Why the #cilipinwales conference was the wake up call I needed

Even though I have spent two years reading up about privacy in libraries, and indeed the concept of privacy more generally, I have only just started my PhD studies in February this year.

I want to initiate a debate on what involvement libraries should have in protecting user privacy. And it certainly seems as though my talk at the CILIP in Wales Llandudno conference did get people thinking, and discussing some of the points I had raised.

In my talk I gave a number of examples of the ways in which privacy issues arise in libraries. And I get the feeling that some of those examples may have seemed to some people at least as being unnecessarily zealous, as though the reading and browsing habits of users are hardly sensitive.

In the time available I wasn’t able to run through examples of the “chilling effect” that arises when one is being watched, or thinks that one is being watched; or examples of self-censorship etc. Or to explain why the many arguments that start off from the stance of “nothing to hide, nothing to fear” are bogus because they overlook the fact that when someone holds information about you they potentially have power and control over you.

What the conference did was to provide me with a big wake-up call. Its all very well for me to talk about the Tor browser as a means of searching the web anonymously or about using https:// secure sites. What the delegates comments and questions taught me was that there are some incredibly practical considerations that need to be addressed first. And its only after the conference ended that I realised just how useful the insights I could glean from their questions really were. And for that I am incredibly grateful.

One question was about balancing privacy and security. The question was thinking specifically of what would be likely to happen if their library were to install the Tor browser given that the “dark web” is synonymous for some folk with the criminal underworld of drugs, firearm sales and the like. And of course this is a hugely important consideration. If providing people with the facility for anonymous searching comes with huge risks of facilitating criminal activity, then it’s a no-brainer: no library would ever go near anonymous searching. I have to confess that I know only a very limited amount about the Tor browser, and I need to address that gap in my knowledge! Instinctively I automatically think of the work of the Library Freedom Project who have championed the use of Tor in American libraries and who must therefore have had to deal with these issues. Because surely they will be in a position to help address precisely these issues head on.

Another question asked what can and should public library staff be doing tomorrow. In other words, what quick wins can and should they be looking to implement virtually overnight in order to be more respectful of user privacy. I think that the question was driven in part by a sense in which policies were set centrally; that things were reliant on their IT systems; that their IT function seemed quite remote. In short, the library staff might feel powerless to do anything.

Another question related to whether any of the tools available are designed for mobile devices. And I omitted to mention https://libraryfreedomproject.org/mobileprivacytoolkit/

And yet another comment was about how you can only set up https: secure using Lets Encrypt by rendering your machine vulnerable at the point where you set it up.

All of these points are hugely valuable to me. For one thing they help me to realise just how much more I need to learn, because right now I don’t have the expertise to adequately address them all. And now I know more precisely what some of my knowledge gaps are. But far more important than that, they are absolute gold-dust because they flag up the highly practical reasons why things won’t change unless these and other points are fully addressed in a way that provides the necessary reassurance. My main focus is not on criticising people for what they do regarding privacy. Rather it is to understand what the problems are, because until that becomes clearer, there’s absolutely no hope of moving forward.

So I want to say a massive thankyou to CILIP in Wales for giving me the platform to talk about privacy in libraries; to all of the delegates who made comments and asked questions for helping me to better understand the worries and concerns that will prevent us making progress unless we are prepared to fully address those concerns. And I hope that this write-up will prove helpful to CILIP HQ so that they can take these things on board as part of the privacy project it is undertaking with the Carnegie Trust because I think that they themselves are trying to work out where it is that they need to focus their attentions.

Thanks again to CILIP in Wales for inviting me to speak, and for putting on a great conference.