Category Archives: privacy

Which is preferable: Invasive or Intrusive? (aka the Future of Canadian Census)

Back in July, when the kerfuffle over the long form census was fresh, I accused the Harper government of being disengenuous in their claims that changing the long-form census from mandatory to voluntary was due to privacy concerns over the invasiveness of the census form.

Recent permanent appointment of new Chief Statistician of Canada Wayne R. Smith (necessary due to the 2010 resignation of Chief Statistician Munir Sheikh over the census issue) and subsequent media coverage of Smith’s approach pretty much confirm that view.

Apparently Harper has asked Smith to “rethink” the census for 2016, specifically directing the Chief Statistician to look into how other countries conduct censuses. (Oh, you mean like this freely-available Sept 2010 article in Canadian Public Policy did?) The buzz that is arising from this directive is all about register-based methods that avoid mailing surveys to individuals at all. And this reinforces my assertion that the claims of concern over privacy are bogus.

Register-based censuses link administrative databases so that an individual’s profile can basically be mined for the answers to questions that would have been asked on a paper census. This is exciting for researchers and statisticians, because these registries are generally very accurate. However, for privacy advocates, giving the federal government carte blanche to link and mine federal databases is a matter of concern.

The Online Party of Canada is hosting a discussion on this topic in a  forum on their website. The original post notes:

At first glance, it would seem that most of the vital information collected by the Canadian long-form census questionnaire (2B) is already being collected, at least in part, via other governmental sources (i.e. federal, provincial, municipal, etc.):

●      Age (Q1), gender (Q2), date of birth (Q3) and most labour market activities (Q34-46) information can all be linked to our Social Insurance Number (SIN) and/or Canada Revenue Agency (CRA) data.

●      Citizenship (Q10-11) via Citizenship and Immigration Canada;

●      Place of Birth (Q9) and parents’ POB (Q25) via Provincial Birth Certificates or country of origin under the Immigration Act;

●      Mobility (Q23-24) via Canada Post (theoretically);

●      Education (Q26-32) via Provincial Departments of Education, School Boards and Post-Secondary Institutions;

●      Only a few questions related to: Activities of daily living (Q7-8), Household Activities (Q33), Language (Q13-16), Commuting (Q47) and Dwelling (QH1-H8) could not presently be answered from other sources.

But then asks:

How would Canadians feel about this alternative?

No more census. Save millions in tax dollars. More accurate data.

But our personal information would have to be linked and completely centralized. What types of mechanisms would we need to implement in order to insure confidentiality and protect ourselves from government misuse or abuse of data?

Now I’ve never heard of the OPC before, but these questions are right at the heart of the matter. The only thing  I can think of that they leave out is the question of whether inconvenient questions – questions not represented in official data and also those asking things the current government might not wish to collect – things such as self-reported ethnic identity or unpaid work hours – would be scrapped under a register-based census plan. Given that the unpaid work hours question was already scrapped (much to the chagrin of feminists), I expect this is not a large concern of the current government.

So, How do we feel? How would you feel about your medical records being linked to your tax filing and your hydro bills and your school records  and your motor vehicle records and your vital stats records and your address as listed with Canada Post and…a bunch of other things? How would you feel about a law requiring you to register all address changes with the government? Denmark astutely points out that registering your address with one central body is highly efficient. But do we trust our government the way Danes trust theirs?

The researcher in me loves the idea of the high-quality data we could get with a registry-based system. (The researcher in me is also skeptical that Canada could pull together anything like that for 2016!) However, there would have to be some serious safeguards (including updated ethical review and data stewardship processes) put in place for the privacy advocate in me to feel comfortable with it. I’d also have to feel assured that the increased data infrastructure would be available for non-governmental researchers as well as internal government use.

Last year Harper supposedly changed the census due to its invasiveness. But that’s not the right word. A lot of us were using the wrong word, because it appears that perhaps he’d like to entertain the idea of a more privacy-invasive process, as long as it would be less intrusive into our lives. No pesky, visible forms taking up our time. No census takers knocking on our doors, asking us annoying questions, making sure the population is well aware of what info the census is aiming to collect. Instead just a quiet government data-mining operation. Invasive (possibly more invasive than now), but not so intrusive.

-Greyson

ps – Incidentally, if you’re interested in reading it, the Globe & Mail has published a transcript of their whole interview with Mr. Smith, and it’s pretty enlightening. For example, until reading that I had no idea StatsCan is assuming there would be only a 50% response rate to the voluntary survey that replaced the long-form census. In this fascinating read, Smith says amazing things, including:

“The one thing we know with absolutely certainty is the response rate going to fall from making the survey voluntary.”

and

“But there is no guarantee this data will not be usable. There is no guarantee it will be subject to major non-response bias beyond the levels we’ve traditionally seen in the census.”

He also denies that there is *any scientific reason* to expect non-response bias from groups such as Inuit, non-English speakers, or immigrants.

Wow.

1 Comment

Filed under democracy, ethics, government, government information, inclusion/exclusion, privacy

Census Privacy is the Harper gov’t’s Girl-Power Barbie

I’m going to go ahead and assume anyone who’s reading this blog knows about the Canadian government’s recent decision to scrap the mandatory long-form national census, and attempt to replace it with a voluntary “National Household Survey” (NHS).

I’m going to assume you all know that the information from long form census is used for all kinds of governmental and non-governmental planning, including social programs, financial allotments for various uses, and, yes, library service planning.

I’m going to assume that readers all have the basic statistical proficiency (that the leaders of the Conservative party apparently lack) to know that a mandatory survey with near 100% compliance given to 20% of the population will almost certainly have greater validity that a voluntary survey of 33% of the population, because even if the absolute numbers of responses are the same under both surveys the response rate in the latter will almost certainly be lower and thus reflect self-selection/non-response bias. This, by the way, is a neat way to create policy-based evidence.

I’m also going to assume you know that the Tories are holding fast to their position, even in the face of the Chief Statistician of Canada’s resignation and overwhelming outcry from people who are not always allies on the issues.

Throughout this whole kerfuffle, the Harper government has insisted that the change is due to privacy concerns. They insist that the long form is too invasive. That people think the state should not be requiring that individuals report such personal information as the number of bedrooms in their dwellings and how we travel to work. Etc.

You probably also know that little evidence has been produced to back up the claim that many people are concerned about the invasiveness of the questions on the long-form (although in the most recent 2006 census there were refuseniks on the basis of the gov’t subcontracting census work to Lockheed, an issue that is going unmentioned today).

Privacy, eh?

Privacy, my foot! This change has nothing to do with privacy. Scrapping the long form does incredibly little to improve privacy of Canadians, and in fact may even make our personal data less private and secure.

Here’s some info about the long-form census, and voluntary StatsCan surveys, in terms of privacy. All of this is written to the best of my knowledge, so if anyone works with census data or has StatsCan connections and can clarify or expand on any of the below points, please do let me know.:

Public Release of Data

Full census data is normally released to the public after 92 years. Since the passage of S-18 in 2005, there has been an opt-in check box on the census, which must be checked in order to release that data after 92 years. Opt-in, while frustrating to researchers and genealogists who wanted opt-out instead, is a pretty high standard of privacy protection. Voluntary surveys are not released to the public, ever. Thus, it would seem that the NHS would be more private, 93 years from now, than the census. Or, rather, it would seem so if Tony Clement hadn’t assured us that they were changing things so the NHS will also be available after 92 years No word as of yet on whether the NHS will have an opt-in box.

Commercial Interest Intervention

Commercial firms do not have access to the census planning process. Commercial firms as well as non-profit researchers may purchase modules  for many voluntary surveys from Stats Can (e.g., the Canadian Community Health Survey), however. Should the long form census remain a voluntary survey, I would not be surprised at all if business were eventually granted access to this survey too. In fact, I would expect it, if the survey loses the “sacredness” of the National Census.

Privacy Safeguards

While we might never be fully confident that stewards of any data could never possibly misuse it, the census is subject to privacy safeguards above and beyond other surveys. Disclosure for any purpose prior to the 92-year blackout period would be subject to fines and penalties under the Statistics Act, which requires StatsCan employees working with this data to be sworn to secrecy. Unlike other StatsCan surveys, the Census is not available to researchers outside StatsCan as a full microdata file. It is also not eligible to be linked with other databases, unlike other data sources including other StatsCan surveys. Again, should the long-form census turn into and assume the norms of a voluntary survey, these safeguards will likely be lost.

The Short Form & Privacy

The still-mandatory short form, which nobody appears to be speaking out against, provides plenty of information on which to base discrimination (name, age, sex, marital status including whether partner is same or opposite sex, first language learned). Sexual orientation is pretty personal and invasive to ask everyone to disclose on a mandatory basis, if you ask me — perhaps more so than many of the questions on the long-form. First language-learned gives a lot of ethnicity & immigration information, even without the long form asking about where your ancestors came from.

As comment poster LindL on the Worthwhile Canadian Initiative blog writes, of the move to scrap the long form but retain the short form,

“If it’s wrong, it’s wrong. What you’re arguing is equivalent to ‘Stealing is wrong. So I’m not going to steal a car, instead I’ll just steal a bicycle’.”

Harper’s Privacy = Girl-Power Barbie

The Harper government is using privacy as a red herring here. Calling these changes to the census good for privacy is like calling a “girl power Barbie” feminist – in other words disingenuous cooptation of a real issue in order to improve market share. I fear that to take the Harper/Clement argument at face value – that this change is about privacy – is to play right into their hands.

What is the Harper government’s interpretation of Census privacy? Well, apparently that applies to the government need/ability to make private and unseen the concerns of Canadians regarding the census changes! The long-form census, although second top rated issue by participants in the recent digital economy econsultation, was buried on the site(Although I wouldn’t vote for this very specific issue to be the top concern of Canada’s digital economy, I am quite impressed that it got so many votes, continuing to add votes and hold second place *even after it was buried* on the site and could only be accessed via a direct URL.)

As a privacy and social justice advocate, the long-form census is not what I am worried about. There are a lot of less secure sources of data out there, with less redeeming social value to worry about. For me, the benefits of  responsible, privacy-sensitive data collection and stewardship sometimes outweigh the risks, but I can respect opposing opinions.

It’s one thing if you oppose any government collection of personal data. That I can respect. I think it’s a perspective that usually comes from a position of privilege, and I don’t take this stance myself, but I can respect it if you think the long form should be scrapped along with a whole bunch of other things, on principle. But THIS? Only scrapping the long form? That is not about privacy. If you want to campaign for the end of all government information gathering, fine, but the census is really not the place to start. And don’t think for a moment that the Conservative government is on your side  an end to government information-gathering

However, in a practical sense, this change is not improving the privacy of Canadians in any measurable way, and is in fact eroding the privacy of those who answer the voluntary survey as well as hurting those who don’t by virtue of providing a skewed and unreliable demographic profile of Canada.

Silver Lining?

On the upside, if they do go ahead with this plan to convert the long-form to voluntary National Household Survey, I think it’s likely that whoever is in power in 2016 will change it back. In that case, while we’ll lose the 2011 data for planning and research purposes, it will be interesting to see how and to what extent making a survey voluntary creates deviations from trends (i.e., we may be able to tease out which subgroups will & won’t respond to a voluntary survey). A natural experiment in the making!

-Greyson

ps – For whatever it’s worth, I agree with Sandra Finley that the census software etc should not be subcontracted to Lockheed Martin – much like I do not think the BC MSP data should be with Maximus. But that’s another kettle of fish.

pps- Tracey over at datalibre.ca has been researching the census as part of her PhD research and has been chronicling this recent debacle quite comprehensively.

3 Comments

Filed under ethics, government, government information, inclusion/exclusion, privacy

Privacy vs. Data: Electronic Medical Records (EMR)

My province, British Columbia, is one of many jurisdictions currently in the process of implementing eHealth, which is (in part) basically a large scale, provincially-coordinated  implementation of the Electronic Medical Record (EMR).

And I’m gonna come out and say it: I’m a privacy advocate who is pretty much in favour of government-administrated EMRs.

(Of course, there is a catch…)

I work with health data. I mean, I don’t actually lay my own grubby librarian hands on most of it, but I work in a data-rich environment and with researchers who are analyzing lots of health system data. This stuff is highly privacy sensitive. There are parts of my office I’m not even allowed in without an escort, passing a security cam, and signing a log. And that is how it should be.

I sincerely appreciate the tension between

a) the researchers who want data access and linking in order to do good research and improve health and healthcare, and

b) data stewards and privacy officers who want to protect our privacy first and foremost.

Sometimes the privacy laws and regulations make it harder to do good research, but that’s part of the process.

For example: here, we’re not allowed to identify subpopulations with particularly diagnoses anymore, to survey them, because that’s considered invasive of their privacy. Fair enough – I wouldn’t necessarily want to be subject to lots of survey requests from people who somehow found out I had disease X. However, this also understandably makes it harder to research disease X, when we can’t just pull a representative sample (or all patients) to survey/study.

Both sides – the research/access and the privacy protection side – need good advocates in order to find the best (or at least an appropriate) balance. And I do believe in that balance.

It’s kind of like how in domestic violence shelters there’s often a staff member advocating for a mother who is in shelter, and another staff members advocating for the mother’s child. Usually what’s best for mum (the primary shelter client) is best for the whole family, and there’s no apparent need for the child’s advocate. But sometimes that’s not the case, and both mum and child deserve a strong advocate who is primarily concerned with their welfare, in order to strike a balance and find a solution that is in the best interest of most people.

I’m not a perfect privacy advocate.  I do not believe the government having any information on me is necessarily a bad thing. Sure, there are days when I dream of living off the grid and having babies who never get social insurance/social security numbers. Mostly, though, I think of myself as a realist whose goal is to help the government find an appropriate balance of privacy and data.

Why? Well, because I do have some faith in evidence based practice, despite the somewhat flawed way that medical evidence (the EBP “gold standard”) has been implemented. So I do want the government to have some data on me, because I certainly don’t trust private companies more than I do public institutions, and without data, there is no evidence.

So, when I think of EMR, I think first of the good that can come of it.

Yes, there is the clinical potential: possibly reducing adverse drug reactions/interactions, and the like. Yes, likely improving communication between docs working with the same patient. But beyond those (mostly unproven) claims of the potential of the EMR, the potential for research is phenomenal, really. Even the potential for a patient to finally have access to their own, fairly complete, medical records is pretty awesome.

THEN come the “buts”: the caveats, the necessary policies and procedures to ensure optimal stewardship of this type of linkable – and in some cases already linked – data.

I have to say, up front, that there is absolutely the risk of significant breach of privacy with EMRs.

BUT most of this risk already exists. We already carry electronic data. Several existing individual databases that will combine to form the EMR in this province are already personally identifiable and potentially incriminating. Take PharmaNet, for example. PharmaNet tracks every prescription dispensed in the province. It’s made possible some research in BC that hasn’t been done anywhere else (e.g., this cool stuff that some of my colleagues are doing). However, there is certainly a need for good data stewardship, as there’s a chockload of sensitive information in that database (and there have been some noted breaches – e.g. in this .doc from FIPA).

Combining multiple database may raise the ease of identification, and give more information, but what my real concern is isn’t the linking and interoperabilityof the datasets (because, really, if PharmaNet shows an AZT script, does anyone really need corroborating doctor records to out you as HIV+?), but the privacy and security policies and procedures of the data stewards. This is the same concern today as it will be once the EMR is implemented in my province.

So no, I don’t want to Opt Out. Call me deluded, but I want all health care professionals who treat me to have access to appropriate data on my health history. I want the ER staff, when I arrive on a stretcher the day a crazy driver finally plows into my bicycle, to know about my life-threatening medication allergies ASAP.

And I’m not alone. Heck, there are people who want an EMR badly enough that they are trusting companies like Google and Microsoft with their medical information! I certainly can’t claim to fully trust my government, but I’ll take the Ministry of Health over a publicly traded company any day, when it comes to my health care and private information!

HOWEVER, I do want a Real Dialogue and some transparency about the handling of the EMR, as well as other government data. Because while I’m not signing on the Opt Out bandwagon, I do think the concerns about:

  • lack of government transparency,
  • lack of a publicly-available privacy policy governing EMR data sharing,
  • selection of a US based company managing/holding the information,
  • and lack of clarity regarding who will have access to which modules/portions of the EMR

are very valid and legitimately alarming.

We have some pretty good models of data stewardship here. Let’s learn from them, and listen to our privacy advocates and commissioners, as we move toward the inevitable EMR.

-Greyson

Leave a comment

Filed under digitization, government, Health, privacy

Librarianly committments + Privacy improvements = Facebook for me?

In my previous facebook post I said it would take 2 things to get me on Facebook (FB): trust and better terms of service (ToS, which FB now calls “Statement of rights and responsibilities”).

Since then, it has become likely that I will end up using FB as part of a KT (“knowledge trnslation,” aka making research into something that makes sense to regular non-researchy people) project for a health research group I do a bit of volunteer work with. And while I have a hunch I could possibly manage that project without actually having a personal FB account, that seems kind of awkward to me, and I don’t think I’d be able to do it as well. I got my own self into this position because the group was exploring 2.0 KT methods and of course I felt it was my duty as the librarian in the room to volunteer to shepherd such things. The upshot of this is that I’ve been appreciating this irony, and enjoying the special feeling of being someone about to go do something I’m fairly well-known for opposing. It doesn’t taste quite like crow, or my own words, but it does have a somewhat similar flavour.

However, perhaps as the spoonful of sugar helping the Facebook go down, it appears that FB may be making some of the changes I wanted (not in any way due to my request).

Right before I went on summer holidays, I noted that the privacy commissioner of Canada had issued the results of her investigation into CIPPIC’s allegations that FB infringed on users’ privacy, according to Canadian privacy law.

Maybe, just maybe, FB is responding well to the Privacy Commissioner’s requests.

Trust:

If this good response proves to be the case, it will certainly improve the company’s standing in my eyes – not to the level of a firm that sets out to do the right thing from the start, but at least to that of a firm that can be held accountable via legal measures when need be.

According to the CBC coverage,

“Facebook has agreed to prevent an application from accessing information until it obtains express consent for each category of personal information.

It also agreed to make it clear to users that they can either deactivate or delete their accounts, where deleting will remove the information entirely. And for non-users or deceased users, the company promised to change the wording of its terms of use statement and privacy policy to better spell out its practices.”

“Facebook has agreed to a timetable for the changes, and the privacy commissioner said they expect the changes to be put in effect within a year.”

Terms of Service (ToS)

The privacy commissioner’s requests address some of my ToS complaints. Looking at FB today, under “Sharing your content and information” the TOS now includes the following:

“1.  For content that is covered by intellectual property rights, like photos and videos (“IP content”), you specifically give us the following permission, subject to your privacy and application settings: you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook (“IP License”). This IP License ends when you delete your IP content or your account (except to the extent your content has been shared with others, and they have not deleted it).

2. When you delete IP content, it is deleted in a manner similar to emptying the recycle bin on a computer. However, you understand that removed content may persist in backup copies for a reasonable period of time (but will not be available to others).”

Of course I’d like to know what exactly is “a reasonable period of time” and I think the Privacy Commissioner of Canada would as well. However, this is great progress, in my view, because it pretty much eliminates the risk that a picture of my kid I might upload could be used for other purposes after I delete it. I’m not really convinced that it eliminates the risk of such a picture my cousin uploads and never deletes, though. However it is a MILLION times better than what was in the TOS when I wrote about this back in February. And, whether or not this is merited, seeing this movement and responsiveness from the company makes me feel like it’s less repugnant to me.

Things in the TOS are not all ironed out yet. Here’s an area where there’s still a privacy/IP problem: “Share Links” is supposedly only to be used to link to your OWN content.  I doubt this rule is being followed, and the way the TOS is written, FB assumes you are following this rule and giving FB permission to “Use such content” (that is linked to) on Facebook. <–Not cool.  Still need to work on that one, guys.

However, I think the “Special Provisions Applicable to Developers/Operators of Applications and Websites” and “Special Provisions Applicable to Advertisers” have improved since I last looked at the TOS.  Good on you, FB for actually tightening this up, saying you will not share user info with advertisers, and starting to limit the access application developers have to users info.

In Summary:

  • FB may be responding reasonably well to the privacy commissioner’s requests
  • FB’s Terms of Service do appear to be improving
  • FB is becoming increasingly difficult for me to avoid, professionally, despite my successful resistance in my personal and activist life for the past several years

The upshot is that I may well end up there, for better or for worse. Weird, eh?

-Greyson

Leave a comment

Filed under copyright, globalization, IP, privacy, technology

Unicorns don’t exist; net neutrality is just distastefully fair

The top story on the CBC News website this evening is “Net Neutrality doesn’t exist, CRTC told.

Laugh or cry?

Internet congestion is inevitable and net neutrality does not exist, Canada’s internet regulator was told Monday at hearings on how internet providers control and manage internet traffic and speed.

But here’s the best part:

Congestion is a natural occurrence on the internet, partly due to unexpected events such as Michael Jackson’s death, said Don Bowman, chief technology officer for the network technology company Sandvine Inc.            

Got that?  It is Michael Jackson’s fault that you are being throttled! Hee.

According to the same CBC coverage, Bowman also asserts that deep packet inspection is necessary in order to keep VOIP from breaking up due to congestion.  I’m no ISP, but I have a hunch there are other options here…for example deploying other “shaping” technologies that don’t invade customer privacy, or the radical path of increasing available bandwidth.(On this note, I am quite intrigued by Scott Stevens’ suggestion “that some internet traffic management could be carried out by customers themselves rather than the ISPs” and interested in how that could work!)

What’s disturbing is that Bowman is not only acting as a CTO but speaking at this CRTC hearing, apparently without knowing that net neutrality is.  He is quoted as saying:

“In times of congestion, an unmanaged network is not a neutral network,” he said. “Inequalities in application design and user behaviour mean that an unmanaged network inherently favours certain applications and their users.”

Actually…an “unmanaged” network *is* a neutral network.  That’s pretty much the defninition, if by unmanaged you mean the ISP is not allowed to tamper with or discriminate among the content flowing across their lines.  A neutral network is a highway with no toll roads, no right to pull you over to see if you have pornography or the Little Red Book in your backpack in the passenger seat, and no ability to say that Hondas get a fast lane but Fords have to take the slow lane.

I don’t get how this guy can say net neutrality doesn’t exist.  However, if it works for him, I’m going to start declaring things I find either personally distasteful or bad for my wallet nonexistant.  Like…paying rent.  Rent payments definitely do not exist, you know.  They are but flights of fancy which we should no longer indulge. Also torture —  It doesn’t exist anymore.  And those people who say “liberry” and “I could care less” — totally fictional, you know.

Figments of the imagination.

Unicorns.

Leave a comment

Filed under government, net neutrality, privacy, privatization, technology

The Olympic Games & Information Issues (for those who don’t live here)

Most people who live in British Columbia are well aware of the multitudinous controversies surrounding the 2010 Winter Olympic Games, which will take place in Greater Vancouver & Whistler next February. However, when I talk to friends and family from other places, I am reminded what a bubble I live in.  Most people are not hearing about Olympics-related issues on a daily basis, particularly not the information policy related issues. Therefore, I thought I’d just give a little sampler of some of the oft-ridiculous but all-too-serious issues related to privacy, freedom of speech, and access to information issues arising from these games, and the doings of VANOC, the Vancouver Organizing Committee for the 2010 Olympic and Paralympic Winter Game.

Free Expression:

Trademarking

VANOC trademarked not only part of the Canadian national anthem (don’t worry, they say they will still let us sing the anthem before hockey games without a lawsuit :eyeroll:), but also common words that one would think un-trademark-able such as “winter,” “Gold” and “Silver,” thanks to a bill (C 47) pushed through the House of Commons last year, which makes using several such phrases a violation of the law.

VANOC has gone so fas as to take legal action against the pre-existing small local businesses Olympic Pizza and Olympic First-Aid Services.  (Good thing the Olympics aren’t being held south of the border; they might sue the Olympic Peninsula for infringement!)

Curtailing artistic and expressive speech in other ways

The Vancouver city council’s recently passed charter amendment (currently awaiting provincial approval) that, among other things, states that “the city may remove illegal signs from real property with limited notice, and may charge the owner for the cost of such removal.”  Illegal here being about Olympic trademark infringement, of course.  Naturally, artists who create social commentary works are up in arms about this.

Privacy:

We’re now aware that there will be  an unknown (to the public) number of security cameras that will be going up (but possibly not coming down?) by the Olympics, and the Giuliani-style police crackdown on our most vulnerable community members has begun.

One local community centre rescinded its offer to be an Olympic venue, citing privacy concerns for the local community. (Coincidentally, this centre’s bid for facility upgrade funds in the new capital budget was denied, while the neighbouring community centre that allowed VANOC to commandeer their facility had its request fulfilled.) However, this local area remains marked on the official security map, and we can only wait and see what that means.

A new wave of transit ads recently went up around the region, encouraging regular folk to report suspicious behaviour to the authorities. Look here for an example of this “Report the suspicious, not the strange” campaign. The image linked to, in case you can’t get it, is a poster encouraging you to “Call a paranormal investigator” if you see a transparent person taking a picture of a security camera in a public place in an airport, but “Call us” (the transit police) if an actual person is carrying out that same, perfectly legal activity of photographing an object in a public place. Here is a link to a transit representative’s explanation and defense of said ad campaign, with pictures of the other, less offensive, ads.

There’s going to be a conference in the fall of 2009 on “The Surveillance Games” that should prove quite provocative and fascinating to any interested in this type of privacy issues, btw.

Access to Information/FOI

It was identified by the in a “Threat Assessment” as early as 2007 that the “Access to Information and Privacy (A-TIP) can adversely affect the security of the Games…” (PDF here, heavily redacted after being subject of a FOI request by the Vancouver Sun). And VANOC seems to be taking that threat seriously.

Although they spend the public’s money (how much? we don’t know yet…), VANOC is not subject to the BC Freedom of Information Act.  Until early 2008, VANOC did, however, forward its meeting minutes to the Monistry of Economic Development, where they would then be subject to FOI requests.  This stopped abruptly and without explanation when VANOC apparently stopped taking minutes.  Interestingly, the ministry lost track of all back minutes they had received at the same time.

Not that the heavily redacted and sparse-to-begin-with minutes were a huge venue for public awareness, and input, but they were something. The fact that they contained as little information as they did and were still deemed too much to make public is impressive. When the smoke clears, likely in about 2012, one wonders what, if anything, will be left in the hands of the province to account for the billions in public funding that went into these Games.

Just for giggles

This isn’t strictly information related, but it certainly is social justice-y, so I thought I’d throw in a link here to the “2010 Inclusive Winter Games Commitment Statement.” (pdf here) Why?  Because it includes such a gems as:

  • “Make affordable tickets available for Vancouver’s low-income inner-city residents, including at risk youth and children”
  • “Develop opportunities for existing and emerging local inner-city businesses and artisans to promote their goods and services”
  • “Provide for lawful, democratic protest that is protected by the Canadian Charter of Rights and Freedoms”
  • “Ensure people are not made homeless as a result of the Winter Games”

Do you think the people who write those things believe in them, and just get disillusioned afterward, or is it tongue-in-cheek from the beginning?

-Greyson

Leave a comment

Filed under community development, copyright, government information, IP, privacy, privatization

What would it take to get me on Facebook?

In a word: Trust.

Nearly every week, I consider making a Facebook account. I get notices about events for which the full details are on Facebook. I hear stories about people connecting with old friends. My old students and old friends are surprised that they are unable to find me.

I love being in touch with people. I moved around a bit growing up and became quite the correspondent. I have boxes of letters I still move from house to house with me, treasured belongings even though I never look back at them.

Parenthood sucked up the leisure time I used to use for letter-writing, and now I email with some folk, and most years put stamps only on those embarrassing holiday letters we all send out. (Confession: Okay, I actually love reading people’s holiday letters, but I feel very unhip and un-GenX for saying that without irony.)

Friendster seemed interesting (yes, I am really GenX), but in my pre-librarian life I had rural dial-up Internet, and was still writing actual letters. Now I am online all day long, have no time for letter writing, and would be the perfect candidate for Facebook…except that I went to library school and developed this little hangup about privacy.

Privacy…ah, Facebook how you smirk at my privacy concerns. Yes, I know that Beacon was a folly that you now regret, and this week’s terms of service kerfuffle may have been overblown. But to me these moves are indicators that you are a company that doesn’t think through the privacy implications before making changes.

And while actions speak louder than words, your words worry me too, Facebook. Your terms of service (the “old”/”reinstated” ones) make me worry that someday, maybe long into the future, many terms of service later, after you have been bought and the buyer bought and that buyer bought, I will someday see my then-adult son’s young face staring back at me from an advertisement for, well, who knows what. All because my cousin uploaded a photo of him after a family vacation in 2008.

By the way, note that this is not a privacy concern because I am doing anything illicit; it is privacy concern because I would feel violated at this use of my son without my express permission, even though it would be perfectly legal and within the terms of service to which the photo copyright owner agreed.

What can you do, Facebook, to earn my trust?

1) Change your terms of service. I don’t mean leave them as they are/were before you made everyone mad this week.  I mean change them all together. Stop requiring that we:

…automatically grant, and you represent and warrant that you have the right to grant, to the Company an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to use, copy, publicly perform, publicly display, reformat, translate, excerpt (in whole or in part) and distribute such User Content for any purpose, commercial, advertising, or otherwise, on or in connection with the Site or the promotion thereof, to prepare derivative works of, or incorporate into other works, such User Content, and to grant and authorize sublicenses of the foregoing.

I don’t care if you say you don’t want to put my son’s photo on a billboard, because what you say on your blog or to a reporter does not outweigh the legal contract you are asking people to sign/click through.

This is just plain creepy. And greedy. AND uncool to boot.

2) Start acting trustworthy. Make your privacy settings comprehensible to the average user. You’ve taken steps in this direction, but it really just isn’t enough.  Your aunt who still types emails in ALL CAPS should be able to understand her setting and their implications. Be clear about the risks and benefits of new apps. Don’t globally implement apps and then require people to opt-out of things; rather allow them to opt-in. Do good in the world.  Please.

Of course, half of me knows it’s a good thing for my own time management and personal life that I am not on Facebook. I could suck up hours tracking down all my teenage crushes and long-losts, and that’s really the last thing I need when I barely have the time for a cup of tea with my here-and-nows.  However, the other half of me – the one that wants to get sucked into staying up too late finding out how many kids so-and-so has and whether the morose violinist from my school bus days is still playing music or at least doing okay – offers these suggestions.  If you don’t take them, well, I’m sure in a few more years there will be a new social networking platform that everyone’s on, and maybe I’ll jump on board that time around.

-Greyson

Full disclosure here: I do *sort of* have a Facebook account. What I mean is that I have a fake Facebook account under a made up name, with virtually no information in it save a made up birthdate. I use this account for the times when I need to look something up that is only on Facebook. I rarely use it, and am forever forgetting my password, and have had to create a fake Gmail account under the same name to deal with the password reset requests…and this is just getting convoluted and complicated. I wish Facebook would just get its act together so I could join in good faith and stop pretending to be a 28 year old male online just to find out when a meeting will be happening.

7 Comments

Filed under IP, privacy, technology

Free Speech and Patron Privacy are Corequisites for Intellectual Freedom

The book

So you’ve probably heard about this library assistant (Sally Stern-Hamilton, aka Ann Miketa) in small-town Michigan (Luddington) who wrote a fiction book (“Library Diaries”) based upon her accounts of library patrons, and published it under her maiden surname at a vanity press. The book doesn’t sound all that original or like it’s anything that should garner international attention. However, the scandal that has ensured over the book has brought the book, author, and little town in the Midwestern US, into the spotlight.

n.b. I was hesitant to write about this kerfuffle at first, as I think the attention only serves the author’s book sales and it’s not a book I personally care to promote, but on balance I decided that discussion of the issues of free speech and privacy that underlie the news are worth it.

The disciplinary action

After the book came out, the author was suspended from her job, with a letter that stated, (presumably among other things):

“The cover of your book includes a picture of the Ludington Library. Each chapter is devoted to a specific library patron or patrons. Your book portrays these people in a very unflattering manner. You describe individual patrons as mentally ill, mentally incompetent, unintelligent, and unattractive. You label several as ‘perverts.’ While you stop short of naming the individuals you targeted in your book, your detailed descriptions of their unique characteristics and mannerisms make them easily identifiable in our small community.”

The author response

The author has gone public, with such statements as,

The absolute irony is that the public library is a pillar of free speech and leads me to wonder why the administration is so upset.”

It should be noted that at the same time, this author is railing against

instances of known sex offenders using library computers to view pornography.

indicating that she perhaps disagrees with the notion that the library should be “a pillar of free speech” at all. Or maybe she thinks intellectual freedom can be a one-way street, push-only, and not inclusive of access to informationHold that thought.

The public response

Varies greatly.

Local newspaper comments calling the author a “loose cannon” and saying that the book’s characters are easily identifiable community members, are mixed in with someone who thinks there is a Muslim running for President of the US.

Conservative viewpoints are defending the author’s whistleblowing about libraries giving sex offenders access to the Internet, in the name of protecting our children.

The Annoyed Librarian theorized that the author was fired not for betraying patron privacy but for criticizing her superiors.

The issues

Leaving aside questions of literary merit, this situation highlights some oft-confused aspects of free expression and intellectual freedom: namely that free speech is but one element of intellectual freedom, and that library organizations – for instance the ALA – tend to try to strike a balance between privacy, access and free expression in order to promote the package we call Intellectual Freedom.

Patron privacy and confidentiality is an essential element of ensuring access to information. Privacy is as essential as anti-censorship in assuring intellectual freedom. (Hmm…why hasn’t a “Privacy Week” caught on the same way as “Banned Books Week” or “Freedom to Read Week”? I would say something about USA PATRIOT but this really goes back much farther than that…something for me to ponder)

If a library user fears ridicule, exposure or public humiliation due to his question, mannerisms, health history, or criminal record, that patron is not actually being provided with the access to information we hold. The beginning of that ALA Library Bill of Rights reads:

Books and other library resources should be provided for the interest, information, and enlightenment of all people of the community the library serves.

It later states that:

Libraries should challenge censorship in the fulfillment of their responsibility to provide information and enlightenment.

clearly indicating that resistance of censorship, and promotion of free expression, are one facet of the great goal of providing access to information (and nirvana).

By threatening patron privacy – be it by complying with a warrentless library search,  or by writing a thinly veiled exposé of the “perverts” in your library, a library worker is eroding intellectual freedom, no matter how loudly she may insist that the privacy threat was made in the name of “free speech” (or national security, “for the children,” etc.).

The “Library Diaries” author has posted an online rant:

“Whats going on in this world? I have not been able to find one lawyer to make a First Amendment (Freedom of Speech, Press) case or even a whistleblower case.”

I suspect this is because the lawyers she has consulted have a stronger grasp on the concept of free speech than she does. In addition to free speech being one part of the intellectual freedom balancing act in the information world, there are legal limits on free speech as well. Defamation (for example libel, which may or may not have occurred in this book) is a legal restriction on freedom of speech in the US.

Many professional codes of ethics restrict professionals’ free speech, but this is not a constitutional violation because employment in that field is voluntary. Would a doctor being fired from a hospital after publishing thinly veiled accounts of her patients’ weird and embarrassing health issues cry “free speech”? I suppose she could try, but I doubt she would she get as much support as this library worker is getting.

Lori Basiewicz has written an interesting and useful USAmerican take on what free speech and censorship are and are not. Basiewicz blogs that while it is possible that the author may find a lawyer to take on a wrongful termination suit (depending on what the exact reasons for her termination were), the library has done nothing to prevent publication or dissemination of the book (which could be considered censorship, although probably would not technically infringe on the author’s First Amendment right to free speech), and her claims that the book is fiction make the whistleblower argument pretty weak. I tend to agree.

The Profession

Some of this muddle relates to our confusion as to the role of libraries. Are library workers trusted professionals or information waitresses? Is our job to check books in and out, or is it to build and protect free information infrastructure for the public? The profession cannot fully resolve these questions internally, so it should come as little surprise that the public doesn’t know how to regard us either.

You don’t have to be a MLIS-type librarian to run a library, and you don’t have to believe in the ALA Code of Ethics to be a librarian. Library assistants and other “para-professional” or non-MLIS library staff are integrated and accepted in a very spotty manner, into the ALA-type library world. These are core professional issue that we seem thus far to have been unable to resolve, despite being a fairly ancient profession.

That said, the ALA Code of Ethics is generally seen as setting best practices and standards for libraries in the US, and it seems pretty clearly violated by the book at the centre of this current storm. The first three items are clear enough:

· We provide the highest level of service to all library users through appropriate and usefully organized resources; equitable service policies; equitable access; and accurate, unbiased, and courteous responses to all requests.

· We uphold the principles of intellectual freedom and resist all efforts to censor library resources.

· We protect each library user’s right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired or transmitted.

that it seems almost unnecessary for me to also add in item #6:

· We do not advance private interests at the expense of library users, colleagues, or our employing institutions.

So…

For me the question is one of our profession and coordinated messages. Maybe the author involved in this brouhaha knew she would likely get fired for the book, and didn’t care. Maybe she saw her mission to expose the “characters you never dreamt were housed at your public library” as important enough to risk the job. If so, that’s her choice to make (much as some might wish she would not make it), and all choices in life have consequences. However, if she is really as uninformed about free speech and the library’s role as she appears in the sound bytes, I have a concern about our profession.

After working in a library for 15 years one would expect a better grasp of the concept of intellectual freedom. Some might argue that she was “only” a library assistant, but that’s who most of the public has the most interaction with, in many libraries – it is essential that such library workers are educated in core professional ethics. We need to act on two things if we want to reduce such confusion:

  1. Hit more clearly on our core value messages; make sure all library workers understand and can teach the public what intellectual freedom is, and
  2. Better integrate non-MLIS library workers into our professional organizations

– Greyson

8 Comments

Filed under censorship, Intellectual freedom, LIS education, Other blogs, privacy, public libraries, The Profession

Warrentless library computer searches – what affects librarian response, and what can we learn from the news?

There have been a couple of high-profile cases this summer involving US law enforcement seeking library computers as evidence, and showing up without a warrant in hand:

  1. In Maryland, FBI agents took two computers from a Frederick County Library. The library director granted them permission, although they came without a warrant.
  2. In Vermont, state police detectives were told by a librarian that they had to go back and get a warrant before seizing Kimball Public Library’s public access computers to investigate a child’s disappearance.

I want to discuss these cases, because I’ve been mulling over the similarities and differences between them, and trying to figure out what we can learn from the two situations.

First of all, what are the differences between these two cases? I’m sure there are several, and here are some of the major ones I’ve identified thus far:

  • Vermont vs Maryland cultural variances – VT is known for liberalism, independence, cows, white people and lots of libraries.  The state also has a new law that went into effect a couple weeks after the Kimball incident, which requires libraries to demand court orders before turning over records to law enforcement. Frederick MD is very close to Washington DC, very military and politics influenced, and semi-Southern.  The biggest employer in the country, by a large margin, is US Army base Fort Detrick.
  • Type of law enforcement officers – A FBI request seems to me to be more intimidating, commanding, carry more weight than one from the state police.
  • Type of case – This could work both ways.  A federal case (MD) might be more compelling than a local case (VT), but on the other hand the VT case was about a missing 12-year old girl, which seems to be both very time sensitive and heartstring-tugging.  The case of the MD case has not officially been stated, but is generally assumed to have to do with the 2001 anthrax mailings in the US, the major suspect of which recently died of an apparent suicide, which seems less time sensitive or pressing, but does hark back to the post- 9/11 patriotism that may be a bigger cultural factor in Frederick MD than in some other regions.
  • Responding librarian – in VT it was a librarian doing storytime who responded to the police request.  In MD it was the library director, whom I assume was called by other staff to come out and deal with the FBI agents in the library.  Did the library director feel he had more discretion to make a judgment call in this type of matter, rather than blindly following policy?  Had he not developed a policy for his libraries?  I don’t know, but he is likely the person responsible for the “bottom line” in privacy policy, as opposed to a non-directorial librarian who may be more likely to feel bound to follow written policy.

Listing these out, and pondering their influence on the responding librarians’ decisions, I was reminded of when I used to work in domestic violence response services.  I know that if we had someone, particularly a child, go missing, and someone was withholding a computer that might contain evidence that might lead to locating that child I would have been livid. My mission in such a circumstance would be to do anything and everything possible to find that child and bring her home as safely as possible.

On the other hand, one of the things I learned from working in domestic violence and sexual assault agencies is the value of multiple advocates representing different interests. The shelters I staffed worked best for a family when mom had one advocate looking out for her interests and her child had a different advocate looking out for his best interests.  When advocates were free to fully focus on the needs of one facet of the family, their various perspectives could then be heard, weighed and combined for the best possible outcomes.

Similarly, I think it’s important for libraries to demand warrants from law enforcement, because it’s too easy for someone whose main focus is law enforcement to lose perspective on general civil rights outside of the current case.

So while (in the above hypothetical situation) I might have been livid at a librarian for withholding a computer for a couple of hours – hours in which a child might be being assaulted! – on balance I am glad the librarians would be there to demand the proper paw enforcement procedures be followed.  Because their holding that line would free me to fully advocate for the child’s welfare without worrying about stopping and trying to weigh the general public’s privacy rights against my current mission.

Let’s go back to the Kimball and Frederick library computer seizures now.  I think it’s clear that I favour the Kimball type response.  I don’t want librarians to be weighing the merits of privacy rights vs an individual legal investigation in the heat of the moment. I don’t want the culture of the local environment to sway decisions librarians are pressured into making on the spot, with cops staring them down. I see libraries as advocates for the privacy rights of the public, and I’m obviously not alone in this perspective. The ALA, among other library associations, has long been a staunch advocate of privacy rights, stating that:

Confidentiality of library records is a core value of librarianship

I want the well-pondered leadership of professional standards and guidelines to outweigh any sudden freaked-out librarian split-second judgment calls. I believe this frees law enforcement to do their job – trying to properly solve a crime – the best they can as well.

I do want to say that, while I don’t necessarily agree with both librarian responses above, I think it’s important to support both the librarians involved in these two cases as people who were doing their best on the job. Having the cops, let alone the feds, show up and demand something from you is pretty shocking, if not downright scary. It’s not a typical event in the day-to-day life of a public librarian. (My own experience in public libraries was far more focused on pointing people to those damned Rainbow Fairy books, the latest Maeve Binchy novel in large print, or the bathroom, than overtly defending citizens’ rights on a daily basis. On a really exciting day I’d have a high school student doing a report on astronomy, you know?)

If a librarian is really lucky, they had a class on intellectual freedom way back in library school.  More likely they had a discussion somewhere along the line, perhaps in a collection development course, about book challenges.  And very possibly they had no academic background on the topic at all – just whatever they had gleaned from on the job trainings or conference sessions.  I consider myself lucky to have had a full class on IF in my library school (it’s one of the reasons I selected that particular school, in fact), but thinking back to my job orientation at the public library I don’t think any protocol regarding police requests was included.

Had I been the only librarian holding down a branch when the cops walked in and demanded it, it’s entirely possible that I would have freaked out and had no idea what to do.  Of course this is Canada where the PATRIOT Act is more of an arm’s length threat, but I digress…My point is that we don’t know what type of background, training or support from their library administration these two librarians had, but that the variance in librarian response to similar seizure requests – despite clear guidelines from the ALA – indicates a need for more discussion of and training on privacy issues.

– Greyson

1 Comment

Filed under Intellectual freedom, LIS education, privacy, public libraries, The Profession

DTCA 2.0 & RareShare

I know, I know, everything is “such and such 2.0” now, and it’s getting really old.  I agree!  However, this really is “2.0,” as direct-to-consumer advertising (DTCA) of pharmaceuticals has officially moved from being all “push” media into its own special social networking universe. Check it out:

The Toronto Star called my attention to the social networking website http://www.RareShare.org last week. The uncritical article by the “Faith and Ethics Reporter” acclaimed RareShare for creating online support for the “forgotten people” who have diseases so rare that there are no local face-to-face support groups.  Call me cynical, but I wish the article went a little heavier on the ethics and a little lighter on the faith in altruistic corporate goodwill.

The RareShare site is tight-lipped about its corporate sponsors. From publicly accessible information, we know that the 2 founders of the site are U.S. business guys with specialisations in high-growth tech and biotech and communications. We know one of the corporate partners behind the RareShare site is Nutra Pharma, currently testing a drug for the rare disease adrenomyeloneuropathy.  And we know that, in addition to “moderated” (by whom?) discussions in communities organized by disease, the site plans to have doctors (presumably those who are friendly with the corporate sponsors of the site?) holding online Q&A sessions with community members.

The Privacy Policy is a bit odd, in that it appears to have been written for another website. ?? They collect your email address and track your travels in order to improve their page, customize their content to you, etc. They’ll remove your name and phone # when they share your info with other companies. They use cookies, and record session info, “such as items that consumers add to their shopping cart”?  Shopping cart?  Huh?  If you give your telephone #, they’ll only use it to contact you regarding orders you have placed online? What kind of a website is this anyway?

It is perhaps worth noting that the RareShare defintion of “rare” is considerably broader than some other lists of rare diseases, including such conditions as gestational diabetes, which occurs in about 4% of pregnancies, according to the American Diabetes Association. According to the Canadian Organization for Rare Disorders, “A rare or “orphan” disease affects fewer than 1 in 2,000 people.”  While expectant mothers with gestational diabetes may legitimately feel the need for more support, they are hardly living with a rare disease.  The inclusion of such common ailmentsparticularly ones such as diabetes that are hotbeds of new pharmaceutical interest, and sometimes lead to ongoing monitoring and medication for the rest of one’s life – do raise a question of drug company profit motive.

It’s all not necessarily fishy, but it is a perfect setup for embedded DTCA with a social environment created to reach vulnerable and isolated populations. Sort of makes me want to lurk around and see what goes on once things get kicking in their forums…

…So I admit it: I did just that. Here’s my report. The site is so new that there’s not much there yet, so it’s a bit hard to assess where it’s going.  There were about 160 members as of when I peeked in, most of whom appear to be patients or family members of patients. These individuals post seeking help, advice, and connection with others.  Many of them are disclosing their personal stories: their ages, location, when they were diagnoses, what drugs they’ve already tried, etc. They join ”communities” of diseases based on their actual or suspected diagnoses.

Then, there are 2 members who appear to be doing far more posting then everyone else: one of the 2 site founders, and the CEO of a drug company.  The site founder has joined several communities and posted welcome messages in the forums.  The CEO has similarly joined many communities and in some he has posted messages such as:

“We’ve found that an already existing class of drugs is effective about half the time in XYZ syndrome. Please contact me for details of our Next Generation Disease Management service.”

“We think an already existing class of drugs may help in XYZ disease. Please contact me for details of our Phase IV trial.”

”We think already existing drugs may supplement standard chemotherapy and radiation treatment for XYZ cancer. Please contact me for details of our Phase IV trial.”

In addition to clinical trial recruitment, there is already some advertising for lab tests, for example Designer Diagnostics test kits of Nontuberculosis Mycobacteria (NTM).  Each disease community “home” has a link to more information about the disease.  Many of these pages are still pretty empty, but in the case of a few, this link leads to a full page that does not document the source of most of its information.  On the NTM disease information page, for example, under “diagnostic tests” there is only one brand of test mentioned.  If you follow the link to more information about the test, you can read about why this test is allegedly better than other tests, and you can follow another link right to the website of the manufacturer of the test.

Annnnnd, if you follow enough links on the Designer Diagnostics website, you can eventually get to the fact that they have a parent company.  This parent company, unsurprisingly, is the very same Nutra Pharma that you may recall is one of the corporate partners behind RareShare.

What a coincidence.

There is a clear and present need for more support and networking among patients and doctors dealing with rare diseases. If the public sector is not going to provide this type of health care, information and support, it is natural that the private sector will naturally seize the opportunity. We should not for a moment, however, forget that firms, unlike public health infrastructures, work from a place of their own bottom line and fiscal responsibility to their shareholders. For them to actually act out of total altruism and concern for the patients would be a conflict of interest.

– Greyson

6 Comments

Filed under Health, privacy, privatization, technology