Online Privacy Rights and the Library Freedom Project

Alison Macrina is the founder of the Library Freedom Project (LFP) an initiative she founded shortly after news that the U.S. National Security Agency was systematically combing through American’s online activities and phone records. She shares her concerns about the effect of this NSA scrutiny in the announcement of her nomination as a 2015 Library Journal Mover and Shaker: “… surveillance is not only counter to the ideals of a democratic society, it’s detrimental to the future of libraries.”

Earlier this year Macrina secured a grant from the Knight Foundation which will help fund the LFP for the next couple of years. In her video pitch to the Foundation she provides a short introduction to the project:

“The Library Freedom Project is a partnership among librarians, technologists, attorneys and civil liberties advocates that aims to make real the promise of intellectual freedom and privacy in libraries. We do this by teaching librarians about threats to online privacy from overbroad government and corporate surveillance and criminal hackers. We educate librarians about their legal responsibilities so they can protect patrons’ privacy rights. We also teach privacy protecting software that can be installed on public PC’s or taught in computer classes … ”

On the LFP website you’ll find a basic online privacy class and a privacy toolkit that librarians can use to educate themselves and their library users about what they can do to protect themselves when they are online. The LFP also offers in person online privacy workshops, the “keystone of the Library Freedom Project.”

The latest LFP initiative is a push to have libraries support The Onion Router (TOR) network by hosting TOR exit relays.[1] If you’re not familiar with what a “TOR exit relay” is, Cory Doctorow provides a nice explanation about TOR in his book, “Little Brother.” This is the main protagonist Marcus Yallow talking about how he gets around the “censorware” in his high school:

“The answer is something ingenious called TOR ­­ The Onion Router. An onion router is an Internet site that takes requests for web­pages and passes them onto other onion routers, and on to other onion routers, until one of them finally decides to fetch the page and pass it back through the layers of the onion until it reaches you. The traffic to the onion­routers is encrypted, which means that the school can’t see what you’re asking for, and the layers of the onion don’t know who they’re working for. There are millions of nodes ­­ the program was set up by the US Office of Naval Research to help their people get around the censorware in countries like Syria and China, which means that it’s perfectly designed for operating in the confines of an average American high school.”—p. 10.

There’s also this short introductory video on the TOR website “to help new users and members of our community become more familiar with Tor and understand how Tor Browser protects their privacy online.”

The rational for involving libraries is that, “… libraries are our most democratic public spaces, protecting our intellectual freedom, privacy, and unfettered access to information, and [the] Tor Project creates software that allows all people to have these rights on the internet.”

In the Canadian Library Association’s position statement on intellectual freedom the CLA says in part that, “Libraries have a basic responsibility for the development and maintenance of intellectual freedom.” This statement was last revised in 1985 so whether or not their current thinking includes adopting the use of software like the Tor Browser or educating library users about online privacy is unclear.

The American Library Association last amended their Code of Ethics in 2008 which includes this statement: “… [librarians] are members of a profession explicitly committed to intellectual freedom and the freedom of access to information. We have a special obligation to ensure the free flow of information and ideas to present and future generations.”

Marcina, however, is very clear when she talks about the responsibility of libraries and librarians in the LFP announcement:

“Libraries serve a diverse audience; many of our community members are people who need Tor but don’t know that it exists. Some of these patrons are part of vulnerable groups, like domestic violence survivors, racial and ethnic minorities, and LGBTQ communities. Others belong to local law enforcement or municipal government. All of them could benefit from learning about Tor in a trusted, welcoming environment like the library.”

The key phrase here is how important this type of information can be for people who may need this type of online anonymity but don’t even know this network exists.

Although I can’t help thinking about that passage on encryption from Doctorow’s “Little Brother”[2], and I’m a little wary about the legal risks a TOR exit relay might present to a library host[3], at the very least I applaud this initiative as a “powerful symbolic gesture.” As the Electronic Frontier Foundation suggests, if libraries and other public institutions are not “prepared to deal with potential issues” of hosting a TOR exit relay they might also consider hosting a TOR middle relay instead. Marcina also suggests we consider installing the Tor Browser on our public workstations.

As librarians it is our responsibility to educate ourselves and our library users to ensure we are all well informed and can effectively exercise and protect our online privacy rights in Canadian society.


 

[1] Thanks to dw henning who brought this initiative to my attention.

[2] “Some smart dissident will get the idea of getting around the Great Firewall of China, which is used to censor the whole country’s Internet connection, by using an encrypted connection to a computer in some other country. Now, the Party there can’t tell what the dissident is surfing … They don’t have to know. All they have to know is that this guy gets way more encrypted traffic than his neighbors. At that point, they send him to a forced labor camp just to set an example so that everyone can see what happens to smart­asses.”—p. 41.

[3] See the “Legal FAQ for Tor Relay Operators.”

Comments

  1. David Collier-Brown

    Our Univerity Librarians at York were amazingly up on security and privacy when the nerd community had little understanding of what we were facing. So we went and asked the librarians what we should do when we had problems within the community.

    I’m glad to see we’re giving something back (tor), and encourage law librarians to jump in and see if the larger community can create some reasonable norms about what can be done.

    Fortunately, Canada isn’t into forced labour camps (;-)), but others are. For example, I’m communicating with someone in a dangerous country who wanted to move to Canada, I’d definitely want to be using tor and a reasonably good encryption program, to keep *them* below the radar.

  2. Unfortunately this is not the Keystone cops. It is actually a losing proposition. Labour camps, well Canadian incarceration rates are going up thanks in part to the current neo-liberal government. More “Scalia” like elevations like Russell Brown may hasten the process. Labour camps in the US are the prisons.

    As well, see below…

    “TechRepublic
    Michael KassnerAugust 4, 2015

    Tor’s ability to keep those who use the Tor network anonymous is suspect. The NSA admits that, although it’s difficult, it’s possible to determine the source of traffic being sent through the Tor network.

    For several years, academic researchers have been reporting that anonymity offered by Tor is not guaranteed. This US Naval Research Laboratory and Georgetown University paper (PDF) from 2013 mentions, “Our analysis shows that 80% of all types of users may be deanonymized by a relatively moderate Tor-relay adversary within six months.””

  3. Thanks for your comments Ginger. I’m including the link to the full post you mention by Michael Kassner: Tor users: Do not expect anonymity and end-to-end security.