DRAFT: A privacy agenda for IMLS’s strategic plan

The Institute for Museum and Library Services is an incredibly influential funder of US library praxis and research. They are embarking on a strategic-planning process on which they have invited input (deadline August 6).

Disclaimer time: Work I’ve participated in has been directly funded by IMLS twice, once for PROUD and PRAVDA, once for Data Doubles.

A draft of the response email I intend to send appears below. Feel free to kibitz on Twitter; I want to let it stew in my own head for a few days before I send it. Feel free also to adapt what I’ve written here for your own comments to IMLS.

This email represents me as an individual, not the UW-Madison iSchool, the UW-Madison School of Computer, Data, and Information Sciences, or the IMLS-funded Data Doubles project. I appreciate the opportunity to make strategic suggestions for IMLS, whose programs are absolutely vital to American GLAM institutions.

First, I would be remiss not to thank IMLS and its staff for its past and present efforts to advance privacy in American libraries. The Data Doubles project is naturally uppermost in my mind as I’m a co-investigator on it, but I am also very impressed with the recent Safe Data Safe Families effort led by the University of Maryland. Thank you very much, IMLS, for your attention and assistance.

I believe IMLS should make privacy (and relatedly, information security) standards, education, praxis, and research a cornerstone of its next strategic plan. Such an agenda should accord well with current federal legislative and regulatory priorities around information security and data privacy. Outlining a few of the opportunities I see:

  • Broadening participation: Education and training on privacy, infosec, and personal/behavioral data literacy is a desperate need across practically all of American society, from youth on up and across all identities. How can American citizens appropriately influence the ongoing development of state and federal privacy law until a trusted institution like the American public library explains what is at stake? Data Doubles research revealed critically low privacy and security awareness among its respondents; how can college students push back against their schools or libraries harming them through their data if they do not understand their school’s or library’s data practices and how those practices can cause harm?
  • Essential skills: Professional development around privacy and infosec among GLAM workers is also desperately necessary. Libraries and archives have far fewer security and privacy-aware workers—even on the fairly basic awareness level I lead my own learners to—than they need. For example, the K-12 sector, hard-hit by ransomware, needs as much infosec help as it can get; could trained school media specialists be a source of that help? And how can academic librarians evaluate the impact of (just as one example) single-sign-on systems on patron privacy without the sociotechnical background to understand how these systems work?
  • Outreach and partnerships: An eye-opening result of the Data Doubles investigations is that respondents had a seriously inaccurate sense (when they had any sense at all) of library privacy commitments; moreover, in survey results they trusted librarians with their data rather less than they did other campus actors. This hints at a serious communication failure: librarians have not made our privacy stance sufficiently clear to the American public. Not only does this unnecessarily inhibit patron trust in libraries, it discourages individual libraries from making and sticking to strong privacy commitments (as my recent adventure in retrieving my own circulation data [1] demonstrates). I would love to see IMLS fund additional privacy-centric library outreach.
  • Practices and tools in collection management: The ability of software, service, and content vendors to surveil patron information use has vastly outstripped the GLAM sector’s ability to assess and respond to surveillance risks. Could IMLS fund rigorous security and privacy assessments by experts? How about privacy-aware, privacy-by-design standards development?
  • Research: My remarks above hint at useful research agendas, especially around privacy and security in GLAM software, systems, and services. I believe, however, that IMLS has a near-unique research-related privacy opportunity, even responsibility: building privacy standards and expectations for library human-subjects research that respect canonical library ethical commitments to privacy, and educating LIS researchers to respect such standards.

What is now the Digital Library Federation Privacy and Ethics in Technology group outlined in 2018 how neither the Common Rule nor Institutional Review Boards nor present-day data governance structures and processes protect library patron data sufficiently to accord with library-specific privacy ethics commitments [2]. In the absence of library-specific research-ethics guidance (much less incentives) from any library professional organization or major grant funder, privacy-invasive research practices such as noticeless and/or consentless information-use surveillance, dragnet surveillance of the information behavior of large groups of patrons, offering patrons no way to opt out of research into their information behavior, patron data sharing (including identified patron data) beyond library walls, and patron-data mashups with non-library data sources have crept largely unchallenged into the LIS literature [3], often accompanied by poor statistical analysis methods [4] and poor data-management practice [5].

IMLS can put a major dent in privacy-invasive research practices by establishing and publishing patron-data privacy and security standards and expectations for the LIS and GLAM researchers IMLS funds. The ethical responsibilities and operationalizations thereof laid out in the original Belmont Report [6] conveniently organize and contextualize what some of those expectations might look like:

  • Respect for persons: no research involving identified or reidentifiable patron data without informed consent by all research subjects; library patron data both individual and aggregated must remain within the library and cannot be mashed up with other sources of data about patrons; proper data management procedures, including but not limited to rigorous data security and deidentification, must be described in applications and adhered to by funded research projects
  • Beneficence: research must offer a clear benefit to library patrons in general and research subjects in particular, not only to the researcher(s) or the library (a test often failed by “library value” research)
  • Justice: research methods described in grant applications must acknowledge and (insofar possible) mitigate opportunities for bias; research must not exploit unequal power relations between researcher(s) and research subjects; research must not contribute to additional surveillance harms accruing to already-oversurveilled populations, especially minoritized populations; patron data too sensitive or invasive to collect or analyze in a physical-library context must also be considered too sensitive or invasive to collect or analyze online
  • Informed consent: required for all research subjects, without exception and independently of decisions by relevant IRBs
  • Assessment of risk and benefits: grant applications must enumerate security and privacy risks to research subjects and to library patrons more generally, weighing them against benefits to those subjects from the research and not forgetting to assess harms to minoritized populations; application reviewers must assess these risks and benefits in reviews
  • Selection of subjects: dragnet surveillance methods, especially without notice or consent, should not be funded by IMLS

Obviously IMLS needs far more input than just mine to establish these standards! Fortunately, IMLS has funded privacy and security ethicists, as well as patron advocates, that it can now tap to lend their expertise. I would expect standards promulgated by IMLS to have impact far beyond IMLS-funded research (a weighty consideration in its own right). Other GLAM funders might well follow in IMLS’s footsteps, and LIS editorial boards might adopt IMLS standards for their publications.

I happily repeat that I very much appreciate IMLS’s attention to privacy issues. I wish IMLS all good fortune in this strategic-planning process.

Dorothea Salo

[1] University of Wisconsin Circulation and E-Resource Access Records, https://osf.io/2axkn/

[2] Ethics in Research Use of Library Patron Data: Glossary and Explainer https://osf.io/xfkz6/

[3] Jones et al., “A comprehensive primer to library learning analytics practices, initiatives, and privacy issues.” (C&RL, https://doi.org/10.5860/crl.81.3.570)

[4] Asher and Robertshaw, “Unethical numbers? A meta-analysis of library impact studies” (preprint: https://ir.library.oregonstate.edu/concern/articles/qn59q8754)

[5] Briney, “Data management practices in academic library learning analytics: a review” (JLSC, https://doi.org/10.7710/2162-3309.2268)

[6] Belmont Report, https://www.hhs.gov/ohrp/regulations-and-policy/belmont-report/read-the-belmont-report/index.html