Your privacy needs are mostly likely a bit different from those of your patrons. We cover how and why that is in this video
Transcript
Davis: Across all the series we’ve done so far, we’ve shared tips for protecting our privacy, but a lot of these tips seem to be one-size-fits-all. Reality is, our backgrounds and our socioeconomic statuses matter in these conversations.
Using myself as an example, I have my own private internet connection, I use Apple products — which means I paid for an increased level of consideration for my data privacy — and I have enough expendable income that I can pay to use a fancy app to help me manage my passwords. Plus, I’m a grown-up who has a job where I get to talk to experts like you about these things all the time.
I thought we could spend a bit of time talking through various scenarios that might affect an individual’s privacy profile, if you will. For example, unlike the general population, there are privacy laws affecting children. What should library staff know about this?
Erin: First, you are totally right about the privacy divide. You know, with 85% of the U.S. population owning a smartphone, we’re now talking less about a digital divide and more about a privacy divide. People without access to pay into the privacy ecosphere actually have to gain services by giving over their personal data. So people without the tech skills needed to safely navigate online are also more likely to become victims of phishing schemes or taken advantage in a variety of ways.
People without the tech skills needed to safely navigate online are also more likely to become victims of phishing schemes or taken advantage in a variety of ways.
Children often fall into the category of people who don’t know how to be online in a safe manner. I think it’s a total misnomer that children are born digital. These are skills we all have to learn. In order to help protect children under 13, the federal government passed COPPA, which is the Children’s Online Privacy Protection Act, and that went into effect in 2000. So COPPA includes regulations regarding privacy policies, parental consent, privacy and safety protection, responsibilities, and marketing restrictions. The reason that most social media platforms don’t allow users under 13 is, it’s really too cumbersome to operate under these regulations.
Now, libraries that provide internet access are not liable under COPPA for the data collected by the websites that children visit. COPPA also doesn’t apply to the library’s website, as it’s only a law for commercial websites. Now, library workers may find themselves needing to be able to answer questions from children or their parents about why they’re unable to access certain sites, and this is a great opportunity to find different resources that don’t collect any user data.
Davis: Gotcha. How does the Children’s Online Privacy Protection Act impact the library’s provision of third party vendors?
Erin: That’s a great question. So, while COPPA doesn’t apply to the library’s website, it does apply to any vendor that’s collecting personal information. So when entering into a contract with a vendor, you’ll want to verify that they’re actually COPPA compliant.
Davis: I know because you just told me that COPPA expires at 13, which is when teens are legally allowed to create social media accounts, for example. Meanwhile, the developing brain is underway until our mid-20s. What’s the role, in your opinion, in helping teens navigate the online world in a way that keeps their data safe?
Erin: Yeah, that’s a great point. While parts of me are envious of teens who have a camera in their pocket, I’m kind of glad social media didn’t exist when I was younger. As I mentioned earlier, none of us are born knowing how to use the internet. Just like health hygiene, we have to learn online hygiene. You have to remember the teenage brain makes them think they’re invincible. It’s all part of that growth development.
Most are probably not going to be super interested in an online safety class, unless they’re maybe also teaching white hat hacking, so first you’ll want to think about the threat assessment of most teens. They’re going to need to pay attention to different things than adults. An adult may not want their banking information exposed, while most teens don’t have a bank account to worry about. However, teens may not want anyone to have access to their social media profiles, and that’s a great opportunity to talk about password managers. Set them up with one on their phone, talk about how it makes life super easy, and they’ll be more secure from bullying attempts.
Take small moments of interaction to impart pieces of knowledge. People are more likely to take advice and change behavior when it comes from a relationship.
Online harassment is a huge problem online, and teens may be on either side of it. It can lead to major privacy violations. This framework can be used to teach about sending photos to people, or even cloud backups, and then if someone has your iCloud or Google password. they may be able to see all those selfies you took. You know, take small moments of interaction to impart pieces of knowledge. People are more likely to take advice and change behavior when it comes from a relationship rather than sitting in a class with some random library worker lecturing.
Davis: Research shows that folks from low income communities are often put at risk when it comes to internet use. For example, research done by Seeta Peña Gangadharan shows how zip codes correlate with ads for subprime mortgages, which as we know sank the economy back in 2009. We learned about that sort of thing in series two. So what can libraries do to be of service to communities who are at greater risk when their information is misused?
Erin: It’s really quite awful how targeted ads work to take advantage of people, especially when they’re at their most vulnerable. We can do the thing that we are good at, which is informing people. Letting them know what’s happening if your library is located in a low-income area, Then this is going to be even more vital.
You know, having a space where you can help people install ad blockers on their device, help them understand what to look for in phishing emails. I could even see a program similar to like a bug bounty, which is when companies give money to hackers for finding exploits. But instead, the library gives out incentives for people bringing in examples of phishing emails they got. You know, be aware of the community you’re working in, and talk to the people living there about what they’re experiencing. Let them guide you in the approaches to getting that information out.
You know, equity models of service are not one-size-fits-all, and so what one library does for their patrons around privacy is going to be different than what a different another library does in their approach.
Be aware of the community you’re working in, and talk to the people living there about what they’re experiencing. Let them guide you in the approaches to getting that information out.
Davis: I’ve noticed that a lot of the advice for shoring up your data protection strategy takes money and time, and not everyone has these things in abundance. So I’m wondering: what advice do you have for advising folks who aren’t able to spring for paid services like the ones I just mentioned? What are some low-cost ways to, say, keep track of your unique passwords or to protect your data and devices against malware?
Erin: I hate that all the burden has been placed on the end user, but that is where we’re at. There are some quick things that anyone can use which would be great for libraries to help people install: first, a lot of the password managers out there do have availability have free accounts. I use LatPass, and I actually only just started paying for it when I got my mom set up on it because it was easier for me to do a family account rather than trying to do it for her individually and it just worked out that way. But a lot of them don’t — you don’t have to pay.
Everyone using a PC needs to have anti-virus installed on their computer, and people should also update their devices regularly. So helping people turn on these automatic updates, stressing the importance of this at the library. Anytime you’re helping someone with their technology ask: “hey, can I check to make sure it’s updated?” You know, those are little moments of interjection.
You know, many times the updates are patching security vulnerabilities. You can explain that it’s like having a lock that’s broken. Yes, your door is closed, it looks like a lock is there, but all someone has to do is turn the knob to gain entry. You can help them install some browser extensions, as well, such as Privacy Badger and U-block origin. Those only take a couple seconds to install.
Libraries are places of equity, not equality. All of our libraries are different and our users have vastly different needs. There is no one-size-fits-all model for privacy.
And one of the most important things I think you can do is help people identify those phishing and smishing schemes. So once you learn it doesn’t take any extra time, don’t click on links from people you don’t know, or download attachments. If anyone asks you for money, call the person to confirm it’s them before writing a response. Honestly most hacks happen because of human error rather than the data breach information getting out there.
Davis: I know there’s a lot of interest in making sure libraries provide a consistent level of support to all patrons. How can we square that with the fact that our patrons have different situations when it comes to data privacy?
Erin: Libraries are places of equity, not equality. All of our libraries are different and our users have vastly different needs. There is no one-size-fits-all model for privacy. You have to go talk to your community, find out what issues they’re experiencing, and then tailor your resources and staff training to address those things specifically.
Davis: Erin, thanks for talking with me through these tricky topics. In our next and last video, we’ll follow the time-honored tradition of sharing resources and places to turn to for guidance so just one more to go and we’ll see you there.
Further Reading
Children’s Online Privacy Protection Rule
The FCC site for COPPAPrivacy Badger
A browser extension that automatically learns to block invisible trackers from the Electronic Frontier Foundation.uBlock Origin
A free, open-source ad content blockerLastPass
A password manager with a free accessOne Password
An application for for managing, storing and generating your many passwordsWhy You Need a Password Manager, and How to Choose the Right One
Reviews of password managers, along with some tips on how and why to use one
Relevant Terms
Phishing
The fraudulent practice of sending emails purporting to be from reputable companies in order to persuade individuals to reveal personal information like passwords and credit card numbers
Smishing
the fraudulent practice of sending text messages purporting to be from a reputable company with the purpose of inducing individuals to reveal personal information like passwords or credit card numbers
Contributor Bios
- Erin Berman is a Division Director at the Alameda County Library in California and serves as the Chair of the American Library Association’s Intellectual Freedom Committee’s Privacy Subcommittee.
- Davis Erin Anderson is Director of Programs and Partnerships at METRO Library Council.
- This project is funded by the Mayor’s Office of the Chief Technology Officer, and produced in collaboration with Brooklyn Public Library, The New York Public Library, and Queens Public Library.