Privacy and Security for Today's Library

Dr. Steve Albrecht portrait

Keynote Speaker: Dr. Steve Albrecht - drsteve@drstevealbrecht.com

Session Time: 10:00 - 10:45 a.m. CST

Session Title: Assessing Library Facility Security: Think Like a Security Consultant

Session Description: Libraries don't always need to hire a consultant to review the level of facility security. Using a structured assessment process, librarians can create a report that will help to make their building, staff, and patrons safer.

Speaker Bio: Dr. Steve Albrecht, author of Library Security: Better Communication, Safer Facilities, manages a training, coaching, and management consulting firm, using a dedicated and experienced team of subcontractor specialists.  He is internationally known for his consulting and training work in workplace violence prevention training programs, school violence prevention, and high-risk human resources.  Dr. Albrecht provides HR consulting, site security assessments, coaching, and training workshops in supervisory improvement, workplace violence prevention, harassment prevention, drug and alcohol awareness, team building, and more. He holds a B.A. in English, B.S. in Psychology, M.A. in Security Management, and a doctoral degree in Business Administration (D.B.A.).  He has been a trainer for over 26 years and is a certified Professional in Human Resources (PHR), a Certified Protection Professional (CPP), a Board Certified Coach (BCC), and a Certified Threat Manager (CTM).

Hannah Rainey portrait

Speaker: Hannah Rainey - hlrainey@ncsu.edu

Session Time: 11:00 - 11:45 a.m. CST

Session Title: Digital Life Decoded: a user-centered approach to teaching privacy and cybersecurity

Session Description: The current technological and political landscapes have re-ignited conversations and concerns around digital security, privacy, and media literacy. Individuals are generally concerned about these issues, but often take a passive approach to their online interactions and identities. To build a foundation for meaningful and sustainable programs that support the development of broad-based technological, media, and data literacies, a cross-departmental team of NCSU Librarians investigated what digital privacy means to students through user research and short-form pop-up programs.

Branded as "Digital Life Decoded," this project is grounded in substantial user research done in the spring of 2017 that identified three specific issues that students were concerned about: hacking of personal information, consent for use of information, and understanding how their information would be shared. Findings from the user research informed the content and design of short form pop-up programming, and will further inform the development of longer-form workshops and events.

This presentation will cover the process of development, including user research methods and project management, and the 3 interactive activities from the pop-up programs. The activities raise questions about everyday interactions with digital ecosystems and promote critical thinking about one’s own responsibility and power within. In addition to sharing methods and lesson learned, this webinar aims heighten the conversation about our professional and personal roles in leading cybersecurity and privacy.

Speaker Bio: Hannah Rainey holds a MSIS from the University of Texas at Austin and a BA in Cinema and Media Studies from Wellesley College. As a Libraries Fellow at North Carolina State University, Rainey works on a strategic initiative for effective stewardship of library data, assessing library systems and practices for compliance with security requirements. Rainey provides workshops and instruction on topics such as data sensitivity, data security, data visualization, and literature research.

Plamen Miltenoff portrait

Speaker: Plamen Miltenoff - pmiltenoff@stclousstate.edu

Session Time: 11:00 - 11:45 a.m. CST

Session Title: The role of the library in teaching with technology unsupported by campus IT: the privacy and security issues of the "third-party."

Session Description: The pace of changes in teaching and learning is becoming impossible to sustain: equipment evolves in accelerated pace, the methodology of teaching and learning cannot catch up with the equipment changes and atop, there are constant content updates. In an even-shrinking budget, faculty, students and IT staff barely can address the issues above, less time and energy left to address the increasing concerns about privacy and security. In an unprecedented burgeoning amount of applications, specifically for mobile devices, it is difficult to constraint faculty and students to use campus IT sanctioned applications, especially considering the rapid pace of such applications becoming obsolete. Faculty and students often “stray”away and go with their own choice. Such decision exposes faculty and students, personally, and the campus, institutionally, at risk. In a recent post by THE Journal), attention on campuses is drawn to the fact of cyberattacks shifting from mobile devices to IoT but campus still struggling to guarantee cybersecurity of mobile devices on campus. Further, the use of third-party applications might be in conflict with the FERPA campus-mandated policies. Such policies are lengthy and complex to absorb, both by faculty and students and often are excessively restrictive in terms of innovative ways to improve methodology and pedagogy of teaching and learning. The current procedure of faculty and students proposing new applications is a lengthy and cumbersome bureaucratic process, which often render the end-users’ proposals obsolete by the time the process is vetted.

Where/what is the balance between safeguarding privacy on campus and fostering security without stifling innovation and creativity? Can the library be the campus hub for education about privacy and security, the sandbox for testing and innovation and the body to expedite decision-making?

Speaker Bio: Dr. Plamen Miltenoff is an Information Specialist and Professor at St. Cloud State University. His education includes several graduate degrees in history and Library and Information Science and terminal degrees in education and psychology. His professional interests encompass social media, multimedia, Web development and design, gaming and gamification, and learning environments (LEs). Dr. Miltenoff organized and taught classes such as LIB 290 "Social Media in Global Context" and LIB 490/590 "Digital Storytelling" where issues of privacy and security are discussed.

Bill Marden portrait

Speaker: Bill Marden - williammarden@nypl.org

Session Time: 11:00 - 11:45 a.m. CST

Session Title: The Agony and the Ecstasy: NYPL's Path to a New Privacy Policy

Session Description: Bill Marden talks about how he and his colleagues at NYPL managed to research, plan, write, and execute a new Privacy Policy for NYPL....all in less than a year. As Michelangelo said, "If you knew how much work went into it, you wouldn't call it genius."

Speaker Bio: Bill Marden became NYPL’s first Director of Data Privacy and Compliance in November 2015 after almost 20 years of policy, regulatory, and compliance experience at some of the world’s leading financial institutions including Citigroup, JPMorgan Chase, and UBS. Previous to his time in the financial world, Bill was a librarian in both the public and private sectors, including six years as books and manuscripts curator for the Frederick R. Koch Foundation, now housed at Yale's Beinecke Library.Bill is a member and incoming chairman of the ALA's Office of Intellectual Freedom (OIF) Privacy Subcommittee. He has lectured on data privacy and compliance at the Pratt Institute School of Information, the Metropolitan NY Library Council, the City University of New York (CUNY), the New America Foundation, and the 2017 Benchmark Litigation Security & Privacy Forum. He is also a member of the Freedom to Read Foundation. He is a contributor to the newly-published "Protecting Patron Privacy: A LITA Guide" (Rowman & Littlefield, May 2017). He is also the author of two award-winning books about New York City bookstores.

JJ Pionke portrait

Speaker: JJ Pionke - pionke@illinois.edu

Session Time: 12:00 - 12:45 p.m. CST

Session Title: Disability and privacy: Why it's needed in libraries

Session Description: This presentation will discuss privacy, stigma, and the public gaze as a source of concern and trauma for people with disabilities. People with disabilities, especially visible disabilities, often face constant public scrutiny of their bodies and ways of being.  Many people with disabilities are chronically unemployed or under employed and use libraries for services.  A major concern for people with disabilities, especially students, is having a private place to study or work where they are out of the public eye.

Speaker Bio: JJ is the Applied Health Sciences Librarian at UIUC. His work revolves around disability and the library.

Cynthia Hetherington portrait

Speaker: Cynthia Hetherington - ch@hetheringtongroup.com

Session Time: 12:00 - 12:45 p.m. CST

Session Title: The Dark Web

Session Description: The Dark Web has the star quality and luster of a Hollywood movie, but in reality, it is a den of inequity operated by the technically sophisticated. The more "google'ized" we have become as investigators and researchers, the less we understand what is going on behind the scenes and how to operate in this world. This presentation will introduce the dark web and channels that are used to institute private sales and exchanges.  During this presentation we will explore dark web channels for content, learn some of the specialized search engines to attempt searching in this venue, and learn the lingo of this underworld.  Dark web language like Tor and Tails will be introduced and we'll learn how to  use Tor safely and effectively, while learning the vulnerabilities.

Speaker Bio: Cynthia has more than 20 years of experience in research, investigations and corporate intelligence. A noted authority and recipient of the 2012 "Speaker of the Year Award" by the Association of Certified Fraud Examiners, her company, the Hetherington Group, is a national consulting, publishing and training firm specializing in intelligence, security, and investigations.

One of the most respected online investigators, Cynthia combines her Master of Library Science, Master of Science in Management, experience as a Certified Fraud Examiner, and over 20 years of computer expertise, to establish her company in the online and Internet investigative industry.

Cynthia has been recognized for her work in overseeing national and international investigations for Fortune 500 companies and other organizations in the Middle East, Europe and Asia. Hetherington has provided numerous corporate security officials, military intelligence units, and federal, state and local agencies with training on online intelligence practices.

Cynthia also founded the OSMOSIS Institute in 2015, the host organization of the annual OSMOSIS Conference, which provides Open Source Intelligence (OSINT) insights and due diligence investigation training, from some of the most recognized social media and open source trainers in North America.

Chris Markman portrait

Speaker: Chris Markman - cmarkman@mywpl.org

Session Time: 12:00 - 12:45 p.m. CST

Session Title: From OPSec to LibSec

Session Description: This session provides an updated overview of an article the presenter co-authored in 2016 from the Code4Lib Journal titled, "Measuring Library Vendor Cyber Security: Seven Easy Questions Every Librarian Can Ask," which was also presented at the Internet Librarian 2016 conference in Monterey, CA last year.

Speaker Bio: Chris Markman is a Reference Librarian from Worcester, Massachusetts and published security researcher and instructor. He has an MLIS from Simmons College and MSIT from Clark University.

Ronald S. Russ portrait

Speaker: Ronald S. Russ - rsruss@asub.edu

Session Time: 2:00 - 2:45 p.m. CST

Session Title: Hack Job: How ISIS Put The Arkansas Library Association in the National Spotlight

Session Description: Discussion of how the Arkansas Library Association website was hacked by a group in Eastern Europe, and that information was sold to ISIS. The story made national news, since it was ISIS who received the information. Will go into details as to what happened, what went wrong, and what we learned from the incident.

Speaker Bio: Ronald Russ is the Arkansas Library Association Web Services Committee Chair. In addition, he is the Electronic and Public Services Librarian at Arkansas State University-Beebe. He works will all type of technology and manages the computer lab in his library. In his spare time, he enjoys Jazz and photography.

T.J. Lamanna portrait

Speaker: T.J. Lamanna - tlamanna42@gmail.com

Session Time: 2:00 - 2:45 p.m. CST

Session Title: Damn The Man: Practical Privacy and Libraries

Session Description: Discussing both practical and theoretical ways of protecting both librarians and their patrons in a world of social engineering, hacking, and malicious states. Whether it's email, browsing history, or your texts we'll cover what you can do to keep yourself private.

Speaker Bio: T.J. Lamanna is the emerging technologies librarian at the Cherry Hill Public Library in Cherry Hill, New Jersey. His focus is on advocating for both librarian and patron privacy concerns. The current president of the Intellectual Freedom Committee of the New Jersey Library Association as well as sitting on ALA's IFC Privacy Subcommittee, he spends an inordinate amount of time exploring these topics.

Alison Macrina portrait

Speaker: Alison Macrina - alison@libraryfreedomproject.org

Session Time: 2:00 - 2:45 p.m. CST

Session Title: Practical privacy strategies in extraordinary times

Session Description: In an age of broad government surveillance, Big Data, high profile data hacks, and new digital threats that come from a dangerous and uncertain political climate, it's easy to feel like privacy is a relic of pre-digital times. But what about those of us who are unwilling to sacrifice this basic human right for the convenience of new technologies and the empty promise of national security? Privacy activist Alison Macrina of the Library Freedom Project will discuss what we librarians can do to protect our patrons, especially those most marginalized and most at-risk by the loss of privacy. She will cover the landscape of privacy threats and discuss what technical tools we can use and teach our patrons to take control of their digital lives in these extraordinary times.

Speaker Bio: Alison Macrina is a librarian, internet activist, the founder and director of the Library Freedom Project, and a core contributor to The Tor Project.

Deborah Caldwell-Stone portrait

Closing Keynote Speakers: Deborah Caldwell-Stone - dstone@ala.org and Mike Robinson - mcrobinson@alaska.edu

Session Time: 3:00 - 3:45 p.m. CST

Session Title: Navigating the Changing Landscape of Library Privacy

Session Description: Learn about contemporary patron privacy issues facing libraries today, and the practical actions libraries can take to improve patron privacy protections. This session will provide an overview of the ethical and legal foundations for patron privacy, and highlight resources that can be used to help libraries preserve patron privacy when adopting new technologies. Topics to be addressed include vendor agreements, securing the library's ILS, and using encryption tools to safeguard web browsing and online communications.

Mike Robinson portraitSpeaker Bios: Deborah Caldwell-Stone is Deputy Director of the American Library Association’s Office for Intellectual Freedom and the Freedom to Read Foundation. She is a former appellate litigator who now works closely with librarians, library trustees and educators on a wide range of intellectual freedom and privacy issues, including government surveillance and the impact of new technologies on library patrons’ privacy and confidentiality.

Michael Robinson is past Chair of the ALA's Intellectual Freedom Privacy Subcommittee (2014-17) and Head of Systems at the Consortium Library at the University of Alaska Anchorage. He has worked with technology in academic, public, and special libraries and is keenly interested how libraries use technology to provide access to information and services to users.