Weekly Assemblage 2015 Week 36

#radlibchat “Librarians’ views on critical theories and critical practices”

On Tuesday, 2015-09-01, there was a great #radlibchat focused on librarians’ views of critical theories and critical practices. Hosted by the Radical Librarians Collective, this recently-begun set of chats take place once a month. Much like #critlib chats, they suggest readings that work as frames or guides for discussion, but the readings aren’t required for participation. I particularly like that the #radlibchats choose Open Access readings (or pre-print versions) and that they have a Safer Spaces Policy for the chats.

They’ve said that an archive of the chat will be produced, so I’ll edit this post with a link to that once it’s available.

Overall, I definitely recommend reading the Schroeder and Hollister article that framed this chat. Rather than looking for a philosophy of librarianship or investigating critical theory for the sake of abstract cogitation, the authors assert the primacy of social justice within librarianship and suggest that critical theory offers a useful way to articulate and reinforce this type of work within professional literature and LIS curricula.

As I mentioned in the chat, I’d love for there to be a series of zines and blog posts that introduce social justice issues, #radlib, #critlib, etc. viewpoints / theories / approaches to praxis / what have you. If you’re interested in contributing or have ideas about the best way to facilitate that, please get in touch. I’ve already seen some great zines along those lines and believe it’s an excellent format for discussing this kind of work.

Alison Macrina & the Library Freedom Project at IU Bloomington

Yesterday, 2015-09-04, Alison Macrina presented on her Library Freedom Project at IU Bloomington. On top of being an excellent presentation, I enjoyed the chance to see Staša Milojevic, Ron Day, and Andrew Asher at least once more before leaving town!

Kyle Shockey was intrepid enough to live-tweet it, but I was having a hard time thinking in suitably short bursts. So instead, I’ll go ahead and post my notes below. Any errors in understanding, note-taking, and spelling of names are all my own. These notes are far from perfect, and I suggest you check the Library Freedom Project website for more authoritative descriptions of their work, resources, and links. But until you get a chance to see a talk from the LFP in person, here’s a flawed reflection of a talk!

Library Freedom Project

Will give an overview of why she runs it, what LFP is, how she got started, what it involves

Prior Context

started: July 2013. June 2013 was when Edward Snowden come out with his revelations

Alison points out that she’s not “anything new” in librarianship, privacy work & intellectual freedom has been a part of librar* for a long time. (image of Jessamyn West’s FBI National Security Letter canary sign, which she’s been doing since about 2002)

2005 Connecticut Librarians who challenged the constitutionality of the gag order (Connecticut 5?)

Library Awareness Program, late Cold War FBI program targeted libraries, believing them to be KGB houses, she recommends a great book on this called Surveillance in the Stacks

Current Things

Recent backlash against privacy, i.e. “Why protest unless you have something to hide?” standpoint

NSA hoovering up both metadata and content full-take programs, they siphon it out, “Collect it All” is their approach

XKeyscore, their data retrieval system, uses selectors to look at data & metadata they’ve already collected with other methods; “It’s kind of like their Google search for what they hold”. Gets down to “Germans who use chat forums in Pakistan” level specificity

PRISM program, involves a lot of services

Section 215 of the USA PATRIOT Act, to request any tangible thing; technically sunsetted, but brought back in zombie form, now “anything related to terrorism” verbiage but we know that’s something that can be wildly used & misused because when claimed, don’t have to

Section 702 of FISA act. We know that US person data caught up in this, which is both unconstitutional & unethical.

Clapper or (someone else) says that “We kill people based on metadata,” i.e. helps show when the materiality of the message differs from the content, i.e. not in Miami (said) when transmission shown to be in Bloomington

1033 Program of moving military equipment to police departments. NYPD has something like 30 foreign offices, usually done on tourist visas. Do lots of surveillance abroad, closed-circuit cameras & license plate reading cameras that read the numbers & catch people as well. Basically real-time tracking cameras. Then “domain awareness centers” share all this info. Often target neighborhoods where many POC live.

Black Lives Matter program, spying on by Department of Homeland Security, local police have, etc. This is all protected 1st Amendment action aimed at civil rights, but heavily surveilled anyway. Muslim communities also heavily surveilled. “Countering Violent Extremism” programs as well.

Should see all these things (War on Drugs, War on Terror, Profiling & Policing of POC, the unequal incarceration of POC) all involved. Assemblage all comes together. Law around it is either too outdated or the law directly supports these actions. Also DEA routinely breaks the law with no repercussions. Used against lawful activities by marginalized peoples/communities.

Everyone is caught up in the dragnet, but certain communities are currently & historically have been the target of these. This historical context lets us know the purpose of these surveillance programs.

Letter to MLK from the FBI

Letter telling MLK to take his own life or be shown to be “a fraud” who has slept with other women besides his wife. (Apparently based on recordings of his hotel rooms.)

Determined to be from the FBI, information about MLK’s sex life as blackmail

Companies & Data Mining

No right to privacy because of Third Party Doctrine, if given to a non-governmental agency, you have no expectation of privacy

Google is the scariest one. They have a total picture of who you are & use it for advertising. They have a troubling relationship with

Google Ideas (Jared Cohen) also works with US on counterterrorism, he’s a State Department guy who also works for Google. Worth reading Julian Assange’s interviews with Schmidt & Cohen.

NSA is ~70% (?) private contractors.

Great image of Google as Iron Giant, looming behind Facebook & Big Brother robots lurking over laptop user

Libraries!

“Nothing to hide” approach suffers from profound failure of imagination. We all have curtains in our home windows & are all wearing clothes.

Pew Research Center: “Public Perceptions of Privacy and Security in the Post-Snowden Era”

PEN America, “Chilling Effects: NSA Surveillance Drives U.S. Writers to Self-Censor”, 1 in 6 writers has avoided writing or topics because of security. Another 1 in 6 has seriously considered doing so.

There’s also a newer, even more profound study out (also by PEN America)?

Would someone write Lolita today? Probably not. No one is putting those search terms into Google.

Librarians and Technologists Can Fight Back!

Teaching & building freedom-protecting technologies

This is what she does with the Library Freedom Project!

She teaches librarians because librarians have relationship to all kinds of people, varied in academic libraries & even more so in public libraries. Libraries are often the only free public computer system in a community. Her high school still doesn’t have a computer tech class, for instance.

Kade Crawford writes the Privacy SOS website, ACLU Massachusetts
ACLU lawyers as well

Works with TOR Project, the TOR browser, etc. They build the tools that she ends up teaching; she does outreach & informs them on how to make tools more user-friendly.

What she teaches:

1. Threat modeling
2. Encryption
3. Free & Open-Source tools

“Encryption works” - Edward Snowden

Tools:

• TOR Browser
• How to run TOR relays, easier for institutions to assume some of the legal risks
• DuckDuckGo & other search browsers
• Privacy Badger
• No Script
• Disconnect Me
• Jabber
• Red Phone
• TXT Secure / Signal (works automatically), What’sApp is based on similar encryption but doesn’t work as well by default or advanced implementations
• TAILS, Linux Debian (The Amnesiac Incognito L~? System), useful for using a computer that’s not your own w/o leaving anything behind; lets you subvert computer filters
• KeyPass
• Dice Generator (?)

Principles:

• If it’s not saved, it can’t be subpoenaed
• Encrypting sites with HTTPS, also how to do HTTPS Everywhere
• Let’s Encrypt, free, open, automated certificate authority
  • should be out at the end of 2015

Jeremy Hammond, now in prison, hacker responsible for the leak that exposed the Dow Chemical disaster in Bhopal, India. He was caught because his password was Chewy123 (his cat is named Chewy).

We can make surveillance more expensive for the spies, makes more work, therefore make a sort of herd immunity, harder to de-anonymize a particular person.

Libraries are great places to teach this because we’re a trusted space that already is structured around privacy issues.

A lot of these security-building institutions are excited that librar* are involved.

Q & A

Q1. What’s a PGP Key?

She uses Thunderbird, Enigmail, a PGP suite, then make your keys, etc. It gets easier as you go along, other person also has to use it.

Q2. Epistemological question: how do we know these technologies work? We seem to be safe in aggregate already, but that’s changing?

We’re not already safe in the aggregate. Google’s ties with the security department. Shouldn’t overtrust any software. She trusts free & open-source software because she can look at it & how it works. She might not read that particular programming language, many people can look at it together. Many eyes that scrutinize it; it’s the most transparently examined. She says that individuals should think for themselves.

Sandstorm, is all former Google security people doing a self-hosted Google Drive alternative.

Q3. I have made a straw man out of your nuanced positions and talk. Discuss?

Alison calmly & politely interjected “Do you want me to answer your question or not?” when the asker made a litany of supposed—yet demonstrably incorrect & counter to the talk’s content— premises. I thought she handled this exceedingly well.

Alison says she teaches domestic violence victims about privacy tools, which is often over their heads but their threat model means that they’re willing to learn about it. She desperately wants to make these tools better.

She wants people to know what decisions they are making. Leave it up to the users.

Q4. What’s out there that is accessible for disabled users?

TAILS is good because Debian has accessibility tools built into it.

TOR project could use expertise on disability issues.

Q5. Ron: I think what you’re doing with public libraries, gives us a mission & is empowering. With so many library things outsourced to private enterprises, how does this sit with librarians who have their collections pushed out to private vendors?

If there’s a relationship between LFP & that outsourced problem, it’s that thinking through privacy leads to thinking through outsourced. Adobe data breach, for example. She also shows that there’s a way to have relationship with community-based efforts (FOSS), not just privatized ones.

Q6. Currently having a lot of data isn’t equal to being able to use the data. But as artificial intelligence & other technologies become more sophisticated, will they be better able to actually use the data?

She disagrees with premise that data isn’t currently being used. It’ll definitely get worse as analysis of large data sets becomes easier, also important how individual circumstances change & people become surveillance targets.

Q7. Why is Snowden such a purportedly revelatory thing?

Stasi archives in Berlin, 2 city blocks, 4 stories high. Great tourist thing. If make NSA to equal height, it’d cover all of North America, down almost to bottom of Mexico, plus parts of the ocean.

Q8. What about the arms race of escalating privacy technologies?
Did her answer imply that Silk Road dude got powned by NSA because of social engineering rather than the technology itself?

Alison: If I were NSA, I’d try to run every TOR exit node so I could analyze things.

Q9. Hacking Team leaks, a malware for surveillance thing

Hacking Team also works with campus police departments!

When leaked, read Email, learned source code, capabilities, had 3 zero-day exploits just for Flash, which made Flash immediately get patched.

Leaks work well for this.

WikiLeaks has Hacking Team data dump, you can search for it.

Q10. Internet of Things

Don’t use smart fridges, basically. Avoid Internet of Things.

Someone hacked into an IoT rifle, hacker does it. Sousveillance (the things we carry are watching us), also watching people who are watching us.

Q11. Statement: Insurance companies & data logging

ACLU & EFF are trying to fight back against data logging. EasyPASS trying to make it so that you can’t pay toll roads with cash, only cards. “It’s like trying to catch a tornado with a teaspoon.”

EFF was trying to get classic car tinkerers fired up about this, because new things make it impossible to alter things with your equipment.

Q12. Ron: General question about how you set up these sessions, how it sets in with ACLU. Why is this different than ECHELON? It affects the perversion of entire state. Now dealing with vast corruption, Fisk court pretty dubious. How do these problematic issues of national corruption get displaced by arms race idea? Does it lead to escalation of tools & entrepreneurial class?

Not technological determinism, not buy/get new thing. She’s interested in technology for what it can do for us while we continue fighting for legal change & other justice issues without fear of reprisal. Reforming law takes a long time, tools necessary in the interim. Also technology is an easier first step than legal fights.

Ron: almost like an addiction (as William Burroughs argued) between the hackers hired by NSA & then the counter-hacking. Interesting that it’s really a 4th Amendment issue. I want to apologize if I implied criticism.