INVESTIGATORY POWERS BILL

NICHOLAS WILLIAMSSCOTTISH PEN

@ S C O TT I S H P EN @ N IKW I L L I A MS 2 S C O TT IS H P E N. O R G

Surveillance, Privacy & Digital Security in Libraries

Digital Security & Privacy Project

Project to build capacity of library staff and users to protect digital security & privacy

Ambition & Opportunity: A Strategy for Public Libraries in Scotland 2015 -2020

Librarians have the understanding and expertise to: Champion & promote openness & the public’s right

to info; Oppose censorship and efforts to inhibit access to

info; Select and make available information; Guide and support the public to seek, obtain and

navigate available information;Support the public to utilise and share this

information; Facilitate intellectual and cultural creativity;Safeguard the privacy of the public through

ensuring data collation and surveillance are necessary, proportionate and lawful.

INVESTIGATORY POWERS BILL (IP Bill)

Attempt to modernise and consolidate surveillance legislation

Currently in the House of Lords (3rd reading, next week)

New powers include:Retention of Internet Connection RecordsEquipment Interference (hacking)Bulk PowersNational Security & Technical Capability NoticesInterception

INVESTIGATORY POWERS BILL (IP Bill)

What has this got to do with libraries?

The IP Bill’s definition of telecommunications providers brings obligations to those who offer public Wi-Fi & public access computers

This may include cafes and librariesNo lower threshold Will libraries have the capacity & funds to

comply?

Privacy & Libraries

Public use of libraries reveals a great deal of private details

Communication (email & social media)Online banking & shoppingResearch & browsingApplying for jobs & benefits

How will government access change the behaviour of library users?

PROJECT OUTLINE: Workshops

Hosted in libraries across ScotlandTraining library staff & volunteers on issues

around protecting privacy, evading unlawful surveillance & strengthening security

Enables staff & volunteers to develop training for library users

Using Library Freedom Project syllabusPiloted in Glasgow Women’s Library in July

2016Expanding to libraries in other locations in

Scotland

WORKSHOP FEEDBACK

Informative – 82% very positive; 18% somewhat positive

Enjoyable – 82% very positive: 14% somewhat positive96% felt they had a better understanding of privacy

and steps they can take to protect against unwarranted surveillance

100% would be interested in attending another event organised by Scottish PEN

70% were more likely to rely on Scottish PEN to find out further information about privacy, surveillance and freedom of speech issues in the UK and Scotland

WORKSHOP

Here is a whistle-stop tour of the workshop we held at Glasgow Women’s Library

THREAT MODELLING

Digital security isn’t about which tools you use; rather, it’s about understanding the threats you face and how you can counter those threats. To become more secure, you must determine what you need to protect, and whom you need to protect it from.

What do you want to protect?Who do you want to protect it from?How likely is it that you will need to protect it?How bad are the consequences if you fail?How much trouble are you willing to go through in

order to try to prevent those?

PASSWORDS

Weak passwords = Giving over the keys to the kingdom

A password may be only as secure as the least secure service where it's been used.

Focus on passphrase as opposed to a password.

Master password: diceware wordlistPassword managers

LastPass 1Password

2factor authentication

DICEWARE

CORPORATE SURVEILLANCE & ADBLOCKERS

Personal data is used to direct advertising that is tailored to our behaviour & online activity

Behaviour such as using flash players or watching films full-screen tell others about us

How to avoid trackers:DuckDuckGo SearchPrivacy Badger (Chrome or Firefox)uBlock Origin (Chrome or Firefox)Use Chrome if not Tor Browser

HTTPS Everywhere is a Firefox, Chrome, and Opera extension that encrypts your communications with many major websites, making your browsing more secure.

The Digital Public Library of America has migrated its system to HTTPS

Can we encourage libraries in Scotland to do the same?

SECURE COMMUNICATIONS

Emails are postcards – contents are visible to anyone who wants to look at it

Email is neither secure nor private PGP email encryption is the only way to have

private email – but require high levels of tech literacy

Secure comms:Email – PGP, Riseup, ProtonmailVoice Calls – Signal, Ostel & Silent PhoneText messaging – Signal & Wire

ANONYMOUS BROWSING

Tor & ANONYMOUS BROWSING

• Obscures your real IP Address• Prevents cross-site correlationBlocks cookies &

scripts • Writes nothing to disk • Some usability barriers

(Incidentally if you know of a library who will be interested, please grab me after the

session or email nik.williams@protonmail.com)

SHAMELESS PLUG No. 1

TOOLKIT

• To extend the reach of these workshops we are developing a toolkit that will be shared to libraries across Scotland.

• With a focus on:• Librarians• Library staff & volunteers• Archivists• Information Services• IT Departments

• This will be used to train library professionals & support the development of training or digital literacy classes for library users.

TOOLKIT STRUCTURE

IntroductionInvestigatory Powers BillThreat ModellingPasswordsCorporate Surveillance & Ad TrackersSecure CommunicationsTor & Anonymous Web BrowsingGlossary of TermsGlossary of Tools - Linklist

PROJECT OUTLINE: Toolkit

Developed with SLIC, CILIPS, Library Freedom Project & Scottish PEN

Built with input from librarians, staff members, volunteers, users and…..

…you!

SHAMELESS PLUG No.2

• We are looking for individuals to be part of a focus group to help us develop the toolkit

• If you would be interested in taking part, please let me know or contact nik.williams@protonmail.com

• To be held in early 2017 in Glasgow

THANK YOU FOR YOUR TIME

But remember…