 Welcome. And thank you for joining us for today's TechSoup for Libraries webinar, The Changing Landscape of Library Privacy. My name is Crystal and I'll be your host. We have two guests today who work at the national level with privacy in libraries. And together they will share some important considerations for libraries when it comes to protecting patron privacy at a time when most of our data is stored digitally. Before we begin I have just a few announcements to share. We will be using the ReadyTalk platform for our meeting today. Please use the chat in the lower left corner to send questions and comments to the presenters. We will be tracking your questions throughout the webinar and will answer them at the designated Q&A section at the end. All of your chat comments will only come to the presenters, but if you have comments or ideas to share we'll forward them back out to the entire group. You don't need to raise your hand to ask a question. Simply type it into the chat box. Should you get disconnected during the webinar you can reconnect using the same link in your confirmation email. You should be hearing the conference audio through your computer speakers, but if your audio connection is unclear you can dial in using the phone number in your confirmation email or that we've shared in the chat. If you are having technical issues please send us a chat message and we will try to assist you. This webinar is being recorded and will be archived on the TechSoup website. If you are called away from the webinar or if you have connection issues you can watch a full recording of this webinar later. You will receive an archived email within a few days that will include a link to the recording, the PowerPoint slides, and any additional links or resources shared during the session. If you are tweeting this webinar please use the hashtag TS4LIDS. We have someone from TechSoup live tweeting this event so please join the conversation there. TechSoup Global is dedicated to serving the world's nonprofit organizations and libraries. TechSoup was founded in 1987 with a global network of partners. We connect libraries and nonprofits to technology, resources, and support so that you can operate at your full potential more effectively deliver programs and services and better achieve your missions. TechSoup has helped to distribute over 14 million software and hardware donations to date through our product donation program. We offer a wide range of software, hardware, and services including software from companies like Symantec and Horizon Datasys. Symantec Security Software is one of TechSoup's most popular product donations among libraries and offers protection against viruses, spyware, and other security risks on PCs, Macs, smartphones, and tablets. Drive Vaccine is just one product donation available from Horizon Datasys and is an automated system restore software that reverts Windows-based PCs to a previous state on a specified schedule. This software is expressly designed for use on public access computers. Products like these are available to nonprofits and libraries and can help keep public computers secure and safe. For more information about TechSoup product donations or services, please visit techsoup.org and click on Get Products and Services. Now I'd like to introduce the two guests we have joining us today. Deborah Caldwell Stone is the Deputy Director of the ALA's Office for Intellectual Freedom. An attorney by training, she works with librarians, trustees, and library users on a wide range of intellectual freedom issues including book challenges, internet filtering, meeting room policies, and the impact of new technologies and the USA Patriot Act on Library Privacy. Mike Robinson is the Chair of the ALA's Intellectual Freedom Privacy Subcommittee and Head of Systems at the Consortium Library at the University of Alaska Anchorage. He has worked with technology in academic, public, and special libraries and is interested in how libraries use technology to provide access to information and services to users. My name is Crystal Shins and I'll be your host for today's webinar. Assisting us with chat and Twitter, we have Ginny Niece and Becky Wiegand from the TechSoup team. We will be on Twitter using the at TechSoup for Libs handle, so please join us there. Now today we'll start off by hearing from Deborah who will talk about how library privacy has evolved including issues related to privacy and confidentiality and some of the basic legal foundations there. Then we'll hear Mike and he will talk about issues related to library privacy and commercial surveillance. Mike will discuss threats to online privacy and also safeguards that you can put in place at your library to better protect patron privacy. We will have time for questions at the end of the webinar, but we invite you to send in your questions as they arise and we'll keep track of them. This webinar is being recorded and all of the slides, resources, and materials will be included in the archive of this webinar which you will receive within a few days. Now we wanted to learn a little about you and your library, so we have this brief poll. Please tell us how good of a job do you think your library is doing at protecting the privacy of your library patrons? Your response is anonymous here and we hope that you'll select your response and click submit and then you'll see a summary of all of the responses of participants here today. This just gives us an idea of perhaps what work you might be doing already or where you think your library is in terms of protecting library patron privacy. I'll give you just a few seconds to think on this and find those buttons. I can see many of you have responded already. Most seem to fall in the pretty good range. Also average is getting a high rating there. A few people are saying, excellent, we're glad to hear that. A few say either not very good or not sure. Let's give you just a few more seconds on this poll and we'll go ahead and close it down so get those final responses in. In 3, 2, and 1, I'll close the poll and there we can see all the results. So we have a wide range today. Like I say many people feel like they've got some foundation pretty good or average practices in protecting library patrons. It's great to hear. Wherever you fall in this spectrum though, we hope that today you walk away with some new ideas for what you can do to improve what you're doing at your library and help to protect the patron privacy in your library. And that's what we're here to learn about. So now I'm going to turn over the controls to Deborah so she can tell us about the evolution of library privacy. Deborah? Thank you, Crystal. Today as Crystal indicated, I will have a presentation that really falls into two parts. And the first is a kind of Privacy 101 review and overview which I hope will provide you some new ideas and foundations for thinking about library privacy. And the second part I'll discuss how traditional notions of what it means to protect patron privacy are changing and evolving before turning these things over to Michael. So what do we talk about when we talk about privacy? And we can define privacy in many ways, but in the library what we're really concerned about is intellectual privacy, the kind of privacy that preserves the freedom of thought and belief, the kind of privacy that protects the right of intellectual exploration and maintains the confidentiality of communications. Intellectual privacy protects our ability to read what we want and to think for ourselves without worrying that other people might judge us based on the books we read or the ideas we think about. It allows us to explore ideas others might not approve of and figure out for ourselves what our values are in regards to politics, sexuality, and morality. In simpler terms, intellectual privacy is providing protection from surveillance or interference when we think, read, or consult with those we trust. Needless to say, intellectual privacy is essential to protecting intellectual freedom in the library. The freedom to read and receive information, the freedom to inquire, can't exist when a person's library use is monitored and their individual reading habits are made known to the public. Only when an individual is assured that her reading choices will remain private and will not subject her to social reprisal, public humiliation, or government punishment can she fully exercise her freedom to explore unorthodox ideas or way arguments or decide for herself what she believes. Because of this, because of the possibility that a person's freedom of inquiry will be inhibited, librarians are fiercely committed to preserving the freedom to read without interference and without government surveillance. Now the ability to keep private what we read and think about really does affect how people read and access information. We can look at a couple of examples. When the UK and the US governments finally allowed Lady Chatterley's Lover to be published, it was an immediate bestseller. But a person couldn't read it in public without announcing to the world that they were reading a Salacious Span book. One risked embarrassment and judgment from others if they read the book in public. Even when one had the courage to read the book while on public transportation, you tried to maintain a shred of propriety by keeping a copy of the Times at hand to shield the book from view. But the introduction of the tablet and the e-reader in more recent times means that one can purchase a Salacious book and then read it at your convenience anywhere in public without disclosing the title of the book. Book industry analysts actually believe that the ability to read privately in public helped drive the enormous sales of 50 shades of gray as an e-book. And if one doubts that there might be consequences when one's reading habits are made public, we can take the heart the case of the graduate student accused of terrorism simply because he was seen reading a book on terrorism studies in his college library. Being seen reading about the wrong ideas has always had consequences, whether it was being burned at the stake, arrest or imprisonment, public suspicion or diversion into a program meant to alter one's political thoughts and ideas. To avoid subjecting patrons to these kinds of consequences, librarians have developed a professional ethic of privacy, a set of standards for professional conduct that govern how librarians and libraries provide services to library patrons. This professional ethic of privacy finds expression in two documents developed by the American Library Association for its members. The first is the privacy interpretation of the Library Bill of Rights. This draws on Supreme Court decisions that outline the First Amendment right to read and receive information anonymously. That is the proposition that a person has a right to keep their intellectual activity private and that same person has a right to be free from monitoring or surveillance, whether it's undertaken by the government or by a private entity. This is a document that asserts that privacy is essential to free inquiry because it enables library users to select, access and use information without fear of embarrassment, judgment, surveillance, punishment or ostracism. Now the interpretation goes on to describe the librarian's duty in regards to the patron's information and activities in the library. Librarians and library workers owe a duty of confidentiality to patrons, a duty that arises whenever the user shares their name, address, reading habits, their internet use, and their reference inquiries with the library. When a patron shares this information, the library and all of its staff, including the director, the librarians, security guards, cleaning crews, and the volunteers who shelved the books owe this duty to the patron to keep that information private on their behalf and to recognize that it's not the library's information to use as it wishes. Now the ALA Code of Ethics is much more explicit about the librarian's duty to protect patron confidentiality. It creates a professional ethical obligation to protect patrons' rights to privacy and confidentiality, just as physicians and lawyers keep their clients' information confidential. It further outlines exactly what must be kept confidential. That is all the information sought or received and the resources consulted, borrowed, acquired, or transmitted by the patron, which can include database search records, reference interviews, circulation records, interlibrary loan records, and any other personally identifiable uses of library materials, facilities, or services. Now in the United States we also have a body of law that recognizes a right to privacy and what one reads and thinks about. This body of law rests upon the First Amendment, which not only protects free speech, but also protects those activities that allow a person to fully exercise their First Amendment rights. This includes the right to keep one's reading habits and web browsing private. It also looks to the Fourth Amendment, which protects our homes, papers, and possessions from unreasonable or unauthorized government search and seizures. Courts have extended this right to be free from unreasonable government searches to other contexts, including the library. Both state and federal courts have explicitly recognized a personal right to keep one's reading habits private as well as the right of libraries and bookstores to defend that right on behalf of their patrons. Finally, there are library confidentiality laws in 48 states and the District of Columbia. These laws either recognize the confidentiality of a patron's library records and prevent their public disclosure, or they place a duty on librarians to affirmatively protect the confidentiality of a user's records and often require court order before the library can disclose records to law enforcement or to another third party. Now while we can study policy and law to learn about library privacy, we more often tell stories when we talk about the ways that librarians defend patron privacy. One well-known story involves a very small one-room rural library in Washington state that acquired a popular biography of Osama bin Laden for its collection. One day, the FBI served a subpoena on the library, demanding the names of every person who had ever borrowed the book. The library board bravely decided to resist the subpoena, which they saw as a pure fishing expedition. It spent its limited funds to hire an attorney and to file a lawsuit challenging the subpoena. Rather than to respond to the lawsuit or risk having a judge rule on the validity of its subpoena, the FBI withdrew its demand for records. Because the library acted, reader privacy was saved for the community, especially for those persons in the community who had dared to read Osama bin Laden's biography. Or we can tell another well-known library privacy story, probably one of the most well-known. In 2005, the FBI served a national security letter on the library connection, a consortium providing computer and automation services to 25 different Connecticut libraries. The executive director and three board members of the library connection, all librarians, chose to file a lawsuit challenging the NSL in order to protect the privacy of their users. Doing so subjected them to FBI surveillance and public criticism. Nonetheless, they persevered and after months of litigation, the government finally gave up its battle and withdrew its demand for the patron records, preserving the library connection's patron's privacy. Now these stories reflect the traditional view of library privacy, brave librarians protecting privacy by preventing law enforcement and the government from viewing patron reading records. ALA policies addressing library users' privacy reflect this focus. They are designed to address the specific threat to a patron's privacy posed by a police officer or an FBI agent who shows up at the library's circulation desk with a demand to see patron records. These stories also reflect the popular perception of librarians as privacy heroes. As a result, libraries are often trusted institutions in their communities and librarians are perceived as fierce advocates for both privacy and the freedom to read. But this concept of library privacy looks to another time when the library was the sole institution creating, storing, and handling patron records. And when records were on paper or on servers kept in the library and were catalogs or kept in drawers. Privacy was a simple task, prevent unauthorized third parties, primarily law enforcement, from viewing or using a patron's circulation records. But the digital revolution has changed the library. Today we have a host of outside third party vendors who provide integrated library services, online public catalogs, eBooks, and other digital content, and even software as a service solution that deliver an integrated social discovery experience to the library users. Use of these services generate a tremendous amount of data about a patron's intellectual activities and their use of library resources, all of which can be tied back to that particular user. Because this data can provide a detailed and intimate profile of a person's life, it's as important to protect any records or data about a patron's online activities as it is to protect the patron's book borrowing records or her personally identifiable information. But the real issue here is what happens to the patron's data over time. Before online services, patron data was kept locked in library drawers or stored on library servers. But now patron data is shared with a third party, circulated over the Internet, and may not even be controlled or managed by the library itself. So information about a patron's intellectual activities could be leaked or disclosed despite the best efforts of the librarian. We've already seen some examples of this risk. In 2014, a web engineer using Adobe Digital Editions discovered that the e-book platform was gathering data on what e-books were opened, what pages were read, and what order the pages were read. The platform then sent this data, including the patron's ID in the title of the book, the book's publisher, and other metadata back to the Adobe servers. And they did this in the clear without encryption. The lack of encryption meant that anyone could monitor that data stream and spy on the user's reading habits in real time. And if that data was stored in Adobe servers and associated with a particular user, that patron information would be vulnerable to a data breach or could be obtained by law enforcement. We can consider the present trend of embedding social media links in an online public catalog. It does provide users with a shortcut to their social media accounts, but it also provides Facebook and other outside vendors with the ability to collect data about the patron's use of the OPAC. An embedded Facebook button functions very much like a tracking cookie. It will keep a record of every page visited by a unique user. This is not to suggest that third-party services are inherently evil and malign, but to simply point out that they are often commercial for-profit entities that operate in a business environment that views data as a valuable commodity. Libraries and librarians need to change their privacy practices to respond to these changed circumstances. Now, this inevitably raises a question at this point. Why should librarians care, especially when library users themselves are posting so much information about their personal lives online? And the response is fairly simple. We should care because privacy holds an intrinsic value that we should all fight to protect and preserve as a public good. Privacy creates boundaries between the individual and society, allows for greater tolerance, and it protects the freedom of conscience and therefore the freedom to read. But there are other reasons as well to protect a patron's privacy, no matter how much they share online. First, librarians are in a position of trust with regard to library users that can be compared to the duty of confidentiality held by doctors, clergy, and lawyers. Second, our personal judgment about how others protect or don't protect their privacy isn't an adequate basis for abandoning the ethical commitment to protect the confidentiality of library users' information. It's simply not our place to turn our observations about some people's behavior into a policy of no privacy for all. Now, it's also appropriate here to give the public their say in a way. We can look at the Pew Foundation's ongoing Internet and American Life project for its wealth of data on the general public's use and attitudes about online life. And if you review these results, you'll find that people still care about their privacy and that they want the businesses and institutions that are collecting and managing their data to protect that information. For example, the majority of persons online have taken steps to remove or conceal records of their online activities, and a majority try to avoid observation by the government. And a majority of adults are not fans of the kind of commercial data sharing that allows for better, more personalized service. But at the same time, a majority agree or strongly agree with the statement, I am willing to share some information about myself with companies in order to use online services for free. It appears that I am missing a slide here. I am very sorry for that. But they also examined page and privacy in the library. And in the specific context of the library, a majority of respondents to the Pew survey said that they might be interested in personalized online accounts that would recommend books to them based on their past library activity, similar to the recommendations offered by commercial sites like Amazon. And a majority of library users responding to that survey said that they would likely to be used a library cell phone app that would allow them to access and use library services from their phone. In light of all of this, I would like to make a modest proposal that the library profession expand its responsibilities concerning patron privacy and confidentiality. We should not only keep information private on their behalf, we should also provide patrons with sufficient information and access so that they can exercise meaningful control over their information, whether it's their personal information about their name and address or information about their use of library resources. Alan Weston was a very forward-looking legal scholar. And he first proposed this modern conception of privacy just as government agencies were just bringing the first central data banks online in the mid-1960s. He believed that freedom only exists when you can control who watches you or who learns about you. Consequently, he described the right to privacy as the right to determine how much of your personal information is disclosed, to whom it's disclosed and how it's maintained. Libraries should look to this for their future policy development concerning privacy. Now if we incorporate this idea into our definitions of privacy and confidentiality, library privacy would mean more than simply providing protection from government surveillance. It would also require the enforcement of legal, social, and ethical limitations on the use and treatment of patron information and enforcing each patron's right to control her information, including the right to make traces about who has it and what they can do with it. What would this look like as a matter of library policy and practice? First, it would require incorporating affirmative statements that acknowledge the user's right to privacy and confidentiality, the user's right to be informed about what information is collected about them and what happens to that information, and information of the library's duty to protect that information and to adhere to the user's choices about what happens to their data. It would also mean the adoption and use of the fair information practice principles such as transparency, user consent, data minimization, and use limitation, and assuring security and accountability in regards to the storage and use of data. This would provide a great framework for privacy procedure. It also means moving toward the use of full encryption for library websites, native services, and data storage, and opting in for the highest level of security offered by a library vendor. One step that we've taken to assist with this at ALA is the sponsorship of Let's Encrypt, a nonprofit organization that makes security certificates needed for encrypting websites available at no cost to the library. That would mean when negotiating contracts for vendor-provided content and services, requiring those vendors to encrypt their data flows, acknowledge the library's ownership and control of user data, and to require them to acknowledge and adhere to the library's privacy policies. And it would also require the library to provide robust support for informed consent, that is providing users with all available information about a platform or services use, storage, and communication of personal data so they can make meaningful choices about what information they want to share and how they want their data treated. It means making online services allow for data opt-in, and when possible, provide access to tools and procedures that allow for anonymous activation, excuse me, anonymous use of the library service and delegated authentication for library services that keeps the user's information confidential. Finally, it requires ongoing privacy education and training for staff and users alike. Now, we've taken some steps. The IFC Privacy Subcommittee has initiated a process that will see the creation of new guidelines over the next year that will assist libraries in developing these kinds of policies. They've already approved privacy guidelines for e-book and digital content and student data management, and other like guidelines are coming online in the very near future and will be discussed at ALA's upcoming annual conference in Orlando. That concludes my presentation for now, and I will hand things off to Crystal and Mike. Great. Thank you, Deborah, for sharing this overview to really set the stage and talk about these underlying foundational principles related to library privacy. We're starting to get some questions and get into the more technical specifics, and I just wanted to let those of you who've joined us today know that we will do questions at the end, and so continue to ask any questions that you have in the chat, and also that all of these resources and the slides will be available in the archive, and you will automatically get that via email later this week. So that will be coming soon. But now, I'd like to turn things over to Mike who will talk about library privacy, and especially the issue of commercial surveillance. So Mike? Thank you, Crystal, and thank you, Deborah. Yeah, I've seen some of the questions in the chat window, and I think we'll touch on a few of them here, but we can also follow up with them during the question and answer period at the end of this. The title of my presentation is Library Privacy and Commercial Surveillance. And so I think Deborah really laid out a good argument about why privacy is important and how it ties to intellectual freedom. And my thesis would be that ALA and libraries have done a fairly good job in the traditional role of protecting reader privacy in the physical world and against state-level surveillance. But I think in the online world, my thesis is that commercial surveillance, book vendors and other services out on the web are kind of the primary threat models that libraries need to kind of deal with now. And so what I'm hoping to talk about is some of the online, first online privacy that are out there in general, and then talk about the library landscape specifically, how those online threats affect the library landscape. And then talk about some safeguards that libraries can take to protect those. I was really interested by the results of the survey where 11% of us said excellent and 49% said we did a pretty good job of protecting privacy. So that's 60% of us are thinking we're doing a pretty good job. And I normally set out this presentation thinking that the audience doesn't think we're doing a good job and trying not to scare them with the number of online threats to privacy that libraries are exposing their users to. And so I'll probably still continue to do that, take that model. And the safeguards, some of them are going to be technical and some of them are non-technical. I think there's a set of safeguards that almost any libraries can start applying at whatever level they happen to be at. So this is kind of how I look at online privacy threats. It's one way you can look at them. And it's kind of a hierarchy of threats. So kind of at the highest level is the National Security NSA, Snowden National Security level, Patriot Act. Then you have law enforcement. You have FBI. You have local law enforcement turning on cell phone towers and stingrays and putting tracking devices in cars and various types of things like that. Then you have criminals and hackers who have unauthorized access to information and then the online flows. And then you have commercial surveillance, commercial threats to online privacy. Google, when you use Gmail, agrees to scan your email. You agree to let Gmail scan your email, the content to your emails in order to provide targeted ads as an example. But then I think the threats continue. Your internet service providers log all your internet activity. Your employers log your internet activity. Schools log their internet activities. And then finally kind of the closest to you is your peers, your family, the person sitting next to you at a public computer in the library. So all people that can kind of observe what you're doing, what your activities are. So this is kind of the model and I'm going to be concerned with the commercial layer right there for the most part. So for commercial surveillance, I mentioned a little bit but why is there commercial surveillance? Well, some of it is social media. We're sharing that data on Twitter or Facebook about ourselves. We're doing it voluntarily. And yet companies are using that data and monitoring that data. A lot of it comes around personalization. There's so much information out there. We want to embrace personalization and allow people to make choices and share data about themselves in order to get information customized to their needs. Mobile apps are another place for commercial surveillance and activity tracking on websites and browsers. A lot of times when you visit one website that information is shared with the next website. And then with third parties, data sharing. And then data mining or business intelligence and people are examining this data and trying to look at consumer behavior or library patron behavior and figure out how they can better serve or monetize or provide a better product. So now we're going to try to put it in a library context a little bit. That's kind of a broad context of online threats in general. And in the library landscape what we have is kind of a rush in library. So some people feel fit in library land. We've rushed headlong into kind of embracing, trying to embrace the modern web and these services and haven't thought about privacy enough. And on the other side is people who think that perhaps our concerns about privacy have prevented libraries from providing the services that we need to provide our patrons in the modern world. And so these are the things that many libraries want to provide. We want to provide a modern web experience. We want to provide personalization. We want to provide e-books and e-content, mobile resources, cloud-based tools to lower our costs. And we want business intelligence. We want to understand what our patrons want and when they want it and how they want it. All this has to be balanced against privacy about their reader behavior. And so this is not a simple thing to do. Here are some of the things we can do to start and what we're going to talk about in terms of safeguards for privacy. And so the first two are things that anyone can do and we'll talk about them a little bit more, which is privacy audit and creating privacy policies. The second set can be more technical. They're specific things you can do or to be aware of about your library catalogs and websites and about providing e-book and digital content. What I'm not covering in this talk, there's a lot of other threats, potential threats to patron privacy, especially around public computing in the libraries and using Wi-Fi networks. And I'm not talking about that in this slide deck. There is a very good book about that that you could check out and it's called Protecting Patron Privacy, Safe Practices for Public Computers. And that's by Matthew Bextro. And it's a really good book that lays out a lot of things you can do about configuring your computers to protect your patron's privacy as much as possible when they're using them. Okay, so the number one thing we can – all of us can do is we can do a privacy audit. So the Social Freedom Committee has published a privacy toolkit that's the URL there and the resources at the end. And it describes – it shows – has some resources about conducting an audit. And basically what you do is you try to figure out all the ways your library is providing technology and describe the current practices of how you're using it and then evaluate any policies you have that might address it. Do your policies address privacy when people use public computers? Do they address privacy when they use your website? Do they address privacy when you use your library catalog? And then make a set of recommendations for what your library can do to try to improve privacy. So it's kind of a continuous improvement thing. And this is kind of the first step is trying to figure out the baseline of where you're at now. And my guess is that for many of us this would result in a multi-year project of things to work on and attempt to fix. So policies are kind of what drive everything in terms of protecting your library around privacy and also letting you know where you're trying to head with privacy. Deborah mentioned some of these that were coming out with guidelines and there's also interpretations are up on the LA website. Many of them are based – and she mentioned these on the fair information practices. And really the fair information practices is the idea of putting the user in control of their choices, giving them options and giving them the ability to control when they share data about themselves and when they do not. And so kind of the way out of the quandary in library land is we need to work to try to create situations where users are given choices and are allowed to decide. So a classic example is the checkout history in the library catalog. Patrons should be allowed to decide do they want to keep their checkout history so they can see what they checked out before or do they not want to see that? And they need to understand what the implications are for their privacy if they choose to do that. You can create privacy-specific policies or you can add privacy to existing policies around computer use and other things. And then you also need to throw out ways to let users know about your policies. So when we look at the threats to library catalogs and websites, and Deborah mentioned this, we see a lack of HTTPS which means anyone kind of between your website and the patrons browser can monitor what they're doing in terms of library catalog searches or other types of research. Your website itself keeps web analytics and log files. We want to provide personalization which involves collecting personal data about the user, about the reader in order to allow them to customize their experience. A lot of our catalogs and websites also provide the ability to have comments and ratings and recommendations which are all great things, but we just need to be aware that it might expose the readers what they're reading. And then websites depend a lot on embedded content and scripts, and we'll talk a little bit more about that. So Deborah mentioned this. One of the things is Let's Encrypt, and we're working on promoting that more. And I'm actually working on a series of blog posts on how you can use Let's Encrypt to encrypt your web servers. And we'll start getting that published out more. And this basically makes the transmission of data between the patrons browser and your website or library catalog encrypted so someone else can't snoop on that. Google Analytics which is a great tool for understanding how your website is being used is basically you're sharing a lot of data about your user's behavior on your websites when you use Google Analytics. So PyWik is an alternative to that that allows you to still have that level of analysis of your web traffic but not share it with Google. And then for personalization, Deborah mentioned this, really the default should be to opt-in for any personalization that you provide and with the ability to opt out later. One of the things to look at if you're providing social commentary in your catalog, are you tying them to a real user or are you going to allow them to be anonymous? And if you ever spend any time in newspaper comment sections, you know that this is a problem. If you allow anonymous users you can get trolling and other behavior so there's this attempt to create a real identity. But then potentially the user is revealing what they've been reading. As long as they understand they're doing that, that's the most important thing. The other thing is a lot of times third party scripts do things like Google Analytics is a script you embed on your web page and it shares data with other people. A lot of the share buttons do that as well. So you just need to kind of take a look and say, do I really need that? Is that really an important feature to provide to my patrons? And Google Analytics might be but having a share button might not. Why share your users' browsing behavior with them for that? So it's a judgment call on your part. The threats to eBooks and digital content are similar to the websites. Many of them don't have HTTPS. Many of them require some sort of identity management or DRM to prove who the user is personally in order to check out the material. And we don't know necessarily what the vendor's policies and practices are about user data. What are they collecting the data for? We do know from the Adobe incident that the Adobe reader was collecting a lot of data about what the user was reading. Nowadays we can know not just that they checked the book out but how fast did they read it? How many pages did they read? Did they read the whole thing? What other books did they also check out? Can all be kind of tied together? And we also – that they may be intentionally or unintentionally sharing it with third parties. So for example, Overdrive was the one providing – was the actual first – the second party in this and they were using the Adobe reader as a third-party product to provide the service and they were the ones collecting the data. So some of the safeguards around this are libraries should make privacy criteria when purchasing content. And we go over this in the guidelines we published at just Google eBooks guidelines, privacy, ALA, and you'll get to this document. Vendors need to disclose what their policies and practices around user data are. And we need to start working on contract agreements and contracts that address privacy and talk about these things as well. And then users should also know when their privacy – when they go to get that Amazon book that they are giving up some of their privacy in order to do it. Finally, I just want to end – wrap it up here. This is another thing. So a lot of it I just went over. Your library may or may not be in a position to control your website. You may or may not understand what some of the things were that we were talking about or how you would actually implement those. And so this is really the final safeguards to privacy, patron privacy, and libraries awareness is making libraries, librarians and vendors and our patrons aware of what the privacy implications are for some of this thing. We were trying to come up with a graphic to describe privacy around eBook lending and other digital resource lending. And it was very interesting trying to do it. And we tried a couple of computer generated one and this one someone drew real quick on a piece of paper and shared it with me, Amy Farakha. And this I think is a great kind of visual representation of what's going on with someone using an eBook or another library resource online. Finally, libraries are not the only place your patron is facing online. So they are facing them everywhere. And they are constantly having to make decisions between privacy and convenience. And hopefully they are in a position where they are allowed to make that decision. We need to empower our users to make informed choices. And librarians have a trusted brand around privacy and we can become the online privacy experts in our community. Thank you. All right, Mike, thank you for sharing quite a bit more detail. I know we could have gone on a much deeper dive into some of these topics with the technology but really giving us some more detail but also an overview of those threats and also some of the safeguards that we can put in place at our libraries that we may not already be doing. And I think the theme that I've picked up through both of your presentations and I just want to call it out is that really we're as librarians as libraries doing the best that we can to protect the privacy and ensure that our patron's information is kept private and also balancing out the desires of our community perhaps to have access to certain types of information or social media channels that they can post to. And there's a big part of this is communication both with the vendors and also with our patrons so that they are aware and are opting in to those things instead of having them available without their knowing. And actually there was one of the early questions so I'm going to invite Deborah back on now and we'll take some questions and answers. We have a lot of good questions coming into the chat. A question that came in early on that I'd like to go back to is how does the privacy work where patrons want to have access to past user history if they want to be able to access their past browsing selection? Do you have any comments on that? And Deborah maybe I'll start with you first and we'll get the big picture. Well, consonant with some of the things I was discussing this should be a choice of the user but it should be fully informed consent. They should understand what the consequences might be for storing that data and the library's ability to protect it. If the library is storing history that means that it's vulnerable to discovery by law enforcement through court orders or subpoenas. And that's a risk that they should only take if one may fully understand what's going on. And this is what I call fully informed consent. Having a means of discussing these privacy issues with library patrons so that they fully understand the choices they're making. Sometimes it's easy to kind of slide over this information or it may sometimes feel like a difficult conversation to have but I think we owe it to patrons to provide them fully with the information they need to make good decisions and informed decisions about how what's happening to their data. And if somebody makes a decision that the convenience is more important to them than protecting the privacy of their inquiries that's great. There are folks who read series mysteries or series romances and that's important to them. But others may be people who belong to vulnerable populations who are exploring questions about sexual identity. And so our default should be not to store that information until the user says yes. We shouldn't assume that that's information that they want to have saved and as a result it always should be the opt-in rather than the opt-out option provided to them. Great, thank you. Mike, any comments to add to that? You know, I would agree with that. I think consent is problematic. I think everyone agrees that consent is a good idea but it's kind of a problem everyone is struggling with about how do you provide – I go to CNN website a lot and it's always telling me it's privacy policies is updated, it's nagging me. And so how do you really get informed consent? And this is not something libraries are going to solve on their own, but it's something we can work with our vendors on. The other thing I think with personalization, I think personalization is great and I think we need to provide personalization options for our patrons. However, I also think we need to provide a route when possible of service or anonymous access. So eBooks is an example. We have one vendor I'll call him out by name, eBriary, the user has to log in with their user credentials in order to read the eBook even if they're on a computer at the library. Whereas we have other eBooks vendors that the reader can read relatively anonymously on a library computer and they might have to give up some of their anonymity if they want to check it out and read it at home. And so we have a similar model with print books. You know, you can read a print book in the library and as long as you put your hoodie up when you go underneath the surveillance camera people aren't going to know that you read the book. But if you want to check it out you have to give up some of your privacy for that convenience. Great. So another question which also maybe ties to this personalization but from a different angle. And this is partly a clarification coming from somebody. So if we understand correctly the patron transaction data should not be used by the library for marketing purposes and that they must opt in first before libraries use push marketing. So I read that almost verbatim as a clarification from somebody. So Mike, I'll actually pass this one to you first and see if you have any comments or clarification from there. You know, in general I would say the principle of – without knowing the specifics I would say in general I would probably agree that if the patron didn't sign up for marketing when they sign up for a library card, you know, if they signed up and you said we're just going to use this data to check your book out to you, you probably need to get some sort of other consent before you start using that data for marketing purposes or political lobbying or whatever. I'm not sure it's a hard or fast rule but I think that would be an ideal model. Now whether you agree to send out one email to everyone in your database saying would you like to sign up for marketing? I don't know. But you want to err on the side of getting their permission to use their data. Right. And actually Mike, I just had another question come in that builds on that and it says as consumers of course are interested in things like a certain make and model of an automobile results in ads for that model popping up for months. And so this is another way that marketing piece ties in. Do you advocate trying to prevent this type of information gathering for our patrons in terms of perhaps using their interests in prior reading habits to market to them new titles, for example? Yes. I think when you browse the web and they automatically know that I searched for campaign equipment on one website so now I'm getting ads for tents and sleeping bags on another. I really wasn't asked if I want to do that. Maybe technically I was because I accepted the cookie policy but I really didn't want those ads. And so I can opt out pretty easy by dumping my browser cookies in cash so it's no big deal to me. But I think in the library I think that's a great service to provide patrons the ability to say you might like and you might want this based on your reading habits or your search habits. But we want them to opt in for it. We don't want to just automatically generate it for them. Great. Deborah, anything to add to that discussion? Mike and I are very much of one mind on this. But from a policy standpoint I want to underline the fact that you have to be mindful of what the patrons signed up for and what they gave you that information for or what they've consented to. And so when they sign up to borrow books they're not signing up for a marketing program. And I think that library users have kind of inherent trust that the library isn't going to do more with that data than what they say that they're going to do for it. So if you do start making use of patron usage data in ways that are not consonant for the reasons you collected it, it's incumbent on the library to ask permission to inform users about that. It goes back to providing true informed choices to the user and letting them know what's going on so that they can make those decisions. Very well stated. So now I have a question that comes from a slightly different angle. Pulls us away from the technology a little bit, but there may be a different type of software we're looking at here. The question is, I'm curious about what the presenters think about the privacy challenges in communicating with patrons via email or online question answering software. We're also getting a similar question related to conversations at the service or reference desk. So patrons often reveal very personal details in their reference interactions with us. So any comments on dealing with those types of situations? And Deborah maybe we'll start with you. Of course, protecting privacy is not just, as you say, a technological thing. It requires a commitment, a professional commitment to keeping those confidences private, not even sharing them with other colleagues, especially if they're sensitive disclosures and things like that. It also means looking to the physical arrangements of the library. I think we're all now familiar with pharmacies and doctors offices that now require you to stand behind a line so that what's going on at the desk between what one person can't be overheard. And I think libraries need to start thinking about those kinds of physical arrangements so that when you go up to a reference desk and the possibility that somebody is sharing something very personal isn't overheard by another patron. We've talked about this in other contexts like self-serve holds, not putting full name on the book, using privacy screens and things like that. It's an attitude toward preserving privacy that needs to permeate all of the library's policies and procedures as well. With email, I think it needs to be and other online services. I think it might can probably talk better about this, but looking at the technology, making sure that it's not leaky in the sense of being able to be hacked and observed by a third party, that when the communication is stored, it's stored securely so that we can promise the patron that the library's done the best it can to keep the confidentiality of that information. And also making sure of the simplest thing, making sure that the email only reaches the patron and not another third party who might live in the household, for example. I'll touch on email real quick. Sending an email is like sending a postcard. So if you send an overdue notice or a whole pickup notice, it's like you're sending the information on a postcard. There's many people in the chain that could receive that email and read it. It's not encrypted in any way. And an ideal situation, which I don't think most of us have, you would send a link saying, your book's overdue, click here to renew it. You wouldn't really tell them much about the book until they logged into their account in a similar fashion for the hold. You have a book on hold. Your book's ready. Click here to see the details about it. In terms of the sensitivity to privacy in the library, I think once again, part of the privacy awareness training is awareness training for staff to be sensitive around patron privacy issues and come up with some sets of ways you want to deal with that in your library. All right. Well, that's all the questions that we have time to answer live today. Deborah and Mike, thanks for taking all of those questions on the fly. And if we did not get to your question, we will respond later via email. So we got a lot of great questions and didn't have time to answer all of them live today. Also, just a reminder that Mike and Deborah both shared a lot of great resources and we'll be sharing those out with you in the archive of this, which you'll receive later this week. And some of these resources that you see featured on this slide include the ALA Privacy Toolkit, Choose Privacy Week website, and also the Let's Encrypt.org website as well as some of the ALA guidelines that are featured. So we will be sharing that out with you. Now, just a few announcements before we sign off and I'll ask you if you can stay on the line. We'll have a brief survey at the end. You can tell us what you thought of today's webinar. We'd love to hear your feedback. But I want to let you know about some other upcoming webinars that we have. Tomorrow we have a webinar on helping children build literacy skills through media mentors. So it might be of interest to those of you involved with children's services. Also, we have two more library webinars scheduled in July that we'll ask you to save the date for. We'll have the registration information out soon. July 13th, we will have guests from anything libraries talking about social media and the Outside the Lions campaign for libraries. And on July 27th, we have two librarians from the Marquem Public Library in Canada talking about how to cultivate a techno culture in your library. So we hope you'll join us for one or maybe all of those. And you can sign up for upcoming webinars and view archives of past webinars at TechSoup.org. You can also sign up for the TechSoup for Libraries newsletter and read our blog post at TechSoupforLibraries.org. So we hope you'll visit us there once in a while. All right, that's all we have for today and all the time that we have. Again, stay on the line for just a brief moment and take a survey to tell us what you thought of today's webinar. One last time I'd like to thank Deborah and Mike for sharing their expertise on this topic today. We sure learned a lot. Thanks to ReadyTalk for being our webinar sponsor. And lastly, thanks to you for joining us today. Have a great afternoon.