Surveillance, digital security and privacy in libraries
-
Upload
cilipscotland -
Category
Presentations & Public Speaking
-
view
97 -
download
0
Transcript of Surveillance, digital security and privacy in libraries
INVESTIGATORY POWERS BILL
NICHOLAS WILLIAMSSCOTTISH PEN
@ S C O TT I S H P EN @ N IKW I L L I A MS 2 S C O TT IS H P E N. O R G
Surveillance, Privacy & Digital Security in Libraries
Digital Security & Privacy Project
Project to build capacity of library staff and users to protect digital security & privacy
Ambition & Opportunity: A Strategy for Public Libraries in Scotland 2015 -2020
Librarians have the understanding and expertise to: Champion & promote openness & the public’s right
to info; Oppose censorship and efforts to inhibit access to
info; Select and make available information; Guide and support the public to seek, obtain and
navigate available information;Support the public to utilise and share this
information; Facilitate intellectual and cultural creativity;Safeguard the privacy of the public through
ensuring data collation and surveillance are necessary, proportionate and lawful.
INVESTIGATORY POWERS BILL (IP Bill)
Attempt to modernise and consolidate surveillance legislation
Currently in the House of Lords (3rd reading, next week)
New powers include:Retention of Internet Connection RecordsEquipment Interference (hacking)Bulk PowersNational Security & Technical Capability NoticesInterception
INVESTIGATORY POWERS BILL (IP Bill)
What has this got to do with libraries?
The IP Bill’s definition of telecommunications providers brings obligations to those who offer public Wi-Fi & public access computers
This may include cafes and librariesNo lower threshold Will libraries have the capacity & funds to
comply?
Privacy & Libraries
Public use of libraries reveals a great deal of private details
Communication (email & social media)Online banking & shoppingResearch & browsingApplying for jobs & benefits
How will government access change the behaviour of library users?
PROJECT OUTLINE: Workshops
Hosted in libraries across ScotlandTraining library staff & volunteers on issues
around protecting privacy, evading unlawful surveillance & strengthening security
Enables staff & volunteers to develop training for library users
Using Library Freedom Project syllabusPiloted in Glasgow Women’s Library in July
2016Expanding to libraries in other locations in
Scotland
WORKSHOP FEEDBACK
Informative – 82% very positive; 18% somewhat positive
Enjoyable – 82% very positive: 14% somewhat positive96% felt they had a better understanding of privacy
and steps they can take to protect against unwarranted surveillance
100% would be interested in attending another event organised by Scottish PEN
70% were more likely to rely on Scottish PEN to find out further information about privacy, surveillance and freedom of speech issues in the UK and Scotland
WORKSHOP
Here is a whistle-stop tour of the workshop we held at Glasgow Women’s Library
THREAT MODELLING
Digital security isn’t about which tools you use; rather, it’s about understanding the threats you face and how you can counter those threats. To become more secure, you must determine what you need to protect, and whom you need to protect it from.
What do you want to protect?Who do you want to protect it from?How likely is it that you will need to protect it?How bad are the consequences if you fail?How much trouble are you willing to go through in
order to try to prevent those?
PASSWORDS
Weak passwords = Giving over the keys to the kingdom
A password may be only as secure as the least secure service where it's been used.
Focus on passphrase as opposed to a password.
Master password: diceware wordlistPassword managers
LastPass 1Password
2factor authentication
DICEWARE
CORPORATE SURVEILLANCE & ADBLOCKERS
Personal data is used to direct advertising that is tailored to our behaviour & online activity
Behaviour such as using flash players or watching films full-screen tell others about us
How to avoid trackers:DuckDuckGo SearchPrivacy Badger (Chrome or Firefox)uBlock Origin (Chrome or Firefox)Use Chrome if not Tor Browser
HTTPS Everywhere is a Firefox, Chrome, and Opera extension that encrypts your communications with many major websites, making your browsing more secure.
The Digital Public Library of America has migrated its system to HTTPS
Can we encourage libraries in Scotland to do the same?
SECURE COMMUNICATIONS
Emails are postcards – contents are visible to anyone who wants to look at it
Email is neither secure nor private PGP email encryption is the only way to have
private email – but require high levels of tech literacy
Secure comms:Email – PGP, Riseup, ProtonmailVoice Calls – Signal, Ostel & Silent PhoneText messaging – Signal & Wire
ANONYMOUS BROWSING
Tor & ANONYMOUS BROWSING
• Obscures your real IP Address• Prevents cross-site correlationBlocks cookies &
scripts • Writes nothing to disk • Some usability barriers
(Incidentally if you know of a library who will be interested, please grab me after the
session or email [email protected])
SHAMELESS PLUG No. 1
TOOLKIT
• To extend the reach of these workshops we are developing a toolkit that will be shared to libraries across Scotland.
• With a focus on:• Librarians• Library staff & volunteers• Archivists• Information Services• IT Departments
• This will be used to train library professionals & support the development of training or digital literacy classes for library users.
TOOLKIT STRUCTURE
IntroductionInvestigatory Powers BillThreat ModellingPasswordsCorporate Surveillance & Ad TrackersSecure CommunicationsTor & Anonymous Web BrowsingGlossary of TermsGlossary of Tools - Linklist
PROJECT OUTLINE: Toolkit
Developed with SLIC, CILIPS, Library Freedom Project & Scottish PEN
Built with input from librarians, staff members, volunteers, users and…..
…you!
SHAMELESS PLUG No.2
• We are looking for individuals to be part of a focus group to help us develop the toolkit
• If you would be interested in taking part, please let me know or contact [email protected]
• To be held in early 2017 in Glasgow
THANK YOU FOR YOUR TIME
But remember…