A hacked-together lesson on neutrality, censorship, intellectual freedom

So, ALA is finally dipping a toe in “maybe our stance on intellectual freedom has some… issues?” I hope they’re serious about it. They should be.

Last fall, students asked me to dig a bit deeper into intellectual freedom, “neutrality,” and censorship for student-choice week in intro. So I gave it a go; here’s what resulted. Note well, when I say I am not an ethicist, I mean that I am not an ethicist. I’ve never formally studied ethics, and I don’t think or write the way ethicists do. But I have to try to cope with ethical dilemmas, as we all do, so I’m not a complete waste either.

I don’t promise that the below is Practically Perfect in Every Way. I had a week to put this together, folks! I also don’t promise that you’ll agree with every word I say—when does that ever happen? But I do hope and believe it’ll shake up some of the automatic “libskools are Doin It Rong” attitude I’ve seen around this (and, of course, many other things).

This should be a really good add-on to our really terrific discussion about ethics codes. (Have I mentioned that y’all are exceptionally thoughtful writers and discussants? You really are. Best class I’ve yet had for seriously thinking things through. I appreciate you!)

I believe I said in our ethics module that ethics codes respond to real-life circumstances and happenings, and that frequently means they lag societal change. My hope for this module is that you understand:

  • some of the real-life circumstances and happenings that shaped 20th-century library discourse on intellectual freedom, neutrality, and censorship
  • behaviors and actions that the resulting ALA guidelines were intended to prevent
  • how those guidelines have fallen short of acceptable handling of current events and current thought—especially though not solely about inclusion
  • prodding ALA to change its guidelines accordingly, and
  • how you can help.

This discussion will of necessity be library-centric, even public-library-centric; archives have mostly taken their cues from libraries on this, and museums are… let me try to be polite here… frequently not yet ready to hold these discussions in good faith.


Time to exercise my (very rusty) reference muscles here! There are many kinds of reference sources (as you’ll learn if you take LIS 635), but dictionaries are possibly my absolute favorite—especially specialized dictionaries like medical dictionaries, legal dictionaries… and LIS dictionaries.

Wait. LIS has its own dictionaries?!

It sure does, and I pulled several (of varying ages and authorship) off the iSchool Library shelves (both the reference and general collections) to see what they had to say about our three terms of interest: intellectual freedom, censorship, and neutrality.

Intellectual freedom

  • 1943, A.L.A. Glossary of Library Terms: no entry. (Reasonable! ALA’s Intellectual Freedom Committee didn’t even exist until 1940.)
  • 1971, Harrod, The Librarians’ Glossary: no entry.
  • 1983, ALA Glossary of Library and Information Science: still no entry! fascinating!
  • 2002, Dhyani’s Glossarium of Library and Information Science Terms (a translation of Harrod’s into Hindi, but the glossary terms are in English, so I can confidently say): no entry.
  • 2005, Prytherch (who is the new compiler of) Harrod’s Librarians’ Glossary: no entry, but there’s an entry for “Intellectual Freedom Award” and “Intellectual Freedom Round Table.”
  • 2013, ALA Glossary of Library and Information Science: “the right to hold any belief, along with the right to unrestricted access to information.”


  • ALA Glossary 1943, 1983, 2013: no entry.
  • Harrod’s 2005: “In subject cataloguing, a situation in which user preference cannot influence one course over another because it is unascertainable or because it does not exist. Catalogues of general libraries are mostly neutral in this sense whereas those in special libraries may reflect the viewpoints of a homogeneous clientele.” (Yeeeeees, this is true, buuuuuuuut…)


  • ALA Glossary, 1943: no entry.
  • ALA Glossary, 1983: defines censor (verb) as “To prohibit or object to the production, distribution, circulation, or display of a work on the grounds that it contains offensive material.”
  • ALA Glossary, 2013: “The prohibition of the production, distribution, circulation, or display of a work on the grounds that it contains offensive material.”
  • Harrod’s, both editions: “Prohibition of the production, distribution, circulation, or sale of material considered to be objectionable for reasons of politics, religion, obscenity, or blasphemy. This action is usually taken by persons empowered to act by federal, national, state, and local laws, ad takes the form of preventing publications passing through the Customs or through the post, or of action in a law court to prevent their sale.” (All I can say is WOW, NO. Maybe as late as the 19th century this was an important thing to consider, but this is just an obtuse and useless way to think about censorship vis-a-vis libraries in 2005!)

So what does this tell us?

So, reference books (rather like textbooks, which is why I rarely teach from textbooks) typically like to include the well-known, the agreed-upon, the settled, the unarguable. They veer away from the controversial, the unsettled, the contested—after all, if a dictionary compiler writes a definition based on the losing side of a definitional debate, that immediately obsolesces the dictionary! (Until the next edition, anyway.)

Given that, I think our dictionaries tell us that even 40 years after ALA founded the Intellectual Freedom Committee, that committee’s responsibilities, purview, even reasons for existing were still under (re?)formulation and debate. (I definitely think there’s room to write and publish a Witt-like article about the progression of the concept of “intellectual freedom” in librarianship, if anyone’s looking for an archives-rich research paper to write. The Intellectual Freedom Manual piece I assign you below leaves out a lot of early historical detail that I’d be interested in knowing more about!)

These concepts haven’t always existed in librarianship’s intellectual foundation. They certainly haven’t always existed in their current form. They are neither sacrosanct nor immutable, though it will take a lot of advocacy, effort, and time to change them.

Edited to add: Sam Popowich just put out a blog post comparing definitions and application of the concept of intellectual freedom across time and between Canada and the United States. The too-long-didn’t-read version is: not only is this concept neither immutable nor sacrosanct, it isn’t even treated the same in Canada as it is here! (I’m in much more sympathy with Canada’s less-absolutist version than I am the US’s.)


I don’t want to demonize the people who formulated ALA’s concept of intellectual freedom. They definitely tried to get it right! They did get a lot right! There’s plenty there that I get along fine with—incarcerated people get to read, children get to read, censorship (very very carefully defined) is Not Great, labeling some stuff as “okay [for women, for children, for certain classes of people]” and other stuff not is frequently pretty gross, surveilling and being judgy about other people’s reading is absolutely gross, and so on.

(There’s a rant here on librarian and teacher use of Lexile ratings to constrict and limit children’s reading that I will skip—but I hate that and beg y’all who are interested in youth and K-12 not to do it!)

But today, some situations that used to be considered corner cases and acceptable damage… are a lot less corner-y, and we’re reckoning with damage we hadn’t even realized we were causing. A lot of damage. If that’s not enough, a constellation of situations around social media, online (and increasingly offline) surveillance, adtech, recommender systems, and so on have created a whole bunch more corner cases that our intellectual-freedom guidelines don’t handle well.

So, uh, what actually is “intellectual freedom,” then?

Per ALA, it’s “free access to seek and receive information and expression of ideas from all points of view without restriction for every individual of any age, ability, socioeconomic status, religious affiliation, race, ethnicity, sexual orientation, gender identity, or other form of identity or status.”

First, let’s note the verbs “seek” and “receive,” please. Librarianship emphatically does not assert a right to force other people to interact with any given information or expression of ideas! So miss me with bad-faith arguments about “if libraries don’t buy this book / pay this person to give a talk in the library / allow this group to use a meeting room, they’re violating the intellectual freedom of others!” We are not. No materials, no people, no ideas have an intrinsic right to library endorsement or to library promotion.

We’re also not Facebook or Twitter or YouTube or the like, using opaque algorithms based on dragnet surveillance to fuel “personalization” and “personalized recommendations” that can (and have, and do) funnel people into echo chambers and dangerous hateful groups and beliefs, and are easily twisted by propagandists and bad-faith opportunists. We organize the materials we collect to make them easier to find, we make ourselves available to teach and assist, we push back (not always successfully, admittedly) against legislative and regulatory attempts to force us to censor, we have loud public opinions about the health of information environments, and we otherwise leave patrons’ information behavior the hell alone. And (in the absence of an actual request for teaching or assistance) where we decide not to leave patrons’ information behavior the hell alone, we are very likely not doing librarianship well.

Which isn’t to say that some librarians don’t want us to start with all the surveillance-and-personalization garbage. I’m fighting them with everything I have, and I sure hope you will too, because we’re living in the world where all that took over and it is not a good world. Librarianship got this mostly right! Social media, online advertising, and for-profit search engines got it hideously, dangerously, poisonously wrong.

That said, there’s this from ALA’s Freedom to Read statement: “We do not state these propositions in the comfortable belief that what people read is unimportant. We believe rather that what people read is deeply important; that ideas can be dangerous; but that the suppression of ideas is fatal to a democratic society.” I do not love this, for a few reasons:

  • It ain’t just what people read. For pity’s sake, ALA, when are we all going to fully accept that writing and reading are not the only forms of information and entertainment production and consumption?! Argh. As a sometime audio/video/digital preservationist, this just annoys me. More seriously, it contributes to the stereotyping of librarians and librarianship as dusty obsolete book-pushers, and our resultant marginalization in policy discourse. That’s not healthy for us.
  • Refusing to engage with, purchase, support, or promote an idea is not the same as suppressing it, and ALA’s statement does not make this clear enough. It needs to. I don’t know how else we push back against radicalization via social media, or bad-faith both-sides-ism.
  • It’s absolutist. I have an instinctive distrust of absolutist ethics statements (as, I notice, a lot of you do too, and I encourage you in that). I can think of a few ideas that have gone out in the past five years or so that bid fair to be fatal to this supposedly-democratic society. I strongly fear they will, in fact, destroy us. The slogan “the answer to bad speech is more speech” is not holding up well at all under the onslaught of algorithmic amplification by Facebook et al. I think ALA needs to confront that failure honestly, and walk this absolutism carefully, carefully back.

Problems with “neutrality”

We’ve read about this some already, so I don’t want to repeat that. I want to be a little more explicit about how I think librarianship uses this word, and I want to be extremely explicit that some of these constructions amount to collective abdication of civic/societal responsibility by librarianship.

Let’s imagine me—white, cis female, divorced/single, asexual, ethnically-not-religiously Jewish, religiously agnostic—at a public library reference desk. Let’s imagine that a patron comes up to me at the reference desk asking for Bible exegesis. During the reference interview (which, being a good reference librarian, I absolutely do not skimp on), he explains that he is looking for something appropriate to a New Testament study group at his Baptist church, something about marriage and the proper roles of men and women within it.

Do I get to point him to the Talmud, or Rambam, or Martin Buber, because I grew up Jewish with rabbinical traditions in my ears, and because the religion I grew up in does not recognize the New Testament? Do I get to ignore the writings of St. Paul because I consider them horribly misogynist? Do I get to point him only to secular feminist literature (which I admit I’d be itching to do) about marriage, because during the reference interview I get a sense he wants support for viewpoints I consider sexist, homophobic, and damaging? (Very likely transmisic as well, though I might not get a full read on that just from a reference interview.)

NOPE, no, I sure as heck do not get to do those things. (At the most, I get to hint that his information universe is… not the entire world’s, or recommend a more egalitarian Christian thinker addressing marriage roles if I can find one.) He has clearly expressed his information need, and it is my job as a professional librarian to keep my own upbringing and beliefs out of this interaction. That’s one way that “neutrality” is applied to librarian practice, and it’s a way I am mostly in harmony with. Sure, it can be tricky and heartburn-inducing to apply—the classic corner case is the student who comes to the academic-library reference desk looking for “research sources” to support a completely indefensible and unscientific stance—but as a general rule, “keep your identity and beliefs out of your attempts to satisfy patrons’ clearly-expressed information needs” is decent advice.

(Look, I don’t want a reference librarian who happens to be an evangelical Christian steering me away from my request for Rambam and Buber either! That’s religious proselytization, which is lousy patron service. It’d be inappropriate from them and it’s equally inappropriate from me, regardless of the power/privilege positions here. That there’s a lot of antisemitism out there in the world—which there absolutely is—doesn’t excuse me using a reference interaction to proselytize on behalf of Judaism and Jewish philosophy.)

Where library concepts of neutrality have presently hit a wall is, I think, where they are applied not in one-on-one patron interactions, but in broader collective contexts, where “librarianship is neutral on X” translates in practice to “librarianship is abdicating responsibility for taking a position on X, which is an incredibly important issue where the status quo is clearly unjust.”

Desmond Tutu explained why this is wrong better than I can: “If you are neutral in situations of injustice, you have chosen the side of the oppressor. If an elephant has its foot on the tail of a mouse and you say that you are neutral, the mouse will not appreciate your neutrality.” Or Elie Wiesel: “We must take sides. Neutrality helps the oppressor, never the victim. Silence encourages the tormentor, never the tormented.”

Racism. Sexism. Homophobia. Ableism. Transmisia. Maltreatment of the poor, the addicted, the unhoused. Abuse and murder by law enforcement. Some part of librarianship—often ALA itself, often through its Office of Intellectual Freedom—has claimed neutrality on every single one of these and more.  And it’s not okay.

I’ve explained already how I would fix this if I were queen of ALA—a principle derived from Popper’s paradox of tolerance, and revising the ALA Policy Manual accordingly. I have some hope that given the addition of Principle 9 to the Code of Ethics, we’ll see some effort along these lines, especially after extremely conspicuous Epic Fails around…

The problem of hate groups and library meeting spaces

Look, straight-up: section B.2.1.10 of the ALA Policy Manual is getting US public libraries used by hate groups—used to legitimize their hate, used to intimidate targeted groups away from the library. Is that why “trans-exclusionary radical feminists” (TERFs) and the so-called “gender critical” are getting themselves invited to speak at public libraries? Heck yeah it is! Is it why white-supremacist groups book meetings in public library spaces? Abso-freakin’-lutely!

Has ALA OIF shrugged at this and said “look, the manual says all community groups get to use meeting spaces, so suck it up.” Yuuuuuuuup.

I don’t have a better answer than “we urgently, urgently HAVE to FIX THIS PIECE OF THE MANUAL to prevent this misuse.” And… some of us have tried, just not successfully yet. We need to keep trying until we succeed. The legal and First Amendment issues around public spaces are real—but in my non-lawyerly estimation, surmountable; the First Amendment does not, for example, make legal many forms of hate speech.


Let’s imagine me a collection developer this time. Do I get to limit my philosophy collecting to Judaica, because it’s a philosophical tradition I’m familiar with from my upbringing? Or, hey, I majored in comparative literature as an undergrad with a concentration in Western European medieval studies—do I get to collect a bunch of Western European Christian monastic rules and penitentials for the religion section and call it a day?

Can I refuse to add Frank Herbert’s Dune to the science-fiction/fantasy/horror collection because I hate, loathe, abominate, and despise that book (which I do; I can’t stand it and I desperately wish filmmakers would quit adapting it)? What if I hate that book because of its sexism, cultural appropriation, and blatant homophobia and fatphobia (because those are indeed my reasons, along with the writing style striking me as amazingly turgid and pretentious)? Can I exclude it now?

Of course I freakin’ can’t! I can’t do any of these things and still call myself a competent collection developer! I have absolutely zero right to make over the library’s collection in my own image; the library is not exclusively for me. Doing this is a form of censorship—excluding culturally and/or intellectually valuable (yes, this is a weasel word, but let’s run with it for now) material that patrons have a known desire to read or watch or listen to because it doesn’t float my personal intellectual boat. Moreover, I have absolutely zero right to allow the mayor, the local school principal, the police chief, local religious or community-group leaders, or anyone else along those lines to force the library collection into their image, especially when that means excluding material valued by other parts of the library’s patron base—the library isn’t just for self- or other-designated “community leaders,” either.

The above situations are exactly what librarianship’s guidelines around censorship are intended to prevent. That’s not to say that some librarians don’t quietly censor their own collection development while flying under the radar—I’ve seen it happen. But it’s bad practice and they’re lousy librarians for doing it.

But that is not to say that I cannot and should not exercise judgment as I choose materials. No library is Terry Pratchett’s L-space; neither shelves nor budgets are infinite. Given that I cannot escape choosing some materials and not others—and this is true not only in collection development, but in archives appraisal, analog and digital conservation/preservation, and anywhere else the information professions have to deal with some form of scarcity—I actually need some principles for doing so that go beyond my own taste, knowledge, and inclinations!

That’s what collection-development policy is, as you’ll learn in LIS 655 and LIS 755 (and briefly later on in this class). That’s one reason (not the only reason!) it’s important. It’s what keeps necessary selection processes from becoming unacceptable censorship. And yes, collection policies can be value-driven, at least to some extent! Truth (as best we can ever know it) over lies, errors, and propaganda. Inclusion and representation over hate and erasure. Accessibility over in-. And so on.

The current censorship wave

Oof, I hate what we’re sending a lot of you folks into as you start your careers… but that doesn’t mean I should pretend it’s not happening. So here, have some readings, hot off my Raindrop:

So… this is absolutely attempted censorship, and it’s bad and it’s scary and I cannot promise it will be successfully beaten back everywhere it’s being tried. This is not a good time for library triumphalism, not even slightly. I can at least promise that we’re not fighting it alone; that’s what ALA’s statement signals, and ALA and OIF (for all I have my differences with them; hold that thought) have a pretty good track record of shouting down crap like this.

People have this weird idea that the information professions are “safe.” I hope that if you ever believed this, you don’t now. They’re not safe. They never have been and likely won’t ever be. Information professionals absolutely do have to challenge angry people, people who are messed-up in various ways, people with power, even our fellow professionals. (I have done. I’m kind of notorious for it, actually.) That’s not fun (I can say from personal experience), and it’s definitely not always safe. It’s just. Necessary.

What can you do?

As it happens, I am not a member of ALA, and I haven’t been since shortly after I graduated here. Why not? Here’s why not, from a blog post I wrote way back in the day (content warning, though, with my apologies, for ableism around cognitive ability—I definitely would not write this post the same way today that I did then).

Some people think that means I’m not allowed to criticize ALA, since I’m not contributing to it financially or with service. Bollocks to that. External critique is absolutely a valid mode of critique. Money and labor boycotts, individual and collective, are absolutely valid modes of critique. Don’t let anybody tell you different.

That said, trying to make change from within is also absolutely valid! Hey, ALA Student Chapter! This is you! This is what you can do! You can learn how ALA works, and how to position yourselves within the organization to make changes you want to see in it. You can speak up against OIF when they need to be spoken up against (which is unfortunately often). You can vote strategically in ALA elections, and you certainly should—the last thing librarianship needs is another ALA president like Michael Gorman, ugh. You can start yourselves climbing the ladders to power within ALA. It’s not by any means too soon!

You can write. You can speak. You can teach. You can blog and tweet and Facebook and Insta and so on in support of good library work and against those attacking libraries—“don’t mess with Library Twitter because Library Twitter will mess you up” is a truism on Twitter because a lot of librarians made it one. You can organize (in the activism sense of that word) and build community. You can do research aimed at redressing these issues or others (I’d be lying if I said I’m working on Data Doubles purely for the love of research).

But even if you don’t want to do any of these things, there’s one thing you can do that I implore (and frankly expect) you to: question yourself, question authority, question laws and ethics codes, question all of it, because (as I demonstrated with the dictionaries) none of it is sacrosanct and none of it is immutable. This is what ALA OIF repeatedly, conspicuously fails to do! Whenever evidence shows up that their intellectual-freedom absolutism is causing real harm to real people, they just pound the table with “but the ALA Policy Manual says!” That’s not good enough. It’s intellectual cowardice, epistemic arrogance, and abdication of responsibility. It’s not okay. I expect better of every single one of you… and if any of you want a platform to stand on as you work on ALA reform, “reform the absolute daylights out of OIF’s intellectual-freedom stances” is a pretty good one.

Some folks I think are worth reading, watching, supporting

  • Sam Popowich. If I’m honest, I tell you that a lot of his writing is a heavy lift for me because I don’t have the philosophy background… but I’m never sorry when I wade through his work anyway.
  • Lindsay Cronk, current head of ALA CORE.
  • Emily Drabinski.

So, Dorothea, are you doing anything special about this?

I mean, my privacy advocacy is largely in service to my sense of intellectual freedom (which does differ from OIF’s, but… on privacy OIF and I are actually mostly aligned, and I respect Erin Berman highly).

But yeah, I have a plan or two, thanks for asking. I’m teaching Code and Power again in the spring, and I will be adding one Critical Race Theory (the real thing, not the political caricature of it) reading each week—some classics like Crenshaw’s intersectionality piece, some new stuff. Come at me, world. (That’s not empty bravado. I am reconciled with the idea that—they actually might come at me.)

Wanna discuss?

I mean, you should want to; what I’ve just given you isn’t in any way comprehensive, and (as you can probably tell) I have a Point of View that definitely isn’t everyone’s!

Let’s by all means talk it out.

Past years’ modules

They’re here. They’re optional. Follow your heart or your gut about which ones to look at, or whether to look at any of them at all. I don’t look at your Canvas analytics; I won’t even know.

Teaching adversarial thinking

In case you missed it: A couple months ago a law prof brought on the wrath of academic Twitter by suggesting that students spend a week eavesdropping on the conversations of others to listen for people betraying their own security and privacy, a thing that people quite commonly do. Some of academic Twitter—self included—was initially entranced, until other parts of academic Twitter asked whether casual snoops (or even not-casual snoops) was really an okay thing to turn our students into? Especially when many of our students are still so unaware of the workings of privilege, such that snooping can take on exceptionally sinister overtones applied to certain populations?

So the initially-entranced folks, self included, backed off our initial enthusiasm, and the furor seems to have mostly died down. I, however, am still stuck with a pedagogical problem: as an instructor in introductory information security, I actually do have to teach people to snoop on, and even attack the privacy and security of, other people and systems. I know that sounds horrifying. I know it does! And it definitely gets into some pretty dark-gray gray areas. But stick with me just a bit longer while I explain.

Over a longish period of information-security work, it’s become clear that the only way to have any confidence at all that a system (in the large sense, so not just “a technological system” but “a technosocial system, emphatically including the people involved or even enmeshed in it”) is secure or private (not, of course, the same thing) is to test it by attacking it:

  • To test whether deidentification suffices to anonymize a dataset (spoiler: it rarely if ever does), researchers try to reidentify one or more people in it, often using additional available data to test reidentification via dataset overlap. See, for example, the Narayanan and Shmatikov paper that doomed the Netflix recommender-system contest.
  • To test the security of a given piece of software, you ultimately try to break it. Yes, there are tools (e.g. “Google dorks,” “vulnerability scanners,” “fuzzers,” even Shodan) to locate obvious or common problems, but they’re not enough. A creative, lateral-thinking human being is much better at finding exploitable holes in code than a computer.
  • To prioritize and test for holes in systems (again, “system” writ large), you first think like an adversary—what are the crown jewels in this system, and how would someone who wants them attack the system? This is called “threat modeling,” and thinking-like-an-adversary is a crucial part of it; without that, you end up with what Bruce Schneier calls “movie-plot threats” while ignoring the gaping system problems right under your nose (as, for example, Equifax certainly did). A crucial insight in threat modeling, captured concisely in this xkcd cartoon, is that your enemies always attack with the simplest method likely to work.
  • And once you have your threat model, you test how well your system resists it by, well, attacking your system in the ways you have identified it to be potentially vulnerable! This often happens in the form of “penetration testing,” which can be done on physical systems, social systems, technological systems (such as networks or software), or any combination of the three. My favorite example of a pentest that goes after all three types of system is this absolutely astounding Twitter thread, which I use in my intro course, and after which I named the class’s messing-around server “Jek.”

So I can’t get around it. If I’m to prepare students to take information privacy and security seriously, never mind enter actual infosec and privacy careers, I have to show them how to think like a Garbage Human (which is how I often phrase it in class), and I have to show them how to attack systems (writ large). How do I do this without turning them into Garbage Humans themselves?

This isn’t exactly a new problem in infosec, of course; the learn-to-defend-by-attacking paradox is the earth out of which Certified Ethical Hacker, CIP{M|T|P}, and similar tech-plus-thinking-about-law-and-ethics certifications grew. It’s not even a new problem generally—if we were to strip academe of everything that could be used to Garbage Human, how much of academe would be left? (Yes, yes, plenty of computer scientists claim that computer science would be left. Those computer scientists are wrong, wrong, wrong, wrong, wrong about that.)

What I ended up doing, because I felt more than a little bad about accepting the law-prof’s assignment idea so uncritically, was going back through my syllabus, assignments, and class slides looking for how I’d approached gray areas and put guardrails around students’ growing potential for Garbage Humanning. What I found fell into an actually rather small number of techniques:

  • Clearly and often laying out stuff that’s either illegal or so Garbage Humanny that it should be. For example, I use altering physical mail envelopes as an analogy to various address-spoofing attacks… but I also explicitly point out that mail tampering is amazingly illegal in the US and they shouldn’t do it. In person in the classroom, I am not at all shy about labeling certain practices Garbage Human territory.
  • Giving copious examples of how real people and organizations have been harmed by attack techniques. I can’t control whether my students use what I teach them to Garbage Human. I can control whether they can reasonably use the excuse “I didn’t know this could hurt anybody!” and I definitely try to.
  • When students in my class perform actual reconnaissance, attack, or forensics maneuvers, they’re doing it on me, on themselves (a good habit to get into! and certainly how I prep any assignment where they’ll be looking at me or my data), or on canned datasets created for the purpose (yes, I use the Greg Schardt/Mr. Evil dataset, for lack of one that’s more recent). They’re not doing it on unwitting and possibly-extra-vulnerable targets. Again, the techniques they’re learning absolutely can be repurposed for Garbage Humanning—but I’m clear that I don’t want them doing that, and I don’t give them any actual practice kicking down.
  • Keeping the emphasis on “attack to defend” throughout. They’re not learning adversarial thinking and attack techniques to turn into Garbage Humans, but to equip themselves to defend themselves, their loved ones, and those for whom they are in some way responsible against the depredations of Garbage Humans.
  • Being open about my own dilemmas vis-à-vis Garbage Humanning. For example, I am unbelievably tempted to pull a Narayanan-and-Shmatikov on the Minnesota learning-analytics dataset, the one from several Soria, Nackerud, et al. publications. Even though I don’t actually have that dataset (and don’t want it, good gravy, what a terrifying responsibility), I’d bet Large Sums of Money that knowing the cohort entry year (which, yes, they published) is enough all by itself to find some folks in the dataset via LinkedIn or a date-bracketed Google dork against the University of Minnesota’s website, and I might even be able to find some folks in their painfully-low-n outlier groups. Possible? Unequivocally. Absolutely without question possible. I’m not even good at reidentification and reconnaissance techniques and I am absolutely sure that I can do this. Ethical? … Well, that’s a tough one, which is why I haven’t actually done it.

Is this enough? I don’t know. I’m certainly still kicking the problem around in the back of my head, because if I can do better than I’m doing, I want to.