Magazine article Computers in Libraries

Digital Privacy Is Important Too

Magazine article Computers in Libraries

Digital Privacy Is Important Too

Article excerpt

This month's column is amplifying the signal on a movement that has been brewing in the library world: getting libraries to make patron's digital activities as secure as their own lending records. There are a few ways to do this, but I'm going to focus on using HTTPS.

You're probably familiar with the http:// prefix in web addresses. You may not know that it stands for Hypertext Transfer Protocol, but you don't really need to. HTTP is a method of exchanging information--mainly webpages--online. The information goes over the internet in plain text, unencrypted. This is fine if you are just trying to look at a website about caves or bats, but less fine if you are sending passwords, banking information, or other things that you'd prefer to be more secure.

How

Privacy-conscious individuals can use browser plug-ins for Firefox, Chrome, or Opera such as HTTPS Everywhere on their own computers, which lets them use an encrypted channel for sending information when possible. However, if libraries are in the privacy business, shouldn't we be offering HTTPS to our users as much as possible?

Eric Heilman, who runs the popular library blog Go to Heilman, has been working with the Library Freedom Project to get libraries to commit to digital privacy by signing the Library Digital Privacy Pledge. Simply put, it asks libraries to commit to using HTTPS to "deliver library services and the information resources offered by libraries" in 2016.

Historically, this has been an endeavor that came with associated costs, since purchase of a digital certificate was required to verify the security of the connection. Recently, the Electronic Frontier Foundation (EFF) started the Let's Encrypt project with sponsors such as Mozilla and Cisco in order to lower the costs and the technical hurdles involved in getting set up with HTTPS.

This is the year for HTTPS. The White House made a statement in June 2015 directing "that all publicly accessible Federal websites and web services only provide service through a secure HTTPS connection" by the end of 2016. It also created a web-friendly version of its memo along with an extended explanation about how and why it created this mandate. On its page, Why HTTPS for Everything? the White House explains:

Today, there is no such thing as non-sensitive web traffic, and public services should not depend on the benevolence of network operators.

When properly configured, HTTPS can provide a fast, secure connection that offers the level of privacy and reliability that users should expect from government web services.

Why

The reasoning for pushing for this in libraries is twofold. The first reason is that privacy is our business. It's in our professional bill of rights, and it's certainly in all of our marketing materials. The American Library Association's (ALA) Code of Ethics is very clear: "We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted." That "transmitted" part is the key.

If we say we keep your reading list private, shouldn't we be able to say the same about your internet browsing habits? Our users are getting their information not just from print materials, but also from databases that we provide as well as internet connections, and possibly computers, that we offer. If we're in the privacy business, it's our responsibility to make these channels as secure as possible. This means managing these systems in our own libraries and urging, if not requiring, our vendors to do the same. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.