The transition from print to electronic record keeping has made it easier and less expensive to store data and search for information, yet this trend has had troubling implications for individual privacy and the security of personal data, explained Mariko Hirose, staff attorney for the New York Civil Liberties Union (NYCLU) during the "Privacy Toolkit for Librarians" seminar held on March 22 at Long Island’s Farmingdale Public Library (FPL). Co-sponsored by the Greater New York Metropolitan Area chapter of the Association of College and Research Libraries (ACRL) and the Long Island Library Resources Council, the half-day event included presentations by Hirose and Library Freedom Project director and 2015 LJ Mover & Shaker Alison Macrina, covering topics including electronic surveillance, records subpoenas, and ways in which libraries can protect their patrons. “There are real reasons to worry about your right to privacy in the digital age,” Hirose said, noting that print records are more difficult to maintain and search than electronic files and databases, and that this once presented an inherent line of defense for privacy. “Back in the paper record days, if you wanted to spend the time searching for things, you had to have a good reason for doing it,” she said. “Now it’s just typing a few search terms into a search box…. Lowering the cost makes it more attractive to search for data about people.” For example, Hirose pointed to a public records request recently filed by NYCLU to see how towns in New York state's lower Hudson Valley were retaining information captured by automatic license plate readers, which could be used to analyze the travel habits of individuals whenever town police or other officials saw fit to do so. Most were retaining this information indefinitely. And corporations, including social media platform and cell phone service providers, are collecting much more granular data on their customers. As Hirose noted, "data can paint a very intimate portrait of you," such as an individual's Internet search history, association with people and groups on Facebook, and even location and movement over time via a cell phone's GPS. And under current "third-party doctrine" legal precedents, data that individuals have willingly allowed these companies to collect is not protected by the Fourth Amendment. This has become a big problem in the digital age, with more and more information in the hands of third parties, Hirose said. And while courts are beginning to take note of these trends, privacy laws have not kept pace with technology, and all of the ways in which data is now collected and stored, she added.

What to do

Hirose offered several suggestions for attendees interested in strengthening privacy protections for library patrons, and outlined best practices for handling various scenarios when a police officer or other official requests or demands patron records. First, she suggested that libraries should not collect or retain data for longer than necessary. The best policy is not to retain patron data if there’s no reason for it. If a library does have the data that an official is requesting, explain that the library does not make patron records available without a subpoena, court order, or warrant. If police or other officials engage in a search without a subpoena, court order, or warrant, have a library official make it clear that the library is not consenting to the search. This will help ensure that police or other officials will need to prove probable cause for the search if any information gathered is later used in court. If a library receives a subpoena for records, examine whether the subpoena has been signed by a judge, and contact the library's legal counsel regarding the possibility of a challenge. Unsigned subpoenas, or administrative subpoenas, may be too broad, and there may be grounds to challenge or quash the subpoena under rules such as New York's Civil Practice Law and Rules (CPLR) section 2307, which specifically deals with subpoenas served to libraries and some municipal offices. Notably, this rule requires that libraries must be given at least 24 hours to comply with a subpoena. Subpoenas signed by a judge are less likely to be overturned, but libraries should still contact their legal counsel to determine whether a challenge may be posed. And, in all cases, unless there is a valid gag order in place, a library can inform a patron that their records are being searched. Warrants are signed by a judge and can be executed immediately by designated officers. A librarian can ask to review the warrant, and request the opportunity for library counsel to review, but officers are not required to provide the library with additional time. National security letters are a different order of magnitude. Issued by federal agencies, these are comparable to subpoenas but are certified relevant to an authorized investigation to protect against international terrorism or clandestine intelligence agencies. There is a gag order in place, and the recipient of the letter should not discuss it with anyone except library counsel.

Proactive protection

The second portion of the event began with Macrina discussing digital security and threat modeling. As explained by the Electronic Frontier Foundation, "Digital security isn’t about which tools you use; rather, it’s about understanding the threats you face and how you can counter those threats. To become more secure, you must determine what you need to protect, and whom you need to protect it from. Threats can change depending on where you’re located, what you’re doing, and whom you’re working with." Libraries offer services to patrons with a wide range of "threat models" who may want to keep Internet searches and other library activity private, including domestic violence survivors, political activists, whistleblowers, journalists, or LGBT teens or adults in many communities, for example. Macrina suggested that libraries use the Tor Browser, which ensures privacy by routing an individual's Internet usage through a distributed, global network of relays to prevent websites from ascertaining a visitor's physical location, and preventing anyone monitoring the user's Internet connection from learning what sites he or she has visited. The Library Freedom Project has advocated for the installation of Tor exit relays in libraries. Libraries do not need to set up an exit relay in order to use the Tor browser, but, exit relays do help fortify the Tor network. Another major effort of the project is advocating for libraries and library vendors to implement HTTPS encryption for their websites, catalogs, and all online resources to prevent online eavesdropping or data tampering. The Library Freedom Project will help libraries with both, she said. In addition, Macrina discussed best practices for password creation and password managers, malware protection, ad blocking apps, and mobile device security, along with security essentials that libraries should practice and preach to patrons. "The most important thing that you can do for your computer privacy and security is to keep your software up to date," she said. "We have no public education around using our computers.... People don't know these things. Software updates contain patches for critical security vulnerabilities," and hackers can easily figure out which computers on a network are using unpatched software or operating systems.