You don’t have to invoke George Orwell or Edward Snowden to make the case that surveillance and the diminishment of private space is scary stuff. Rereading 1984 as a grown-up (I assume most people encounter the novel in high school English class) is an unsettling experience, not because Stalin’s minions are hiding under the bed but because of the tangible oppressiveness of a totalitarian state. That doesn’t sound like where I live. The Snowden disclosures come right out of a Dan Brown novel, but are hard to connect with the sense of being tracked that we experience every day with Google and Amazon. When you buy a shirt online with an extra long sleeve, as I did recently, and then see the shirt manufacturer advertising extra long sleeves in your Facebook feed the next day, the response is, Holy crap! Look at this! But I don’t feel afraid. What I feel is observed. It’s creepy and seemingly out of my control. I don’t like it, but it’s not as though the observer were Big Brother or Dick Cheney. There is, or there should be, a taxonomy for surveillance and tracking that would keep things in perspective.
What that perspective should be is the work of thoughtful, civic-minded information professionals — librarians, for short. We should root for them to take the field, but it appears that we will have to look elsewhere for heroes. The library community has concluded that this is a distasteful battle and have simply walked away from it. We are all worse off because of this.
To create some context for these remarks, allow me to refer you to Ben Thompson’s astute analysis of Microsoft’s acquisition of LinkedIn. To those who believe Microsoft was bested by Google and Apple, take a look at what has been going on in the corporate market, where Microsoft has such a dominant position — and the margins that go with it — that there really aren’t any close challengers. Thompson’s point is that what we call B2B sales (business to business, the very definition of a corporate sale) has heretofore been literally about selling things to businesses, but LinkedIn has a direct relationship with the employees of those businesses. LinkedIn is going to solidify and extend Microsoft’s position by deepening end-user relationships. Woe to the head of corporate computing who tries to cancel the license for Microsoft Office when the entire staff has their professional network integrated with Microsoft products. We can call this a “corporate bypass” strategy.
I have written about this phenomenon in the academy before (I see that the date of that blog post was 2009), but it’s worth reiterating that a library bypass strategy is a means by which a publisher strengthens its position by developing end-user relationships. This is not the same thing as going over a librarian’s head (though few publishers would fail to do so if they thought it would work): making a sales pitch to a department head or even someone in the provost’s office is simply a bullying mechanism to keep libraries as customers. A bypass strategy moves the relationship to the end-user, leaving the library with little or no role. What LinkedIn will provide to Microsoft is a trove of end-user information (Google “data is the new oil” ). By analogy, imagine what consumer markets would look like if Apple were to merge with Facebook.
But who has that information in the academy? Well, we know that everyone is using Google and Facebook and most people are using Amazon. There are also countless other digital services that collect data for various reasons, most of them commercial (let’s not forget about the LMS–and see Roger Schonfeld’s post from yesterday in which he describes, among other things, how the Google and Microsoft mail services affect the academy). Here again I want to make the point that there is a big difference between someone collecting data to sell me a shirt with an extra long sleeve and imposing on me and everyone else the regime caricatured in 1984 . . . but still. What we have in the academy is a creeping erosion of our private spaces. This is how best to think of Elsevier’s acquisitions of Mendeley and SSRN, as an opportunity to move their business relationship toward end-users, a library bypass strategy with the interests of Elsevier’s shareholders in mind. We should be thankful that Elsevier is only motivated by money.
Here I would like to see librarians enter the discussion. How should that information be collected, how should it be used? And it doesn’t end with Mendeley and SSRN; the two-factor authorization that is coming (Phil Davis just wrote about this on the Kitchen) discloses end-user information to publishers. In a short time the identities and online activity of academic users will be known to a small number of large commercial entities. In other words, the historical position that libraries have taken on concealing the activity of their patrons has been overtaken by events.
Being a purist is not a high-paying job. Libraries have, with the best intentions in the world, taken a strong position on privacy, and they have lost. They got the whole privacy thing all wrong. Rather than participate in the policies of their institutions and the many organizations that interact with them, they have abdicated their role and are now watching as their institutions are being colonized by commercial interests, which are no longer answerable to libraries. We should hope that these commercial firms are only interested in selling a men’s shirt with an extra long sleeve.
Discussion
11 Thoughts on "Libraries May Have Gotten the Privacy Thing All Wrong"
Is there a way for us to escape the constant glare of Google and Co; to sail under the radar, so to speak?
“At Elsevier, we recognize that personal data can be used to deliver additional value to our users, but also that the proper handling of such data is very important to our user and librarian community.”
We at Elsevier published an article about our Privacy Principles here – https://www.elsevier.com/connect/respecting-data-privacy.
To use the twitter shorthand, #NotAllLibrarians.
I had the same initial response, Lisa, so I went looking for some good recent examples of libraries taking up the issue of patron privacy in an active and assertive way. I was surprised and disappointed not to find much. ALA has a privacy toolkit that looks pretty useful, but most of the documents to which it links are over a decade old, and the toolkit itself is two years old. It doesn’t deal with commercial use of patron information beyond a few references to the Children’s Online Privacy Protection Acrt (COPPA). And in any case, it’s a passive document rather than an active program.
The Library Freedom Project put up a Digital Privacy Pledge last year, to which (as of today) four public libraries, two academic libraries, and zero individual librarians have signed on. (One additional public library and three individual librarians have submitted “supporting statements,” however.)
I’m coming to the reluctant conclusion that when it comes to privacy, we in libraries talk a better game than we play. Are you aware of some good recent examples of libraries participating more aggressively in the “(privacy) policies of their institutions and the many organizations that interact with them”?
Rick, one initiative to bear in mind is the NISO Patron Privacy initiative (http://www.niso.org/topics/tl/patron_privacy/). I’m not sure whether this initiative is having an impact on the practices of libraries or vendors, but it’s one attempt.
Yes, this is a good one — but I’m not sure it can reasonably be characterized as a library initiative. To Joe’s point, it seems like an example of something that we librarians could and should have done on our own, but that it was left to NISO to do.
Do you mean to suggest that it must be done through ALA/ARL/etc in order for it to be a librarian initiative? In terms of the participation in the NISO initiative, my sense informally is that it was heavily weighted to librarians. FWIW.
(Responding both to you and Lisa here.) You guys are right, of course, that libraries are a part of NISO and that librarians were involved in NISO’s privacy initiative. When I say “I’m not sure it can be reasonably be characterized as a library initiative,” I’m saying that I think it would be more obviously a library initiative, and thus be more apposite to Joe’s point, if it had been produced by an organization like ALA or ARL or ACRL. But obviously, what ultimately matters is the impact it has on patron privacy, not whose organizational name is on the front page. If this initiative makes a significant difference, that will be wonderful and the librarians involved should be proud.
NISO is an organization that is inclusive of librarians/libraries so I don’t think “left to NISO” is quite the right characterization. I should also mention that Andrew Asher and I have given presentations/trainings at/for CNI, ALA, and ACRL and just last month I did so at the CIC Conference on eLearning/Learning Analytics.
Roger cited the signature project that I would have mentioned (disclosure: I was on the NISO committee for the Consensus Principles project and am now on the group for the Privacy in Research Data follow-up). And, this is a pretty recent ALA document: . At my own institution, I can refer you to the Privacy Policies Implementation Team and our final report that is driving a set of future directions: .
Apparently I managed to put punctuation around the URLs that made them disappear! UIUC Library report: http://www.library.illinois.edu/committee/ppit/ and ALA doc: http://www.ala.org/advocacy/library-privacy-guidelines-e-book-lending-and-digital-content-vendors
