Cornell University Library has put together a suite of privacy services for students and faculty. These include digital literacy workshops, confidential privacy risk consultations, public computers configured to ensure anonymity, and pro-privacy advocacy that will potentially feature a dataset of vendor policies.

While these services have been ongoing or in the works for the past couple of years, having them all in one place will serve a range of needs for both students and faculty, from questions about privacy and confidentiality in their online activities to managing their data to vetting library vendors. The Privacy Services page was added to the library website in January, representing the realization of a project begun in fall 2018.

The idea of consolidating privacy services had been on Adam Chandler’s radar for years, he told LJ, and as Cornell University Library director of automation, user experience, and post-cataloging services, he had a good idea of who in the library had the necessary knowledge and skills to help. After a series of individual and small group conversations, Chandler put together a working group with representation from Cornell Public Services, Library Technology Services, and IT. The group also brought in IT staff from the campus security office to help think through details, and began shaping the concept of what a set of services might look like.

Chandler and University Librarian Gerald Beasley met with the Student Library Advisory Committee in November 2019 with a draft of the webpage. The response was extremely positive, Chandler reported, as was a similar meeting with the Faculty Library Board in December. The Privacy Services page went live in January as a soft launch; the group has not yet conducted campus outreach, instead focusing on staff communication and training. Chandler expects to ramp up communications about the page later in the semester.

His next step is to focus on getting all the Cornell Library staff up to speed on the services offered. "We'd like to have a strong program where when anybody happens be in one of the libraries and a question [about privacy] comes up, they know that this exists and they're comfortable referring people to the resources we have.”

ANSWERING THE HARD QUESTIONS

Lead Librarian for Digital Scholarship Eliza Bettinger was part of those conversations. Bettinger began educating herself about library privacy in 2016, inspired by Alison Macrina (a 2015 LJ Mover & Shaker) and the Library Freedom Project. “I thought, ‘If she can do it, maybe I can do it,’” Bettinger said. “I talked with my supervisor and my colleagues in my department (Research & Learning Services), and they were completely supportive, so I just plowed ahead.”

Bettinger has since become involved with the Digital Library Federation's Technologies of Surveillance Interest Group, and her roster of workshops at CUL has been steadily growing since she gave her first in 2017. In the Privacy Services working group discussions, Bettinger brought up the fact that students would often ask challenging about their concerns: privacy, research on sensitive subjects, and how to keep data safe while traveling, among many. “That's where the privacy risk consultation service comes from,” explained Chandler. “We're already getting these kinds of questions—so we'd like to be able to do a good job with them."

In the 2020 spring semester, she told LJ, she has already given one workshop and has six on the calendar, with a few more possibly in the offing—a combination of public sessions, guest lectures in classes, and workshops for specific extracurricular groups such as a cohort of graduate students from a particular academic department. Each session is one and a half to two hours long. In addition, one-on-one consultations are offered by appointment, and can be scheduled via email or in person at a library reference desk.

“Privacy is just one side of the coin,” noted Bettinger. “The other side is that all the personal information collected about you online [and elsewhere] is used in turn to target information and misinformation back at you. The very heart of information literacy, value of information, access to information—all of this is deeply impacted by [lack of] digital privacy and the rise of corporate digital surveillance.”

CUL provides public computer kiosks with anonymous logins that return to their original state when restarted. They are also programmed to restart after a period of inactivity, so no identifying or private information is left behind by the last user.

Aside from proximity to other library services, Chandler noted that public computers are useful to student and faculty who want to protect their anonymity. "If they're researching a controversial topic and they don't want their cookies and trackers added to the profile that some data brokers have about them,” he told LJ, the library “is a place where they can come and do that kind of research more safely."

VETTING VENDORS

The database of vendor policies is still a work in progress, said Chandler. “We'd been concerned about some vendor practices—what they're collecting on patrons, and the difficulty of getting accurate information,” Chandler told LJ. Unsure how to move forward from that question, Chandler and other colleagues in technical services wrote a problem statement and shared it with library leadership. In 2019 they began a series of discussions with others in the library and elsewhere on campus, including members of the campus cybersecurity group.

Some e-resource vendors only ask users to confirm that they’re affiliated with the subscribing institution to gain access, while others gather varying amounts of information, including asking users to create unique accounts, subscribe to newsletters, or provide demographic information. As part of its privacy package, CUL has put together a web archive listing the privacy policies of hundreds of e-resource vendors, which it will continue to update.

Chandler envisions a large-scale rating system where libraries could look up their vendors and get reputable data on their policies and practices. “We think that will be a good resource to understand how this area is changing, and hopefully move vendors to do a better job,” he said. “We'd like to be able to highlight the ones that are sensitive to the value of reader privacy in contrast with the ones that we feel maybe have different interests in mind.”

A larger, ongoing project would have benefits extending beyond the Cornell community, he added, but would need to be sustainable in the long term to be useful. “It's hard to get these kinds of things funded, posted, and maintained,” Chandler pointed out. Although he would be happy to see the vendor policy project find a home at another organization, he said, "if that fails the need will still be there, and we might need to take it on ourselves anyway.”

In the meantime, however, the Privacy Services page is beginning to get traction, and the working team is looking forward to seeing the response across campus. "It needs to connect to the student experience and life cycle for researchers,” said Chandler. “It will develop according to the interest and feedback we get from the community we serve."

Chandler hopes the program is something other schools can adopt as well. “I think we've done some good work in conceptualizing what [privacy] is for us. And given that it's things we're more or less already doing, we think that other libraries can emulate us in some ways."

“It’s been wonderful to connect with and learn from colleagues around the country who are doing the same thing I am,” said Bettinger, adding, “I am not at all unique! There are lots of us out here. The reason you’re talking to me is because I have got this tremendous institutional and administrative support for my efforts, which makes a big difference to what I’m practically able to accomplish. I think now is a great time for libraries and library leaders to stake out some ground: What do you stand for and what are your values? Make sure your patrons and your staff know.”