Privacy in a Digital Age: Keynote Presentation by Bruce Schneier

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

good afternoon good afternoon and welcome everybody it's good to see you I could have your attention we're going to get started I think I know most of you I'm Joel Rosenthal president Carnegie Council and I want to begin by welcoming our colleagues from the Carnegie UK trust this event is part of a study tour organized by the trust inquiring into the future of public libraries and as a subset of that question the issue of privacy in the digital age we began the discussion yesterday at the offices of the Carnegie Corporation and at the New York Public Library and we're delighted for the opportunity to expand it in a broader discussion with all of you today one of the advantages of being a Carnegie organization is that we benefit from the ideas inspirations and good works of our sister institutions the Carnegie UK trust is an extraordinary organization based in done firm land Scotland the birthplace of Andrew Carnegie's the Trust's programs influence policy and deliver innovative ideas to improve well-being across the United Kingdom and Ireland I particularly admire the Trust's creative effort in community engagement at the local and municipal levels their motto captures perfectly the Carnegie ethos changing Minds changing lives their work is fact-based inclusive open and pragmatic and this I think is the Carnegie signature this meeting gives me the opportunity to publicly thank the leadership of the trust and although they're not present today outgoing chairman Angus Hogg and executive director Martin Evans have demonstrated admirable stewardship of the Carnegie legacy trustee Albert Tucker who is here and who will speak in a moment is representative of this impressive leadership team I would also like to recognize and a grant they had a zone of the study tour who's done an excellent job in organizing the program thank you Anna where are you she's in the back doing all the work that's how it always is for Carnegie Council Trustees are here today and I'd like to recognize them as well rich Edmund Jonathan gage David Hunt Bob Perlman Andrew Carnegie believed deeply in the leadership capacity of trustees who would be true to the founding principles of the organization and yet always ready to adapt to new challenges I think he'd be pleased to see all of you here today working in this vein more than a hundred years after our founding so I've been asked to say a few words of introduction to set the frame for our discussion the real experts will follow me but I want to offer just three observations very briefly to get us started first a moment of a word about the moment that we're in now we all know that Apple can track our movements through our mobile devices this includes how many steps you take per day where you go how many flights of stairs you climb Facebook can record our interests in news hobbies travel consumer purchases Google can track our internet searches on every subject professional and personal Amazon can sell you a voice recognition personal assistant called echo that listens to every conversation in responds to your commands and requests Amazon can also sell you the nest home monitoring device tracking the temperature in your home your electricity usage and the security video of who comes to your door music vendors like Pandora catalog the music you listen to national governments compiled data bases on taxes communications and security threats local governments and their agencies such as libraries know which books you read most organizations can tell whether or not you open the emails and electronic newsletters send you they can see which stories you click on and how long you spend reading each one all of this information is collected and stored digitally in his book free speech ten principles for a connected world Timothy Garton ash sums it up perfectly in one phrase he says we are all tagged pigeons now several other writers invoke another image to make the same point they mentioned Jeremy Bentham's panopticon the panopticon was Bentham's designed for a prison where all the inmates could be watched by a single watchman without knowing if they were being watched or not the idea of an all-seeing omnipresent eye is chilling at a basic level and this leads to my second observation that is how should we think about control of the information that is known about us again to quote Timothy Garton ash who spoke here not so long ago and some of you may have been present for that he says a basic principle must be that my data remains mine not yours to data mine citizens should have what the Germans call informational self-determination an advocacy group called privacy international puts it this way privacy is the right to control who knows what about you and under what conditions but as we've seen the arguments over the so called right to be forgotten that is the right to be off the grid so to speak there are deep-seated cultural differences over what this right entails debates are ongoing as to what exactly constitutes the conditions under which a right to know outweighs the right to privacy finally it's important to remember that we're not without moral or legal compass when it comes to the idea of privacy as a right and as a condition of well-being for all of the novelty of our current situation we should probably be skeptical of the idea that it is unprecedented for example Timothy Garton ash reminds us that in 1890 a law review article written by Samuel Warren and Louis Brandeis was titled the right to privacy it laid out principles that remain relevant to this day including the idea that there should be protection against intrusion into private affairs and public disclosure of embarrassing facts so how we develop and adapt ethical principles around privacy in the Internet age is an open question our study group that is with us today with its focus on libraries may have a special contribution to make and we believe that they do libraries have always been an important have been important norm setters for community engagement we believe they will continue to play this norm setting role well into the future privacy is a fundamental human value the stakes are high in the conversation important so this is a big agenda I know but if not us then who fortunately we have great speakers here today to lead the way and I'm going to turn it over to them I want to thank you all for coming and now turn it over to my colleague Albert Tucker thank you very much Thank You Joel good afternoon and thank you so much for welcoming us here and New York in this wonderful space and thanks to our colleagues Joel and colleagues up in Canada Council for hosting us we've been taking in this wonderful city of your of ours we returned ownership as well and haven't been looking and walking around the city and visiting the museums and discussing this issue at the connect you K Trust which is one of the family of community organizations we very much a live work to what an evidence-based approach to change so we try and understand impartial and without prejudice what the situation is trying to empower citizens to try and get people to really think about the issue but also to try and understand feelings weirdly in the policy world people don't talk about feelings too much how are people feeling about things and will that help us change we also put a great deal of stool in learning from others the people who think about these things the people don't work with them the people are activists in these areas we're interested in changing and empowering citizens in so this is a part of that process so there's there's 12 of us from across the pond here and from across the UK representing different aspects of the UK different aspects of the world different skills in this area but also not just in this area we have a much broader frame in fact probably the person who least knows about how libraries function is myself but but actually the task at hand is critical going forward I think so I just quickly to say who we are and the fact that you would all comment and share room with a with a gang of British and people come in to talk about secrecy and privacy and data protection is their testament to your interesting issue as well but I just want so you know who the people are in the room we have I think these are some of the readings thought leaders in this area and we're hoping that from understanding it more we can have a much broader reach with this group of people who are have the reach influence ability and energy to actually make a difference and together hopefully and promote we learn from people like yourself we can take forward so and we are people who are responsibility from the libraries networks people who advise in government and institutions on policy we have key members of the Carnegie team we're going to take this forward we've got people who are also working on consumers and how they engage with libraries and digital digital world where are people who are going to influence what kind of IP and digital technology people who run a community-based libraries and independent of independently and trying to make that really response to consumers those who are challenged about how libraries really listen to the people who use them and what future role they can play so we cover a wide range but just quickly to say who we are here I just so I don't miss anybody else we've got marching wait who is with us if you could just stand up and give a little way so we're people know who you are Martin's there I would tell you too much just catch up with people when you when when you want to we've got Tricia Ward who is here with us and we've got Neal with a Katherine Stiller who is an LEP a number of the european parliament and really has been a supporter of the trust and in our work with libraries ryan need okay Kyra who you going to hear from later odd sorry Brian Ashley respond there you go and we're a parent and we we really have been trying to look and understand issues as I've seen here and we have also got the two people who keep us in order and make sure we actually meet the brief I'm not enjoy New York too much and is we've got Douglas White's from the trust and Anna Anna Anna who's been really organizing everything for us so thank you very much for having us here so the format Joanne informs me slightly different to the usual format here so maybe I should explain that a little we're going to have Kiera is going to tell us a little bit about the experience in the UK just to give us a sense of points of difference later when we reflect then we will have them where I think we're very privileged to have Bruce Schneier here we're going to talk to us from from his experience of this and I wait to hear what that's going to be about which directions is going to take us in Deborah who despite having injured arm is here with us and then we'll be responding to what we hear and then we will have questions and answers which we can we really would like for you to look at this issue around the ethics of it the differences between our different countries maybe if we understand that clearly what some of the challenges are some pointers for the future and food for thought I'm a king one for food for thought are there things we should be thinking about going forward from your experiences and your areas of expertise that would be most helpful and we should be looking to finish by three there's still food and drink so if do feel perfectly free and able to go and top-up so you're not you know chained to your chairs or restricted and I will be only treating you very harshly because you get up and go and have I would see it as part of the process of stimulation of the mind yeah so as I've said for us this is really important the exchange of information sharing and meeting you or particularly at the friend's house that's that's like a great fun so without any further ado I'll ask here to come and tell us a little bit from her perspective on the issue Thank You Elvis and hello everybody and what I'm hoping to do in just the next five to 10 minutes is give you a very quick overview of the position for libraries in the UK given the time constraints I'm not aiming to be completely comprehensive so I trust that you'll trust me to give you the highlights and my colleagues from the UK any errors or omissions on my own so what I'm hoping to do is to give you a flavor of the kind of multi-dimensional position in the UK in terms of libraries and this issue because it's not simple or straightforward so I'm going to talk through the different stakeholders in this space and first of all I want to talk and start with the perspective of libraries the most important asset are staff they are delivering services directly to the public across the UK in over 4,000 public libraries and it is our staff really that are helping us helping people within their communities navigate these issues around data and privacy on a very regular basis stay in day out through our network of free public internet provision through Wi-Fi and fixed PCs in libraries the public library has become the place of first resort and last resort for citizens who need access to online services where once people would have gone to the Job Center on the high street to look for work they now come to the library to complete their required 35 hours a week online searching that they need to do if they cannot demonstrate that they are doing 35 hours a week online searching they risk losing their benefits where do they go the library where once people would have gone to the housing office in their local community to look for counsel or social housing they now come to the library to browse available properties of which they're often not very many and bid bid for the best ones available so the cutbacks that we've seen across all the public services in the UK over the past five years mean that increasingly libraries are the only Civic space within communities for those seeking information and support and against that backdrop our staff are performing an incredibly important but often invisible job in helping those people to access government services and I think in doing this they're carefully navigating issues around privacy and data and they're often very vulnerable people they're serving who lack literacy skills sometimes with mental health issues who perhaps unsurprisingly often need fairly significant support in terms of setting up email addresses setting creating passwords and generally engaging in the online civic space where sometimes usability and accessibility of online services is not as good as it should be I'm fairly confident from my own experience within my own team in Devon that our staff working across libraries in the UK are very conscious of these privacy and issues though I say that without any solid evidence we don't specifically train staff to address these issues in any detail and as far as I'm aware there are few if any privacy policies and existence in UK public libraries turning now to what's happening at a library leadership level in the UK the Society of chief librarians otherwise known as fcl catchy title we're the body that represents heads of library services in England Wales and Northern Ireland and we've been working at a national level particularly within England since 2013 to develop a series of Universal offers around the five key areas of Public Library provision reading learning information digital and health sorry with a further offer around culture being launched shortly now we've used the framework of the universal offers to enable us to develop national partnerships that can be levied for benefit at a local level to advocate the reach and impact of public libraries to leave a more investment into service development to drive innovation and aspiration and to train our staff in the skills of a 21st century library service specifically in relation to the issue that we're talking about today our Universal information offer has been particularly successful in developing a clear sense of what the key issues are for supporting people to gain access to online services so in 2014 over 80% of England's public library workforce thousands of people participated in online learning to develop their digital skills so they're better able to support library customers and in 2016 just last year STL secured a place from the government digital services framework for assisted digital and Digital Inclusion services very snappy title I think you'll agree and that means that as individual government departments move their services online they should use the framework to tender for support so that barriers around disability or literacy should not prevent people being able to access those services at SCL we work very hard to sign up 251 different library services across England to this framework that had never been done before that the carrot for all library services was for the for the first time library services might get paid for what they've previously been doing for free just as an example of that the the library service on the Isle of Wight very small library service has recently undertaken a pilot as part of the framework to test out new approaches to the census as the next census in 2021 will be done entirely online which I believe is the same here could this be a real opportunity for libraries to be center stage for the work around the census in a few years time our Universal Learning offer has focused on developing the skills to help our staff shape a much more engaging lively dynamic digital offering we've developed a resource called code GREEN that encourages innovation around hackathons raspberry pies maker spaces all sorts of engagement and within the universal digital offer SEL has pioneered a digital leadership program supporting existing and up-and-coming leaders with the skills and confidence to lead in the digital space issues such as Hera library leaders should be shaping the marketplace within terms of procurement have been amongst the topics discussed by those digital leaders and we've established a national innovation network so that best practice and ideas around digital services can be shared easily within the network we've shaped an initiative called access to research with academic publishers so that people using our libraries have access to high-quality reams and reams of high-quality academic research which they previously could only access through University and they can do it for free in their local library so there is much the SEL has progressed at a national level that's relevant to our discussions about data privacy much that could provide some of the building blocks that could help us take that the conversations from our study trip and make things happen but but I have to say that the issue of data privacy is not one that ranks highly on the list of library leaders today too often the brains of library leaders people like myself leading a library service Neill leading a library service are preoccupied by austerity and the need to cut significant sums of money from the library budget these discussions can become all-consuming and get in the way of broader and important discussions about the role and impact of libraries within communities other issues just briefly to give you a flavor on that I think a pertinent in this space relate to the changing governance structures within UK public libraries so we're seeing increasingly that libraries are being handed over to volunteers and run by volunteers what guidance and support are those volunteers being given around data privacy I'm not sure that we know and in organisations like my own which are now operating as spinouts from the local authority in pursuit of a much broader base of income operating models from the commercial sector we'll will there be more of an expectation from our boards from our funders to look at how we commercialize our own data more positively how can we use our data to shape new services using the techniques of the private sector to provide better more targeted services for our existing and potential users an issue that Carnegie picked up recently in its shining a light report on UK public libraries finally there are reasons to be cheerful we have some emerging good practice we have all cheerio who is here with us on this trip who is almost single single-handedly showing us some new possibilities she hosted crypto parties in Newcastle libraries and is gradually growing a public debate in her City about the potential of libraries around privacy we're seeing a growing interest in open and big data with services like my own being much more interested in sharing our datasets with others and overlaying them with other datasets such as those around deprivation we're doing it with an open mind we don't know where it's going to take us seeing what might come but we are hoping certainly Devon that the act of sharing our data itself will begin to open up new dialogues about the role that libraries play and the social impact that they create in communities and at a national level we have silat a professional body actively shaping this space and collaborating with Carnegie and others to push the agenda forward so in summary our experience in the UK tells us tells us that our communities particularly those who are most marginalized and potentially disenfranchised are in need of support from us on this issue we know too that our workforce are already responding positively to those needs and helping their users navigate sensitive issues around data privacy we know that they need more practical support in terms of both training and privacy policies to provide a framework for that public engagement as library leaders we're confident that we have many of the building blocks in place through the universal office and our national partnership to take forward this agenda and we know that we can tap into the expert and support of national organizations like our professional bodies Philip the Carnegie trust and our other non library colleagues on this trip you've much knowledge to share I think it's fair to say that this week in New York we're learning huge amounts I've learnt an awful lot which will help us connect up the conversation back in the UK and we look forward to learning more in this afternoon's seminar that will enable us as library leaders to take forward libraries really important role as educators conveners data processors and purchasers in the area of data privacy I think the issue strikes at the heart of our professional DNA as librarians it's what motivates most of us to keep working in libraries that sense that we are here to ensure the access to information for everybody and in they were speaking for my colleagues I think from the UK we really look forward to exciting new possibilities in our library policy and practice inspired by this trip thank you um the report that Kieran mentioned shining the light is a report that deep Trust has done looking at the use of libraries and Anna our colleague and I grant over there has lots of copies if anybody is interested to get some copies for her from her but we found in that report that actually libraries are still very very valuable valued in our in our context that young people are using libraries more which I personally didn't think was the case also that people are using libraries and wanting to use libraries for more things but we also realized that people didn't know enough people didn't understand enough how best to use it so some of the things people were asking for some of my colleagues are already introducing in their environment what people don't know enough about what is available we also are hearing more about the convening power of libraries in our areas from that report but also yesterday we found out that in your public library that the libraries are being asked by the city to actually educate the citizens on data protection and privacy and and for us that is really interesting nothing really really interesting move about the role of libraries and educators not just for the knowledge base other educators and I support in this whole issue of data protection and privacy so from that point I come to Bruce Bruce's all my notes tell me is the security guru internationally renowned security guru so I can't wait Bruce thank you thank you thanks for having me thanks to the ok colleagues for inviting I'm using the microphone that's here so I don't need that one let me know if you took a good copy all right uh I grew up in New York so it's always nice to be back I want to give up people who are visiting the UK a little advice those cookies in the center the round ones those are called black and whites when I was a kid they were much bigger oh yeah the way you eat them is you take the cookie break it in half separating the black from the white eat the chocolate and then leave the other half of your sister always work for me so Joel talked a bit about the things around us in the data they collect and I think it's worth talking about what's happening and and why the fundamental truth is that everything we do that involves a computer creates a transaction record it's some data about the transaction whether that's browsing the internet using or even carrying a cell phone making a purchase either online or in person with a credit card walking by any internet of things sensors saying something around an Alexa that's turned on walking past any of the millions of security cameras in this city in London everywhere but all of those things produce a record of what happened a data is a byproduct of any socialization we do in the information society phone calls emails text messages Instagram posts Facebook chatter this is all data this data is increasingly stored and increasingly searchable this isn't just Moore's law and operation data storage gets cheaper data processing gets cheaper and things that we used to throw away we now save you think of email back in the early days of email I would carefully curate my mailboxes I had hundreds of mailboxes I figured out what to save at the throw away I looked back recently in 2006 I stopped doing that before 2006 hundreds of email boxes an 2006 ad Senate because for me for email in 2006 search became easier than sort by that threshold has largely been crossed with pretty much everything it is much easier to save everything and to figure out what to say and the result is that we're leaving this digital exhaust as we go through our lives this is not a question of malice on anybody's part this is simply how computers work and this change has brought with it a lot of other changes but our nature of using data has changed it used to be uses we would save data for historical reasons to remember what we said and what we did to verify our actions of some third party to let future generations know of what we've thought increasingly data now drives future decision-making that's the promise of big data that's what machine learning does and I'll talk about that later this data is surveillance data the phrase you might remember from the early months the Snowden documents was a term metadata metadata is data about data it is data the system needs to operate so for a cellphone call the data is the conversation on having the metadata is my number the other person's number the date the time our locations the call duration for email the data is the message I'm typing the metadata is the from the to the routing the timestamp we can argue about the subject line metadata is surveillance data in those early months of the Snowden documents President Obama said don't worry it's only metadata but let me give you a little thought experiment imagine I hired a detective to put you under surveillance I'm sorry to judge - please drop on you that detective would put a bug in your home in your office and your car and collect the data the conversations that's what you know and I say that when said we're not collecting that now that same detective put you under surveillance he proves a different report where you went what you did who you spoke to what you purchased what you looked at that surveillance that's metadata metadata is actually much more important than conversational data it tracks relationships attracts associations it shows what we're interested in who is important to us it fundamentally reveals who we are nobody ever lies to the search engine and it's also easier to store to search and analyze and right now we are in the golden age of surveillance we are under more surveillance than anybody else in human history by a lot and it has some interesting characteristics it's incidental it's a side effect of all the things we want to do its covert you don't see the proximately a hundred internet trackers that are tracking what you're doing as you browse but even they were standing behind you you'd say go away right I'm doing something private but they're in your computer they're hidden their covert you don't didn't see most of the cameras when you walked here they're there it's hard to opt out of taking very hard not to be under the surveillance and I can't not use a credit card I can choose not to use Gmail to say I don't want Google having my emails I'm not going to use Gmail and I don't but last time I checked Google has about 2/3 of my email because you all do and it's ubiquitous it's happening to all of us everywhere because everything is computerized and ubiquitous surveillance is fundamentally different we know it surveillance is like we see it on television it's follow that car but ubiquitous surveillance is follow every car and when you can follow every car you can do different things you can for example do surveillance backwards in time if you have the data you could follow that car last week last month last year as big as your databases you can do things like hop searches and about searches they were in the news recently there were these first showed up in 2014 but there's a new change in NSA procedures about these hop searches are aware I have you under surveillance so I'm going to also listen to everyone you talk to and when they talk to and when they talk to I remember the phrase three hops it was really big in the US and those early Snowden months but now if that's three hops the goal is to find conspiracies but you actually learn as everyone orders pizza sooner or later or about searches I don't search on the name don't put the name under surveillance look for people using this word using this phrase talking about this topic and you can't do that unless you have everybody under surveillance which find me someone that meets certain surveillance characteristics I want to know everybody who's been at this location this time this location that time that location at that time I have three location time stamps I can find that now there's a couple of really clever things that came out of the stone dogs the NSA is doing they have a program I'm not making this up it's so cool that looks for cell phones moving towards each other turn themselves off and then turn themselves on again about an hour later move away from each other are they looking for secret meetings they look for phones that are used for a while then turned off and then find other phones that are turned on for the first time geographically nearby right after and if you watch the wire you know they're looking for looking for burner phones and a program where they know the phone numbers of US agents around the world and look for other phones that tend to be near them more often than chance looking for tales and you can go on the thing is you can figure out here right now this is mostly done by computers these are these are inferences I was listening to Albert talk about like coming to New York looking around with this delegation of people sounds like he's casing the joint and that's what's going to show up in the data and it's computers doing this and people see the results the computers spit out now this data is largely being collected by corporations all the data we're talking about is it's not government data its corporate data surveillance is the business model of the internet we build systems that spy on people in exchange for services and you all know that the reason Facebook is free is because you're not the customer you're the product you're the product Facebook sells to their customers now this business model emerged you know didn't have to emerge it really emerged for efficiency reasons the early days of search of email of social networking there wasn't the obvious way to charge you couldn't really make micro payments and people expected internet to be free so advertising sort of showed up as the model which made the internet work on the side in the u.s. certainly you had a huge data broker industry that came out of mailing lists and mail order companies that made their living slicing and dicing the population to small targeted segments that you can send direct mail to and they had large databases of personal information and those two combined into sites that make their business spying on us that's Google that's Facebook and it's Microsoft and that's over right and they are the world's most valuable companies the companies that have our data are more valued at companies that make the stuff we buy always remember if it's not obvious that you're the customer you are the product and the driver is here I mean the reason we have this it is free and convenient that's what we want and to be sure this data is collected the purpose is psychological manipulation we call it advertising and it's now very exact and very personalized and we're reading about how it affected both brexit and our election it's propaganda it's personalized ads personalized offers per size manipulation in ways that would be impossible otherwise one because we wouldn't have the data and two we couldn't do the targeting on the internet you can target individually in a way you can't with like television or billboards or radio so the personal data is valued enough to make Google Amazon Facebook where did Tesla is more valuable than GM because they have data that GM doesn't matter they sell like in a one-thousandth of cars and corporations know an amazing amount about us this is a perfect surveillance device this knows where I am at all times knows where I live those where I work and knows when I go to bed when I wake up you all have one so it knows who I sleep with and it has two otherwise it won't work used to say that Google knows more about me than my wife does that's certainly true but it doesn't go far enough then Google knows about more about me than I do because it remembers better and who knows that you're here your cell phone company certainly does if you use Google Maps to get here Google does any other bunch of smart phone apps collect your location data you took an uber to get here you made a credit card purchase nearby use an ATM machine security cameras again license-plate scanning companies and they're making inferences and we know a lot about this right Facebook knows you're gay even if you don't tell Facebook these companies are there's a great article near times six years ago or so about target corporations a big retailer here that knew when someone was pregnant before her father did it's because able to make these inferences and it's not always right but for advertising it don't have to be right all the times we write most of the time and government surveillance is largely piggyback and all these capabilities it is not that the NSA woke up morning in the site of spying everybody they woke up a warning and said wow corporate America's spying and everybody let's just get ourselves a copy and that's what they do and this allows governments both US UK and everywhere else to get away with a level of surveillance we would never allow otherwise if the government said you must carry a tracking device at all times you would you would rebel you know yet we put this in our pocket every morning about thinking or if we have to alert the police when you make a new friend you can imagine a regulation like that you laugh but you all alert Facebook well you have to give the police to copy their correspondence like you never would but you give it to Google and just as corporate surveillance is based on you know free and convenient government surveillance is largely based on fear right fear of criminals and terrorists in our countries your dissonance and new ideas in other countries ubiquitous surveillance turned out to be a very very useful form of social control now there are differences here and we're seeing it in the politics right now of surveillance for intelligence purposes and surveillance for law enforcement purposes intelligence purposes are more about metadata and flows and trends and relationships law enforcement tends to be more about any notes in this iPhone right now right I have a person here he's a suspect I want to convict him I need his iPhone which you don't really see in the intelligence community that's more about give me a whole bunch of data and I can you know figure some stuff out but that's more in the noise then really we have a public private surveillance partnership it's fundamentally both governments and corporations want this ubiquitous surveillance for their own reasons a lot of data flows back and forth and there's some breaks in this when you're seeing corporations fight government a little bit around the edges but very publicly because it's a good PR move but largely the interests are aligned and its power against us Google wants you very much to haves privacy from everyone except them just like the FBI will say that you want you we want you to have privacy just not from us but you know it doesn't actually work that way let's let's talk about why this matters I mean I think it only it's like this it's all obvious I want to enumerate some of the reasons there are very profound implications for political liberty and justice for people being accused by data and data being used as evidence again you know it's no big deal if it's a pervert izing you know I get so an ad for a Chevy I don't want to buy put in different contexts when someone drops a drone in my house enormous amount of self-censorship in communities that are affected by this kind of surveillance this inhibits dissent and hits social change it's right for abuse there are matters of commercial fairness and an emic equality that we are seeing surveillance based discrimination surveillance base manipulation we're seeing our data being exposed when the third parties of habit have privacy breaches this matters for reasons of business competitive competitiveness the companies operating in countries with this kind of surveillance are being hurt in the market we're seeing US vs. EU right as EU as much more stringent privacy rules in the US does the affecting US companies this affects us for security infrastructure of surveillance hurts our security it's an article today that the US Senate is the first time allowing signal to be used by Senate staffers this is a signal this is the program they called evil because people are using to affect their privacy they finally realize that we need to protect our privacy and because there are security locations for having all this surveillance data available to anybody anybody who can buy it and I can steal it this of course affects privacy and fundamentally beat down it affects how we present ourselves to the world it affects our our autonomy as human beings and by extension ourselves our Liberty our society so so how do we fix this now I rather actually wrote a book on this which I was clever I would have brought a copy but I wasn't so hopefully someone in this building has one or you'll just have to imagine I'm holding a book it is called data and Goliath I spend a lot of time on how to fix this the first one is to recognize that we need security and privacy we often hear this discusses as a as a trade-off security versus privacy as if those under constant surveillance might feel more secure because of it I think we need both and privacy is a part of security security as a part of privacy and more importantly me to prioritize security over surveillance just like the US Senate just did you know we live in an infrastructure which is highly computerized you know we can build it for surveillance which allows right the FBI and the Russians to get at our data we can build it for security and allow neither now the principle is transparency a lot of secrecy in this world one of the lessons I think we've learned you know post Snowden is that secret laws are failed that the secrecy means there's no robust debate in our society about this either on the government side or on the corporate side anymore corporate transparency as well I assume people that you're interested just look at the really impressive series of investigative reports New York Times published on uber and things they're doing with our data it's pretty scary I mean it's things that are online of some of those NSA programs I talked about they were able using the data they had was to identify regulators because they would tend to Hale Ebers year government buildings and they would show them a different more legal version of uber that US normal customers wouldn't see they actually had a name for the program as that was surprisingly benign so transparency that's not enough you need oversight and accountability and some methods to deal with these issues is it important principle which I call a one world one network one answer that we simply let me just don't know how to build a world where some people can spy and some people and the FBI very much wants into your iPhone not all the times in case you they think you're doing something but they'll say we know we don't want to backdoor we just want an ability to get in that only we can use and someone else can't I don't have to do that I can't build an access mechanism into this device that only operates when there's a legal warrant sitting next to it right I can't make a technical capability function differently in the presence of illegal documents either I make this secure or I make this not secure then I got to build some kind of social system to try to hope that only the FBI uses that the Russians or the criminals don't and I not to do that so it's either security for everyone is security for no one assume people are paying attention to the big ransomware attacks of about I guess about a week now the latest rumor is that North Korea is behind it have you heard that a man that's not my guess my guess is it wasn't still remains cyber criminals but could be North Korea I mean and it's true you mean if we actually don't know and this is an amazing thing whether this attack it's affecting hundred thousand views around the world is the result of a nation-state with twenty billion dollar military budget or a couple of guys in a basement somewhere I truly don't know and it could equally be either that's the world of this democratization of tactics I think that the vulnerability that's causing that as a vulnerability of the NSA knew about at least five years ago kept secret instead of telling Microsoft Office they could fix it right so was using it to spy on people but they don't get to be the only ones turns out someone stole that vulnerability from them and we think 2015 not exactly sure published it in March the NSA actually realized it was stolen between WHMIS olan arch told Microsoft about it I think in January Microsoft fixed it in February but a lot of you did install your patches and that's bad but this is complicated right the NSA can't keep that vulnerability just to themselves they can keep it secret to anybody who knows about it can use it or they make it public so everybody can can protect themselves and one more quick story up in terms of stingray stingray is an IMSI catcher basically it's a fake cell phone tower and the FBI uses these to figure out who's in an area so they'll take one of these stingrays they'll still set it up and because cell phones are like dumb and promiscuous they will connect to anybody that claims their cell phone tower that's the way the system was built very insecure so you know they'll put up a stingray all your phones will will connect to it now they know everybody who's here this is really secret technology when it was developed and the FBI would I'm not making it as up drop court cases rather than let evidence about stingrays appear in a public proceedings when there was a FOIA request in Florida to get some stingray data federal marshals swooped in and took the data before it could be given away it turns out though this actually isn't very secret about two years ago a web magazine I think it was vice might yeah he was vice I went around DC looking for stingrays and found dozens of them operated by who-knows-who around government buildings embassies you can now if you want go on Alibaba comm and buy yourself a stingray acid by NZ catcher for about a thousand dollars everyone gets to use them or nobody gets to use so the solutions here are very complicated and they're politically legal political legal technical now we're living in a world where because we always knew that technology can subvert law but we also learned that law can subvert technology we broke both working together we don't have time for concrete proposals it's just a bunch in my book but really social change needs to happen first none of this will change until one we get over fear and two we value privacy this is hard I mean if there's lots of studies that show that we value privacy greatly when it comes down to the point of purchase when we gladly give up our privacy for one ten-thousandth of a free trip to Hawaii or the Canary Islands you other guys right I mean this has to be a political issue it was not in the last US election doubt it is in the current British election I'm not paying that much attention but there's a real fundamental quandary here and that is how do we design systems that benefit society as a whole while the same time protecting people individually I actually think this is a fundamental issue of the information age our data together has enormous value to us collectively our data apart has enormous value to us individually data in the group interest versus data into individual interests is the social benefit of big data versus the individual risks of personal data and this problem shows up again and again that movement data I landed at LaGuardia this morning traffic was miserable my taxi driver used a program called waves and if you know waze waze is a navigation program that gives you real-time information on traffic data how do they get that data because everybody uses Waze is under surveillance and know how fast you're going that that traffic was miserable that program got me here got me here earlier it was very valuable at the expense of being under surveillance advertising I actually like it when I go on Amazon and I get suggestions of books might want to read based on books I've read that is valuable to me and of course it's valuable to Amazon at the expense of a company that has not the list of books that I've purchased I mean this is the bargain that the NSA and GCHQ and FBI all these organizations say to us we want your surveillance data we'll protect you from terrorism from crime lastly medical data I think there is an enormous value in all of us in the country in the world taking our medical data and putting it one big database letting researchers at it I think they're an amazing discoveries to be learned that kind of data set on the other hand likes that's really personal and how do we make that work my data in the group interest versus data in the individual interest so I started by saying that data is a byproduct of information age go one step further I think data is the pollution problem of the information age but interesting saying that here at center built by Carnegie right you think about all processes produce it it stays around it's festering how we deal with it how do we use it recycle it who has access to how we dispose of it what was regulated that's central to how the Information Age functions and I truly believe that just as we here today look back at those early decades of the Industrial Age and marvel on how the Titans of that age could ignore pollution in their rush to build the Industrial Age that our grandchildren will look back at us here today in the early decades the Information Age and they're going to judge us on how dealt with data and the problems you're thinking that thank you thank you thank you so much Ruth my takeaway from that is just about your last frame data is the pollution of the digital age I I'll have to think about that one a little a little to get my head around that so if I can just ask and I think one of the things for us for this study trip is also how do we in our working with libraries and the role of libraries think about the issues you've raised for us thank you very much can ask Deborah Deborah Goldberg Stone who's deputy director of the office for intellectual freedom in the American Library Association to give us something of a response to that good afternoon everyone thank you for the invitation to be with you here today I want to look at this from the perspective of American libraries which have a deep tradition of defending individual privacy when they provide services to library users and what I like to say is that if surveillance is the business model of the internet then public libraries are well-placed to function as an intermediary and a defense against surveillance at least at the individual level their their role is as an educator as a empowerment to a institution for empowerment for the individual who wants to make choices about what happens to their data and what kind of surveillance they're subject to now consider a hundred percent of the public libraries in the United States offer access to the Internet and provide their communities with essential links to government employment educational services and resources adding to this librarians are technology leaders here in the United States we're a profession that uses the digital technology for circulation systems online catalogs and information databases long before the rise of the internet and applied privacy principles in the use of that technology some of the most knowledgeable experts on the secure use of digital resources and networks and online technologies are librarians consider that protecting patron privacy has long been at the center of the mission of the American Library Association and the library profession as early as 1939 librarians affirm the right to privacy for library users assuring that privacy was a necessary condition for the free and full exercise of the right to be and receive ideas under librarians understand that a lack of privacy in one's reading and intellectual activities and honorably chills inquiry damaging both individual rights and the democracy that supports those rights and so it continued to zealously adhere to the professional commitments protect user privacy librarians have protected these rights in small quiet ways in their day to day work for example shredding computer sign up sheets at the end of the day enabling anonymous logins to institutional databases informational databases or even setting up what they call warrant Canaries setting up signs in the window saying the FBI hasn't been here today to let people know that they can come into the library with the knowledge that no one's asking for records they also have worked to protect privacy and more public ways by opposing warrantless surveillance under the Patriot Act are going to court to challenge government demands for library records and when the pervasive use of digital content social media and search engines expanded the collection and use of patrons personal data librarian similarly shifted their attention to the privacy challenges posed by commercial online services witnessed a LA's public protest of Adobe Digital Editions practice collecting and transmitting large amounts of unencrypted data about the readers who used its ebook platforms ala went out we marshaled support among the members of the Association we file a protest we went public and ala soon persuaded Adobe to encrypt the data transmissions to protect the privacy of both readers consider - that libraries are trusted community institutions that offer confidential information services in a non-commercial atmosphere a real rarity today the Pew Research Center who has conducted nearly a decade's worth of surveys of library users today summarizes the results of its research by simply stating that people like in fact people love their libraries and they trust their local library they see the Loray as a safe space for unobserved and private information seeking now there's an issue with that belief but we'll set that aside for now but according to the most recent Pew surveys a majority of Americans look to their local library for information about technology with over half of those surveyed agreeing that libraries contribute a lot to their communities by providing a trusted place for people to learn about new technology more importantly a majority of those 80 percent say that library should definitely offer programs to teach people including kids and senior citizens how to use digital tools like computers and smartphones how to secure the privacy of their data and in fact libraries are already deeply involved in providing their communities with instruction and digital literacy the most recent public libraries and internet survey conducted by the IMLS the Institute of Museum and Library Sciences here in the United States over 80 percent of libraries to report that they offer classes and general internet use general computer skills and point-of-use technology training to their patrons so again if surveillance is the business model of the Internet public libraries are well-placed they're in position for service and intermediary and a defense against surveillance to achieve this libraries are doing many things but the real focus is on education developing classes and learning opportunities that assist patrons to make good decisions about protecting their privacy a great example of this here in the United States is the San Jose Public Libraries virtual privacy lab I don't know how many of you have heard of it but in that case the San Jose librarians and local privacy experts from Berkeley created an online interactive game for patrons to use to become privacy literate users can generate a custom privacy toolkit when they visit the library's website a toolkit that's geared toward their unique privacy needs because the library has accepted the fact that everyone's privacy needs are different some people want to be more social and open others want to lock down their data and this toolkit is customized to the extent that they will offer a toolkit to each pull of of privacy needs and broadness outreach the library has even had the website professionally translated into Vietnamese and Spanish the two primary immigrant populations and that in the service catch of that library other libraries are installing privacy self-defense tools on their public computers and offering classes to the community and how to use these secure technologies to take more control over their personal information and online identity some examples of these types of tools are privacy badger which allows the user to see in black ads and social media trackers to the best extent that they can HTTPS Everywhere which encrypts and secures a person's individual web browsing there's also DuckDuckGo a no track search engine and the tor browser which you must know enabled secure anonymous web browsing so it's said libraries and so I'm using these tools you know libraries are giving control back to the user there are trying to serve their patrons in the best way they know how and offer them the choice to try to evade surveillance as best they can it's not perfect but it does do the job of making a making those tools available to them and making them more importantly making them available on the library's own computers it does no good to teach somebody how to use a tor browser and not put the tor browser on the library's computer now libraries and librarians are developing initiatives to foster greater awareness of privacy privacy currents and privacy current concerns and tactics to defend privacy for librarians themselves it's an interesting fact that when we went out to look at what libraries are doing around privacy we found a real gap in knowledge about what privacy concerns were and what tools library individual staff line librarians had available to them in regards to this the Ala runs an initiative that you may have heard of called choose privacy week and you know to be blunt it is very much modeled on our banned books week only in regards to privacy we want to wear use awareness of privacy issues we want to engage the public in a conversation about this we want to involve the entire library profession in the United States and a dialogue about what we can do to best defend privacy in the library and in the wider world but and we started outside choose privacy week as a flat out campaign against government surveillance and monitoring it was spurred on by the Patriot Act of course and the discovery of other government tracking and surveillance programs but as we went along choose privacy week we found that librarians themselves needed to be equipped with knowledge and tools to default their patrons defend their privacy and to institute better privacy practices in the library themselves so choose privacy week has now evolved and now it's not just focused on government surveillance but it's also involved in equipping librarians educating librarians with the tools they need to better serve their communities with private privacy protections there are two initiatives here in the US right now that are doing similar work equipping librarians to better defend patron privacy one of them is a library freedom project which is run by a librarian alice Macrina here in the United States and she does privacy trainings that are very much focused and raising awareness of government surveillance and corporate surveillance and what tools like for example to our browser that libraries can use to enhance privacy the trainings are intended for librarians and then the librarians are expected to take their training and train their individual patrons on these issues she has another initiative which you may I don't know if you may touch some of these folks here in New York but it's the digital privacy project at Brooklyn Public Library and they're doing a great work in training New York librarians about data flows privacy threats and how they can be addressed so that those librarians and library workers who meet library users face to face on a daily basis are better equipped to serve the information needs of persons asking what they can do to protect their privacy now I have to say that everything I've talked about so far is what I call above the line services these are direct patron services director patron engagement but there are below the line services that every library can start tackling in order to preserve patron privacy in fact there are necessary part of preserving patron privacy and one of them is to engage in a process of auditing the library's own data collection and use in to develop privacy and procedures that is privacy protective I see from your tweet stream that you visited the New York Public Library they're a prime example of an institution that has taken on this process bill Mardon has done a enormous ly wonderful job of tracking what data clothes are going on in and out of the library and what policies and procedures he needs to put into place to protect the privacy of the individual patrons this includes dealing with third-party vendors who provide services and digital content to the library and developing things like model contracts that incorporate things like privacy standards and as recognized the New York law that protects the privacy of data patron data in the contract itself so that the vendor is bound to protect the data not sell it to third parties and not treat it in ways that they would be it's the commercial data at all the other things that libraries can do and they are doing here in the United States is in fact encrypt their own web presence and their own storage of data ala has embarked on its own projects in regards to this we've partnered with an organization called what's encrypt which is a certificate authority that all issues security certificates for encryption which are a necessary part of the process for free there is no charge for this and they actually have automated the process of installing the certificates on the servers that are certain and used in the institutions that are seeking the encryption services we are hoping that making certificates free and easy to install more and more libraries even the smallest rural libraries will be able to encrypt their web presences and have been again better secure their users library data but another part of what libraries do is advocacy and I've talked a little bit about this but one of the things major roles for Ala one of the major parts of my job is to advocate for privacy protective law to try to make those changes in society that are necessary to protect user privacy an example of this that there's been some success with our student data privacy laws as you aware the learning analytics are big thing today big data and education and we have found that identities like Google and other learning analytic companies are collecting the smallest details about K to 12 students and storing it forever and then making it available for analysis and there needs to be some protections for this and so there has been a growing drumbeat from librarians from educators for laws to protect this data that's very sensitive David and even try to forestall some of the collection that's going on and so we have been in the forefront of going to state legislators and asking for students data protection California has the model law which is called student online Privacy Protection Act so PIPA and we continue to pursue such laws in Missouri we persuaded the state legislators to amend what we call a library privacy confidentiality Act and each of the 48 in 48 states in the United States is actually a law that defends the privacy of patient privacy and they've amended their law to impose a duty to protect patron data on the third-party vendors themselves and so that there is a legal duty not to sell or disclose patron data we also have you know very obviously have advocated for the reform a repeal of laws that allow the warrantless collection of user data and we advocate against pervasive non-targeted government surveillance such as Bruce talked about but the other work that we've been involved with is the promulgation of national standards which is something that the UK may be interested in working under the sponsorship of the national information standards organization nice so public school and academic librarians met with digital content publishers library systems vendors and academics in other words we sat down with the enemy and we sat down and hashed out what was needed to protect patron privacy while allowing the vendors the data they needed to operate the digital content systems alive integrated library systems that libraries rely on to provide both contents and service to their users these standards published in 2015 as the nigel consensus principles on users digital privacy and library publisher and software provider systems yes it was a consensus process the established standards for policy and practice that are intended to assure patron privacy while providing to allow the digital content service the provision of digital content and network services and this balancing that is talked about often between the need for the preserved privacy while allowing enough data to flow to provide the services so these are some of this a small example of what we've been pursuing here in the United States in order to protect patient privacy as best we can we aren't able to solve the larger issues that Bruce talked about we do participate in the advocacy to try to solve those issues but where we are located in our communities on the ground working one-on-one with individual patrons were in the trenches trying to help them help individual users preserve to make the choices that they need to make about preserving their privacy thank you thank you thank you very much Deborah and can I have a big hand please for all our speakers thank you and we when this today was not being live stream but of course will have a record of the event so and also do feel free to tweeting and all the other things that are I would be so securely trapped as we go along undo if you ask questions when done speaking tell us who you are and where you're from so we could all know but the other thing I want to say for the purposes of this conversation privacy and privacy at the time are the same thing so so don't get thrown by different emphases of that word where we're talking about the same thing and data and data as well I think that was taken that's read as well so if you have any questions specific questions for any of the speakers do please identify that and also let us know if you can share with us as well any thoughts and ideas that come from that I really like the grappling in the trenches with the legislators and the regulator's to try and actually make some progress on that ground as well thank you for that okay and then into the mic get behind you one question for Bruce I think and for whoever was throwing crypto parties over there my name's Nate Hill I run an organization called the metropolitan New York Library Council and we're just beginning a new program where we're designing a data privacy curriculum that we're going to roll out across the three public library systems in New York City and one of the things that I'm really thinking hard about with this is how to change the culture around privacy and security it's very hard to talk about it for too long and the way that we've been talking about it without somebody saying something about a tomb foil hat or something like that and I'm wondering if anybody has any thoughts about how we can make this kind of thing more accessible something that people readily want to join in on I'll give another example the reason that I say the Crypt apart example as I was working at a public library a while back and through something like that with like a Def Con group or something like that and the first thing that happened is a bunch of people came in with their lock picks and tried to pick the server box in the library and so it was not this kind of like welcoming thing that a lot of people wanted to come and join in on so I'm really interested in the culture around these issues I think the data privacy project and library freedom project are great but I don't know that they have succeeded in making this a really widely inclusive effort so if you guys have any thoughts hard topic it is hard to make privacy official yet it's hard to make privacy into something people care about because like many fundamental rights you don't notice it till it's gone and like many abstract rights they're easy to bargain away for a small benefit if you offered a Big Mac for a DNA sample you have lives around block because you know Big Macs tasty right what are you talking about it so do you mean near-term gain versus potential short a long term term loss I think we need to really reframe privacy is personal autonomy and privacy is not about something to hide privacy's about controlling how I present myself to the world when I am under ubiquitous surveillance I lose control over how I prefer myself to the world and I and I become less than a fully autonomous human being and I think though those kind of conversations make privacy lesson two tinfoil hat governs how to get me more that this is this is how I navigate a complex world while retaining myself but this is hard I mean it is hard for all of us these are not your you're dealing with abstract losses and then same problem we have at getting people to solve patches against these computer vulnerabilities or flaws the immediate cost is tangible the long-term benefit is abstract and people are terrible at making those sorts of decisions you know buy life insurance my friends who I would recommend was getting in touch with the folks at San Jose Public Library you know and it's like what that's what that was their starting point was to say that this is a matter of autonomy and choice and everyone has a different place where they're at with privacy and what they're willing to trade for and what they want to keep secrets are keep private and and so I really respect that their work that they're doing and we are in a lar trying to push this idea out to the larger profession but it's a slow going thing because it's really part of its generational I think we're going to have to see generation of librarians retire before maybe one about it you know we've already such a difference of retiring library no sorry no finish appoint ever yeah yeah I'm at anyway I think I've got somebody else on the same point before you yeah but I think that that's what we're really going to have to do is just do it in and it's an incremental process of Education and we just need to have leaders in place that are determined to push this agenda forward and so I you know I'm there at least for the time being in ala and I know that the member leaders are size of seat committee at ala are devoted to working on this issue that's just me we were really as small voice so yes we've hosted two crystal party and my local library in office England last year and yes when the council person came to do a video to help us promote da Vinci did ask all people going to wear masks and I said no we're not going to be wearing masks it's just normal people going to learn about something but for us it's really part of your basic digital skills you know how to use the mouse and a keyboard you know how to use a browser if you should be able to know how to protect your privacy and know about online security and that's why actually at our crypto parties we only attracted the people already aware of those issues and our next step is going to be targeting with people who really need to know because they are not aware of those issues so my next step this year are going to be working with what we call our silver surface group so this is our order citizen group who were learning digital skills so I am definitely going into a privacy session for them and we've got colleagues also doing a lot around Digital Inclusion in less wealthy areas of the city so again building is both privacy tools and privacy skills will be now existing digital skills programs and also I think I think we talked about behavioral change I think you mentioned it as well I think there's something about culture change approaches that we should also think about how do we make this issue popular in terms of language semantics and an approach and I think there there's some different approaches being highlighted here hi i'm ron bear and i'm just a quick comment and and then a question privacy is a matter of expectation and I think at least this talk has been kind of an eye-opener for me as to the extent to which my privacy maybe getting invaded in ways they didn't know and an example of what I mean by expectation is the article that joel cited the famous article by Brandeis and Warren which was the first legal formulation of privacy which was the right to be let alone and there's an interesting back story on that Warren was a very famous a Harvard Law School professor and he became enraged when pictures of his daughter's wedding at a local Country Club appeared in the newspaper and so he got his best pupil guy from Kentucky named Louie Brandeis and they defined the right of privacy for the first time legally and it became a legal expectation because for most of human history nobody's had privacy it's a very middle class notion the lower classes didn't have privacy they all lived in one room and the upper classes didn't have privacy because they all had eight or nine servants in every room they went to so that is and so the management of expectations is is a key role for people libraries or any institutions who want to do something about that and I have to tell you that even at my tender age expectations seem to have changed just very very dramatically throughout my life but my question is this I did some work on privacy about 20 years ago when it entailed whether or not somebody was reporting to human relations about stuff that maybe shouldn't be going on around the office and that kind of stuff and what I learned was that there was and what everybody knows is that there's a very real difference in the expectation of privacy between Europeans and Americans and so now we have a lot of information a lot of stuff coming down the wire about the EU about Britain's likely exit from the EU about other countries that may want to get out of the EU and the EU as as we all know some people in Brussels who define what a banana should look like and everything else and they certainly have a lot of regulations about privacy so so that in the negotiations to leave the EU or remain in the EU or so on is privacy going to be an issue at all I'll come to you what I'm wearing - the question no I'm I'm a William pairing from the UK I'm doing a piece of work for an eager UK trust on on brexit as is known and the digital sphere one of the things so the issue of privacy and data in Britain it's actually quite an extraordinary juncture so the country is voted to leave the EU it's about to elect they'd probably say this fairly a rampantly Breck sittest government in the current general election and yet the government has committed to bring in the new EU privacy and data protection legislation during the process of brexit so we'll actually put a bill before Parliament to implement the very latest EU privacy and data protection directives because the corporate interest is so colossal they've been very clear it's a very pragmatic decision by the British government that if they are to remain a very successful center for technology startups and very large technology businesses we have to have uniformity with the EU companies with whom we trade in the trade of data and so in that sense no it won't come up because they've said they're going to adopt the new EU regime there's a brand new EU regime the general data protection regulation that comes into force in 2018 it's reasonably different to the current regime but in the eyes of many commentators it is not up to speed because it can't be it's been many years in development with the latest developments in machine learning and very very large scale processing where someone Stokes stereo characterized a beautiful the other day we're moving from a position where the the basis for a decision on manipulation of piece of data used to be a human decision it will soon become a machine based decision that's not necessarily a bad thing but it produces some enormous and quite profound consequences which we don't get understand let alone that we are not yet capable of regulating and regulating for I think that's the point Bruce is making I think about where this could go when classic British tradition just because it's not going to come off doesn't mean it's not significant hi I'm Lisa Rosenbaum I'm the director and chief librarian of Brooklyn Public Library thanks for the shout out and thank you for the cookie tip your I moved here a year almost two years ago and I didn't know that about the black and white I appreciate this this is more of a comment and I'm not sure you can answer it but just observe having been in the public library business for more years I'd like to talk about and I'm not going to retire I am what I've noticed is that you know as as Nate said that the privacy thing sometimes I think I care about it more than other people do but the second thing is that public libraries are sitting on a lot of really great data and people want that data internally people want that data because the reality is that public libraries really have to push their relevancy more now than ever in my career and that you know I'm lucky I live in a great city and it has a lot of support but there are public libraries across the country who don't have the support are trying to get money to survive to fix branches to buy collections and it's really tempting to with all the data we have to use it for marketing purposes for to be cool to be like Amazon or to be like other high tech companies that are Facebook to use that data so I just want to sort of give everybody reality check this is the world we live in and we're sort of I think at a crossroads I like the privacy stuff we're doing but the reality is that that that to me is a more significant issue that I'm facing in the public library you want to comment I mean I think this is important consideration because this isn't why it's not that the companies we're talking about are immoral that the business model that's legal allows surveillance at the head of Google stood up and said we're no longer is going to spy on our users you'd be fired and replaced with a you know less moral CEO and because doing what is legal is what we expect from corporations so we're going to change this it has to come through law which means you're not going to get corporate surveillance dealt with into the deal with government surveillance now you had a government surveillance dealt with until you deal with with fear and this this thought that if we spy on everybody we can find the bad guys I also want to point out the book and public library is a great library the main branch is a fantastic building and I spend I spent way too much of my childhood there and I do recommend going to Grand Army Plaza and seeing it so the marketing doesn't have to be big marketing doesn't have to be based on data it is a fantastic it's a fantastic building I this is X this is where I said I'm not going to talk about that right now but we'll get to that later and we've gotten to it it for me that's the greatest issue that I am confronting and working with libraries I'm fighting privacy issues is that it's you're concerned about it but I know libraries that are out there Mart using their data for marketing and sometimes with third parties outside the library and we're struggling with this issue but we've all the privacy subcommittee has pretty well concluded that this is not right and so we're encouraging projects Becky you said Seattle Public Library is deeply involved in a project to deal with what she calls data D anonymization so that the library will be able to strip all the as much of the personally identifiable information out of the data but still leave it useful for marketing and it's an initiative that she's been leading now for a year and a half and we're hopeful about it in fact she has an article in the new journal of intellectual freedom and privacy that just came out this week describing the project and its utility for libraries and so we think that this is where we have to go at this point beyond also talking about sticking to ethics and and and private you know the users privacy rights and their right to control and make choices about their data even in the library but it's what we're looking at right now subjects other questions but I just wanted for a food for thought question which is is there a place there a way citizens can we take advantage of this data collection haha yo okay so let me answer that okay that's often called su surveillance its surveillance from underneath nah right so can we use this data to know what our government is doing to know what power is doing the short answer is not really just because the natural power imbalance makes that very difficult there are examples where transmutes transparent available use subtract money laundering or flights for airplane flights of African dictators or how road repairs are happening but they tend to be exceptions that the data is not generally available so you or I cannot get the same benefits of it that Google can the front Paris is not bad for the transferee isn't there this data is proprietary it is owned data about you in the u.s. is owned by the company collects you keep trust and I just wanted to ask a question to Deborah Voss to other public library colleagues in the room to get your take on it and it's particularly on the campaigning aspect of your role and how that plays I as when you're campaigning for greater privacy and against particular pieces of legislation or regulation and that might be against our claim to to what the government of the day my wish but at the same time public libraries relying upon funding from those same government sources and how you navigate that tension and any lessons or advice you can give us in that context well in fact here in the US LA takes a lot of that seat we are a professional membership Association and we are able to go out and frankly say things that a local library may not be able to say in a particular circumstance and so using your professional member of professional organizations to offer leadership and to do the kind of lobbying that's needed to get these kind of laws on the book it's probably a good solution and as libraries can they join in the salikus II and I know a number of library directors have been very successful on pitching privacy as a bipartisan issue there it isn't left or right everyone has something that they want to keep private and we're there and we're you know and where they understand they seem to understand I go back to the Missouri library confidentiality statute that was recently amended that was amended with the leadership of a very deeply conservative Tea Party Republicans in Missouri which is not what you would think but he has a libertarian streak he is fiercely defensive of individual privacy and he was proud to go into the Missouri legislature and lead the efforts to amend the library confidentiality statute in Missouri so that it applied to the third-party vendors that it covered all the digital content and network services that modern library uses these things so there are ways of working on this pitching the message and and finding ways to empower individual library library boards library directors library librarians themselves to speak to this issue without endangering their funding necessarily but Donald Trump is receptive to a pro privacy message right now well we're just glad to find one in Missouri let me tell you all right thank you well you had to put I also had a thought if we could think a little bit of the educational role that libraries can play miss to arm citizens I know you've given some example but if there's any other strong thoughts or examples of practice that maybe we should be thinking about so I've got well then you know in excess and then we are conceived as well as writing so Carnegie at the moment I'm a trustee of a thing called the Indigo trust and we blazed the trail for many years funding technology and transparency projects in in Africa and I thought Bruce's analogy with pollution is a very good one where pollution regulations have tightened up in the developed north we've ended up exporting a lot of the pollution to the South in quite an unscrupulous way and I just wonder if anyone had any thoughts on how we could use international fora to improve privacy rights globally very much as the copyright industry has done to drive their interest through and yeah it's a massive Lobby though it's a massive industry but um it's all very well are standing here and talking about this in in in exchange between allegedly despite current circumstances to the world's most advanced democracies when in fact the real the real pain could well be felt in the less developed south technology is on our side here unlike pollution of a car manufacture will sell different cars in the US and Mexico because the environmental regulations are different software is much more efficient if you make just one version and sell it everywhere by a lot so you often find that in the u.s. the software will conform to the most strict state regulation around the world that are conform to the most strict large market federal regulation and if the EU pressures Facebook to change their practices good likely to change their practices globally because that's easier and unlike the automobile so there there's real value in the more privacy focused countries pulling it up for the rest of the world now you have a backlash and if you remember some years ago the governor of the UAE said to blackberry we can't use drop on BlackBerry's fix that for us and then and then blackberry every other company gets to the side is the market worth it I write Google is in China even though China does much more surveillance but blackberry I think decided to really no I think I view anything with Saudi pull out of Saturday okay you mean you want us commerce assistant we just won't have it in your country so I think you're gonna see different dynamics because of the inherent right once used everywhere property of software right I'm Bill Martin director of privacy at your Public Library nice good I think I show you last month's that that's a net gain event right um sure no I don't somewhat suck at somebody arenak doppelganger they talked about the lobby's doing so one of the challenges I was talking to this group of yesterday is we constantly have vendors that we're dealing with who will make the argument you know people understand today that they have to give up a certain amount of privacy in order to use our product and it boils down to essentially the argument if you want to benefit from the bounties of the digital universe you have to advocate a certain amount of your privacy so my question to you is how do you respond to that essential argument that says you have to give up something to get something and if if you do agree with that what are the bounds for that so we're talking about gdpr yesterday which seems to be a good model certainly more stringent than what we have in the u.s. maybe not a good model I can see your eyes romantic yeah okay but you know what what is the model that we should follow if there is one and you know we're kind of where do we go from here so in a sense you do have to give up something to get something but it doesn't have to be privacy it could be something else no we have decided collectively that we are going to make the internet free in exchange for privacy we've we forced the trade off on people they're not making it you don't really have a choice and this is true maybe you talk to someone younger than me being on Facebook is really a choice it's a fundamental essential for being a fully functioning human being in college not on Facebook invited to parties right you never get lazy it's a bad year so but it doesn't have to be free if you know it right there no imprison so they just so we decide that I I disagree that people understand the trade-off so we we know from lots of studies that people really don't or there's learned helplessness wait and you you know this you go you go to your phone you soul into app you to a screen and it gives you all these things are taken from the exchange using the app you don't read it you don't look at it you click ok because you know you have no choice that is not a fair exchange that is coercion and when and we have built that system we have decided you do and you don't I mean so sometimes you do something else you know in a lot of cases you have no choice you can't not have an email address you actually can't you can't not have a credit card I mean some of the some of little apps you have a choice but in a sense you don't these are these are the tools of being a fully functioning adult in 21st century and they are built on surveillance they don't have to be we have decided to build a regulatory environment where that is the most efficient way to do it I'm Kent Matthew from Institute of Museum and Library Services and I think another trend that we're not thinking about is as libraries or push to raise more of their own money and be more accountable whether to government or private funders and we're all about impact and proving our investment there is a tension there you know because it's no longer just how many books did you check out it's one of those people doing how many people come back what are they learning so I'd be curious to know what's happening yeah the UK and if you don't get your numbers you're on the threat yeah and does anybody want to respond to that and then we'll come to you okay you want to go yes Ernest Tim Bradley I'm at the new school when I first listened to your presentation I thought oh that sounds like spying is made very easy nowadays if everything is under surveillance you know what is there that still needs to be spied if the material is available at Mattress I don't know whether that's a question or simply a comment maybe I'm totally wrong please tell me the second question is more a question of futurology the future are there any areas left in our lives that are not yet survey and I also feel that you know the hotels we are talking about this may be 15 years old 20 and I now register a remarkable change of behavior and mostly the young people because I'm no longer young what will the next generation be like that really grows up without even understanding how conditioned they have been by all this digitalization so yeah there's any question the metadata tends to be collected and data often tis not so data is collected targeted so if someone wants to spy on your phone conversations they're going to do that deliberately we know the NSA program collected all conversations going in out of Bermuda for example that's a small island limited scope they're able to do that doing that for a larger country is still beyond scope but that being said you know the ephemeral conversation is dying I mean nowadays when i chat with my wife we tend to chat on text message right because it's easier and that is recorded in a way that a voice conversation is not you know also you're losing the assuredness right so a hundred years ago you and I could go out into Central Park look around see some would see nobody around us and have a conversation that we knew it absolutely wasn't listening that has been forever lost and it's not just recordings that shotgun mics it's it's hidden microphone all sorts of technologies raise the potential as for the generations this has been studied a lot young people actually don't care less about privacy they just care about differently than you do and in a lot of ways internet as the Internet is the biggest generation gap since rock-and-roll and into a fundamental level you don't understand how young people use the internet and never will just like rock and roll didn't make sense to the old people and about generation gaps is that the younger generation always wins the older generation dies fundamental right that I've always happened so the norms are being created by the younger generation and the norms are more sharing but they are still very private and they do it go through enormous lengths to maintain their privacy a little sloppily a little naively but they are trying so do not think that privacy is disappearing with the generations okay I couldn't come to you but Joe could you think about something for me I'll come back to you after this intervention are you getting trapped if that's been if that is going to be the norm going forward what are some of the ethical benchmarks you should think about other questions please Amy Garver with the Aspen Institute's dialogue on public libraries are two questions they're unrelated to one another so toss them out the first is regarding how technology is evolving and whether or not you can foresee that new generations of technology are going to change any of this dynamic I'm involved in a group that's discussing potential uses of blockchain technology for libraries and I don't know enough about it myself I'm not a technologist no I know enough to be concerned but it's there when you start to allow machine learning and AI to take over in making decisions and breaking up the people who own the information does that change any of this conversation around data and how library should be thinking about data and then the second is related to a survey that we did at the Aspen Institute with ICMA when we started the project on libraries a couple years ago there's really great data on what public the public thinks about libraries and wants from libraries and deborah i think you cited pews research on on the public saying that they want libraries to offer programs to teach people about protecting their privacy and security online and they want libraries to offer programs to teach people how to use digital tools - were closely related when we did the survey with the International city/county Management Association of local government managers about the only area where we saw significant differences between the local government managers and the public saying what libraries definitely should do was around programs to teach people about privacy there was a thirty five point difference between what the public said library should do and local government and also close to a twenty point difference between whether or not library should be teaching people how to use computers so I'm curious whether Chiara if that's the case in the UK and Deborah and Bruce if you'd like to comment on why you think that might be such a again some of that there's a lot of technologies that protect privacy never talked about tor and let's encrypt and hdbuzz everywhere I could go on give you mention blockchain all of these have have potentials the the problem is most of your privacy violations are not under your control there's nothing you can do to prevent your cell phone company for know from knowing who you sleep with because there's not your data it's their data nothing you can do to prevent Facebook from billing what you're saying because they they have it so it's not the tech we have lots of tech its laws that require companies who are now operating not in your interest to use that tech and that's where we have the problems I have privacy technologies I've lots of them I need to get them used I think speculates on the gap having talked to librarians dealing with their local government manages I think some of it is austerity and I think some of it is seeing library is only repositories the books the individual who probably could better answer my question is housed in Washington at the Ala offices they're there the information privacy has worked more on this issue but I doesn't surprise me because we actually always often find our worst resistance to any issue dealing with privacy and intellectual freedom is when we reach the county commissioner or the City Council in a particular locality they don't see the utility they don't understand why these issues are important or the mission of the library and so it really doesn't surprise me that they don't see the utility of it and so this is tr explaining you know getting the message out that you know all those folks that are established in your community they need the library they need that computer training in order to find jobs today some of that just hasn't sunk in yet with politicians I think in the UK the question hasn't been asked the public I don't think but I have an instinctive feeling that there might be that different than the reason I say that is because in the place where I run the library service we did a big public consultation in 2014 about potentially handing over libraries to volunteers and one of the consistent messages back from the public who who had a very sophisticated understanding of what the library staff member did and part of it was about protecting privacy and they did not want volunteers because they wanted to know that their information the way they used the library in a rural area or safe and they trusted the library staff to do that and they didn't trust the volunteer so on the basis of that observation I saw for myself a lot I wouldn't be surprised if that happened sorry to put you on the phone I accept to to sort of I get general broad-stroke observations one was prompted by Ernestine Bradley's question about you know what's left in terms of privacy I hope that there's still a zone of privacy between let's say me and my doctor or me and my like the u.s. so that's gone let's got completely gone patient records it's the insurance industry and the UK NHS forget it your your your alright so let's go down the list what about what about what about clergy that's still okay okay do they take confession online I don't know anyway all right you're good they're good for let's hear for the clergy I think what about so we did have we did have I don't know if we have now attorneys in the lawyer lawyers is there is there a zone of privacy there that's still sacristy it's legal though there's a case of actually a big case right now in the u.s. about prison violating that routinely when prisoners were talking to their attorneys but I meant in but in but the point is there is a zone of privacy a legal zone that that is that is breached I think you get what you pay for there what I just tossed why don't we this could be for informal conversation but I do think it's important even in just in terms of employment Ron you were talking before about in the context of work you know you would like to think that there would be a zone of confidentiality if not privacy you know that when when one could give one's opinion to one supervisor or boss in terms of a private I mean there's a reason there are doors on offices and so on sometimes alright anyway I just I was just trying to be responsive in trying to think of what were traditional zones of privacy that maybe may be changing and then this is to my last point which is what's interest to me is this idea of normative shift arms change over time sometimes its generation technology but in light of libraries you know I'd like to think that libraries remain a sanctuary in some way for freedom of thought and freedom of expression we haven't talked a lot about what goes on in libraries but it's a place where people come to learn and it should be a zone of privacy in the sense of there should be complete freedom there to to be able to have access to ideas and information and educational kind of services so anyway when I thought about this program I hope we can think of the special role that libraries play in a democratic society and that they are as I said at the beginning norm setters in some way and perhaps norm defenders in certain ways you know I think this conversation has helped us in that direction anyone noticed the one zone of privacy he missed a big one the important one one that's left holy Sankar six you alluded to it the space between your ears is still a zone of privacy we do not have any technology that can penetrate that they're working on it but we demand for building norms as well I think that that seems to me a sec away from that exchange a strong role for libraries to play but also for us to think about how do we how do we make that work where it's not working and how do we sustain some of that control everyone needs to practice their memory palaces thank you fascinating discussion maybe to take this a little bit away from libraries which some of our clients I work for a private consulting firm and we at the Dylan Eider group we work for global governments and for corporations we're talking about in our firm our clients are both public and private and many of them are very large data holders so they hold a lot of data both on the public and private side and there's a talk about the future of philanthropy and and the reason I bring this up is because with the United Nations there's a talk about issues that are globally important to everyone the environment hunger things like that and and so how do you take this data that an Amazon or a Google has and the social good that a lot of these nonprofits have and bring that together to solve global problems and so the future of philanthropy and and the UN right now is having that conversation and it always the arguments begin around the ethics and setting a protocol on how you take this data that is mined by Amazon or Google and couple it with a non-profit a library or you know a heart association or whomever and use that and pull that for a global good anybody wants to respond to that I mean that's really what I was talking about the end of my talk would say this is the funnel pollination age I mean that's it right there how do you do that go to the development shift one of the most efficient I work in a fraternal particularly ruin our fraternal and while sharing this with colleagues the other day one of the things our rich is about how do we get more young people in rural areas access to the Internet because this is the future of doing business of growth of development and then I hit the wall when it came to what does data protection look like in that environment and I hit an impasse which is how do I introduce what we've learned from the abuse of data and privileges and take it into that context which could have the possibility of doing a technology leap and I'm stuck so so I think it's a very very valid point you make that this is some of the thinking we have to do where it's not gone yet and how do we use that so in a very can be used is a question in my mind which very much talks to the point you're making so um I can comment on this too but in the u.s. we have discounted broadband rates for public libraries and one of the challenges is it's so complicated to sign up people need help and the second thing it sounds like it's more than complicated once you get you know where there's been this big push to get access to hot spots and broadband with commercial providers into rural areas and tribal areas but then it's ahead of the digital literacy piece right so it's almost moving so fast and we're investing in digital literacy training and looking at the role of libraries and museum staff to do that a lot of ways privacy is a luxury if you're on the other side the digital divide you don't have access the Internet you don't need access you have such power it's only if you get access or the nuance is important any other you've got to bind a man good afternoon but actually our counseling firm directive libraries there could see all this afternoon I suppose reflecting on the recent exchanges so if my question is is the DD out of the bottle for good and are we into damage limitation risk mitigation or is there any sense in which that genie can go back in the bottle one of the conversations we were having earlier this week and forgive us for perhaps a superficial knowledge around this but reflecting back to antitrust legislation not necessarily a direct relationship is there conceptually something that could put the GD back in the bottle I think jeans not not out of the bottle I mean so that that economists which is last week's talked about changes in antitrust regulation that's this is the economists making the argument that antitrust is obsolete for the Information Age so you know here we are a conservative publication that is talking about that as a solution uh none of this is irreversible this is all policies or norms this is all laws it's just like saying if someone invents the handgun you know Lowveld people going to murder each other do you need out of the bottle the tech is is you can't take back the tech but you can mitigate tech with law if you say to Facebook we're going to put you in jail if you do this they're going to stop doing it and if they're told you must delete these data stores this is illegal to collect these are illegal uses is their legal inferences in the u.s. it is illegal to make loan decisions based on race it's illegal to do it explicitly and it's illegal to use zip code as a proxy if the data is there you can do it you're just not allowed to and you can make these changes we can build the society we want we are not stuck with what the technology gives us just like we're not stuck with murder guess except the u.s. jonathan gage with the carnegie council on that trustee here and my day job is with the Boston Consulting Group is a writer so my thought or my question is these issues are very complex and they said need be moving quickly but the question of how libraries could galvanize public opinion to protect digital rights you've really explored the issues that articulated them well but what I don't what I haven't heard and I wonder if might be useful would be delineating exactly the policies that would be required to protect digital privacy you've done a bit of that I've just heard that not just now it crystallized those so that people could understand them and then secondly to very explicitly campaign to have that accomplished in the ways that people can understand it through their own experience and what is threatened in their lives and in their own privacy I mean you know against the surveillance in the business model of the internet doesn't really it's not like no more war or women's rights but to to outline the specific policies and changes that would need to be made and then to articulate in almost like campaign fashion this needs to be done that needs to be done to accomplish that we hope to achieve the privacy we use of highfalutin language about sparking a national conversation on the importance of privacy and things and it's a matter of resources right now we don't have it's possible to start a campaign like that but we also have to get buy-in from local libraries and that's the fundamental library's politics in the United States all politics are local and so there are large library systems like Brooklyn in New York that would have the resources and the political space to engagement and campaign and I can think of libraries and real Midwest that would never have the flexibility to engagement ala certainly could take leadership but be blunt we would have to marshal support from a larger swath of the membership for the investments that that kind of ant campaign would do and and get buy-in from our lobbyists in Washington and things like that and that is not impossible but it is a large endeavor that we just haven't had the resources in our office to attempt I worked in an office with five people and my attention is scattered across privacy censorship First Amendment issues and so I don't know I just simply can't make that happen but it's a possibility and still you may want to talk about that in the future and and I will you congratulate Bill he's the incoming chair of the al A's privacy subcommittee to clear Queen and some sort of sort but just a little anecdote to kind of play that out so that they LA last year I gave it up to talk about New York public and its new privacy policy and this person comes up during the question and answer period and Jesus I'm not going to tell you my name or even where I'm from so I you know was something he said I run a little tiny library in a small town and every week the police come and they want to know what people have been borrowing and I said well can you please tell me what state you're from in California they said you are in black you've got one of the strongest library statutes in the countries Lisa knows she said that doesn't matter they still come and they still asked for the information I said well what attorney or law enforcement represents you and she said it's the local city attorney she said the problem is they also represent the police department this is the quandary so whatever regulations whatever laws whatever guidelines we set up for people there's the fact of daily life and especially how it plays out at a smaller community [Laughter] should actually call us okay I believe I don't and I think what's kind of trying to bring us to a true thank you so much for your time and your input and I see value happening did you want to add any any more okay I'll ask Bruce to kind of send some last few words before we before we finish but I I just want to say for me thank you very much it's been much much appreciated but I I drew from the conversation that's the legal and regulatory framework seems important and from a study group I think Neil was talking to us about how we need to get the citizens themselves coming up the library users the patrons that is described here coming through with their own interventions and approaches to this and we need to engage them a lot more than we are on these issues I think also a pull away from me also the the amount of things programs that can do and I've been very very my big learning on the trip so far and I hope there's more to come it is also this idea about the library being a key educator I used to think libraries or a place to go and get knowledge but actually education is so much more than that just to get to get some knowledge but also so I could understand how things work and ask how to deal with them it's something else as well so I think there's some some learning for us to take with us and some things for us to think about that we've heard about but Bruce I don't know if you want to what I did pretty bleak about data not being under our control but solving this is a matter of change in public opinion and with libraries I mean in my world libraries do is they change norms something as simple as libraries using tor because the rhetoric from the FBI the UK equivalent is that only criminals used to order you tour to buy drugs that's what tor is for and having libraries install tor is an enormous powerfully powerful statement that tor is for privacy protection for everybody and it's those sorts of things that change the dialogue I win when libraries put in warrant Canaries when they refuse to give the police data what the patrons are reading they are making a powerful statement and librarians sort of have a special place in our mythos or the kind of unimpeachably they are they're sort of the epitome of regular and have to have libraries do these things is powerfully important and I really applaud that I want to close by saying they were to come to my book found and to your point starting this question this is the titles data and Goliath if you pronounce it data and Goliath you don't get the joke thank you again thank you very very much and do please give a big hand for all our speakers and for yourself thank you [Music]

Info

Channel: Carnegie Council for Ethics in International Affairs

Views: 3,222

Rating: 4.8518519 out of 5

Keywords: Bruce Schneier, Carnegie UK Trust, Berkman Center for Internet & Society, Harvard Law, Harvard Kennedy, privacy, digital privacy, Carnegie Council for Ethics in Interntional Affairs, Deborah Caldwell-Stone, Ciara Eastell, Albert Tucker, Joel Rosenthal, free speech, free expression, Tor, libraries, library, UK library, American library, library privacy, surveillance, Facebook, Google

Id: FoLws3NfcAU

Channel Id: undefined

Length: 132min 11sec (7931 seconds)

Published: Thu Jun 01 2017