Tuesday, November 29th the American Library Association sent out an “Advocacy Alert” from about “a massive privacy threat,” the proposed and pending (“Rule 41”) grant to federal law enforcement authorities of“sweeping new powers to remotely hack into computers or computer systems,” including they advised everyone to worry possibly “your library's.”
New NYPL "Privacy Policy"
Early the next morning, Wednesday, Nov 30, 2016, the New York Public Library distributed to its list of library users and patrons its new updated privacy policy.
The NYPL’s new policy, about a year and a half in the making, and taking effect the day of its promulgation, was adopted by its board of trustees on November 16, 2016. That was about two weeks after Noticing New York ran an article about how the private spy company Booz Allen Hamilton, regarded by experts as an "arm of the [United States] intelligence community,". . . "with the "federal government as practically its sole client" was hired by the NYPL to overhaul its most important libraries in a scheme that entailed the sale and destruction of the Donnell, Mid-Mahattan and SIBL libraries and the central research stacks of the 42nd Street Central Research Library. See: Sunday, October 30, 2016, Snowden, Booz and the Dismantling of Libraries As We Know Them: Why Was A Private Government Spy Agency Hired to Take Apart New York's Most Important Libraries And Turn Them Into Something Else?
That NYPL trustees meeting was the same day as the publication of another article in Noticing New York following up on the subject of Booz Allen Hamilton's connection with the NYP, and its plans. See: Wednesday, November 16, 2016, Too Close For Comfort? Real Estate Addresses- Blackstone, Booz Allen Hamilton, The Libraries & Bryant Park.
Should NYPL library users be assured by the NYPL’s distribution the new privacy policy via an email that the new policy “protects our users, increasing trust and transparency between the Library and the community we serve,” albeit encouraging users to “read the full text” of the policy to understand it? The policy itself opens with some reassuringly axiomatic words most would find easy to agree with:
Bringing Up Privacy In Visit With NYPL Officials and Policy Makers About Future
As it happens, on the very day the NYPL was issuing its new privacy policy, a number of members of the Committee to Save the New York Public Library met with a group of senior NYPL policy and administration officials about their shaping of plans to keep increasingly fewer books at the library while relying on digital access and retrieval of books more or less by default. I am a member of CSNYPL and was part of the meeting. (I am also a co-founder of Citizens Defending Libraries.)
At the meeting, I managed to slightly embarrass myself by asking if I could get a copy of the new privacy policy as I overlooked my morning email telling me it was now online. I was, however, up-to-date enough to ask our host NYPL officials where they were with respect to the American Library Association’s “Advocacy Alert” regarding “a massive privacy threat” to libraries computers from “Rule 41.” As they were unaware of the issue I forwarded the ALA alert afterwards. Also, not presuming, I’ve asked whether the NYPL is a member of the ALA. The ALA has in the past taken a proactive stance agitating for the protection of library privacy, its council adopting, January 29, 2003, a Resolution on the USA Patriot Act and Related Measures That Infringe on the Rights of Library Users.
If you want to watch something even more prescient, in 2002, the Ad Council ran a 30 second public interest spot about library privacy and the preservation of American freedom. The advertisement really ought still to be running today. The advertisement asked the question “What if America wasn’t America?” darkly envisioning a dystopian future with government surveillance agents in the library and it ends instructively with the admonition: “Freedom- Appreciate It. Cherish It. Protect It.” (Citizens Defending Libraries included it as a “commercial break” as part of our October 2015 evening of library theater and comedy.)
At our meeting with the NYPL officials, I asked about the effect of their shift to digital approach on privacy specifically including the effect of the Communications Assistance for Law Enforcement Act (CALEA) which I noted was something the NYPL board had discussed. There was no recognition of what the Communications Assistance for Law Enforcement Act was or its effect and it was suggested this could be discussed separately afterward with one of the administrators there at the table responsible. That official has now given me the name of another NYPL official, the Director of Privacy and Compliance, to follow up with.
Expansion of CALEA And Library Privacy Fights Preceding NYPL's Engagement of Booz Allen Hamilton
When I wrote about the NYPL’s 2007 engagement of the private United States spy firm Booz Allen Hamilton for its reorganizational shedding of its books and physical library resources like the real estate that houses the books I observed the coincidence that the hiring of Booz came not long after it was revealed (May of 2006) that librarians had been fighting the federal government's overreach of secretly taking PATRIOT Act surveillance into the libraries.
The Connecticut librarians involved in that fight were subject to a perpetual gag order by the U.S. government so that it took years before what was going on was finally revealed to the public, and it was finally revealed to the public that May (and thus to others in the library world) only because the Connecticut librarians had finally won their fight. Might one assume that the revelations must have been big news in the library world at the time with major implications respecting the future of privacy in libraries and the fight to preserve it?
It occurred to me to review NYPL minutes to see what had been observed about this revelation and discussed by the board about preserving library privacy at that time. Somewhat surprisingly, I found nothing in the NYPL minutes of that time that mentioned the Connecticut librarians fight for privacy or victory. I did find something else contemporaneous and related, something ominous with respect to preservation of library privacy, and it can be found in minutes just before the revelations respecting the Connecticut librarians secretly fought fight.
The minutes of the February 8, 2008 NYPL trustees meeting reveal that new rules under the Communications Assistance for Law Enforcement Act (CALEA) may “require” the NYPL and other educational institutions “to reengineer their Internet service facilities to enhance law enforcement’s ability to monitor and intercept communications including e-mail and Voice Over Internet Protocol.”
The minutes note that “groups, including the American Library Association” (the minutes do not say including the NYPL) were seeking a clarification that the new rules would “not apply to certain libraries,” and challenging the extension of CALEA “to services other than communications.” February 8, 2006 is the same meeting where NYPL financial officer David Offensend advises the trustees of a Bloomberg administration initiative to strip down the capital funds the NYPL had on hand. A need to augment NYPL capital funds would not long thereafter be cited as a rationale for plans Offensend would implement to sell off the Donnell Library, and the NYPL Central Library Plan involving a consolidating shrinkage, disposing of the central destination Mid-Manhattan Library, the 34th Street Science, Industry and Business Library and the destruction of the research book stacks at the 42nd Street Central Reference Library.
Although the news would have been out by then, the June 7, 2006 NYPL Executive Committee minutes do not mention revelation of the Connecticut librarians privacy battle. Neither do the minutes of the first meeting of the full NYPL board after that held on September 9, 2006.
The minutes of the September 9, 2009 trustees meeting do, however, return to a related subject, the privacy encroachment on library privacy via the expanded CALEA rules. The co-chair of the board’s Committee on technology advised the NYPL trustees that “the library has now received guidance that its Internet Service Provider, and not the Library itself, will be required to comply with” the recently expanded CALEA rules for federal law enforcement monitoring and communication interception. . .
. . . And apparently there was increasingly more to monitor: Discussing information concerning user patterns and the library's website and its redesign it was noted that the NYPL website had “received over 20 million electronic visits during the fiscal year ending June 30, 2006, as compared to about 14 million in person visits to the Library’s physical facilities.” (Even if you are going physically to a library to get a physical book there are increasingly reasons to check online ahead of time about whether you are likely to find the book there, whether the library will be open, etc.)
What was not noted in those September minutes is that the “guidance” given to the trustees about how the recently expanded CALEA rules for federal law enforcement monitoring and communication interception were going to be complied with almost certainly flowed from and was shaped taking into account a June 9, 2006 loss respecting the fight for library privacy. On that date, the United States Court of Appeals for the District of Columbia Circuit decided against a group of higher education and library organizations led by the American Council on Education that had challenged the monitoring and interceptions as unconstitutional under the Fourth Amendment prohibitions on unreasonable search and seizures. (See: Washington Post- Appeals Court Sides With White House on Wiretaps, by Kim Hart, June 10, 2006.) As the case itself was not as a matter of record mentioned to the trustees one might suspect that the NYPL was not one of the litigant challengers, something I haven’t been able to determine yet.
The ruling in the case, American Council on Education v. Federal Communications Commission, United States of America, Verizon Telephone Companies et al. speaks in language paralleling the guidance to the trustees. It considered the argument that institutions like libraries were exempt from CALEA (the “information-services exclusion”) “insofar as they are engaged in providing information services.” But the court upheld the FCC interpretation that providing “information services” did not constitute an outright exclusion to the extent that, hybrid fashion, communication services were also being provided, if they were being provided outside of an entirely private network. The hookups to communicate with the public outside of the private network are what allow the expanded CALEA monitoring and interception under the FCC’s rule. As the court expressed it to the extent “these private networks are interconnected with a public network, either the[public voice network] or the Internet, providers of the facilities that support the connection of the private network to a public network are subject to CALEA.”
The Shell of NYPL Privacy Policy Protections- "Legal Requests"
The new NYPL privacy policy advises, under a section titled “Legal Requests,” that “sometimes the law requires” the NYPL to share patron information “such as if we receive a valid subpoena, warrant, or court order” and that the NYPL may share information “if our careful review leads us to believe that the law, including state privacy law applicable to Library Records, requires us to do so.” The section doesn’t warn library users that the modern day version of wiretapping, the reengineering of “Internet service facilities to enhance law enforcement’s ability to monitor and intercept communications” under CALEA’s expanded rules would happen through compliance by the NYPL’s “Internet Service Provider, and not the Library itself.”
The NYPL policy doesn’t suggest that if, in the very likely event subpoenas go to the NYPL’s “Internet Service Provider” instead of the NYPL, the NYPL is then itself quite unlikely to see any such subpoenas or `carefully review’ them at all. Nor, does the policy suggest how often information is obtained these days without interested parties ever seeing subpoenas, warrants, or court orders. Probably what “careful review” tells anyone these days about what “the law” can require is that, no matter what you have formally received from the government, little should be assumed about the privacy of any exchanges on the Internet.
There is one section of the NYPL’s privacy policy that warns that the NYPL uses “third-party library service providers and technologies to help deliver some of our services” and may share information with them for which the NYPL doesn’t assure privacy, but this doesn’t seem to be a warning about the NYPL’s internet provider(s) or CALEA monitoring or interceptions.
It reads:
A Federal Judiciary Grapples With Protecting Privacy
It is therefore interesting that at the NYPL’s last trustee meeting, the November 16th meeting where the board approved the new privacy policy, one of the two new trustees the NYPL appointed to its board that day was Judge Robert A. Katzmann (the other was Tony Yoseloff). Judge Katzmann is Chief Judge of the United States Court of Appeals for the Second Circuit.
Although Judge Katzmann was not one of the three judges deciding the case, it was in his Second Circuit Court of Appeals that it was ruled, May 7, 2015, in American Civil Liberties Union v. James Clapper, that the bulk data collection of Americans' phone records by the National Security Agency was illegal. See New York Times: N.S.A. Collection of Bulk Call Data Is Ruled Illegal, by Charlie Savage and Jonathan Weisman, May 7, 2015. (As Chief Judge, you can see Judge Katzmann’s name alongside the clerk of the court’s on the “Bill of Costs Instructions” pages of the decision.)
The May 2015 Clapper decision was decided by Second Circuit Court of Appeals partly in the more informed light and public awareness following the 2013 Edward Snowden disclosures about the extent of massive domestic surveillance exceeding what had been represented to the public to actually be happening.
In finding that the surveillance was unpermitted the court said that Congress had never intended to authorize such a far-reaching and unprecedented program, that it was a “a far stretch” to assert “that Congress was aware of” the “legal interpretation” being used for the dragnet collection of personal data, that the statutes which the government suggested provided equivalent precedents had “never been interpreted to authorize anything approaching the breadth of the sweeping surveillance at issue here.” The court said that the massive collections of data were untethered from the pursuit of actual investigations and that the “expansive development of government repositories of formerly private records would be an unprecedented contraction of the privacy expectations of all Americans.”
What happened with respect to the May 7, 2015 Clapper decision afterward is somewhat complex: Congress, which the court thought had not actually authorized the program and its practices, acted to replace it with another program that, putting the responsibility for data collection initially in private party hands, theoretically has more protections for the public, but on August 28, 2015 the May decision was overturned by the Court of Appeals, the practical effect of that Court of Appeals decision being more limited by virtue of the congressional change.
One line of reasoning offered to allow persistence of the various sweeping data surveillance and collection programs by the federal government is the promise that the federal government won’t look at the data collected unless or until it develops an investigative interest in knowing more about targeted individuals it identifies to whom that data relates.
Protecting Freedom of Thought: How Things Can Change, Including Politically
The United State President currently in office, Obama, is low key, mild mannered, thoughtfully measured and, if you put out of your mind such things as his drone attacks, he gives the impression of generous good will towards most human beings. No doubt many have not been frightened to think of surveillance tools as being under his control and direction even if they are virtually unlimited in their power. Notwithstanding, months ago Edward Snowden, being interviewed on an episode of “Vice” explicated his warning about “turn-key tyranny”:
Political cultures and environments can change rapidly, sometimes with calculating help from those who have ascended to power. The Nazi era in Germany and the countries Germany occupied provide examples of how completely countries can change faster than residents could recognize the dire threat they faced in time to flee and save their lives.
Our own country has had its own very recent periods where, with intense monitoring, we have sought to tightly constrain, criminalize and penalize unpermitted political thinking.
Outside the building where I live in Brooklyn Heights we just put up a plaque commemorating the fact that Arthur Miller (October 17, 1915 - February 10, 2005), the celebrated Pulitzer Prize-winning playwright who authored “The Crucible,” “Death of A Salesman,” “A View From the Bridge” and many other great works once lived in the building. The plaque reads in part:
Jacobs’ eight-thousand-word defense in response to the accusations of suspicion included:
Federal Judiciary In Residence at the NYPL Amongst The Trustees
Was any particular purpose intended to be served by the NYPL’s appointment of Judge Robert A. Katzmann as a new trustee? When it comes to certain of the NYPL’s goals, does this unfold resources for the NYPL to navigate better through the overlapping welter of broad surveillance laws virtually none of us can fully comprehend and quite frequently can’t find out much about? Does it put the NYPL in a better position to try to protect the privacy of patrons using the library? Conversely, does it create conflicts of interests for the judge if he now hears related surveillance cases?
Interestingly, as previously noted here in Noticing New York, on September 19, 2007, the NYPL trustees were previously advised, that another federal judge in the Southern Circuit who was similarly an NYPL trustee at that time, Judge Victor Marrero, handed down "an important opinion on the USA PATRIOT Act"(September 7th) ordering the FBI to stop its wide use of warrantless, secret "national security letters" (NSLs) to demand e-mail and telephone data from private companies, saying in his opinion:
Coverage in The Hill of the more recent proposed “Rule 41” change about which the American Library Association sent out its Advocacy Alert last week explained, “The Department of Justice’s alterations to the rule would allow law enforcement to use a single warrant to hack multiple devices beyond the jurisdiction that the warrant was issued in.” Opposition to the change was expressed in a letter signed by a long list of organizations (23 in all) that included American Civil Liberties Union, Google, the Electronic Frontier Foundation and two library organizations additional to the American Library Association, American Association of Law Libraries and Association of Research Libraries. The letter stated the rule change could be “abused to obtain a single warrant to search millions of targets, raising a host of constitutional concerns” and “would permit law enforcement to search the computers of hundreds of entirely innocent crime victims without their consent.”
The letter which also described the “unique harms” of hacking that could also flow out to third parties stated the “consequences of this rule change are far from clear, and could be deleterious to security as well as to Fourth Amendment privacy rights. Government hacking, like wiretapping, can be much more privacy invasive than traditional searches. . . because judges often authorize these warrants without requiring the government to specify the tactics and techniques that will be used, we simply do not know the full extent of the government’s searches.” A statement from Robyn Greene, who handles policy counsel and government affairs at New America’s Open Technology Institute, said “This rule change is far too complex and raises too many privacy and cybersecurity concerns for Congress to let the rule go into effect without conducting any oversight whatsoever.”
Unfortunately for us and apparently for our libraries, despite the ALA Advocacy Alert, “Rule 41” took effect December 1st. Edward Snowden weighed in about it on Twitter: “Without a debate or any new law, the rights of every American -- and basic privacy of people around the world -- have been narrowed.” And also: “The DOJ's claims are dishonest: #Rule41 substantively changes the limits on the government's powers. The FBI's hacking was just legalized.”
Its Policy Notwithstanding, Is Privacy At NYPL's Digital Libraries Assured?
So last week the NYPL sent out to its users the reassuring email that it has a “privacy policy,” and that, with its revisions, the policy along with its `protection’ of library users will increase “trust and transparency between the Library and the community we serve,” telling users that if they read the policy, they will “understand what data we collect and how we use it.” But is it fair to say that by reading the policy library users will understand what sort of data will be collected when they visit the library electronically or make use of its many increasing electronic features and portholes to access its resources and books?
Is it fair to think there will be privacy in our libraries if efforts to oppose the curtailment of library privacy by rule expansions like the CALEA expansion or “Rule 41” change keep getting defeated? Is it fair to think that the NYPL's privacy policy assures any privacy if it's actually the NYPL’s “Internet Service Provider, and not the Library itself” that complies with CALEA’s data collection . . therefore operating outside the circumscribed shell of the NYPL’s privacy policy?
Let's expand these questions to ask big picture: Should we be assured that we will find privacy at the library when the NYPL hired Booz Allen Hamilton, the biggest private spy firm in the nation working for the U.S. Government, as its consultant to structure its reorganizational shedding of its books and physical library resources like the real estate that housing them? Let’s remember again that the NYPL hired Booz Allen not very long after its board was advised of the expectation that CALEA might “require” the NYPL and “to reengineer their Internet service facilities to enhance law enforcement’s ability to monitor and intercept communications.”
Certainly, Booz Allen, the firm where Edward Snowden once worked, would have possessed extremely relevant and tailored expertise in navigating responses through changing surveillance laws and the practices that implement them, but is it to be legitimately hoped that Booz would use that expertise to enhance and secure library privacy, or ought we instead entertain suspicions about the reverse?
Suffice it to say, that if you visited NYPL libraries like Mid-Manhattan, SIBL, the 42nd Street Central Reference Library or the now destroyed Donnell Library to access books that were then readily available to you on premises (and did not need to be electronically accessed) you were afforded a real and practical assurance of privacy that does not now apply with the various means of accessing books digitally, including connecting through the Internet that you must use now in the wake of changes made with Booz's consulting guidance.
Sacrifice of the Traditional Library on the Altar of Digital Nirvana
At our meeting last week with NYPL library officials we expressed concern about how NYPL library book shelves now sit, apparently unnecessarily, devoid of books. Through most of the meeting, we heard a lot from the NYPL officials about the glorious benefits of digitizing the availability of books. Similarly, we were told about what goes along with this, the benefits centralizing the availability of books with the elimination of “duplicates” of these printed repositories of knowledge- except that it had to be conceded that such cost-reducing cutbacks for libraries also defund publishers and authors.
We were told, however, that the glories of digitization demand sacrifice. Bill Kelly (William P. Kelly), the NYPL’s Andrew W. Mellon Director of the Research Libraries, told us:
I could not listen to Mr. Kelly without remembering that there is a history of previous civilizations collapsing when those now dead-and-buried civilizations decided that their libraries were unsustainable and not worth keeping. Of course, back then, the libraries that were being abandoned by these declining civilizations were libraries as we have traditionally known them and as they served us over the centuries, not the kind of hi-tech digital operations we are developing now than can do double duty to surveil us as we read.
November 29th American Library Association “Advocacy Alert” about "a massive privacy threat” affecting libraries |
New NYPL "Privacy Policy"
Early the next morning, Wednesday, Nov 30, 2016, the New York Public Library distributed to its list of library users and patrons its new updated privacy policy.
The NYPL’s new policy, about a year and a half in the making, and taking effect the day of its promulgation, was adopted by its board of trustees on November 16, 2016. That was about two weeks after Noticing New York ran an article about how the private spy company Booz Allen Hamilton, regarded by experts as an "arm of the [United States] intelligence community,". . . "with the "federal government as practically its sole client" was hired by the NYPL to overhaul its most important libraries in a scheme that entailed the sale and destruction of the Donnell, Mid-Mahattan and SIBL libraries and the central research stacks of the 42nd Street Central Research Library. See: Sunday, October 30, 2016, Snowden, Booz and the Dismantling of Libraries As We Know Them: Why Was A Private Government Spy Agency Hired to Take Apart New York's Most Important Libraries And Turn Them Into Something Else?
That NYPL trustees meeting was the same day as the publication of another article in Noticing New York following up on the subject of Booz Allen Hamilton's connection with the NYP, and its plans. See: Wednesday, November 16, 2016, Too Close For Comfort? Real Estate Addresses- Blackstone, Booz Allen Hamilton, The Libraries & Bryant Park.
Should NYPL library users be assured by the NYPL’s distribution the new privacy policy via an email that the new policy “protects our users, increasing trust and transparency between the Library and the community we serve,” albeit encouraging users to “read the full text” of the policy to understand it? The policy itself opens with some reassuringly axiomatic words most would find easy to agree with:
Privacy is essential to the exercise of free speech, free thought, and free association.The policy tells us that the NYPL “is committed to protecting your privacy, whether you are a user, visitor, and/or donor” and the policy even self-reflexively asserts that it was written drawing “upon industry best practices and national standards for privacy.”
NYPL November 16, 2016 Trustees meeting where new privacy policy was adopted |
Bringing Up Privacy In Visit With NYPL Officials and Policy Makers About Future
As it happens, on the very day the NYPL was issuing its new privacy policy, a number of members of the Committee to Save the New York Public Library met with a group of senior NYPL policy and administration officials about their shaping of plans to keep increasingly fewer books at the library while relying on digital access and retrieval of books more or less by default. I am a member of CSNYPL and was part of the meeting. (I am also a co-founder of Citizens Defending Libraries.)
At the meeting, I managed to slightly embarrass myself by asking if I could get a copy of the new privacy policy as I overlooked my morning email telling me it was now online. I was, however, up-to-date enough to ask our host NYPL officials where they were with respect to the American Library Association’s “Advocacy Alert” regarding “a massive privacy threat” to libraries computers from “Rule 41.” As they were unaware of the issue I forwarded the ALA alert afterwards. Also, not presuming, I’ve asked whether the NYPL is a member of the ALA. The ALA has in the past taken a proactive stance agitating for the protection of library privacy, its council adopting, January 29, 2003, a Resolution on the USA Patriot Act and Related Measures That Infringe on the Rights of Library Users.
If you want to watch something even more prescient, in 2002, the Ad Council ran a 30 second public interest spot about library privacy and the preservation of American freedom. The advertisement really ought still to be running today. The advertisement asked the question “What if America wasn’t America?” darkly envisioning a dystopian future with government surveillance agents in the library and it ends instructively with the admonition: “Freedom- Appreciate It. Cherish It. Protect It.” (Citizens Defending Libraries included it as a “commercial break” as part of our October 2015 evening of library theater and comedy.)
At our meeting with the NYPL officials, I asked about the effect of their shift to digital approach on privacy specifically including the effect of the Communications Assistance for Law Enforcement Act (CALEA) which I noted was something the NYPL board had discussed. There was no recognition of what the Communications Assistance for Law Enforcement Act was or its effect and it was suggested this could be discussed separately afterward with one of the administrators there at the table responsible. That official has now given me the name of another NYPL official, the Director of Privacy and Compliance, to follow up with.
Expansion of CALEA And Library Privacy Fights Preceding NYPL's Engagement of Booz Allen Hamilton
When I wrote about the NYPL’s 2007 engagement of the private United States spy firm Booz Allen Hamilton for its reorganizational shedding of its books and physical library resources like the real estate that houses the books I observed the coincidence that the hiring of Booz came not long after it was revealed (May of 2006) that librarians had been fighting the federal government's overreach of secretly taking PATRIOT Act surveillance into the libraries.
The Connecticut librarians involved in that fight were subject to a perpetual gag order by the U.S. government so that it took years before what was going on was finally revealed to the public, and it was finally revealed to the public that May (and thus to others in the library world) only because the Connecticut librarians had finally won their fight. Might one assume that the revelations must have been big news in the library world at the time with major implications respecting the future of privacy in libraries and the fight to preserve it?
It occurred to me to review NYPL minutes to see what had been observed about this revelation and discussed by the board about preserving library privacy at that time. Somewhat surprisingly, I found nothing in the NYPL minutes of that time that mentioned the Connecticut librarians fight for privacy or victory. I did find something else contemporaneous and related, something ominous with respect to preservation of library privacy, and it can be found in minutes just before the revelations respecting the Connecticut librarians secretly fought fight.
February 8, 2008 NYPL minutes: CALEA) may “require” the NYPL “to reengineer their Internet service facilities to enhance law enforcement’s ability to monitor and intercept communications” |
The minutes of the February 8, 2008 NYPL trustees meeting reveal that new rules under the Communications Assistance for Law Enforcement Act (CALEA) may “require” the NYPL and other educational institutions “to reengineer their Internet service facilities to enhance law enforcement’s ability to monitor and intercept communications including e-mail and Voice Over Internet Protocol.”
The minutes note that “groups, including the American Library Association” (the minutes do not say including the NYPL) were seeking a clarification that the new rules would “not apply to certain libraries,” and challenging the extension of CALEA “to services other than communications.” February 8, 2006 is the same meeting where NYPL financial officer David Offensend advises the trustees of a Bloomberg administration initiative to strip down the capital funds the NYPL had on hand. A need to augment NYPL capital funds would not long thereafter be cited as a rationale for plans Offensend would implement to sell off the Donnell Library, and the NYPL Central Library Plan involving a consolidating shrinkage, disposing of the central destination Mid-Manhattan Library, the 34th Street Science, Industry and Business Library and the destruction of the research book stacks at the 42nd Street Central Reference Library.
Although the news would have been out by then, the June 7, 2006 NYPL Executive Committee minutes do not mention revelation of the Connecticut librarians privacy battle. Neither do the minutes of the first meeting of the full NYPL board after that held on September 9, 2006.
September 9, 2009 minutes: "Guidance" on CALEA monitoring and interception of communication via the NYPL's Internet provider, not the library itself |
. . . And apparently there was increasingly more to monitor: Discussing information concerning user patterns and the library's website and its redesign it was noted that the NYPL website had “received over 20 million electronic visits during the fiscal year ending June 30, 2006, as compared to about 14 million in person visits to the Library’s physical facilities.” (Even if you are going physically to a library to get a physical book there are increasingly reasons to check online ahead of time about whether you are likely to find the book there, whether the library will be open, etc.)
What was not noted in those September minutes is that the “guidance” given to the trustees about how the recently expanded CALEA rules for federal law enforcement monitoring and communication interception were going to be complied with almost certainly flowed from and was shaped taking into account a June 9, 2006 loss respecting the fight for library privacy. On that date, the United States Court of Appeals for the District of Columbia Circuit decided against a group of higher education and library organizations led by the American Council on Education that had challenged the monitoring and interceptions as unconstitutional under the Fourth Amendment prohibitions on unreasonable search and seizures. (See: Washington Post- Appeals Court Sides With White House on Wiretaps, by Kim Hart, June 10, 2006.) As the case itself was not as a matter of record mentioned to the trustees one might suspect that the NYPL was not one of the litigant challengers, something I haven’t been able to determine yet.
The ruling in the case, American Council on Education v. Federal Communications Commission, United States of America, Verizon Telephone Companies et al. speaks in language paralleling the guidance to the trustees. It considered the argument that institutions like libraries were exempt from CALEA (the “information-services exclusion”) “insofar as they are engaged in providing information services.” But the court upheld the FCC interpretation that providing “information services” did not constitute an outright exclusion to the extent that, hybrid fashion, communication services were also being provided, if they were being provided outside of an entirely private network. The hookups to communicate with the public outside of the private network are what allow the expanded CALEA monitoring and interception under the FCC’s rule. As the court expressed it to the extent “these private networks are interconnected with a public network, either the[public voice network] or the Internet, providers of the facilities that support the connection of the private network to a public network are subject to CALEA.”
The Shell of NYPL Privacy Policy Protections- "Legal Requests"
The new NYPL privacy policy advises, under a section titled “Legal Requests,” that “sometimes the law requires” the NYPL to share patron information “such as if we receive a valid subpoena, warrant, or court order” and that the NYPL may share information “if our careful review leads us to believe that the law, including state privacy law applicable to Library Records, requires us to do so.” The section doesn’t warn library users that the modern day version of wiretapping, the reengineering of “Internet service facilities to enhance law enforcement’s ability to monitor and intercept communications” under CALEA’s expanded rules would happen through compliance by the NYPL’s “Internet Service Provider, and not the Library itself.”
The NYPL policy doesn’t suggest that if, in the very likely event subpoenas go to the NYPL’s “Internet Service Provider” instead of the NYPL, the NYPL is then itself quite unlikely to see any such subpoenas or `carefully review’ them at all. Nor, does the policy suggest how often information is obtained these days without interested parties ever seeing subpoenas, warrants, or court orders. Probably what “careful review” tells anyone these days about what “the law” can require is that, no matter what you have formally received from the government, little should be assumed about the privacy of any exchanges on the Internet.
There is one section of the NYPL’s privacy policy that warns that the NYPL uses “third-party library service providers and technologies to help deliver some of our services” and may share information with them for which the NYPL doesn’t assure privacy, but this doesn’t seem to be a warning about the NYPL’s internet provider(s) or CALEA monitoring or interceptions.
It reads:
2. Third-Party Library Services Providers. We use third-party library service providers and technologies to help deliver some of our services to you. If and when you choose to use such services, we may share your information with these third parties, but only as necessary for them to provide services to NYPL. We may also display links to third-party services or content. By following links, you may be providing information (including, but not limited to Personal Information) directly to a third party, to us, or to both. You acknowledge and agree that NYPL is not responsible for how those third parties collect or use your information. Third parties must either agree to adhere to strict confidentiality obligations in a way that is consistent with this Privacy Policy and the agreements we enter into with them or we require them to post their own privacy policy. We encourage you to review the privacy policies of every third-party website or service that you visit or use, including those third parties with whom you interact with through our Library services.Perhaps, as you read this, you feel like you’d need a lawyer to understand whether your privacy as a NYPL users is in any way assured. I happen to be a lawyer myself and find the laws that have expanded surveillance in our country since 9/11 far from readily understandable except to know that those laws are not very limiting to the government and that, even to the extent that they have been, it does not appear they have always been complied with.
A Federal Judiciary Grapples With Protecting Privacy
It is therefore interesting that at the NYPL’s last trustee meeting, the November 16th meeting where the board approved the new privacy policy, one of the two new trustees the NYPL appointed to its board that day was Judge Robert A. Katzmann (the other was Tony Yoseloff). Judge Katzmann is Chief Judge of the United States Court of Appeals for the Second Circuit.
Although Judge Katzmann was not one of the three judges deciding the case, it was in his Second Circuit Court of Appeals that it was ruled, May 7, 2015, in American Civil Liberties Union v. James Clapper, that the bulk data collection of Americans' phone records by the National Security Agency was illegal. See New York Times: N.S.A. Collection of Bulk Call Data Is Ruled Illegal, by Charlie Savage and Jonathan Weisman, May 7, 2015. (As Chief Judge, you can see Judge Katzmann’s name alongside the clerk of the court’s on the “Bill of Costs Instructions” pages of the decision.)
The May 2015 Clapper decision was decided by Second Circuit Court of Appeals partly in the more informed light and public awareness following the 2013 Edward Snowden disclosures about the extent of massive domestic surveillance exceeding what had been represented to the public to actually be happening.
In finding that the surveillance was unpermitted the court said that Congress had never intended to authorize such a far-reaching and unprecedented program, that it was a “a far stretch” to assert “that Congress was aware of” the “legal interpretation” being used for the dragnet collection of personal data, that the statutes which the government suggested provided equivalent precedents had “never been interpreted to authorize anything approaching the breadth of the sweeping surveillance at issue here.” The court said that the massive collections of data were untethered from the pursuit of actual investigations and that the “expansive development of government repositories of formerly private records would be an unprecedented contraction of the privacy expectations of all Americans.”
What happened with respect to the May 7, 2015 Clapper decision afterward is somewhat complex: Congress, which the court thought had not actually authorized the program and its practices, acted to replace it with another program that, putting the responsibility for data collection initially in private party hands, theoretically has more protections for the public, but on August 28, 2015 the May decision was overturned by the Court of Appeals, the practical effect of that Court of Appeals decision being more limited by virtue of the congressional change.
One line of reasoning offered to allow persistence of the various sweeping data surveillance and collection programs by the federal government is the promise that the federal government won’t look at the data collected unless or until it develops an investigative interest in knowing more about targeted individuals it identifies to whom that data relates.
Protecting Freedom of Thought: How Things Can Change, Including Politically
Snowden appearing in "Vice" episode |
Even if you trust the government today, what happens when it changes? In our democracy we’re never more than eight years away from a total change of government. Suddenly, everyone’s vulnerable to this individual and the systems are already in place. What happens tomorrow, in a year, in five years, in ten years, when eventually we get an individual who says, “You know what? Let’s flip that switch and use the absolute full extent of our technological capabilities to ensure the political stability of this new administration”?. . He was speaking in the abstract at the time, not about Trump.
Political cultures and environments can change rapidly, sometimes with calculating help from those who have ascended to power. The Nazi era in Germany and the countries Germany occupied provide examples of how completely countries can change faster than residents could recognize the dire threat they faced in time to flee and save their lives.
Our own country has had its own very recent periods where, with intense monitoring, we have sought to tightly constrain, criminalize and penalize unpermitted political thinking.
New plaque outside my Brooklyn Heights building. We revere Arthur Miller as a great mind and writer, but also because he refused to "name names" when, only recently in this country, that was an act of incredible courage. You can watch the video of the plaque dedication ceremony to learn more about Miller's courage with comment about how that relates to today. |
Outside the building where I live in Brooklyn Heights we just put up a plaque commemorating the fact that Arthur Miller (October 17, 1915 - February 10, 2005), the celebrated Pulitzer Prize-winning playwright who authored “The Crucible,” “Death of A Salesman,” “A View From the Bridge” and many other great works once lived in the building. The plaque reads in part:
In 1956, Miller refused to name names when he was subpoenaed by the House Un-American activities Committee.Throughout the decades that Jane Jacobs was known to the world as a celebrated urbanist thinker she assiduously avoided being pigeon-holed has a Republican, Democrat, Liberal or Conservative. I am now reading Robert Kanigel’s new biographer of her life, “Eyes on the Street: The Life of Jane Jacobs,” and have been surprised to learn that in 1952 (the year I was born) Jacobs, threatened with the loss of her government job, was forced to defend herself against suspicions that her independence of thought made her immoral and disloyal to the United States. That was despite that fact she had a proven record of writing some very effective “propaganda” on the Unite States Government’s behalf.
Jacobs’ eight-thousand-word defense in response to the accusations of suspicion included:
It still shocks me, although we should all be used to it by this time, to realize that Americans can be officially questioned on their union membership, political beliefs, reading matter and the like. I do not like this, and I like still less the fear that arises from it. . .She had much more to say, of course, including about her abhorrence of the “political tyranny” of the Soviet system of government taking on as its mission “the molding of people into a ‘specific kid os man,’ i.e. ‘Soviet Man,’” that it practiced and extolled “a conception of the state as ‘control from above and support from below’; that controls the work of artists, musicians, architects and scientists; that controls what people read and attempts to control what people think.” Notice her stress on the relationship between freedom to read and freedom of thought.
I was brought up to believe that there is no virtue in conforming meekly to the dominant opinion of the moment. I was encouraged to believe that simple conformity results in stagnation for a society, and that American progress has been largely owing to the opportunity for experimentation, the leeway given initiative, and to a gusto and freedom for chewing over odd ideas.
Federal Judiciary In Residence at the NYPL Amongst The Trustees
Was any particular purpose intended to be served by the NYPL’s appointment of Judge Robert A. Katzmann as a new trustee? When it comes to certain of the NYPL’s goals, does this unfold resources for the NYPL to navigate better through the overlapping welter of broad surveillance laws virtually none of us can fully comprehend and quite frequently can’t find out much about? Does it put the NYPL in a better position to try to protect the privacy of patrons using the library? Conversely, does it create conflicts of interests for the judge if he now hears related surveillance cases?
Interestingly, as previously noted here in Noticing New York, on September 19, 2007, the NYPL trustees were previously advised, that another federal judge in the Southern Circuit who was similarly an NYPL trustee at that time, Judge Victor Marrero, handed down "an important opinion on the USA PATRIOT Act"(September 7th) ordering the FBI to stop its wide use of warrantless, secret "national security letters" (NSLs) to demand e-mail and telephone data from private companies, saying in his opinion:
The risk of investing the FBI with unchecked discretion to restrict such speech is that government agents, based on their own self-certification, may limit speech that does not pose a significant threat to national security or other compelling government interest“Rule 41”: Another Library Privacy Battle Lost Last Friday, December 1st
Coverage in The Hill of the more recent proposed “Rule 41” change about which the American Library Association sent out its Advocacy Alert last week explained, “The Department of Justice’s alterations to the rule would allow law enforcement to use a single warrant to hack multiple devices beyond the jurisdiction that the warrant was issued in.” Opposition to the change was expressed in a letter signed by a long list of organizations (23 in all) that included American Civil Liberties Union, Google, the Electronic Frontier Foundation and two library organizations additional to the American Library Association, American Association of Law Libraries and Association of Research Libraries. The letter stated the rule change could be “abused to obtain a single warrant to search millions of targets, raising a host of constitutional concerns” and “would permit law enforcement to search the computers of hundreds of entirely innocent crime victims without their consent.”
The letter which also described the “unique harms” of hacking that could also flow out to third parties stated the “consequences of this rule change are far from clear, and could be deleterious to security as well as to Fourth Amendment privacy rights. Government hacking, like wiretapping, can be much more privacy invasive than traditional searches. . . because judges often authorize these warrants without requiring the government to specify the tactics and techniques that will be used, we simply do not know the full extent of the government’s searches.” A statement from Robyn Greene, who handles policy counsel and government affairs at New America’s Open Technology Institute, said “This rule change is far too complex and raises too many privacy and cybersecurity concerns for Congress to let the rule go into effect without conducting any oversight whatsoever.”
Unfortunately for us and apparently for our libraries, despite the ALA Advocacy Alert, “Rule 41” took effect December 1st. Edward Snowden weighed in about it on Twitter: “Without a debate or any new law, the rights of every American -- and basic privacy of people around the world -- have been narrowed.” And also: “The DOJ's claims are dishonest: #Rule41 substantively changes the limits on the government's powers. The FBI's hacking was just legalized.”
Snowden's "Rule 41" Tweets |
Its Policy Notwithstanding, Is Privacy At NYPL's Digital Libraries Assured?
So last week the NYPL sent out to its users the reassuring email that it has a “privacy policy,” and that, with its revisions, the policy along with its `protection’ of library users will increase “trust and transparency between the Library and the community we serve,” telling users that if they read the policy, they will “understand what data we collect and how we use it.” But is it fair to say that by reading the policy library users will understand what sort of data will be collected when they visit the library electronically or make use of its many increasing electronic features and portholes to access its resources and books?
Is it fair to think there will be privacy in our libraries if efforts to oppose the curtailment of library privacy by rule expansions like the CALEA expansion or “Rule 41” change keep getting defeated? Is it fair to think that the NYPL's privacy policy assures any privacy if it's actually the NYPL’s “Internet Service Provider, and not the Library itself” that complies with CALEA’s data collection . . therefore operating outside the circumscribed shell of the NYPL’s privacy policy?
Let's expand these questions to ask big picture: Should we be assured that we will find privacy at the library when the NYPL hired Booz Allen Hamilton, the biggest private spy firm in the nation working for the U.S. Government, as its consultant to structure its reorganizational shedding of its books and physical library resources like the real estate that housing them? Let’s remember again that the NYPL hired Booz Allen not very long after its board was advised of the expectation that CALEA might “require” the NYPL and “to reengineer their Internet service facilities to enhance law enforcement’s ability to monitor and intercept communications.”
Certainly, Booz Allen, the firm where Edward Snowden once worked, would have possessed extremely relevant and tailored expertise in navigating responses through changing surveillance laws and the practices that implement them, but is it to be legitimately hoped that Booz would use that expertise to enhance and secure library privacy, or ought we instead entertain suspicions about the reverse?
Suffice it to say, that if you visited NYPL libraries like Mid-Manhattan, SIBL, the 42nd Street Central Reference Library or the now destroyed Donnell Library to access books that were then readily available to you on premises (and did not need to be electronically accessed) you were afforded a real and practical assurance of privacy that does not now apply with the various means of accessing books digitally, including connecting through the Internet that you must use now in the wake of changes made with Booz's consulting guidance.
Sacrifice of the Traditional Library on the Altar of Digital Nirvana
At our meeting last week with NYPL library officials we expressed concern about how NYPL library book shelves now sit, apparently unnecessarily, devoid of books. Through most of the meeting, we heard a lot from the NYPL officials about the glorious benefits of digitizing the availability of books. Similarly, we were told about what goes along with this, the benefits centralizing the availability of books with the elimination of “duplicates” of these printed repositories of knowledge- except that it had to be conceded that such cost-reducing cutbacks for libraries also defund publishers and authors.
We were told, however, that the glories of digitization demand sacrifice. Bill Kelly (William P. Kelly), the NYPL’s Andrew W. Mellon Director of the Research Libraries, told us:
I think it will come as no news to anyone at this table that expenses in the world of libraries as we try to do both print and digital forms become increasingly more expensive. I would argue that they are not sustainable across time. This is not an unusual position. This is one shared across the library terrain. I’ve talked with Carla Hayden [head of the Library of Congress] about it, I’ve talked with librarians at Cambridge and Oxford, I’ve talked with people in Chicago and California . . . The notion that one library can do all things is no longer a sustainable one . . The task of being able to maintain digital and print material at the same time- That horse left the barn a long time ago.In other words, if we accept this, those of us who thought that digital tools might make things more affordable so that more becomes possible, and society’s wealth can increase, were wrong: Digitaltechnology makes libraries as we have known them unsustainable.
I could not listen to Mr. Kelly without remembering that there is a history of previous civilizations collapsing when those now dead-and-buried civilizations decided that their libraries were unsustainable and not worth keeping. Of course, back then, the libraries that were being abandoned by these declining civilizations were libraries as we have traditionally known them and as they served us over the centuries, not the kind of hi-tech digital operations we are developing now than can do double duty to surveil us as we read.