens, we need to be aware of this situation to be able to make informed decisions about whether we want to protect some of our data and how much effort we are ready to put into protecting our privacy. Once we have the facts we also need the skills: we need to know about tips and tools available to help us protect our information.

Libraries defend people's rights
I believe that libraries exist to defend people’s right to enrich and improve their own lives, their environment and society. We library and information professionals make this happen by facilitating access to and the sharing of information, knowledge and culture.

In many sectors library and information professionals already devise and deliver digital skills training, ranging from a basic introduction to computers to searching online resources effectively. Knowing how to protect one’s privacy online is part of those digital literacy skills everyone should have; that's why at Newcastle Libraries we have started looking into how we could best help our citizens.


Learning about privacy issues and tools
Our team's awareness of privacy issues originally came from reading technology articles or from initiatives in libraries in other countries such as France or the USA. American librarians have created very useful materials that are a good place for us in the UK to start learning – I would particularly recommend the Library Freedom Project and the Data Privacy Project.
In Scotland the Scottish PEN has also been delivering Libraries for privacy: digital security workshops with support from CILIP Scotland and the Scottish Library and Information Council. I was able to attend one of those workshops, which inspired me to create a short training session for colleagues at Newcastle Libraries. I initially ran two sessions for librarians and senior managers in March 2017, and will be rolling it out to as many staff as possible this autumn. The first two sessions included time for us to discuss and decide what we wanted to do in our service regarding online privacy.

Initiatives for citizens
We wanted to offer information and training about protecting one's privacy online to local citizens. In 2016 we had already co-organised two cryptoparties; we decided we should host some more. A cryptoparty is an informal gathering of individuals to discuss and learn about tips and tools for privacy and security in our digital world. We co-organised ours with local members of the Open Rights Group who have the relevant technological knowledge that we might lack (!) - in partnership with the same individuals, our next cryptoparty will take place in November.
We have also noticed that cryptoparties tend to attract citizens who are already aware of privacy issues. How do we reach out to those who do not (yet) have that awareness? It is something that we are still exploring. One idea we want to implement is to include privacy among the topics covered in our digital skills sessions, but we are also trying to find other ways to, in a way, talk about privacy in a skills session without first telling people that we are.


Standing up for citizens' privacy
With Newcastle Libraries colleagues we felt that we could not be teaching citizens about tools to protect their privacy on the Internet and yet say: “By the way, this does not apply when you are using library computers or services”! We want to offer our computer users an Internet browser with enhanced privacy features – ideally, this would be Firefox with DuckDuckGo as the default search engine plus add-ons such as HTTPS Everywhere and Privacy Badger. I would love for us to offer Tor Browser or even for the library to be a Tor relay; however, I thought asking first for Firefox would be a lot less controversial... We are in conversation with our IT department; they have objections but these are about the practicalities of applying updates to the Firefox browser, which they cannot manage centrally like they currently do for Internet Explorer and Google Chrome.

An easier thing we can and will do is to be more transparent to citizens about how their information is handled when they use Newcastle Libraries services. When you use a library computer, you should be aware that our IT department records which websites you visit and that this information is kept for 12 months. When you use our e-books platform, we should tell you before you login what our supplier does with your data. It may take some time but it is relatively easy for us to add this kind of information on our website and other materials.
Once we start with this work we can review what we record – should we really be keeping your browsing history for this long? What is it used for; are we legally obliged to do so? Regarding third-party providers of library services, we should be requesting that they take steps to protect your data to our standards.
In truth, what we need is a privacy policy – the American Library Association Office for Intellectual Freedom has some fantastic information and templates adapted to the US context but that still gives us some useful pointers. Privacy terms and policies is a bigger piece of work but it is one we can build one chapter at a time, in order to support citizens with protecting their privacy online.