Author Archives: Meriwether

every breath you take

I have a confession to make. One of my guilty pleasures is set in a dystopia where an omniscient artificial intelligence watches everyone, everywhere, and knows when they’re going to do bad things. This isn’t Minority Report or part of the Terminator franchise, although this AI is pretty close to how we imagine Skynet might have started out– it’s the TV show “Person of Interest”. And instead of finding the thought of 24/7 surveillance frightening, fans of PoI are just thrilled that the Machine recognizes an assistant admin (Reese) and will talk to him, because we really want Admin (Finch) to keep helping people…and we don’t want anything bad to happen to the Machine, either.
 
Talk about suspension of disbelief.
 
I don’t like CCTV cameras. I’m not convinced that they stop crime or solve crime, and I have a real problem with ubiquitous surveillance. There’s a kind of privacy that comes from being an anonymous person in a crowd, going about your daily business. But if everyplace you go has a CCTV camera, or your cell phone broadcasts your location, or you show up in a picture posted online and someone tags you in that picture– there goes your anonymity. I don’t like the possibility that I’m being tracked everywhere I go, that there’s footage of me on some CCTV camera feed somewhere. Digital storage space has become so prevalent and so cheap that it’s now quite feasible for that footage to be stored indefinitely– along with every trace of every single place I go and every single action I take online.
 
I’ve been mulling over this threat to privacy for a good long while. I really enjoy the internet, I absolutely love boingboing and wikipedia and  archive of our own. There are a lot of wonderful things out there. But it’s also a frontier, and it has some really scary implications. One of them is that the internet is a surveillance state. Don’t take my word for it; Bruce Schneier knows a lot more about the subject than I do and says it better:

Whether we admit it to ourselves or not, and whether we like it or not, we’re being tracked all the time. Google tracks us, both on its pages and on other pages it has access to. Facebook does the same; it even tracks non-Facebook users. Apple tracks us on our iPhones and iPads. One reporter used a tool called Collusion to track who was tracking him; 105 companies tracked his Internet use during one 36-hour period…This is ubiquitous surveillance: All of us being watched, all the time, and that data being stored forever. This is what a surveillance state looks like, and it’s efficient beyond the wildest dreams of George Orwell…Welcome to a world where Google knows exactly what sort of porn you all like, and more about your interests than your spouse does. Welcome to a world where your cell phone company knows exactly where you are all the time. Welcome to the end of private conversations, because increasingly your conversations are conducted by e-mail, text, or social networking sites.

Given the state of things, how long will it be before our current understanding of privacy is meaningless? Either the word will have some incredibly narrow meaning, or it will become one of those dead euphemisms (the ones that fool precisely nobody and are laughable in their obviousness, like “I need to powder my nose”), or our descendents will have to look the word up in the OED to find out what it used to mean.
 
The American Library Association says “Privacy is essential to the exercise of free speech, free thought, and free association” on its page about privacy and confidentiality. The first person ALA quotes is Louis Brandeis. The second person ALA quotes is Bruce Schneier:
 

For if we are observed in all matters, we are constantly under threat of correction, judgment, criticism, even plagiarism of our own uniqueness. We become children, fettered under watchful eyes, constantly fearful that—either now or in the uncertain future—patterns we leave behind will be brought back to implicate us, by whatever authority has now become focused upon our once-private and innocent acts. We lose our individuality, because everything we do is observable and recordable.

This is the dark side of social media. When people post to Facebook, when they Tweet, when they upload pictures to Tumblr– they’re sharing a lot more data than they know. That data isn’t ephemeral, anonymous, or untraceable. Some of us are careful, but many of us aren’t. All it takes is one mistake, and you’ve given someone two or three data points to collate and identify you with. Maybe there won’t be negative consequences– maybe you’ll just end up having to block some random guy on Google+– but maybe you’ll be in the same boat as David Patraeus, Chinese dissidents, and Syrian rebels.

On Impermanence

One of the dangers of technology is that sometimes we get used to devices, software, and platforms that go extinct. The VHS vs. Beta wars of the 1980s is often used as a prime example of this—but as personal electronic devices become more prevalent and new devices are introduced more often, it becomes ever more obvious that some kinds of technology fail even if we like them, and just how disruptive these extinctions can be to our daily lives.

Google announced last week that they will be phasing out their RSS feed aggregator, Google Reader, in July 2013. Reader follows in a long line of free Google products that have been retired—most recently iGoogle, Google Buzz, and Google Labs. (For an interesting visual, and to leave virtual flowers on the graves of any Google products that you miss, see Slate’s “Google Graveyard” at http://slate.me/10YZRQr)

There has been a lot of discussion about the impending demise of Reader. Although the stated reason for phasing it out is declining usage, a lot of fans were exchanging panicked messages over the Internet. Many of us have already migrated—I’m using an add-on to Mozilla Firefox, which is called Sage and seems to work pretty well. There are some things about it that I find annoying: it isn’t as seamless as Google Reader; I haven’t figured out how to make it email me items in the feed; and it isn’t as easy to search for RSS feeds—you have to go to a page and look for an RSS feed there, unlike Reader’s search tool where you typed “so and so at livejournal” and it gave you the address.

However, migrating the data from Google Reader to my computer was relatively fast and very easy; the Google Takeout page (https://www.google.com/takeout/#custom:reader) does it all with the click of one big, red button. Back in Mozilla’s Sage RSS aggregator, I clicked on Options => OPML Import/Export and browsed my computer to find the file subscriptions.xml. So now I’m all set up, following all the same RSS feeds that I used Google Reader to follow.

Of course, Sage doesn’t have the “+1” or “share” features, so all of that data from Google Reader is gone. I have mixed feelings about that. I don’t use Google+ a lot, so I don’t know who I was really “sharing” with—probably nobody, really. I don’t want to be internet famous or have 1,000 imaginary friends or people “following” me. I enjoyed Google Reader’s sharing applications a lot, but I’m an intensely private person and social media is not a good fit for me on a personal level. On a professional level? Libraries definitely need to be using social media to connect with their patrons and with the wider community.

James Fallows’ brief article at The Atlantic (http://bit.ly/YaidgL) points out that

[w]hen a company is charging money for a product…you understand its incentive for sticking with that product. The company itself might fail, but as long as it’s in business it’s unlikely just to get bored and walk away, as Google has from so many experiments.

Fallows isn’t worried about Google Earth or Google Maps—these services are a benefit to the public, but are also part of Google’s core business model. Likewise Gmail and Google Drive are probably safe to bet on; but Fallows won’t be trying any new free Google tech unless there’s an obvious reason for Google to support that technology.

Over at Slate, Farhad Manjoo isn’t mourning Google Reader. In his article (http://slate.me/ZDe673), he admits he may have said some mean things about it on Twitter. The man has a point; Reader makes the web homogenous, which is boring from a design standpoint. But it was so convenient, and a lot of us loved it:

You didn’t just love Google Reader. No, your feelings about it were much deeper—you relied on Google Reader, making it a central part of your daily workflow, a key tool for organizing stuff you had to read for work or school. Now it’s gone, and you feel lost. Sure, there are alternatives, and transferring all your feeds to one of these will probably take just a few minutes. But that won’t be the end of it. You’ll still have to learn the quirks of your new software. You’ll still have to get the rhythm down. And most of all, you’ll still worry about abandonment. Google says it killed Reader because the software’s usage was on the decline. But Google Reader was the most popular RSS reader on the Web. If people were quitting Reader, aren’t they likely to quit the alternatives, too?

Abandonment is a huge issue with technology. In the case of physical software, you can limp along for a while with obsolete devices. Manjoo uses the example of WordPerfect and Lotus 1-2-3 fans still running DOS. But in the world of cloud computing, we don’t have a Google Reader device; we can export our data, but not every purveyor of cloud computing will be that honest. With all the excitement over the freedom of cloud computing, not a lot of attention has been paid to what Manjoo calls “a terrible downside of cloud software—sometimes your favorite, most indispensable thing just goes away.”

Manjoo agrees that if you want software that you can depend on, “you might want to think about choosing one of those incredibly old-fashioned software companies that will allow you to pay for its stuff.” He admits that this isn’t a guarantee of longevity, given that companies can always go out of business. However, “companies that take your money are at least signaling to you that their software is just as important to them as it is to you.”

There are several lessons to draw from the death of Google Reader: don’t rely too much on free stuff; don’t invest a lot of time into something that may not last; always have an exit strategy; always look for the disadvantage; and above all, remember that nothing is forever.

Security and Social Media

On February 21, the customer service software provider Zendesk learned that it had been hacked. Three of its customers were compromised: Twitter, Pinterest, and Tumblr. In Zendesk’s official blog, Mikkel Svane wrote:

We’ve become aware that a hacker accessed our system this week. As soon as we learned of the attack, we patched the vulnerability and closed the access that the hacker had. Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system. We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines. We notified our affected customers immediately and are working with them to assist in their response.

At Wired’s “Threat Desk” blog, Matt Honan noted that Wired’s source “claims some customers also may have had their phone numbers revealed, but no passwords, password hashes, or even encrypted passwords were revealed.” Although the potential that phone numbers were revealed isn’t good, the news could have been much worse—the hacker could have gotten passwords.

That’s not to say that this security breach is no big deal—it is. The concern, of course, is that the email addresses and subject lines will enable the hacker to conduct successful phishing campaigns. The subject lines of previous emails could provide the perfect camouflage, making the phishing emails seem like just another exchange in an ongoing conversation.

Honan cited the warnings that Pinterest, Twitter, and Tumblr sent to their users. While Pinterest…

Don’t share your password. We will never send you an email asking for your password. If you get an email like this, please let us know right away. Beware of suspicious emails. If you get any emails that look like they’re from Pinterest but don’t feel right, please let us know—especially if they include details about your support request.

…and Tumblr…

Tumblr will never ask you for your password by email. Emails are easy to fake, and you should be suspicious of unexpected emails you receive.

both warned users about phishing, Twitter did not.

Twitter issued a statement regarding a “significant security breach” at Zendesk, and closed by saying “We do not believe you need to take any action at this time but wanted to ensure that you were notified of this incident.”

Unfortunately, many people throw caution to the wind when they believe that they’re dealing with email from a known source—disregarding factors that would clue them in to a phishing attempt, if the email obviously came from an unknown source.

A recent study conducted at the University of North Carolina at Chapel Hill, the Millennial Cybersecurity Project, examined the behaviors of millenials on the internet. As the first “always-connected” generation, there’s the very real concern that millenials will bring risky behaviors and unprotected devices into their workplaces, thus exposing them to security vulnerabilities. “Millennials have a greater degree of trust in the virtual world that is not shared by older generations—especially the baby boomers,” the authors note (p.2).

The study found that millenials

1) lack a comprehensive and consistent methodology for password usage;

2) have difficulty identifying emails with social engineering attacks such as phishing and scam emails; and

3) show a general lack of awareness of certain best practices necessary to assure a safe experience in cyberspace. (p. 8)

Part of the reason that millenials were unable to identify the phishing emails in these experiments is that some of them were masquerading as legitimate emails from Facebook and LinkedIn. All of the experimental phishing emails had spelling and grammar errors, broken links, out-of-date forms and other indicators; but because millenials “have strong social connections” to these companies, they seemed to perceive them as “more trustworthy” (p. 11). The millenials involved in the study indicated that they were more likely to spot fraudulent emails if they didn’t know or trust the email’s source (p. 14). Millenials identified 52% of the experimental phishing emails that appeared to come from financial institutions (including Bank of America and Paypal); they identified only 48% of experimental phishing emails from Facebook and LinkedIn (p. 13).

The good news is that these experiments indicate that positive reinforcement and education about best practices can encourage safer behavior and increase awareness online. In most cases, millenials that received emails about their success or failure to identify phishing emails improved their performance in subsequent experiments (p. 24). The exception was when receiving emails from a trusted source; although in a previous experiment, only 29% of subjects had opened phishing email from an untrusted source, 57% of subjects opened phishing emails from trusted sources (p. 26)

The authors conclude that the best approach is to

  • Explore, employ and exploit digital messaging that is short in length, iconic, and actionable. (p. 38)
  • Personalize communications based on the audience’s profile. (p. 39)
  • Develop cybersecurity tools that are technology-mediated, more interactive and capable of providing a user experience of high value. (p. 39)

Bruce Schneier, who is described by The Economist—and most geeks— as a “security guru,” writes about cryptography, computer and network security, the many failings of the Transportation Security Administration (“security theater” is a regular topic of his blog), personal safety, crime, and corporate and national security. In a recent article (cross-posted to his blog on February 12, 2013), he writes about how technology “continually upsets” the balance between “the honest and the dishonest.” New forms of technology lead to new forms of crime:

Online banking results in new types of cyberfraud. Facebook posts become evidence in employment and legal disputes. Cell phone location tracking can be used to round up political dissidents. Random blogs and websites become trusted sources, abetting propaganda.  

This represents a “security gap” where criminals exploit new weaknesses, and law enforcement tries to figure out how to stop them. The security gap is larger when there are rapid technological changes, but it gets even larger when rapid social changes occur as a result of this tech.

Twenty years ago, parents had to worry about television commercials encouraging their kids to buy cereal with sugar as the first three ingredients and ugly dolls in neon-colored ninja costumes. Now they have to worry about websites that encourage their children to reveal personal information, so that they can be marketed to more effectively—and that’s just legitimate businesses!  That doesn’t include the seedier places on the internet not geared towards children; or apps that kids purchase that will track their movements and actions, or install other forms of malware.

These are some massive social changes that we’re going through now, and we don’t really know yet what the results are going to be. Schneier points out that “[w]e don’t know *how* the proliferation of networked, mobile devices will affect the systems we have in place to enable trust, but we do know it *will* affect them.” The solution isn’t legislation or technology alone—people are the main factor in the success or failure of any security system. “Much of our security comes from the informal mechanisms we’ve evolved over the millennia: systems of morals and reputation,” Schneier reminds us. It’s time, he concludes, for these systems of trust to evolve:

It’s time for us to deliberately think about how trust works in the information age, and use legal, social, and technological tools to enable this trust. We might get it right by accident, but it’ll be a long and ugly iterative process getting there if we do.

We can’t simply trust that Facebook or Tumblr or Twitter or Pinterest or anyone else has our best interests at heart. We need to be informed, cautious, and sensible. (As Ronald Reagan famously said, “Trust but verify.”) We need to be aware of terms of service, privacy policies, and security breaches. We need to be aware of the dangers posed by social engineering, poor security practices, hacking, and electronic surveillance. We need to be familiar with resources like Wired’s Threat Level blog, the Millenial Cybersecurity Project, Bruce Schneier, danah boyd, and the Electronic Frontier Foundation. These resources are all accessible to the layman—you don’t have to be a white-hat hacker or code monkey to understand and apply them.

We need to do these things as future librarians not only to protect libraries and other information organizations navigating the Web 2.0 world, but also to educate patrons so that they can protect themselves.

REFERENCES

Greis, N.P.; Nogueira, M.L.; and Kellogg, S. (2012). The Millennial Cybersecurity Project: Improving awareness of and modifying risky behavior in cyberspace. Final Report. Institute for Homeland Security Solutions. Retrieved from http://sites.duke.edu/ihss/files/2011/12/IHSS_FinalReport_MillenialCybersecurity_Greis.pdf on February 24, 2013.

Honan, Matt. (2013, Feb. 21). Zendesk security breach affects Twitter, Tumblr and Pinterest. Wired.  Retrieved from http://www.wired.com/threatlevel/?p=54338 on February 24, 2013.

Schneier, Bruce. (2013). Our new regimes of trust. The SciTech Lawyer, 9(3), 16-17.

Svane, Mikkel. (2013, Feb. 21). We’ve been hacked.  Zendesk Nation [blog]. Retrieved from http://www.zendesk.com/blog/weve-been-hacked on February 24, 2013.

RSS Feed Readers

Rich Site Summary (usually called Really Simple Syndication) is an invaluable tool for fans of blogs. RSS feed readers consolidate all your favorite blogs and RSS-enabled websites at one convenient location. I use Google Reader and like it pretty well; I have 46 subscriptions at this point (down from 70+ before I started at SLIS). Some of these are defunct—Mongo’s Montreaux, for example, is on hiatus until Mongo leaves his temporary position with the U.S. Government; Sepia Mutiny has shut down, but I keep the bookmark so I’ll remember to go back and read old posts; and I keep hoping that Jonquil will start blogging again—but the majority are live.

There’s no way I would be able to keep track of all the blogs and syndicated sites I read without the Google Reader. Some of the bloggers post irregularly enough that I would have given up on them long ago without the convenience of an RSS feed. Most bloggers I follow post daily, and some make frequent posts throughout the day. An added benefit of the Google Reader is that I can keep an item unread and return to it later, to read at leisure. I can also email myself a particularly good link; today it was a recommendation for a new YA novel, Team Human by Justine Larbalestier and Sarah Rees Brennan.

Blogs, when done well, are incredibly communal. Group blogs are obviously so; but individual blogs can accumulate circles of readers that form surprisingly tight-knit communities. The comments on a really good blog can develop into insightful and far-ranging conversations. It’s kind of like a guided tour of the internet.

 It’s easy enough to find librarians who blog, but there are also some less obvious places to find topics of interest.

  • Boing Boing (http://boingboing.net ) has dedicated pages for books, music, video, comics, etc. and even has a family-friendly area that lists activities, books, and media for kids. It really is a repository for wonderful things; I get most of my book recommendations from BoingBoing. There’s some overlap with Wired, so the editors talk a lot about tech trends, science fiction, comics, and maker culture; but they also discuss intellectual property rights, weird science trivia, cat memes, and civil rights. They also occasionally have items with direct relevance to library students (“The (New York Public Library) Manuscripts and Archives Division is offering an (unpaid) internship to aid the Digital and Project Archivists for the Timothy Leary Papers for the Spring 2013 term to students from a Master’s program in librarianship, archival studies, or preservation with an interest in the born digital materials in the papershttp://boingboing.net/2013/02/05/ny-public-library-internship.html )
  • The Middle East Institute Editor’s Blog (http://mideasti.blogspot.com ), by Michael Collins Dunn, discusses current events in the Middle East; art, literature, and music from the Arab diaspora; Middle Eastern linguistics; and pop culture (political graffiti in Cairo, the cartoon Mish-Mash Effendi, the latest antics of Haifa Wehbe, an attempt to ban the 1,001 Nights, accusations in 2010 that the Lebanese-American Miss USA was in fact a Hizbullah mole [file under IDEK], the latest salafist complaints in Egypt about raks al-sharki a.k.a. bellydance).

Dr. Dunn has some excellent posts about the libraries in Timbuktu; see January 31, 2013 “Some Good Stuff on Mali and Timbuktu” , “Good News from Timbuktu?” , and January 30, 2013: “Were Most Timbuktu Manuscripts Hidden?”.

Timbuktu is a UNESCO World Heritage Site. The Al-Qaeda linked extremists destroyed saint’s tombs, burned books, and put libraries to the torch before French troops intervened on January 28. One of the extremists’ targets was the Ahmed Baba Institute of Higher Learning and Islamic Research, an institute founded by the Malian government and housing documents from as far back as the 13th century. There are also hundreds of small privately-owned libraries that have been passed down generation to generation for hundreds of years.

For more on this story, see “All Things Considered” for February 5, 2013. Timbuktu is about 1,000 years old, was on major caravan routes, and has been invaded repeatedly; safeguarding books is an old tradition there. The books at Ahmed Baba were smuggled out in empty millet and rice sacks and taken by cart, canoe, motorbike, and truck to Bamako, about 600 miles away.

  • Roger Ebert (http://www.rogerebert.com ) blogs movie reviews; usually five or six every Thursday. I’m a huge movie fan, but I don’t have a lot of time—I still want back those three hours I spent watching The Mahabarata—so these reviews are an invaluable guide and time-saver for me. They’re also great for anyone likely to be approached by people asking “What good movies are out there?”
  • There are a lot of fannish bloggers who deliver solid recommendations for books, music, and film. Starlady writes regular brief reviews; Copperbadge critiques media less often, but is always on point; and Cofax is always good for a link. This is a really good way to accumulate recommendations for genre fiction; one blogger was writing recaps/reviews of Diane Duane’s Star Trek novels not too long ago. It’s also a great way to find new music; I discovered the Arcade Fire, Sigur Ros, and OK Go because fannish bloggers wrote about them.

And these are some good librarian blogs:

  • K.G. Schneider (http://freerangelibrarian.com/): University Librarian at Holy Names University in Oakland, California. Most recent post Jan. 21; tech trends. Usually lengthy, always interesting, and sometimes useful information.
  • J. Vance (http://libetiquette.blogspot.com/): Librarian and faculty member at Middle Tennessee State University. “The number one, most-trusted source for authoritative tongue-in-cheek librarian etiquette tips on the Internet.” Most recent post Feb. 4: “Librarians should never admit to liking sports, commercial television, or Oreo cookies.”

RSS feed readers allow you to develop wide-ranging interests and keep current on all kinds of things. (Did you know that there’s a Yemeni version of “Gangnam Style”? It’s not as good as the Mongolian one, honestly, but if you see only one fanvid, it should be the version made by students at NASA’s Johnson Space Center. Although the one made by some students at Nunavut Sivuniksavut is really cute.)

As trivial as memes can sometimes be, pop culture is still culture, and a good librarian is never ignorant for long : )