The Privacy Conundrum

“Your right to swing your arm leaves off where my right not to have my nose struck begins.”
— John Finch

Background

Librarians have long protected the confidentiality of patron data, while also educating users how to safeguard their own information.

• In 1972, a university librarian named Zoia Horn went to jail rather than divulge information about an anti-war activist who frequented her library.
• The USA PATRIOT Act’s increased and secret surveillance powers inspired librarian Jessamyn West to create canary signs which violated the spirit of that law.
• A group of librarians known as the “Connecticut Four” successfully fought a National Security Letter requesting library records.
• In 2015, a public library in New Hampshire drew ire from the Department of Homeland Security for installing the Tor browser on their computers.
• Many libraries hold workshops and offer tutorials on how to configure your privacy settings on sites such as Facebook.

Respecting reader privacy is a fundamental tenet of librarianship. The American Library Association states it this way: “Privacy is essential to the exercise of free speech, free thought, and free association.”

Libraries are uniquely positioned to practice responsible curation of personally-identifiable information; as non-profit entities, we should have no interest in making money with customer data. There are, however, several new threats to privacy.

• Personalization features of modern library systems require the greater retention of transaction histories.
• Efforts to conduct evidence-based practice by analyzing searching and reading behaviors, along with increasing desires to demonstrate our value by thoroughly assessing library use, have also presented challenges to the security of personal library records.
• In order to reduce licensing violations, content providers would prefer to see a transition from IP-based authentication to the use of single sign on via federated identity systems tied to personal credentials. This change would effectively put an end to anonymous reading.

Libraries are no longer, for most people, the primary go-to source of information. Similarly, we don’t fully control how people access information from even within the library anymore. Search logs and related records are not only becoming more traceable to individuals, but are also now readily at the fingertips of commercial vendors providing hosted applications.

Moreover, in this day and age, the very concept of individual privacy can even be questioned. A growing surveillance complex, the rise of social media, and related economic and technological advances are all chipping away at what used to be a much more restricted flow of personal information. Is there a continued need to protect the right to privacy? Will anonymity someday become a thing of the past?

Late Stage Capitalism

My favorite comment made during the Cambridge Analytica story fallout was this snarky but apt line from comedian Chris Purchase: “If you’re surprised that Facebook sells your data then you’re the reason why packets of peanuts have ‘may contain nuts’ written on them.” It’s also interesting to note that, as I understand things, Cambridge Analytica did nothing wrong, at least in the legal sense. There’s the apparently bogus use of the word “Cambridge” to lend the company some fake prestige, not unlike the sham publishers with “Oxford” and the like in their name, but that’s hardly a crime. The Facebook data it acquired was second-hand, meaning that the company wasn’t bound to Facebook’s terms, so it was not an actual data breach.

Companies exist to make money. YouTube would regularly show beheadings if doing so helped its bottom line. Based on the ongoing monetization of videos featuring corpses and other disturbing things, that’s not far off the mark already. For-profit companies likewise aren’t offering you a storage platform or a social media conduit out of the goodness of their hearts. When you get down to it, taking the bait and joining a walled garden with an increasing number of strings attached is something most people do willingly, agreeing to the price of a “free” service.

Social media sites and other elements of the personal data economy, similar to brokers such as Equifax and Turnitin, exist by profiting off of other people’s work. I realized the scope of these corporate practices the last time I tried to sell a car. Carfax had the VIN associated with an odometer discrepancy. The reason for this was because the auto shop where I had oil changes done kept customer records by license plate number (meaning that my past several cars, which each used the same tags, were stored in one record, thus earning a red flag for potential buyers) and exchanged that information with Carfax. I sure didn’t sign any kind of release for this data about my maintenance habits to be sold.

Remember the outrage when grocery store shopping cards first came on the scene? There were lots of calls to, ‘Demand the discount without the card, otherwise leave your stuff on the conveyor belt and walk out!’ But apparently not enough people made that assertion. Now those cards are just one more accepted method of businesses tracking our behavior. Privacy is still a selling point, if only in the relative sense. Companies market themselves as caring about your privacy, from AT&T criticizing MCI, for the way it tried to get you to recruit more customers, to Microsoft bashing Google, over how Gmail delivers custom advertisements.

Speaking of Google, it’s hard to reconcile their motto about “don’t be evil” with the older adage of, “the love of money is the root of all evil.” As with the double standards exhibited by Mark Zuckerberg (who, in 2004, when writing about the Harvard students who gave him their personal data, called them, “Dumb fucks.”), the message of, “secrecy for me but not for thee” seems evident in their corporate behavior. In contrast to Google’s former CEO’s disparaging comments about privacy, for example, it took an open records request to make publicly available the “confidential” contract between Google and the University of Michigan to scan books.

There’s a lot of fine print out there for companies to try and sneak in some nasty clauses that severely curtail your rights. In the 1990s, long before the United States Patent and Trademark Office managed to offer their documents on the web, IBM graciously set up a free search engine providing the full-text of many patents. Since IBM was fairly entrenched in the patent business themselves, this seemed a natural and benevolent act on their part. They also offered to sell you copies of those documents, which are in the public domain. The real kicker, though, was an eyebrow-raising disclaimer hidden in their Frequently Asked Questions page:

I am concerned that I may reveal confidential design information with my searches. What is your policy on the management of the Patent Server access log?
The communications between IBM and the users of the IBM Patent Server site are not of a confidential nature. Therefore, any communications that you wish to remain confidential, whether they are search queries, guestbook entries, email, or any other communications, should not be relayed to the Patent Server.

I love to use Waze, a GPS with real-time traffic information, for finding optimal driving routes. As a condition of use and in order for the service to function, I must surrender both (sorta, considering the uncertainty principle) my location and speed data to the app. If enough other drivers do the same, we can receive the best directions possible. With so many people using navigation software, traffic patterns can change drastically. That’s why one town in New Jersey banned non-resident drivers who were taking advantage of their less-traveled roads.

Waze is free. It shows ads for nearby restaurants, among other things. What’s to stop it from deliberately routing me towards streets where those advertisers are situated? Beats me. Think of how ad blocking software publishers make arrangements to whitelist certain companies. There’s a fine line between providing a personalized service and deliberately manipulating users for profit.

Further suppose that a city planner asks for data from Waze so that money for construction projects can be spent where they are most needed. I’m not sure I would have a problem with this, provided the Sheriff down the hall, who by the way happens to be short on traffic tickets for the month, doesn’t also get to take a look at the individual speeding behaviors that Waze records. Sounds outrageous, doesn’t it? Probably about as crazy as the concept of speed cameras did a few decades ago.

Everyone’s a Celebrity

As much as the Internet has disrupted the traditional mechanisms for distributing knowledge, the rise of social media has altered how people divulge information about themselves. There’s varying cultural norms on what sort of things are acceptable to bring up in idle conversation with strangers. The way social media works, however, effectively makes everyone a public figure.

I’m a relatively introverted Gen-Xer and digital immigrant who plays my cards closer to my chest than most people. I usually follow the traditional practice of developing personal relationships by trading increasingly revealing information about yourself: musical tastes, medical conditions, family relationships, political and religious beliefs, and so on, rather than broadcasting those disclosures for passing acquaintances, friends of a friend, or even the entire global Internet community to all see.

Of course, if someone really wanted to dig, they could readily discover my home address, its assessed value and purchase price, my voting frequency, my government salary, and a lack of any unsealed criminal records or liens. I’ve even been doxxed, in a way, by members of a conservative organization who published my signature on a public document to recall our governor.

Social media has been linked with narcissism and depression. It operates by promoting attention-seeking behavior. The driving force behind many activities on social media is the desire for fame in the form of upvotes, retweets, and likes. This isn’t necessarily a bad thing. Look at all the random but conveniently filmed acts of kindness posted for views on YouTube. And not that I’m one to judge. When you get down to it, I’m at least partially writing this for the attention. Sure, I get to explore and formulate my ideas on a topic of interest a little more, but I have to admit that beyond the opportunity to promote my viewpoints, a desire for acclaim is also a factor.

Despite all of this exhibitionism, people still need a sense of autonomy and personal space to stay sane. We are not a hive. That’s why there are expensive isolation chambers at airports and individual sleeping compartments on board the International Space Station. Jennifer Ringley, the former lifecaster and operator of JenniCam, put it this way in 2007: “I really am enjoying my privacy now. I don’t have a web page. I don’t have a MySpace page. It’s a completely different feeling, and I think I’m enjoying it.”

Is Privacy Dead?

The Cambridge Analytica scandal and big data breaches involving personally identifiable information have drawn attention to the beleaguered right of everyone “to be secure in their persons” against privacy violations. However, the apparent willingness of many people to freely share intimate details of their lives suggest that society may not be terribly concerned with preserving individual privacy. In multiple studies, for example, people have volunteered to give away their password for a candy bar. We just don’t seem to value our personal data enough, similar to how libraries and their benefit of being free is hard to communicate.

It used to be sensible to claim that there should be no reasonable expectation of privacy in a public place. But what happens when every single face, license plate, and movement in public is recorded? That seems to put the adage into new territory, and why, speaking in 1999, Sun Microsystems CEO Scott McNealy declared, “You have zero privacy. Get over it.” Transparency can be a good thing, of course. Police body cameras, when they’re not suspiciously turned off, would help prevent abuse and bear witness against false claims. Dashcams similarly protect faultless drivers by recording their actions. Cartapping, on the other hand, is more of a grey area.

You don’t have to believe the singularity is coming to accept that the amount and proportion of unused “dark data” will be decreasing as technology advances. Wrongfully imprisoned people will be exonerated by a better analysis of the genetic evidence, athletes who took performance-enhancing drugs will be stripped of their medals once testing procedures can more greatly scrutinize their stored blood samples, and then there’s all of that stuff you did which you thought would always be kept private.

Everyone has secrets they would rather the world at large not know about. Consider the multiple variations of this seemingly apocryphal story:

There was no preaching in this town last Sunday, and all in consequence of a practical joke perpetrated by a lively young girl. The young girl, inspired by the world, the flesh, and a little devil mixed, sat down on Saturday evening, and sent a note to each of the pastors. The missives were on tinted paper, and written nicely. They each contain these words: “All is discovered — fly!” Nine of the preachers fled to St. Louis and three went West.
—Kansas City Times, 1876

We have to rely upon archaeological forensics to determine what happened during prehistory. More recent events are also open to interpretation, due to limitations of the historical record. If everything were to be recorded, what then would become of our history, not to mention our behavior? Think of why it seems oddly out of place to watch classical mysteries on futuristic shows such as Star Trek. You have people running around trying to solve a crime instead of simply asking, “Computer, who assaulted this person?”

Libraries used to put cards in the back of books to track who had them checked out. This was a privacy violation, admittedly, but done in the name of the low-tech circulation procedure in place. Some of the early Google Book scans dutifully reproduced these catalog cards. Most are probably blurred out by now, just like Colonel Sanders is in Google Street View. Upskirt photos, however creepy, are usually deemed legal, whereas taking a photo of unwilling and naked strangers in the gym locker room, not so much.

Certain information should be obscured. The CEO of the identity-theft company LifeLock found this out the hard way when he put his Social Security Number on their website. His identity was stolen thirteen times. Although, kudos to him for serving as such an easy mark. He lured away cyber-criminals who could have been targeting me. The basic measures I take to secure my personal data are admittedly passing some of my risk from being hacked onto others.

We want in on things. That’s a big reason why one-sided cell phone conversations are so annoying. It’s also why there were multiple assaults committed against “Glassholes.” As with my Carfax experience, ubiquitous surveillance takes away others’ ability to have a say in how their data is used. As a 1983 ruling by a German court stated, “Limitations to this informational self-determination are allowed only in case of overriding public interest.”

People are willing to trade their private information for services from reputable companies, as with the Waze example above, or to be provided the semblance of a little more security, in the case of eavesdropping by law enforcement. There are potentially chilling effects when a government preemptively tracks its citizens, however. A secret police force lacks accountability, as a member of the press who was recently banned from taking a plane in China could tell you.

The reason anonymous tipsters are protected by journalists is that people would potentially reveal and consume information differently if they lacked the freedom to do so anonymously. The 1992 novel Snow Crash describes a person’s modified behavior in such a bureaucratic work environment: “She scans through the memo, hitting the Page Down button at reasonably regular intervals, occasionally paging back up to pretend to reread some earlier section. The computer is going to notice all this. It approves of rereading. It’s a small thing, but over a decade or so this stuff really shows up on your work-habits summary.” If this situation seems a strange fiction, you probably missed the story about a Chinese school using face-recognition technology to track if its students are paying attention.

The Moral Landscape

When universal maxims are in conflict, choices must be made over which values take priority. Most people had little qualms about the Florida librarian who told the FBI that the 9/11 hijackers used her library’s computers, for example, despite the fact that she violated those patrons’ privacy in doing so. Even “a man’s home is his castle” is not an absolute. You have public utility easements, are subject to eminent domain, and must abide with other limitations to your airspace and mineral rights.

Many people have rather situational beliefs about the privacy of themselves and others. Are Bill Clinton’s infidelities fair game for political conversations? How about Donald Trump’s? Compare the sentiment behind, “I love WikiLeaks!” with that of, “He’s a leaker!” Does the public have a right to see the president’s tax returns? Can lobbyists hold secret meetings with public employees? Should Waze be allowed to show where reported speed traps are located? Former Milwaukee County Sheriff David Clarke called this feature an “officer safety hazard.”

Last year, my employer announced that people who voluntarily participated in the free health screening it offered would receive a benefit of lower premiums the following year. Seems like a win-win for public health, right? Well, academics are far more likely to employ slippery slope arguments than adhere to the principle of charity. The furor over what this precedent could signify forced the university to cancel the incentive. To be fair, the unwilling use of biometric data, from Henreitta Lacks to the relatives of the Golden State killer, raises many ethical questions.

It’s easy to state that criminals shouldn’t have any privacy, but doing so makes it harder to claim privacy protections for yourself. This story from journalist Glenn Greenwald illustrates the point perfectly:

Over the last sixteen months, as I’ve debated this issue around the world, every single time somebody has said to me, “I don’t really worry about invasions of privacy because I don’t have anything to hide.” I always say the same thing to them. I get out a pen, I write down my email address. I say, “Here’s my email address. What I want you to do when you get home is email me the passwords to all of your email accounts, not just the nice, respectable work one in your name, but all of them, because I want to be able to just troll through what it is you’re doing online, read what I want to read and publish whatever I find interesting. After all, if you’re not a bad person, if you’re doing nothing wrong, you should have nothing to hide.” Not a single person has taken me up on that offer.

A new wave of privacy legislation, including some European developments such as the right to be forgotten and the added safeguards of the General Data Protection Regulation, raise some interesting ethical quandaries that pit privacy rights versus free speech. If a librarian, charged with preserving information, is presented with a request for assistance in delisting personal data, where should their loyalties lie? As put by a colleague of mine, “What is the role of a librarian in a world that forgets?” If you think about it, if privacy was of upmost importance, it would be hard for libraries of public records to even exist. Which brings us to our final provocative question:

Is Privacy Censorship?

What business do libraries have in actively restricting the flow of information, anyway? In other words, do efforts to exempt certain privileged material constitute a dichotomy with our rallying cry of “information wants to be free”? Aren’t we supposed to be facilitating the sharing of knowledge? For a profession so ardently anti-censorship, the desire to place limits on the distribution of personal data is an apparent exception to this principle.

Someone else’s right to privacy is in a sense a limitation of my freedom to know more about them. So when does their right to privacy trump my right to know? Do I deserve to be informed if my neighbor is a registered sex offender? How about if they are in the Witness Protection Program?

As a fairly left-leaning individual, even amongst librarians, I firmly believe that every DMCA takedown, every restrictive paywall, every embargoed publication constitutes theft from the public’s right to read. At the very least, they are missed opportunities to promote a more educated populace. I am generally against the concept of “intellectual property,” and view the ownership of ideas as a negative right to prevent others from using them.

That said, there should be exceptions to freely sharing information when it’s done with harmful intent:

• Those spouting patent mistruths, such as Holocaust denial, do not need to be given a platform.
• Publishing misleading information, including works that encourage others to break the law, has been banned by the courts.
• Another interesting case of bearing false witness was the apology from someone impersonating a Dow employee about the Bhopal disaster, after which, “Dow’s share price fell 4.24 percent in 23 minutes, wiping $2 billion off its market value.” Although activism like this is arguably warranted, deceptive practices set a bad precedent.
• The moral rights violation of stealing writing credit from others, namely by committing plagiarism, is frowned upon for similar reasons.

Revealing supposedly “confidential” information is a trickier issue. The concept of an illegal number is dubious at best, for example. The journalists I mentioned earlier who protect their informants also view it as their job to uncover people’s secrets. I’m sure the publicized victims of the Ashley Madison hack would have preferred their customer data remain private. Then there’s the cases of Plamegate and the Bork Tapes, where journalists violated the privacy of others in the name of supposedly reporting for the common good. Hulk Hogan also bankrupted Gawker for their publication of what amounted to revenge porn.

Think about when embarrassing information is revealed by the media. This has happened to anti-gay activists with Grindr accounts and even a closeted dominatrix librarian. An editor for The New York Times explains their mission this way: “It’s our job to find information that was believed to be truthful and is worthy.” In comparison, after an act of gun violence, we are seeing a concerted effort to publish more stories with titles such as “Profiles of the Victims” rather than those following the now discouraged practice of naming the perpetrators of mass shootings.

Can an author revoke a copy of their published work that a library has? This actually happens in the case of withdrawn government documents. My library’s purportedly open access repository also contains doctoral theses that you cannot yet download because the creator has elected to restrict access until a future date. Dissertation authors usually choose to exercise their rights in this fashion in order to either later publish their work commercially or to prolong the timing of protections for making exclusive legal claims based on their research, such as with patent revenues. As a librarian committed to the open spread of knowledge, I have a fair amount of consternation with these scholars’ decisions to conduct their business this way. However, it is obviously something which is allowed by the department and college granting the degree as well as our institution as a whole.

What is the basis for determining the sort of facts deserving protections, if any, compared to materials which should be freely available? And does it matter if the person seeking that information is an historian, a stalker, a for-profit company, or the government? Is there any difference between asking these questions at the reference desk:

• “I’m researching the methods used to chemically castrate Alan Turing. What’s a good source for me to start with?”
• “I need to know what my kid has checked out because I’m worried they’re not sticking with their conversion therapy.”
• “I’m with the FBI and I want to know who has read any books you have on growing marijuana.”

Where to draw the line between generic information to be shared and personal information to be kept private is obviously subjective, but I still think a case can be made for at least acknowledging there’s a categorical difference. An analogous distinction in psychology exists according to the theory of episodic and semantic memory. Semantic memory is the storage of scientific facts (e.g., the Earth orbits the Sun) whereas episodic memory is a personal recollection (e.g., my first-grade teacher was Mrs. Hess).

As with the case of criminal behavior, merely desiring information about yourself be kept secret shouldn’t automatically entail that the public lose its right to know. On the flip side, there are records already out there which should perhaps be afforded additional protections. In 2016, a researcher scraped and published thousands of online dating profiles, claiming their actions were justified because “the data is already public.”

A Final Caveat

Rights that aren’t asserted have a tendency to disappear. Greater demands to surrender more and more information about ourselves, to both businesses and the government, are shaping our expectations for the future. Imagine what someone from the past would think about the amount of personal data we already no longer have control over. And once we give out our information, that genie can’t go back in the bottle.

Census records are supposed to be anonymous. The recent debate about a rather transparent tactic to include a citizenship question on the 2020 Census should be considered within the context of the fact that the United States government used census records to identify and imprison law-abiding citizens and their families during World War II.

Technology is a boon for many aspects of our lives. As a librarian, I regularly see the advances in ways it allows us to transfer knowledge. But just because we can now share so much, the question of if we should needs to be asked, especially when the less exhibitionistic of us don’t want information about ourselves to be known by the whole world.

It’s worth being optimistic about the future we are all working towards, but we shouldn’t let it cloud our perception of threats to our way of life. Psychologist Daniel Kahneman explains matters this way: “Most of us view the world as more benign than it really is, our own attributes as more favorable than they truly are, and the goals we adopt as more achievable than they are likely to be. We also tend to exaggerate our ability to forecast the future, which fosters overconfidence. In terms of its consequences for decisions, the optimistic bias may well be the most significant cognitive bias. Because optimistic bias is both a blessing and a risk, you should be both happy and wary if you are temperamentally optimistic.”

Further Reading

• The Aisles Have Eyes
• Anonymity (forthcoming)
• Don’t Give Away Historic Details About Yourself
• Fascism: A Warning
• The Right to Read
• Should Social Media Companies Pay Us For Our Data?
• What Congress Should Know About the Internet