A woman was trying to apply for a job at a major retailer. She had to fill out an online form that prompted her to create a username and password, and then enter personal information down to the last four digits of her Social Security number.
"How do you know if it's real?" she asked me, already agitated because her computer session was about to time out. The last time she tried to do something like this, she ended up on some sort of scam website.
As a librarian, I talk with people all the time who are uncertain about who and what to trust online. Teaching information literacy, whether in a classroom or one-on-one, is a big part of what we do, and knowing how to use the Internet safely is an ever more important skill given the extent to which online platforms are part of our lives. But public library staff, overworked and under-funded, often aren't equipped to assist their communities with tasks such as learning to use encryption and anti-tracking tools. We have a critical function in technology education, and there's so much more we could be doing.
It's often said that most people nowadays have given up on privacy and simply accept the loss of control over their data. But the fact is that 86 percent of adult Internet users in the United States have taken some sort of step to protect their identity or activity online. Well-publicized security breaches and revelations about surveillance over the last couple of years - Target, Heartbleed, the NSA - have further raised awareness of the need to secure our data as much as possible. People aren't apathetic; they feel helpless in the face of the bewildering array of threats they face, frequently lacking the time and computer skills to adequately evaluate websites and online tools.
Privacy is about control
Where do public libraries come in? Well, they continue to play a significant role in many people's lives. Libraries are well-regarded institutions. Librarians organize and preserve scholarship and cultural production. We put books and articles in your hands. We read to your children, suggest research techniques and show you how to use a mouse. We help you find information about the medical tests you're scheduled to undergo, the civil service exam you want to pass and the self-help books you want to read.
Libraries have also tended to take a strong stand on privacy. The third principle in the American Library Association's Code of Ethics is, "We protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted." As Iowa public librarian Laura Crossett likes to tell people, your library record is as confidential as your medical records - if not more so.
Your book-borrowing history is not the only thing your library manages. There are over 16,000 public library buildings in the United States, and nearly every one offers computers and Internet access. At all hours of the day, my library is full of people online — connecting their laptops or tablets to our free Wi-Fi, or using one of our desktop computers. Many of those who come to libraries for Internet access are among the most vulnerable in our society, and without the resources libraries provide they might not have access at all.
Privacy, in the end, is about control. It doesn't mean that people don't or shouldn't put personal information online; it means that we want to share that data with whom we intend to share it, in ways that we understand, and on platforms from which we can easily and permanently remove our information if we change our minds. Google, Facebook and other major Internet corporations, by contrast, may be calling on the U.S. government to curb surveillance, but they have their own plans for how to turn our data that they collect and retain into shareholder value.
Like any other institution, of course, libraries are beholden to interests, which can inhibit their potential. Library staff as well as patrons are heavy users of Google and other big-data platforms, and in some cases these companies are looking to partner with libraries. E-books and digital rights management present privacy issues within library collections. Library trustees often come from the business sector or other layers of municipal power structures and may bring correspondingly conservative outlooks to library operations. Due to convenience and limited in-house resources, it's typically easiest for our IT departments to focus on deploying well-known proprietary operating systems and applications, such as Microsoft products, rather than free and open source alternatives such as Linux. Library directors also have to be conscious of the potential liability of engaging in politicized projects. This can amount to a challenging environment for teaching people about liberatory uses of technology.
At Brooklyn Public Library, some colleagues and I worked with the researcher Seeta Peña Gangadharan on a digital inclusion study that involved discussions among many staff about what we see library users doing and knowing — and not doing and not knowing — when it comes to Internet safety and security. We also talked about our own areas of unfamiliarity and ignorance and started envisioning some ways we could do better. In addition to the usual email basics and word processing classes, for instance, what about workshops in coding, encryption and safer web browsing? Last month, my library hosted a CryptoParty that attracted almost 40 people representing a range of tech savvy. This past fall, we put together a panel on online surveillance called "Nothing to Hide?" (You can watch each of the speakers online.)
Massachusetts public librarian Alison Macrina manages her library's IT department and also works at the reference desk. She told me that once library users catch wind that she knows about technology, they seek her out to talk about things they don't necessarily bring up with other staff. "They'll say, 'Oh, you know about this? Let me ask you all these questions I've had on my mind,'" she said. She recommends browser plugins and advises people to consider covering their laptops' built-in cameras. Recently she installed HTTPS Everywhere so that people using her library's public computers browse the web with secure connections. She's planning, with advice from the ACLU and other privacy advocates, to teach a two-part class in local branches this summer called "Privacy and Security in Your Online Life," which will serve as a template for other libraries. Macrina, social science researcher Jessa Lingel and some other librarians have also put together a zine about anti-surveillance resources under the auspices of Radical Reference.
It's pretty easy to find privacy tips online, but nothing compares to having a trusted and experienced person to guide you through the process of deciding what to install on your laptop or how to make your smartphone more secure. Libraries are an existing network that can be harnessed to create a society with the skills and resources to protect privacy and digital rights. Library workers can also grasp the utility of a flexible "digital harm reduction" framework that takes into account the fact that, for better or worse, people are going to be communicating with loved ones via Facebook, logging into their primary email accounts over our public WiFi networks and entering their Social Security numbers into government websites on computers that may not be their own. As Seeta Peña Gangadharan argues, "Data literacy can't be taught by parachute or evangelism. The best thing would be to give resources to schools, libraries, and other community anchor institutions to teach this new material."
One library at a time
If you're knowledgeable about technology, consider proposing a workshop to your local library. Keep in mind that training a diverse group of adults, especially on a technical topic, involves more thought than simply preparing a procedural class that goes through individual tools. Be sure to explain the principles behind them and, crucially, how they fit into people's worlds and why they should care.
If you work in a library, how can you expand the privacy paradigm to include protecting not just your patrons' book borrowing histories but also their communications online? Library staff work closely with all sorts of people, but our worldview can be shuttered. How can we librarians diversify our ranks and recognize how race, along with other identities and life experiences, affects how people react to a surveillance state? Laura Crossett regularly distributes a handout about privacy at her library, a section of which asks, "Is privacy a right or a privilege? Do corporations protect your privacy? Does government? Do you protect your own privacy?" These types of high-level questions should help direct our work in libraries, and we should be encouraging members of the public to reflect on them as well.
Librarianship may be shaped by the broader society, but it is also marked by opposition to a dominant commercial culture. Librarian Barbara Fister reminds us that libraries do something Google and Amazon don't do: "We serve communities, not just customers, and our goal is the common good, not profits."
Public libraries' roles are currently evolving, with shifts to focus on digital resources, knowledge creation (in addition to consumption) and "making." I think, amidst this re-imagining, we have to claim an educational role that meets the need for guidance in a confusing digital world. In addition to instructing people on using e-readers and dealing with two million search engine results, we should be supporting resistance to life under surveillance. Collective action can push us there, which means communities must demand these services and expertise from their libraries — along with levels of funding to ensure they are as autonomous as tax-funded establishments can be, including from the tech industry.
The library is one of the few institutions that has the potential to organize communities to access and produce information responsibly and safely. Libraries connect people with resources, facilitate inquiry and popular education, and are accessible and highly trusted. For the growing movement fighting for an alternative to a culture of surveillance, they are an excellent place to start.