// you’re reading...


Privacy Panel ALA 2008

Soros grant for ALA Office of Intellectual Freedom.

Dan Roth, Cory Doctorow, Beth Givens

Dan Roth- Wired Sr Writer. 2006 founding member Conde Nast Portfolio. Before that- Sr writer at Fortune. 2002-2004 Fortune’s Tech editor, 1996-1998: reporter for Forbes, started at Triangle Business Journal. Award winning pieces.

Beth Givens: founder and director of Privacy rights clearing house. writes for encyclopedia of crime and punishment, privacy and world book. books on privacy and identity theft. Chapter in RFID book. Frequently on the news as an expert in privacy and id theft.

Cory Doctorow: Craphound.com, novelist, activist, boingboing.net. Fulbright chair at Annenberg in UCSC. “William Gibson of his generation”

Dan Roth
In the 12 years he’s covered business, privacy has never come up. Privacy from a business perspective. No one ever volunteers information about their privacy policy. The only time it’s come up is when TimeWarner lost a bunch of information and they only thought it was a big deal because it happened to them. No one knew what happened. They were loading tapes onto a truck and they disappeared. Iron Mountain said “yeah, we’ve only lost tapes 4 times this year” no big deal. At work, people were upset for a day and then got over it. If you can’t get a group of journalists upset about this, then how are you going to get them to write about it.

No one is sure why they should care about this. This room is likely the exception. Privacy doesn’t rank high for most people. There are laws, but they’re not followed with any real concern. When information gets out- companies lose things, companies are purchased, etc. there’s no uproar.

Will the company get spanked for releasing private information? Consumers should look at it to decide who to business with. Companies push their privacy- Ask.com pushed themselves as better with privacy than Google. AskEraser, privacy notice. They’re 4th or 5th place- privacy isn’t meaningful to consumers.

Microsoft Ballmer raised the concern about the google toolbar saving all your information, but no one cares.

Consumers don’t care, so why should companies?

Ponomen (sp?) interviewed companies to ask what they do with the private information. Privacy officers said they didn’t share any of it. 80% of the marketers said they share it. 30% of marketers said they share social sec. numbers!

Look at trends- Free Economy (Chris Andersen’s book) Free is never really free. Ads in exchange for “free”

The way companies are going to compete is to offer more information about their users. Great data mining to get a very complete picture of you. You’re going to show everything about yourself online. We’re all going to be even more identifiable online.

Phorm is a British ad serving company that teams with ISP and track where people go all day and serve up ads. Today: you go to skiing site, you get ads about skiing. Phorm sees everything you do and serves up ads based on aggregated information.

Charter tested it in the US. (nb: this is my ISP!)

There is not opt-out.

Looks hopeless. But seven years ago when the environment came up and no one cared. Today, everyone cares. Companies can use green to be competitive. Could be the case with privacy, but we hopefully won’t have to wait a decade to find out.

Beth Givens
Spent 11 years as a librarian!

Privacy Rights Clearinghouse: based in San Diego and been around for 16 years.
Constitutional side: ACLU, EFF. Focus on civil issues.
Informational side: Telemarketing, junk mail, employment checks, wireless phones, debt collection, etc.

Her office is her and a halftime assistant- some of these organizations are small.

Identity Theft- they have a guide for victims and those who want to not be victims.

What is the current state of privacy?

Scott McNealy (Chair of Sun’s board):”you have no privacy, get over it”
Privacy is the claim of individuals to determine for themselves when how and to what extent information about themselves is given out.

EU does a better job of determining “informational self-determination” (German term)

We do not have an overarching data protection law. We have a sectoral approach- laws by industry. HIPAA is more of a disclosure law not a privacy law. “swiss cheese approach” lots of holes.

Fair Credit Report- enacted in 1970, probably would not have made it out of congress today.
You have right of access to your credit report. Make it an annual habit. You have a right to have accurate information. It’s limited as to who can have access. If your credit report is misused, you can sue. You must consent (most of the time).

Access, Consent, Purpose, Accuracy, Enforcement, Security, Accountability, Usage Limitation

Fair Information Practices (FIPS) Checklist for privacy policy.

Most company privacy policies are disclosure policies and they’re in legalese and difficult.

Opt Out when you can! They have a guide to help online. Important to opt out, because lack of opt outs enforces idea that people don’t care about privacy.

This is not a lost cause.

Libraries are pioneers in this area. Encouragement in collection development, encourage users to go to advocacy groups.

Cory Doctorow
Transparent Society- book posited where it would be so hard to have privacy, we’ll have to force lawmakers to let us spy on them just as much- no privacy but in an egalitarian way.

we’re not just talking about what tech does, we’re talking about policy and law. we’re in a position to enforce all three.

“architecture is politics” code as a type of law.

Do we need to care about the privacy of our patrons since they’re giving it away on SN sites? They’re sites that reward people for giving information away. We have an unfortunate tendency to conflate personal and private with secret.

This tracks closely to how free a society we are. Totalitarian societies- up the ladder has lots of disclosure power, further down, less power. Regardless of who’s up the ladder, we don’t want that.

Why do we enter the Skinner Box? We can blame architects or people who have established people who have established these norms.

London has changed public transit- paper tickets, month long passes were RFID passes. They wanted to change to all RFID, so they offered “discount” to RFID passes by tripling price of regular pass. Grocery cards- you have to pay a premium for privacy. Business have manipulated the market so that we have a generation that doesn’t see the problem because it’s the norm. The default is to be tracked and you have to make an explicit act of will and know what you’re doing to disable it.

Vendors, RFID, etc doesn’t have the capacity to work with privacy. they say it would cost too much, but so would a car without seat belts and brakes, but the government would intervene on a car without those things.

We have less respect for out own privacy. People who are malicious can intervene and find things out about us.

**** Vendors are not treating libraries as first class citizens ****

Libraries have a moral duty to boycott technologies that invade their patron’s privacy.

a mid-80s wet dream of information economy with buying and selling information

an information economy based on limiting access is as viable as limiting access to machines in industrial age.
no one wakes up wishing to do less with their music and looking for DRM at the library.

If we are watching each other, we’re not trusting each other.

It makes our haystacks bigger without making it easier to find needles. 9/11 commission found we had all the info to predict 9/11, but there was too much noise. We’re taking in more information- more noise.

We’re making it harder for intelligence specialists. Weakening our security.

gives us surveillance instead of policing. Cameras instead of police. Cameras are only forensic. You can catch the criminals, but only after the fact.

Crack addicts who kill you for your cell phones are not people who make long term good decisions. This is not Moriarty in his secret lair planning master crime and never getting caught.

Systems that we build are determining the societies that we create.

What’s at stake?
Beth: Huge amount. If we don’t succeed in getting people to understand how important this is, we’ll lose our privacy. We’ll be in Minority Report. When all of these cameras are outfitted with biometric technology- face print- cross-check with DMV databases, then what? When the day comes when we walk down the street and are tracked, we’re in trouble.

Dan: what happens when our health records can be read by employers, insurers? what happens when you can’t get a job, insurance, a driver’s license, a date because there’s too much information out there about you? What happens when we’re a nation of niches- you shop for x and are treated as such. atomization of society- what happens?

Cory: It’s like Uranium. It’s not dangerous until you refine it to Plutonium. There’s no dose of Plutonium that isn’t instantly fatal and it lasts 700 years. A little information is okay, but huge databases are scary. They’re copyable and malleable. It will never go away. “The Internet will never unlearn what Paris Hilton’s genitals look like.” All of this information will be like smog.

Dan: This is a golden age, because companies collect info, but don’t know what to do with it.

Cory: Like the Soviet Union- where’s all that Plutonium? No one knows! Silicon Valley had lot sale of blade servers *with information still on them*

Beth: Dig Dirt survey report. How employers today are using SN sites as a hiring tool. over 50% of companies are looking at potential employees on Facebook etc. laws don’t cover this- 1970 law. This is very important for young people. We should let them know, not that it will do any good.

Q: Is the horse out of the barn? Is this only fixable from the top?

Cory: this is turning the clock forward, not back. You could trivally build a Skinner Box that rewards people for not giving away information. There’s a MMOG that rewards you for information literacy and privacy. PMOG (?) We can build technologies for being safe and aware online. PMOG.com

Jenny: libraries were approached about this and said no (!!!) because they were too worried about privacy to educate. No!

Dan: Use game theory to our advantage, consumers need to know and care and we need to educate them.

Beth: Getting access to your credit report, your profile is so important. Try to get a right of access into law now and you can’t. Huge, unregulated information broker industry. Tried in CA and couldn’t get past committee hearings. Waiting for a Data Valdez. We’ve had so many- it’s almost daily. More and more people who can gain access to their profiles will build consciousness.

Cory: Make a game to of defending your privacy. Skipsomething creates fake log ins, one time emails, etc. They have a zero knowledge policy. Write “deceased” on your junk mail and send it back.

My Q about being invisible

Beth: you can’t really be invisible- Kazyinski wasn’t invisible, even. You’re always dependent on others, then.

Cory: Privacy shouldn’t be a hair shirt. Look at transition in Green- it doesn’t have to suck anymore. We can make privacy luxurious.

Dan: You need to know what you’re giving away and what you’re not. Privacy policies of a lot of websites are incomprehensible. Or “we will defend your privacy, until we don’t. and we can change this at anytime, with no notice”
HP’s chief privacy officer. Amount of work they do to keep privacy in EU, but they don’t bother in US, because it’s not required. It would be more cost-effective to keep it all the same, but they must be getting something out of it because they go to the trouble to have a separate policy for the US.

Cory: we need more opt-ins. Routers shipping with logging turned off, Apache’s default install with logging turned off would change a lot. Geeky need to save information because hard drives are cheap now.

Q: People come into our libraries. How do we convince them privacy is important?

Cory: Hackerbot. Little robot that sniffed all unencrypted wifi traffic and grab passwords and then it would triangulate and show you your passwords. Something in the library that let you know what you had just disclosed would be very powerful.

Beth: Game Privacy Matters- real life situations in a game environment. Looks like town square, you’re given challenges and answer a multiple choice question to educate. Think creatively about getting message across.

Cory: in five years MySpace generation will be old enough to datamine teachers.

How do we balance this with their needs?

Cory: demand zero knowledge solutions from vendors. This stuff doesn’t need to live at the middle instead of the edges. Vendors can do this so that patrons can keep track without us keeping track.

Q: what kinds of arguments can we make to administrations of institutions?

Beth: scare tactics. The more you collect, if there’s a data breach, it’s going to be VERY expensive to clean it up. Larry Ponemon has calculated costs for clean up. Collect less, keep less, have conservative retention schedule.

Cory: Best way to avoid data breach is to not have data.

Q: As a consumer, I felt better about my data and control over it before 9/11 and before I bought a house. What now?

Beth: start young. Create living trust without your name. Put your property in that. Property tax assessor files are a great way to do this. Use PO Box and nothing else. Take on ways of life until they’re habitual.

Cory: take control of your technology. take control of debate and learn statistics and be able to speak intelligently about threats. danah boyds chart of people who prey on children. regime change- participate in electoral process.

Q: After 9/11 increased access to information. What about privacy and government? Social control seems like a bigger danger.

Dan: people are starting to say that this has not helped. it’s small, but there. we’re hearing it from politicians. there’s a push to bring us back to where we were pre 9/11.

Cory: safety and security are not platonic ideas with universal definitions. if you’re safe from terrorists are you less safe from government? safe from government is the founding principle of this country.

Q: we have a huge cult of celebrity where it’s a cool thing to divulge all this information. What now?

Dan: secretive billionaire who had never been photographed, even. His daughter had a very active blog and people mined it and used it to get to the billionaire. The blog stopped- you can pull back from the brink.

Q: transparency and privacy have ebbed and flowed and we’ll never have total privacy. We need to assert positive privacy rights- what can we as librarians do to help watch the watchers?

Cory: stickie notes with closed eye “stop watching me” to stick on cc cameras. teach kids to spot the cameras.

Jessamyn: demystify what the media is telling us- the newspaper isn’t always right.

Q: Piggyback on green movement- perhaps we haven’t reached that point. our inconvenient truth- we need an Al Gore to promote awareness of privacy handprint in addition to carbon footprint.

Dan: you’re going to have a hard time convincing people not to give up that information (“Friendbook’s huge”). We need alternatives. There was never a point where people said “littering’s awesome”

Cory: privacy reflects an adversarial relationship not between humans and physics, but between us and institutions. Google Commander FF plugin. There is an arsenal of things we can do to fight back.

DNS file on computers to redirect doubleclick to

Dan: there’s software that foils Phorm by clicking all day.

Q: How can we go about working with IT people?

Cory: sysadmins believe in privacy for themselves. Get geeks to expand their idea of who needs to stay private- their mission includes shielding your patrons.

Q: Tor from EFF (Cory: it originated with Office of Naval Intelligence) will maintain the privacy of your surfing.



6 comments for “Privacy Panel ALA 2008”

  1. […] additional liveblogging of this session at the Loose Cannon Librarian These icons link to social bookmarking sites where readers can share and discover new web […]

    Posted by The Shifted Librarian » ALA2008 Privacy Revolution Panel | June 30, 2008, 2:27 am
  2. Anyone from the UK reading this, come along to the protest against Phorm on 16th July 2008 at the Barbican London.

    More details here:

    Posted by James Stanton | June 30, 2008, 4:40 am
  3. i missed this session, but these are excellent notes – thanks! i’m glad i got to meet you and hope we’ll keep talking

    Posted by caleb tr | July 2, 2008, 12:54 pm
  4. […] Addendum: Jessamyn’s blog post about the session, Jenny Levine’s post at Shifted Librarian, Kate Sheehan’s post at Loose Cannon Librarian. […]

    Posted by Jason Puckett.net » Blog Archive » Home from ALA Annual 2008 | July 2, 2008, 5:09 pm
  5. […] Update: Notes from the session are up at: and Loose Cannon Librarian ยป Privacy Panel ALA 2008. […]

    Posted by "If you need privacy, you should get your own computer." | Fair or Unfair | July 3, 2008, 12:48 pm
  6. […] blogged by David Lee King and Loose Cannon Librarian Possibly related posts: (automatically generated)MYOBWhy Is Privacy A Tough Sell?Security vs. […]

    Posted by ALA 2008 - Privacy: Is It Time for a Revolution? « ellie <3 libraries | July 11, 2008, 9:15 am

Post a comment