Tuesday, September 16, 2014

ACLU Ninja Librarians are Here to Save the Day?

The following is a "Mini Report" written for Clark University's MSIT3710 Cyber Security Risk and Threat Management course. Throughout the Fall 2014 semester I'll be reporting on issues related to my class project about public library cyber security risks. 
When you know that people are recording what you are doing online or if you know cops, the FBI, the DEA, or ICE could access your library or digital history, chances are you are not going to say or research what you might otherwise. Self-censorship ensues because surveillance chills speech. -- Alison Macrina and April Glaser
The above quote is from an article recently published on BoingBoing.net titled 'Radical Librarianship: how ninja librarians are ensuring patrons' electronic privacy' that describes exactly why data privacy in a public library setting is essential. The post goes into detail about the recent partnership between librarians in Massachusetts and their local American Civil Liberties Union chapter to harden IT security practices within public libraries and protect patron data.

This is not the first time librarians have entered the spotlight in the fight for first amendment rights or information security but it does mark a change in IT policy that I think is worth noting. Computers have been part of the library landscape for a long time but for many years they were an internal resource—not an external one. The cost of computers and difficult UIs in the 60s and 70s made searching the new "digital" card catalog no small task. With the popularity of the internet and need to access electronic resources in-house in the 80s ad 90s this made public access computer stations a no-brainer, but it was not until the 2000s when I think librarians really started to expand their role as organizers of information into digital stewards of the internet age. Should they play this role? I think so. Some might argue otherwise, but the issue of data privacy leaking into the hands of government agencies is such a sensitive issue that I think civil servants like your local librarian are our best protection. 

To take this idea a step further, I suggest public librarians should also begin pooling their resources together towards a security-first open hardware platform for public access computers that will not be subject to the same inherent risks of consumer grade electronics. The education efforts and security hardening mentioned in this article is a great start but as we've learned from recent USB controller chip exploits reported at the Blackhat 2014 conference, there are hardware exploits (or backdoors, depending on your point of view) built in to literally every modern desktop PC. As many countries outside the US have begun to realize, the only path towards total information security is through complete oversight of their computer hardware supply chain, right down to chip design and manufacturing. 

No comments: