We, Surveilled and Afraid, in a World We Never Made (Wisconsin variant)

837b357dc46c47fc99560e03b8841a27?s=47 Dorothea Salo
February 22, 2019

We, Surveilled and Afraid, in a World We Never Made (Wisconsin variant)

Compiled for a Wisconsin Library Service webinar which I never delivered because WiLS asked me to remove all references to identifiable libraries, which I consider to be censorship.

837b357dc46c47fc99560e03b8841a27?s=128

Dorothea Salo

February 22, 2019
Tweet

Transcript

  1. We, SURVEILL ED and AFRAID in a World We Never

    Made Dorothea Salo University of Wisconsin-Madison Information School Photo: Jay Phagan, “Surveillance Cameras” https://www.flickr.com/photos/jayphagan/33870031091/ CC-BY, cropped, darkened, masked Hi, everybody, and thanks for having me here. My talk title is a riff on a rather strange and uncharacteristic A.E. Housman poem, and it caught my ear because of how we as a society are finally getting scared of this Jeremy Bentham surveillance panopticon world we somehow find ourselves part of, from surveillance cameras practically everywhere to pervasive and hard-to-escape surveillance online. No lie, I am afraid of the panopticon, surveillance and behavior tracking and adtech and Big Data and machine learning and A-I and all the rest of it. No lie, I am a librarian partly because our profession’s ethics statements say “we do not do the surveillance thing, it’s not cool and it’s not okay, we give people the surveillance-free mental space they need to think and learn and create and be free people.” A few months ago, in fact, I had a viscerally angry reaction to someone’s innocent suggestion that I’m an information scientist rather than a librarian. In my head I was all “noooooooo, information scientists gave us behavioral ad tracking and browser fingerprinting and DoubleClick! Information scientists gave us Cambridge Analytica! I don’t identify with those creepy snoops! I am a LIBRARIAN, THANK YOU VERY MUCH, and WE ARE DIFFERENT.”
  2. And this is where it’s appropriate for me to declare

    that I have a dog in this hunt, and this is it: I’m part of a research project funded by the Institute for Museum and Library Services that’s asking students what they think about their privacy relative to academic libraries participating in learning analytics initiatives—and if you’ve never heard of learning analytics, don’t worry, I’ll talk about it more later. I hear a lot of people say “nobody cares about privacy any more!” I don’t actually believe that, and current research in non-library contexts aligns with me. But, either way, shouldn’t we know what students think about privacy? So the Data Doubles team is aiming to find out. I’m working with students at U-W Madison, and my U-W Milwaukee colleague Kristin Briney is working with students there, so Wisconsin students will be well-represented in this work, which makes me happy and I hope it makes you happy too. But I do want to say, this particular presentation is NOT part of the Data Doubles project. It is MY WORK and not theirs, and any trouble it causes—and oh, it may well cause trouble—needs to come back to me, not them. If we’re clear on that, let’s move on.
  3. “… a radically disembedded and extractive variant of information capitalism…

    can be identified as SURVEILLANCE CAPIT AL ISM.” —Shoshana Zuboff Photo: David Bleasdale, “surveillance” https://www.flickr.com/photos/sidelong/41562981290/ CC-BY, cropped Despite my abject terror of surveillance, here I am, here we all are, stuck in this world, this world of what scholar Shoshana Zuboff calls “surveillance capitalism.” This world. This WORLD, Y’ALL. Where do I even start? Well, okay. I want to start by naming-and-shaming some characteristics of our current surveillance situation that I think are well beyond the ethical pale generally, never mind compared to librarian ethics. I’ll give examples, too, just to be a little clearer about what I mean.
  4. ENTIT L EMENT Entitlement. World plus dog thinks they’re somehow

    entitled to any data they can grab about me, and any data they can grab about you—any data they can grab about pretty much everybody. They don’t even ASK themselves if maybe, just maybe, they’re not entitled to know. “We CAN collect these data, therefore it must be okay to!” they say. “Nobody even knows we’re collecting these data, so who’s to object?” says every terms-of-service agreement everywhere, merely by being fifty gazillion pages of dense legalese. “It’s our business model, so that automatically makes it okay!” Gotta pay back those venture capitalists, that’s clearly the most important thing ever. And then there’s my personal least favorite, “Surveilling our users is how we improve our service!” Like, do these people even hear the garbage coming out of their mouths?
  5. And obviously Facebook and Google are the easy targets here,

    their entitlement is appalling, but I want to sidestep to something more libraryish: Adobe. In twenty- fourteen, Adobe Digital Editions—that’s their ebook-reading software, I’m sure a lot of you have used it—Adobe Digital Editions got caught red-handed sending information about each of its individual users over the internet back to Adobe. Exactly what ebooks you opened, how much and which parts of each one you read, when you did that reading… all of that going back to Adobe. In what UNIVERSE is Adobe entitled to know this? Especially such that we can’t even tell them to stop? But they sure think they’re entitled to collect this data about our reading. Amazon’s just as bad, of course; their whole author-compensation program for ebooks is based on knowing exactly how much of which books their customers read.
  6. CAREL ESS SHARING (“EVEN IF YOU WANT PRIVACY, WE WON’T

    LET YOU HAVE IT!”) Another bad thing that the entitlement fuels is sheer carelessness with data. Sure, let’s collect every piece of data we can imagine, keep it wherever without considering security, and then sell or share it indiscriminately all over the place, what could possibly go wrong? Why should we bother, I don’t know, asking people first? Thinking about the risk in what we’re doing? “But we took out the personally-identifiable information!” says every sketchy web tracker everywhere. Look. Y’all. The more data that’s collected on people, the less meaning P-I-I even has. With enough information about us, we’re all identifiable, it doesn’t even matter if our names and social-security numbers get taken out. And in this world of surveillance, that information absolutely exists. So careless sharing is a real danger to all of us.
  7. “But it’s public data!” skeevy sharers often say. That’s what

    OKCupid said, after publishing their users’ dating data. Well, after a fashion, yeah, but look, privacy is not a binary, okay? It’s more complicated than that, and we should be able to expect the services we use and the gatherers of our data to respect those complications. “But we’re the good guys! We’ll only use the data for great justice!” they also say. Yeah, whatever, one misconfigured server setting or bad vendor contract or megalomaniac manager or creepy stalker hire and so much for your good intentions. “But it’s REE-surch!” OKCupid also said. Like that justifies this. We have Institutional Review Boards—and I went through an IRB process recently, it was hair-tearingly awful and I hated every minute of it—but we have IRBs because we KNOW not all research questions or research methods are okay, okay?
  8. SECRECY AND L IES And, you know, secrecy and lies

    also go right along with the whole entitlement thing—these nosy creeps will do ANYTHING to keep pretending they’re entitled to spy on us, so they keep secrets and tell lies about what they’re actually doing.
  9. Gizmodo, 26 September 2018 https://gizmodo.com/facebook-is-giving-advertisers-access-to-your-shadow-co-1828476051 Fair use asserted My rule

    of thumb is, if somebody’s telling lies on the Internet, it’s probably Facebook. Kashmir Hill, who is a terrific journalist on the privacy and security beat, asked Facebook if they were letting advertisers get at, like, cell phone numbers and email addresses of people who didn’t even give Facebook that information, much less permission to use it. And Facebook said “nope, not us, we’d never”—and then Hill and some researchers proved it, whereupon Facebook finally, grudgingly admitted it. Let me say this again: FACEBOOK LIED TO A JOURNALIST ABOUT THIS. And that was AFTER trying to keep it secret.
  10. And then there’s GOOGLE. Our good buddy Google has been

    SO OWNED for fibbing. There’s this toggle in Google’s privacy settings to turn Location Sharing off, here’s what it looks like, and Princeton media researcher Günes Acar discovered that if you turn this setting off, as I have done, Google was still tracking your location! But wait, wait, it gets better! Vanderbilt researcher Douglas Schmidt also demonstrated recently that no matter WHAT your Google privacy settings look like, if you have an Android phone, it’s communicating your location to Google several times an hour. And look, this is not even CLOSE to the first time our good buddy Google has been owned. K-12 schools using Google Apps for Education caught Google building advertising profiles on children. Of course the whole time Google was loudly proclaiming that children’s privacy was important to them. Yeah, right. So, how many of y’all’s library websites use Google Analytics? Google makes claims about the privacy of that data. I imagine at least SOME of you have investigated them. I just want you to ask yourselves: whatever those claims are, you believe Google about them why, exactly? Based on its track record, Google isn’t trustworthy.
  11. DARK PA T T ERNS (Manipulation via design) And one

    of the ways they get away with lying to us is with what user-experience folks call “dark patterns.” I’m sure there are some usability and user experience and human-computer interaction folks here. And I love you people, go you! But the design techniques from these fields, they’re tools like any other tools, and they can be used for evil as well as good. Dark patterns are where UX, design, and research techniques are used to mess people up and convince or even force them to act against their own self-interest. Addiction techniques. Techniques that mislead or even deceive. And so on.
  12. And in the interests of time, I’m going to use

    this report out of Norway as my example, you can plug the title into DuckDuckGo and it’ll be above the fold in your search results. It turns out dark patterns are especially common in the design of—wait for it—privacy controls! Gosh, who on the web would want to deceive people about their privacy? Liars. I am afraid of liars, especially the intentional liars this report calls out. Such as, can I get a drum roll please…
  13. CAREL ESS SECURITY And because world plus dog feels entitled

    to collect and share our data, to the point that they lie to us about it, they’re also prone to carelessness about keeping it secure. Let me be clear, perfect security is impossible and even adequate security is incredibly hard. I’m not talking about places that did their honest best but lost data anyway. I’m talking about places that are barely even paying attention to security as a concern.
  14. Natasha Singer / New York Times, 8 February 2015 https://www.nytimes.com/2015/02/09/technology/uncovering-security-flaws-in-digital-education-products-for-schoolchildren.html

    Fair use asserted This comes up in educational technology a lot. Here’s just one example from the New York Times a few years back that I picked because this pull quote is such a winner, but there’s a steady stream of student data breach announcements if you know where to look. So here’s my question for y’all. Do you think the software we’re buying in libraries is any better? Honestly, I don’t. Who’s auditing it? How many among us even know enough to? Who’s working on developing that expertise?
  15. EXPLOITING POWER ASYMME T RIES And we can’t have this

    discussion without talking about power, okay? Our inability to escape surveillance has a lot to do with all the power that we as individual citizens, as Internet users, as librarians, as employees, as library patrons, as device owners, as students, all the power we DON’T currently have to set limits on data collection and aggregation.
  16. Law enforcement targeting activists of color, government agencies using black-box

    prediction systems that unfairly deny people services, there are hideous abuses of power fueled by surveillance. But I want to point out, probably not news to most of you, that just the ability to observe can create an exploitable power asymmetry. These screenshots came from Alex Halpern on Twitter, and it’s a conversation between Alex and some creep who asked a friend who works for a public library to look up Alex’s library checkout record. And then this creep tried to use that against Alex. More or less privately, yeah, but I can imagine ways to try to harm Alex publicly, and I bet you can too. Our professional ethics codes were designed to avoid exactly this kind of thing. We DO NOT use people’s information behavior against them, nor allow it to be used against them when we can avoid that.
  17. WILL ING COLLABORA TION Speaking of avoiding it, public librarians’

    resistance to the Patriot Act set librarianship pretty explicitly against corporations who just rolled over on their customers to United States federal enforcers—telecom corporations particularly, but they’re not the only ones. To be totally blunt about this, a lot of corporations are data quislings, they are collaborators (in the deal-with-the-devil sense of that word). When evil asks them to jump they just ask how high.
  18. Gonna just read this headline… {DO SO} Times like this

    I remember what “yahoo” originally meant, thank you Jonathan Swift…
  19. SURVEILLANCE CREEP And collaboration, in ALL senses of that word,

    is part of how we get what researchers call surveillance creep—the reuse and augmentation of existing data for new and sometimes nefarious purposes that weren’t originally planned for or even imagined. And social scientists say ruefully that surveillance creep is hard, if not impossible, to stop. In other words, expect any data you collect and store, or that’s collected and stored about you, to be used for purposes you didn’t intend—and maybe wouldn’t approve of.
  20. After all, this is kind of how we got to

    Cambridge Analytica, right? Supposedly they and Facebook were collecting silly quiz data because silly quiz data, or maybe because advertising. Ha ha, joke’s on us, Cambridge Analytica was collecting data to try to throw elections! Whether they were successful or not, and that one’s debatable, just the idea that using people’s data to manipulate them at scale is not only possible, but in fact COMMON—this article here is about marketers doing it—this should maybe give us pause about data collection.
  21. INDIFFERENCE T O HARM (“I GOT MINE, YOU DON’T MATTER!”)

    The utter indifference to the harm they’re doing, whether it’s Cambridge Analytica or Uber or Facebook or Google or Twitter, I can’t get over this. It’s so stark, and so awful.
  22. SERIOUSLY, FACEBOOK?! Facebook didn’t care that it was letting anti-Semitic

    and white-supremacist organizations target ads to more of the same. They didn’t care that they were fueling genocide. They DID NOT CARE they were helping people attack other people, until it became an image problem for them. That sweet, sweet ad money their surveillance gets them, that’s all Facebook cared about.
  23. This is not the or wanted. we made So, this

    is not the world we made or wanted. We actually wrote a whole ethics code for ourselves back in nineteen-thirty-nine in part to AVOID this kind of world!
  24. This is still the live in. we must

  25. This is still the live in. our patrons must …

    and if you don’t like this world and wish it were different, I am RIGHT THERE WITH YOU.
  26. How are we coping with this? Let’s find out.

  27. There are sixteen regional public library systems in Wisconsin, thank

    you DPI website. Which is a lot, so I apologize for how crowded this slide is. Let’s ask a really basic online security and privacy question. All of these public library systems have websites; how many of these websites are served up securely? H-T- T-P-S is basic website privacy hygiene now… and the public-library sector generally is known to be lagging badly at it, which is why I ask.
  28. ? X X X X X X X X X

    Here’s your answer. When I checked, I found six secure websites, good job and thank you, y’all… *CLICK* one site that’s partway but not all the way there, keep trucking, folks, you’re on the right track—and *CLICK* nine that are still completely insecure. NINE. Y’all!
  29. CAREL ESS SECURITY This is what careless data security looks

    like in the real world of Wisconsin libraries. I’m sorry but it’s true.
  30. “PACKET SNIFFER” COPIES-AND-SAVES NETWORK TRAFFIC WORKS ON LOCAL NETWORKS, WIFI

    ALL TEXT, IMAGES FROM INSECURE WEBSITES So what? you might be wondering. Okay, fair enough, let me tell you about a piece of free open-source software called Wireshark. *CLICK* Wireshark is what’s called a packet sniffer, or network traffic analyzer if you’re feeling fancy. *CLICK* If you turn Wireshark loose in what’s called “promiscuous mode” on a local network such as a wifi network, *CLICK* Wireshark copies and saves all the information bouncing through that network from all the different phones and tablets and computers connected to it, okay? Including web traffic, email traffic, chat, mobile apps that use the network, whatever. And if a website is not being served securely—like, it’s coming from one of those nine still-insecure library websites I just showed you? *CLICK* Wireshark captures absolutely everything the person who surfed to that site is seeing, all the text, all the HTML, all the images, everything. So I, as the Wireshark user hanging out on the wifi in the library, can trivially snoop on people’s information use from those insecure websites.
  31. Here’s a canned screenshot of what that looks like, it’s

    from a Wireshark lab I have students do in my new information-security course. YES, PEOPLE, packet sniffing is so easy I teach it to undergrads. If you squint a bit you can see the actual HTML of a web page in Wireshark’s bottom pane. So straight from Wireshark I can see every single thing about this page that the web browser of the person using this site sees. And I pulled a stunt when I first gave this talk in Minnesota that I can’t pull here because we’re not all on the same network. Namely, I started up Wireshark and said “hey, let’s see what all y’all have been doing on the web at lunch!”
  32. And then I… did not actually sniff their traffic. Of

    course I didn’t. That would have been a terrible violation of their information privacy. I’m a librarian. I do my level best to operate according to our professional ethics. So I wouldn’t do that, and I didn’t. Even that Wireshark screenshot I showed you was from my own home wifi when nobody but me was using it.
  33. ANGRY BE T RAYED UPSE T UNSAFE SHOCKED But I

    asked them, and I’m asking you, to check in real quick with how you’re feeling right now about the idea of some rando watching you surf the web. I won’t tell you how to feel, I don’t have the right, but see if any of the words I’m throwing up here strike a chord with you. And I ask you to remember how you’re feeling. Beyond this talk, remember how information surveillance made us feel, please. And remember we do NOT want to make patrons in our libraries feel any of these ways; isn’t library anxiety already bad enough? Beyond all the highfalutin’ rhetoric about ethics and intellectual freedom and stuff —that’s a big reason we drew a line in the sand in nineteen thirty-nine about surveilling our patrons. We want and need them to trust us and feel comfortable with us! That means not watching them!
  34. Photo: Paul Sableman, “Neighborhood Association Cornerstone - Erected 1927 A.D.”

    https://www.flickr.com/photos/pasa/8604904182/ CC-BY, cropped So let me suggest that website security is a fundamental cornerstone of present-day privacy in libraries, okay? Defending our patrons against well-known information- surveillance threats like packet sniffing is fundamental. Information security in general IS FUNDAMENTAL. If we can’t get the fundamentals right, we librarians don’t have much business bragging on ourselves about privacy.
  35. And I don’t want to add insult to injury here,

    but I also can’t just ignore this: there was a huge patron-data breach in late twenty-seventeen in northwest Wisconsin. I don’t have any more details about this than what went out in the news; I don’t know what happened. Insider job? Server misconfiguration? Zero-day vulnerability? I just don’t know. I do know that this kind of thing can happen to any of us any time. Teaching a whole course on security has definitely taught me to be humble about it. You should be too. If you’re confident that something like this would NEVER happen at YOUR library—you shouldn’t be. You should not be even slightly confident about that!
  36. CAREL ESS SECURITY So in one way, this might well

    NOT be an example of careless security. Like I said, I don’t know how the data escaped! It’s quite possible nobody running or using the system was careless! But in another way, it absolutely IS an example of careless security, and I do want to talk about how.
  37. This is the list of patron information that got breached.

    And, y’all, it’s bad news. It’s obviously a huge amount of personally-identifiable information, right? *CLICK* So my first question here is, what the ACTUAL HECK are driver’s license numbers doing here? Why does any library need this in their patron data? Did anybody anywhere ever think about the risk? If they didn’t, I’m sorry, that’s carelessness with security and we owe our patrons better. And I can’t accept identity or address verification as reasons for this. When you need that, what you keep in your database is when that verification was done and who did it. You DO NOT keep the identification number; that’s just begging for security trouble. Which leads me to talk about some of the other information that got leaked. Please memorize the name Doctor Latanya Sweeney. I’ll say it again: Doctor Latanya Sweeney, of Harvard University. She is a medical researcher and a privacy advocate, and she’s possibly best-known for demonstrating that for more than four out of five Americans, all the data you need to attach a name to them is their birth date, their gender, and their zip code. *CLICK* Huh. Look at that, two out of those three pieces of information RIGHT HERE. So that’s bad. But even worse, now anybody who gets their paws on this leaked dataset, because it also contains names, can now use it to attach names to any amount of other data that was supposedly anonymous! Again I ask, do libraries need this information? Do they need it to be this precise? If it’s a question of adult versus child, can’t that be a checkbox rather than the whole birth date? To summarize what I’m saying here… there’s no guarantee that libraries won’t have their patron databases hacked. Given that reality, the best thing we can do for our patrons is to keep as little information about them as we can. Data minimization isn’t a new idea in libraries, of course; we just haven’t thought through nearly well enough how it works in and with our current systems.
  38. EXPLOITING POWER ASYMME T RIES The drivers-license thing also tickles

    my power-asymmetry bone. Privacy and surveillance are functions of power. Librarians have power over patrons—and we are certainly perceived by at-risk patrons as having power over them!—and our practices need to be consciously designed not to exploit that power or let anybody else do it. In higher education, for example, a lot of student-information databases had to do some hasty retooling because they included country of origin information. Which sounds innocent and even useful… until suddenly you have federal immigration enforcement knocking on your door. I’m not saying all exploitation of power asymmetry is the result of power tripping, although I have met some pretty power-trippy librarians and I think you might have too. I’m saying, demanding data is an exercise of power, and holding that data confers power, and this is not always power libraries should use or even have.
  39. Now, I’d like to cheer us up a little. This

    talk was originally given in Minnesota, for their state library conference, so when I was retooling it for here I looked through Wisconsin library websites for some of the same privacy-endangering things I found in Minnesota. And I discovered that in quite a few ways Wisconsin is doing better than Minnesota! WE ARE BETTER THAN MINNESOTA, y’all. We are. Go Badgers, go Pack, go Brew Crew, go us! But that’s… not to say we’re perfect. We can definitely do better than we’re doing. Y’all made me hunt, which I appreciate and good job y’all, but I did find some stuff that made me wrinkle my nose, so let’s look at it.
  40. This is the footer on Lakeshores Library System’s home page.

    Which is a very pretty page, and also a very privacy-endangering page. Some of you are already zeroing in on those two Facebook icons, and you are NOT WRONG, Facebook is a total horrorshow and libraries should never, ever, ever do free advertising for it. Now, I’m not saying “libraries need to take themselves off Facebook right this minute,” because I completely understand that one’s complicated. I’d love it if you did, don’t get me wrong, but I certainly can’t order you to. I AM saying that libraries should dump Facebook icons off their main websites. Facebook does not deserve to have libraries lend them attention and credibility. But no, I’m afraid this situation is worse than that. The real privacy problem here is that innocent-looking little gray icon at top right that says “Share.” Share. Shaaaaare. Sounds all nice and friendly and community-minded, doesn’t it? Well, if you click this innocent-looking gray icon *CLICK* what you find is a bunch of what developers call web bugs, and the rest of us usually call social-media trackers. Lakeshores’s website is sharing data about its patrons’ visits with Twitter and Facebook and Google and LinkedIn and Reddit and Pinterest. If any visiting patrons happen to be logged in to any of those platforms during their visit, the platforms can add all the information about their visit to their data dossiers on that patron… and even if patrons aren’t logged in, platforms often try to figure out who they are anyway. And I don’t have time to go into this, but those data dossiers typically get sold all over the place and used for manipulation and discrimination in all kinds of ways, so this is NOT a good thing for patron privacy or security or even just well-being. And I had to poke through a wilderness of code to figure this out, but my impression is that this data-passing happens whenever somebody loads this page, whether or not they actually click on the Share button. So I don’t want to hear ONE WORD about how patrons are making a choice about their privacy here, because they’re not. Lakeshores made the choice, and it’s not the choice that respects patron privacy.
  41. Lakeshores also had the dubious distinction of setting off the

    most potential alarms of all the Wisconsin library system websites in my ad blocker of choice, which is uBlock Origin. So of course I had to see what was going on, and then I said words that I will not repeat here, this being a family-friendly webinar. Doubleclick dot net. DOUBLECLICK is being allowed to load something onto Lakeshores’s website. I don’t know what, I don’t even CARE what, this is a thing that should not be. Doubleclick is one of the Four Horsemen of the Surveillance Capitalism Ad-pocalypse, okay?
  42. But, yanno, it gets worse. DoubleClick belongs to Google, which

    bought it in two-thousand-seven. And for a while, as detailed in this Julia Angwin article on ProPublica, DoubleClick’s massive database of tracking information was kept separate from Google’s massive database of, um, OTHER tracking information. In twenty-sixteen, that changed. Google pooled its data. In its privacy policy, Angwin says, Google “substituted new language that says browsing habits may be combined with what the company learns from the use [of] Gmail and other tools.” So, let me praise Lakeshores Library System for one thing: they’re not using Google Analytics. But before we get too happy here, let me mention that unlike Lakeshores, the library systems of Arrowhead, Bridges, Milwaukee County, Nicolet, South Central, Winnefox, and Wisconsin Valley ARE using Google Analytics! Congratulations, all y’all Google Analytics users, you are delivering your patrons gift-wrapped unto the surveillance-capitalism panopticon.
  43. CAREL ESS SHARING Now, I feel bad about piling on

    like this. I’m sure nobody at any Wisconsin library has ever thought to themselves “hey, today I’ll go to work and feed all our patrons into the surveillance-capitalism panopticon! that’ll be greeeeeeeeat!” This is likely to be careless sharing. To which I say, we could all stand to be more careful about this?
  44. WILL ING COLLABORA TION But I also think there’s an

    argument that lack of intent is not magic. In effect, Lakeshores Library System and all y’all using Google Analytics—and by the way, I checked WiLS’s website too, and yep, Google Analytics—all y’all are collaborating, in the deal-with-the-devil sense of that word, with corporate surveillance. Because it’s convenient, right? Google Analytics is just so very convenient. *PAUSE* So, convenience is all surveillance capitalism has to pay to buy patron privacy off libraries? Huh. If y’all haven’t done so already, please install an anti-tracker plugin in your favorite browser. It doesn’t even have to block stuff if you don’t want it to, I just NEED y’all to become more aware of behavioral surveillance online. I’d be even happier if you installed uBlock Origin on all your patron-facing machines in your library. If you need to convince anybody in IT, tell them it’ll cut way down on bandwidth costs—happens to be true!
  45. Now, I absolutely want to hand out credit where it’s

    due. Kenosha County, your library system website turns up exactly zero potential trackers in my web browser. I am IMPRESSED. Y’all rock! This is the only library website so far that I’ve ever seen this!
  46. There’s an interesting question lurking here about our Fearless Leaders

    setting the example for all the rest of us. So here we are at the Wisconsin Library Association home page, they’re our Fearless Leaders, right? And I’ve got my UBlock Origin open again, so y’all brace yourselves.
  47. Our old friend Google Analytics is there, which is no

    bueno, but what’s this Multiview thing that’s also coming up and that UBlock is blocking?
  48. It’s an online marketing company. And they don’t even make

    a secret of being in the surveillance business, y’all—just LOOK at their logo, top left! Look at it! And tell me those three big circles aren’t meant to evoke, like, binoculars or even gunsights. Tell me that. I’m gonna laugh at you if you do, but go ahead, tell me. There are some social-media trackers scattered here and there in the W-L-A site, too. Those just need to go. So, Fearless Leaders at W-L-A: As a Wisconsin librarian, I expect y’all to kick online surveillance to the curb. Wisconsin librarians do not pay you dues so that you can pay a vendor to surveil us.
  49. We have more Fearless Leaders at the Department of Public

    Instruction, so let’s repeat the drill with them. The results turn out to be pretty interesting. No Google Analytics, so that’s good, and whoever used YouTube on this page took the trouble to refuse cookies from it, so that’s also impressive. There’s some stuff from NewRelic that’s a bit dubious, but in fact, neither UBlock Origin nor Privacy Badger actually blocked anything on this page. So, okay. Could be worse. But when I scrolled to the bottom of Privacy Badger for the list of things it doesn’t know about yet—they might be trackers, they might not—I found this domain monsido dot com. And it has a subdomain called tracking dot monsido dot com, so of course I was all like, oh wow, we got troubles here.
  50. Monsido, it turns out, is a user-experience company. Oh, yay,

    improving website user experience is good, right? No worries about data tracking here, right? They just collect a little anonymous data, analyze it, and throw it away, right? Because that’d be the responsible, privacy-protecting thing for UX professionals to do.
  51. But because I trust absolutely no one, I took a

    look at Monsido’s privacy policy. And I laughed. And I cried. And I said more words I won’t repeat. Because straight-up, y’all, it’s as bad as Multiview’s. I knew Multiview’s would be evil, and hey, I wasn’t disappointed! I WAS disappointed that Monsido’s was just as bad. Yep, they’re tracking, and yep, they retain the data as long as they want unless a person they’re watching actually makes them stop, and yep, they keep individual dossiers even when they don’t attach actual names to them, and yep, they share their data with their “affiliates,” whoever those are, whenever they feel like it, and nope, there’s no opt-out, and nope, they don’t respect browser Do Not Track settings. So, Fearless Leaders at DPI: Dump these chumps. I’m serious, dump Monsido YESTERDAY. Find a UX vendor with some respect for privacy, please, and do your UX testing opt-in style.
  52. SURVEILLANCE CREEP This is surveillance creep in action. User experience

    is a noble cause, says DPI, so let us let Monsido do a tiny bit of surveillance to further that cause! And then Monsido has the data, so they’re now surveilling library patrons among others, and if that’s not enough, Monsido can sell or share that data with other surveillance outfits, so THOSE are now surveilling our patrons, and, just, where does this END? Now, there’s a chance that W-L-A and DPI have contracts with Monsido and Multiview that override the standard terms of service to forbid this level of tracking and sharing. I sure hope so! But even if they do, what message are we sending by paying companies that do this?! We are libraries! We and our leaders are supposed to be better than this!
  53. INDIFFERENCE T O HARM I’m still kind of bewildered at

    Doubleclick and Google Ads and NewRelic, all this advertising that turned up. Third party advertising, on a library website? Behavioral advertising, yet, where the library may have limited control over which ads come up? I KNOW there’s something in the ALA Code of Ethics about this kind of thing—oh yes, it’s article six: “We do not advance private interests at the expense of library users, colleagues, or our employing institutions.” Selling our patrons to surveillance-capitalism panopticons, and not riding herd on whatever come-ons some sleazy advertiser wants to slap on our website, sure strikes me as advancing private interests at the expense of library users. Wisconsin, we can do better.
  54. Here’s another carnival of funhouse surveillance mirrors for your enjoyment

    today. It’s called “learning analytics” and it’s a big honkin’ deal in some schools, colleges, and universities these days. Learning analytics is about surveilling students, emphatically including their information behavior. Who they are, what they do online, what they do offline, what they do IN class, what they do out of it. Basically anything students do, some learning analytics project somewhere wants to record it and analyze it. And the places doing learning analytics totally want their libraries to join in the fun!
  55. Photo: André Banyai, “Hugo Boss” https://www.flickr.com/photos/abanyai/3161855995/ CC-BY, cropped So, I

    was talking to an academic-library director—and no, I won’t be any more specific than that—at an event we were both attending a few years ago. And this director mentioned that their library was hoping to go into mining and distilling their library’s patron data—it wasn’t really called “learning analytics” then—in a big way, because, and I quote to the best of my faulty memory’s ability, “it’ll be great to be able to talk to our administrators in language they understand.” No lie, this director wanted to surveil their library patrons’ information use to make it easier to talk to their boss. *PAUSE* So, okay, let me pick this statement apart a bit more, because it both frightens and appalls me.
  56. ENTIT L EMENT This academic-library director sure looked to me

    to have skipped ALL THE WAY PAST the step where we ask, “hey, is it actually okay for us to do this?” That is the worst kind of entitlement, just the worst, where we don’t even check in with ourselves and our professional ethics, much less our actual PATRONS, we just charge right on ahead. And “making it easier to talk to your boss” is the best you’ve got as a justification for surveilling patrons? Because that is super not a great reason. I’m a regular University of Wisconsin library patron, and I was myself a college student as recently as last spring, and let me make this REAL clear, NO LIBRARIAN IN THIS STATE has or will EVER have my permission to retain or use my patron data just to make it easier to talk to their bosses. You are not entitled to do that, and it makes me furious that any librarian anywhere would think they are. So when y’all think about a learning analytics or other surveillance project, go right ahead and imagine me glaring at you. I’m fine with that because it is exactly what I would be doing.
  57. SECRECY AND L IES I remember asking that library director

    what they planned to tell their students about their data collection. I didn’t get much of a response. It clearly wasn’t a question they’d considered. So, explain this to me, we librarians are better than the secretive secret-keepers and lying liars at Facebook how exactly?
  58. INDIFFERENCE T O HARM And no thought given at all

    to the harm that patron surveillance might cause, to individual patrons, to certain classes of patrons, to ALL patrons, or to society generally. Hey, as long as I can talk to my boss real easily, it’s all good, right?
  59. Megan Oakleaf, “Library Integration in Institutional Learning Analytics” 15 November

    2018 https://library.educause.edu/~/media/files/library/2018/11/liila.pdf Fair use asserted. And on that theme, I have to show y’all this, it’s just mind-blowing. It’s from an Educause report out last November talking about libraries and learning analytics, and I just want you to notice the framing here. Privacy is an OBSTACLE to library learning analytics. Not a consideration, much less a desideratum, but an OBSTACLE. If privacy is an obstacle to something you want to do, maybe-just-maybe that’s a GIANT HINT that you should not be doing it.
  60. WILL ING COLLABORA TION But the mention there of libraries

    integrating with the larger institution’s analytics practices opens a conversation about those bosses that our academic-library director wanted to communicate with. I know a lot of us work with and for people who are not librarians or archivists or records managers or other people who have been inculcated with privacy ethics. And most of us have to deal with our larger institution’s IT, whose ethical foundation can be… somewhat lacking. Do you trust these people with learning analytics or patron data? Would you trust them with YOUR OWN data? The data of a patron you know to be vulnerable? Do you think they’d make the right calls? Me, I’m cynical. I don’t trust non-librarian administrators with my privacy. Not in a bunch, and mostly not individually either. Tell me I’m wrong! But that raises the question, since most learning analytics projects come out of the larger institutions run by these not-super-trustworthy people, should we be participating at all? Or does participating instead of resisting make us quislings, people who ask “how high?” when evil tells us to jump.
  61. EXPLOITING POWER ASYMME T RIES In fairness, some of what’s

    going on here is that yeah, those bosses are probably leaning on that library director pretty hard. And I don’t even have WORDS for what I think of people who use their power to force other people to do what they know to be wrong. But that doesn’t get our library director off the hook, because that director is exploiting power that they have over students at that institution—the power to collect data without permission, the power to keep secrets about it, the power to analyze those data and reach conclusions that may disadvantage some of those students. I don’t even remotely think that’s okay.
  62. So you can see, I hope, why I’m deeply concerned

    and upset that data harvesting and learning analytics are planks in the current Council of U-W Libraries strategic plan. (Yes, it took me a while to bring this story back to Wisconsin, but here we are finally.) I think three-A there was a bad mistake, I don’t think three-B fixes it even though I’m grateful it’s there, and my hope is that like many things in strategic plans, three-A gets ignored and not followed up on. Let me try to explain why. I’m an instructor and a student advisor. I work with students from oppressed and outlier populations, I work with students who are vulnerable, I work with students who are in active crisis, I work with students who for good and cogent reasons don’t trust the larger university I work for. And here’s what I want to say about learning analytics as an instructor and advisor—I need the students I work with to trust me, or I can’t do my job. This means I need learning-analytics people not to be indifferent to the harm they can do by undermining that trust. I’m begging you, CUWL, don’t blow it for me, okay? Don’t blow up the trust students have in me. I need you to understand that you CAN do that, just like lack of user trust is messing with Facebook and Google right now, and then I need you not to.
  63. 2. The privacy of library users is and must be

    inviolable. Policies should be in place that maintain confidentiality of library borrowing records and of other information relating to personal use of library information and services. Maybe just one more thing before I move on. This is directly from the ALA’s Intellectual Freedom Principles for Academic Libraries. It starts out, “THE PRIVACY OF LIBRARY USERS IS AND MUST BE INVIOLABLE.” *pause* Welp.
  64. We, SURVEILL ED and AFRAID in a World We Never

    Made Photo: Jay Phagan, “Surveillance Cameras” https://www.flickr.com/photos/jayphagan/33870031091/ CC-BY, cropped, darkened, masked aren’t preventing, and sometimes buy into or even facilitate! So, this is where we’ve landed as a profession, I think. We’re suspicious and scared of surveillance, as we should be because it’s scary. But what we can’t do, I hope I’ve convinced you, is deny that we are part of this world of surveillance. We ARE part of it, just as much as Facebook and Google and Cambridge Analytica and Adobe. Some of us have even bought into it whole-hog! We’re actually NOT so different.
  65. Photo: La Vladina, “Shut Up, take 3” https://www.flickr.com/photos/ danielavladimirova/6234626228/ CC-BY,

    cropped But even those of us who fear and loathe surveillance mostly haven’t done much about it, and I include myself in that. Silent partners in the panopticon. Dunno about you, but that’s not what I went to library school to do.
  66. How are we coping with this? So, returning to the

    question I asked much earlier, how are we coping with all this? Maybe not so well! If we want to be different from the surveillance capitalists, and I sure hope we do, some things are gonna have to change. How can we cope better?
  67. Photo: mslavick, “No!” https://www.flickr.com/photos/supernintendo_chalmers/3827043121/ CC-BY, cropped They say “no” is

    a complete sentence. Maybe when we see one another taking dumps on privacy, pardon my language, we yell NO. It could be that simple!
  68. Photo: Zeev Barkan, “Fine art vs. documentary photographs” https://www.flickr.com/photos/zeevveez/7095563439/ CC-BY,

    cropped But, you know, asking questions can be easier, and I think that’s a big part of what we can all do about this. Ask questions, when you’re feeling some patron surveillance coming on at your library. “Are we actually entitled to collect or use this data? Shouldn’t we just delete it? How are we going to tell our patrons this is happening? Isn’t this surveillance creep? What harm could come to our patrons from this? Do we really wanna be like Adobe and Facebook?” Ask, and keep asking.
  69. Photo: Paul Sableman, “Neighborhood Association Cornerstone - Erected 1927 A.D.”

    https://www.flickr.com/photos/pasa/8604904182/ CC-BY, cropped And part of a productive coping strategy is going back to fundamentals, to privacy cornerstones. For example, ALA has an amazingly great how-to on library privacy audits, which are not by any means a new idea; they just take on new importance in the shadow of the digital panopticon. Now, I realize and respect that a lot of us are feeling unprepared for this technically. I’m betting this is the first a lot of you have ever heard of Wireshark or even Doubleclick. It’s okay, I’m not mad at you, nobody’s born knowing this stuff. But it does mean we have a lot of each-one-teach-one to do in our profession about the fundamentals of information security. I just want to reassure you that I myself have only been boning up on infosec for a little over a year. If I can pick up a baseline understanding that fast, I definitely think lots more of us can.
  70. Photo: edward stojakovic, “Madison Wi Capitol” https://www.flickr.com/photos/akasped/11655085676/ CC-BY, cropped So

    like I said, we’re already ahead of Minnesota and that’s great, but look, I gotta say here, that’s a pretty low bar. I will now pause so that you can all yell “burrrrrrrrn” at your computer screens. I have a closing challenge to all of us here: FORWARD. Let’s make Wisconsin the national example of doing twenty-first-century library privacy right! Let’s lead the whole country! Don’t be afraid, spit in surveillance’s eye! Now, we do have a ways to go to get there, but not as far as Minnesota! And we have a lot to learn, but it became obvious to me putting this talk together that we, possibly unlike Minnesota, also have people who clearly know what they’re doing and can teach the rest of us. And if you think I’m stirring up silly interstate rivalries in hopes that it benefits patron privacy—gold star! That’s exactly what I’m doing! And if you think that’s petty and you’d rather work toward better patron privacy because it’s just plain the right thing to do, you just rock on with your amazing self, okay?
  71. Photo: edward stojakovic, “Madison Wi Capitol” https://www.flickr.com/photos/akasped/11655085676/ CC-BY, cropped, darkened

    Thank you! Copyright 2019 by Dorothea Salo. This presentation is available under a Creative Commons Attribution 4.0 International license. Please respect licenses on included photos. And my best wishes to you. Thank you.