Spotlight on The News Librarian: what did we do and what have we lost?

This year’s Best Picture Oscar went to the film Spotlight, about an investigative journalist team uncovering a scandal in the Boston Catholic church in the 1990s. Among the techniques which helped them make connections, find evidence and uncover new aspects, were searches through press cuttings archives and cross referencing library directories. Vaguely seen in the film are news librarians, retrieving microfilm and hard copy press cuttings files. Unsurprisingly, the heroes of the film were the journalists themselves, the librarians silent service personnel. Here, Katharine Schopflin shares her experience of working as a news librarian.

As a news librarian myself in the early 2000s, I can tell you that librarians did a lot more than just fetching and carrying. For a start, the press cuttings files themselves were compiled by librarians marking articles with relevant classification terms so they could be found again. To do so took expert news knowledge, the ability to analyse and disambiguate at high speed and an understanding of how future questions would be asked. Secondly, news libraries kept back copies of directories precisely so that they could be mined for information. The journalists in Spotlight descend to a basement storeroom and found them on the shelves, in order, where they expected to. Their life had they been kept in the newsroom would have been somewhat shorter.

And news librarians actually did research themselves. The late 1990s was the great era of the information professional as news researcher. Paula Hane’s Super searchers in the news (Information Today, 2000) interviewed ten librarians based in US news organisations. They discussed the questions they get asked, the stories they had researched, the skills they used and the resources they relied on. All indicated a close working relationships with journalists, investigative or otherwise, who clearly valued their skills and knowledge of resources. In some cases the librarian worked in the newsroom itself, in a role recognised as quasi-journalistic. This wasn’t a US phenomenon either. Sarah Adair’s edited collection Information sources in the press and broadcast media (Bowker Saur, 1999) demonstrated that specialist information searching skills were increasingly valued at a time when many journalists felt mistrustful or overwhelmed by the world wide web. News librarians understood where to look, how to evaluate and when to go to trusted sources such as hard copy reference or online databases which charged a hefty per-use tariff.

Image credit: 'New technology will slash cost of preserving written heritage' by University of Salford Press Office
Image credit: ‘New technology will slash cost of preserving written heritage’ by University of Salford Press Office

In the first decade of the twentieth century, a combination of panic and opportunity meant that library after library closed across the UK and US. Panic was caused by a succession of events: the dot.com crash, particularly affecting publications which had been taken over by tech companies (AOL Time Warner, which announced the closure of the Time Life editorial research library in June 2001 was a noted example), recession, the after-effects of the September 2001 World Trade Center attacks (which affected advertising revenue), and the decline in paper circulation as online news took over the eyes and interest of readers. In response, news organisations sought cuts wherever they could. As research resources became increasingly available via web interfaces directly accessed by journalists themselves, the opportunity to make savings by closing the library seemed obvious. In 2010, the professional association representing news librarians in the UK, the Association of UK Media, was wound up because so few of its members now worked in the sector.

Today, the news librarian is a rare creature indeed. There are some pockets of information professional work in news organisations in areas such as rights, licensing, media cataloguing and management and even research. But on the whole, the notion that an information professional has special skills essential to publication of unbiased, well-informed, original and accurate journalism has disappeared. Either organisations feel ‘it’s all on the web’ or a library was a luxury or something simply not relevant. Librarians are not the only casualty of a very real crisis in the modern media: increasingly fewer journalists work for newspapers and, as Nick Davies depicts in his excellent Flat Earth News (Chatto and Windus, 2008), much of the content produced by our news outlets rehashes the contents of press releases. Far less of the type of investigative journalism depicted in Spotlight takes place.

Nobody is arguing that librarians should be employed to classify hard-copy press cuttings when the most-heavily used content is available online, powerful and evocative as a hard copy press cuttings file is. And the day-to-day life of the news librarian was unglamorous and could be unrewarding. Yet the loss of an entire sector of a profession is no small matter. As I write, public librarians are active in protest to try and ensure that there will be professional jobs for them to take on in the future. Professions ensure standards, encourage training, provide best practice and support each other with knowledge, advice and shared resources.

newspaper clippings laid out on a table
Image credit: ‘newspaper clippings table’ by
Carmichael Library

News librarians were the people in their organisation who excelled at finding information, identifying sources and, as information increasingly became available in chaotic and unmediated formats via the web, establish the authority and reliability of a source. Many journalists cared about these things, but only the librarians took on the responsibility to be the filter which stopped short-cuts and lazy research. Perhaps this is the real tragedy of the loss of the news librarian, what it says about the journalism available to us. Nobody working in the field can afford to apply the types of professionalism a news librarian could bring to the job. This is unlikely to change as news organisations attempt to solve the conundrum of how to make their readers pay for professionally-written content.

The demise of the news librarian is not, therefore, simply a historical event, equivalent to the loss of paper-based accounts ledgers or a closed coal mine. It points to two depressing conclusions about the media we read, watch and listen to. First, the very connection of information skills with journalism has been lost. Those people who train and practice to connect people with high-quality information are no longer of interest to those who make the news. Secondly, information skills have become redundant in the media because few media outlets care about professional standards. It’s not just librarians who aren’t carrying out in-depth research, evaluating sources and finding the unfindable: nobody is.

I recently attended a Media Society event at which senior journalists discussed the future of news content. They agreed that, if journalism is to prove itself as important in society, more high-quality investigative journalism of the sort depicted in Spotlight should take place. I would like to think that, if it happens, the support and skills of information professionals would be recognised as offering value to the process. However, I fear the link between our profession and the news has probably been severed irrevocably.

First published in CILIP Update (magazine of the Chartered Institute of Library and Information Professionals, www.cilip.org.uk), June 2016, pp. 28-30, and reproduced by kind permission.

The Informed Peer Recognition Award

informed award banner

The Informed team are excited to be announcing the launch of a new award, the Informed Peer Recognition Award. We thought it would be a useful addition to the range of awards currently available for information professionals in the UK.

Background to the development of the award

Elly O’Brien, Mobeena Khan and Jennie Findlay spent a significant amount of time drafting a nomination for a professional colleague for an award back in autumn 2014. The process of writing the nomination was particularly time consuming and demanding, taking the three of us many hours of our time. Once the nomination was submitted, there was no further contact from the organisers. We had no information or progress updates on the process of the award judging, or timescales for the outcome, and there was no communication with nominators about the final outcome of the process. To see whether our nominee had been recognised we had to guess the possible announcement date, and monitor the website daily for a month. Our nominee received no contact from the organisers at any point, and in the end, we decided to send them a copy of the nomination material we’d drafted, as the purpose of us nominating them was to demonstrate to them how valued their work was. In the end the only way we could do this was to give them that information directly. Overall, taking part in that awards process as a nominator was incredibly frustrating.

The Informed team response

We began to think more deeply about the difficulties of the nomination process we’d been through, and how it had been both a frustrating and impersonal experience. We wondered if there was a way that the Informed group of volunteers could create and run an award which would try and avoid these frustrations, and ensure that all those nominated would be able to see what work or activity they were being recognised for.

Elly, Mobeena and Jennie discussed and began to develop the initial idea about creating an award. We decided at an early stage that it could not be run by any of the various professional bodies, because we wanted it to be inclusive, and usually these groups are only able to offer awards to their own members. Due to other professional commitments, Elly had to step back from active involvement, and Laura Ennis took her place. Together we’ve endeavoured to create an award structure that we hope will work in a way that keeps nominators and nominees informed, and is flexible enough to allow for the efforts of a range of information sector workers who may be excluded from nomination for other awards to be recognised .

Objectives

For easy reference, this is what we hope to achieve with this awards process:

  • Create an award that all UK information workers of all levels are eligible for.
  • Be as informative as possible for nominators submitting nominations – be open about the awards schedule, how quick a response the team will be able to give when contacted, and give nominators an idea of the timescales for each stage of the process.
  • Contact nominees to notify them that they have been nominated for an award, and tell them when the result is expected to be announced.
  • Ensure that judges are aware of the process and timescales involved when they volunteer to take part, to allow them to determine if the schedule will work with their personal commitments.
  • Publish the full content of all nominations on the Informed website, to enable the public recognition of nominees work that the nominators intend.

 

CryptoParty Newcastle and user privacy in libraries

The following post was contributed by Aude Charillon. Aude is a curious librarian interested in intellectual property, digital literacy, open data, online rights, and currently working at Newcastle Libraries.

CryptoParty Newcastle postcard

On Sunday 22 May, we held a CryptoParty at Newcastle City Library.

What’s a cryptoparty?

A cryptoparty is an informal gathering of individuals where people discuss, learn and share their knowledge of tools and systems to protect their privacy and electronic communications. It’s called “crypto” because of cryptography and encryption.1

Why did we hold a cryptoparty in a public library?

I personally believe that libraries exist to defend people’s right to enrich and improve their own lives, their environment and society. We library and information professionals make this happen by facilitating access to and the sharing of information, knowledge and culture.

In public libraries we already do a lot around digital skills and literacy: we teach people how to use a computer and the Internet, how to search efficiently and be critical about the information they may find… Privacy is a right enshrined in the Universal Declaration of Human Rights; knowing how to protect it in the digital world is part of knowing how to use the internet and technology efficiently. I feel that teaching library users how to protect their privacy and providing them with the tools to do so is simply the next step for improving digital skills, and it fits with our role as librarians. (Thankfully, my manager agrees!!)

“No one shall be subjected to arbitrary interference with his privacy, family, home or correspondance, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.”
[Universal Declaration of Human Rights, article 12]

How was CryptoParty Newcastle really organised?

Ian Clark pointed out in an article that CryptoParty Newcastle was probably the first to take place in a public library in the UK, but quite frankly that wasn’t at all what was on our minds when we set off in this direction.

The way it really happened is through individuals – not necessarily librarians –expressing interests and taking the initiative.

This is where I explain that I am, in a personal capacity, keen on the defense of online rights – I am not what you would call an activist but I am a member of the UK Open Rights Group (ORG) and a supporter of La Quadrature du Net.

One day in early March, the following message appeared on the (then dormant) ORG North East mailing list:

Every time I see the snoopers' charter in the news again, I think to myself, we should put on another cryptoparty.

If we have a core of at least four people who want to make it happen, I'm sure we can do it. Say sometime in May? I can find a venue in Durham but am open to someone else finding a venue elsewhere.

Anyone up for it?

I was “up for it” because attending a cryptoparty was a chance for me to learn about privacy tools from people who used them – I wanted this event to take place, so I thought I might as well help make it happen! And because of the reasons outlined above, I was able to offer a space at Newcastle City Library.

A core group of four met, a date was set and a format agreed – you can see some of our preparations on the CryptoParty Newcastle wiki. The fact that the impetus came from individuals rather than institutions is reflected in the vocabulary we used on the event’s main page: the event was hosted by ORG North East and Newcastle Libraries. We promoted the cryptoparty through the ORG North East and Newcastle Libraries channels, local Linux user groups mailing lists, and it even attracted the attention of the Newcastle City Council Communications team who made a short video!

What happened on the day?

There were 6 people on the organising team and about a dozen participants turned up. We had picked topics and arranged to have one per table, so people could go to the tables they wanted, to learn about the tools they were most interested in. It was very informal and this system seemed to work pretty well. We also had handouts, which were brilliant and that people took home with them.

In a nutshell, people spent the afternoon discussing the tools, learning how to install and use them and eating cake!

Most participants had already had a go with at least one of the tools, so it was also interesting to hear how people were using them. A couple had never used any of them but felt they should learn more about how to protect their privacy and communications. A couple of people were very experienced and some conversations became very technical! All in all, everyone seemed to get something out of the event.

At the end of the day, we started talking about the next cryptoparty. We managed to recruit some of the participants to help with organising / helping out at the next event and we have a date pencilled in for October.

For more in-depth views on the day you may like to read a write-up from one of the participants and a piece by one of the other organisers: “What we learned from hosting our cryptoparty”.

Handouts cropped

What can you do for user privacy in your library?

First of all, you may like to make your library users aware of why they might want to use privacy tools and help them get started with some of these.

A great way to do this is obviously to organise a cryptoparty – because who doesn’t want to come to a party to talk about rights online and to improve their digital skills?! Don’t worry if you do not have experience of the tools: find the people who do and who may be interested in helping you out. Members of your local ORG branch (or the association in your area that’s advocating for online rights) might be able to help, but you could also try the local tech community – especially the user groups of open source systems as they often have similar ethics. There is not one format for cryptoparties: it’s worth looking at what others have done and decide with your co-organisers what works best for you.

Another way to teach your users about privacy tools is to hold digital literacy sessions. You may already be delivering one-to-one sessions or group workshops on using a tablet, accessing online journals and resources, etc. so why not add another topic on protecting one’s privacy while browsing the Internet?

Second, you might like to actually offer some of those tools on your library’s public computers or support them through your library’s infrastructure. This is where your favourite IT colleagues will have a few things to say – but, as they say in Newcastle: “shy bairns get nowt”.

The easier thing to put in place would be to offer alternative, more privacy-minded browsers on your public PCs. You may already have Internet Explorer and / or Chrome installed; you could also offer Firefox with the HTTPS Everywhere and Privacy Badger add-ons, and of course DuckDuckGo as the default search engine. The next thing could be to also offer Tor Browser – though if you have a content filtering system in place your IT colleagues might say no (and add a few more reasons why).

If you have bandwith to spare and an understanding IT department part of a very forward-thinking organisation you could also get your library to become a Tor exit node, or at least a Tor relay, to support the Tor network.

Your best resource (in English) is probably going to be the amazing Library Freedom Project based in the US. You can learn from their digital privacy education session slides or use their toolkit on running a Tor exit node in your library, among other things!

[1] This is my interpretation. See also the definition on the CryptoParty website, at: https://www.cryptoparty.in (Accessed 4 June 2016)

Investigatory powers bill and libraries

This blog post was contributed by Ian Clark from the Informed team and Lauren Smith, a Research Associate at the University of Strathclyde.

The news that libraries may be forced to hand over personal data to the security services raises serious ethical questions regarding the confidentiality of what people choose to read. A fundamental ethical principle of the library and information profession is the freedom of individuals to access information and read whatever they choose in confidence. The Chartered Institute of Library and Information Professionals (CILIP) is very clear on the obligations to library users. Its ethical principles state the need to demonstrate:

Commitment to the defence, and the advancement, of access to information, ideas and works of the imagination.

Such a principle is undermined if the government is known to be able to access data on the “information, ideas and works of the imagination” that individuals access. The chilling effect of such a move would inhibit individuals from accessing whatever they want without fear of reprisals from the state.

Furthermore, CILIP has also endorsed the Council of Europe’s “Public access to and freedom of expression in networked information: Guidelines for a European cultural policy”. These guidelines are very clear that what users choose to access should be treated as confidential and that the privacy of users should be paramount:

1.2 It is the responsibility of individuals using Public Access Points to decide for themselves what they should, or should not, access.

1.3 Those providing Public Access Points should respect the privacy of users and treat knowledge of what they have accessed or wish to access as confidential.

The proposals laid out by Theresa May seriously threaten these basic ethical principles. If the state is able to access data on what individuals have been reading in public libraries their freedom to read and access what they choose is seriously compromised.

Ironically, these proposals come at a time when libraries and librarians in other parts of the world are emphasising the importance of ensuring that individuals can access what they wish in confidence. In December last year, librarians were in uproar when Haruki Murakami’s borrowing record was published in a Japanese newspaper. In response, the Japan Librarian Association re-affirmed that:

“Disclosing the records of what books were read by a user, without the individual’s consent, violates the person’s privacy.”

In the face of similarly intrusive legislation (the PATRIOT Act) in the United States, some libraries have begun purging records of inter-library loan requests to protect users’ privacy. As yet we have not seen comparable moves by the profession in the UK, but the increasingly aggressive rhetoric from the government regarding what and how individuals seek out information is clearly in conflict with the values we espouse as a profession.

Libraries should not distinguish between books and web activity. What individuals read and access online should be as private and as confidential as their book borrowing habits. Although we do not have the constitutional protections to intellectual liberty that American library users are afforded under the First Amendment, both professional organisations (such as CILIP) and political bodies (Council of Europe) are very clear that what a user accesses in a library should remain confidential. The proposals put forward by Theresa May threaten these basic principles of intellectual freedom and liberty and will put intolerable pressure on public libraries. Our government’s desire to undermine these principles is not only dangerous, but will also seriously undermine the bond of trust between public libraries and their users.

Informed’s 2016 plans

The end of 2015 was a hectic one for all of us. We had our annual review in which the whole team gets together to review the year that has just passed and look ahead to the coming year. As a result of that discussion, we decided to revert to our old structure of having Administrators (who oversee the running of the site, commissioning content etc) and Moderators (who check submissions against our guidelines). As we are a team of volunteers, the time we can dedicate to Informed fluctuates depending on how busy we are at work, our other voluntary commitments and life! Reinstating these two roles allowed two of our (now) Moderators – Kevin and Helen – who had taken on a lot of other commitments in the year, to continue working with us.

One of our Admins, Stuart Lawson, stepped down from his role in Informed. Anyone who even vaguely knows Stuart knows how many projects he is involved in and how much of his time he dedicates to our profession, from helping to set up and edit the Journal of Radical Librarianship, to extensive work for the Open Access movement. Stuart was involved in the initial discussions that helped to shape what Informed would become – when it was a kernel of an idea in the heads of our founders, Elly, Ian and Jennie – and was our first Moderator to come on board. We are grateful to Stuart for all of the hard work he has put into Informed and for helping us to realise its creation and launch. We wish Stuart the best of luck in his many on-going projects!

In other personnel news, we have a new Moderator amongst us – Mobeena Khan. As with Stuart, Mobeena was involved with the early conversations and has been a great supporter and advocate for the site. We are delighted to have Mobeena as part of the team!

We have lots of exciting stuff planned for 2016. As ever we appreciate all of you who read, share and get involved with our content. We want you to continue to do so by offering ideas for content, volunteering to write posts, connecting us with relevant stories, etc. So please, get in touch if you want to discuss anything with the team.

#dammitJANET – Distributed Denial of Service (DDoS) explained

Simon Barron (@SimonXIX) explains what DDoS is, how it is used and debunks some myths about it.

On 7 December 2015, the academic network provider, Janet, suffered a DDoS attack which partially brought the service down (Martin, 2015). Workers in Higher Education institutions across the UK (and organisations that have their internet access provided by server farms in HEIs) suddenly found their internet connections weren’t working probably while Jisc engineers scrambled to fend off the attack and restore service.

A DDoS (Distributed Denial of Service) attack is a means of bringing down a server (or a cluster of servers) by flooding it with requests. In normal communication on the web, a local computer (i.e. a Windows desktop PC) sends a request to a server (i.e. by pointing Firefox to e.g. http://theinformed.org.uk/) to serve up a webpage; the server then responds by sending the data (i.e. HTML and CSS files) that makes up the webpage. A DDoS attack sends thousands of requests to a server continually from multiple IP addresses such that the server cannot respond: either from using up all the server’s CPU processing power at once or by filling up the short-term RAM memory of the server causing it to crash.

DDoS (sans the word ‘attack’) can be a valid method of testing the integrity of a server. A developer setting up a web service can perform load testing by incrementally increasing the number of requests sent to a page until it falls down: this gives you the total number of users that should use the service at any one time. A tool like Bees with Machine Guns (https://github.com/newsapps/beeswithmachineguns) uses the power of the Amazon Web Service to perform stress testing.

However DDoS is more effectively lodged in the public consciousness as a weapon of hackers. DDoSing without the express consent of the owner of the server is illegal. DDoSers in the USA have been prosecuted under the Computer Fraud and Abuse Act (CFAA) (Coleman, 2014). This weaponised version of DDoS is usually done through botnets. “A botnet is essentially just a collection of computers connected to the Internet, allowing a single entity extra processing power or network connections toward the performance of various tasks including (but not limited to) DDoSing and spam bombing… Participants whose computers are tapped for membership in a botnet usually have no idea that their computer is being used for these purposes. Have you ever wondered why your computer worked so slowly, or strangely? Well, you might have unwittingly participated in a DDoS.” (Coleman, 2014) A computer can become part of a botnet by being infected with a piece of malware.

Another method is a more voluntary form of DDoS using the program Low Orbit Ion Cannon (LOIC), an open-source load testing tool (http://sourceforge.net/projects/loic/). Like its science-fiction namesake, LOIC is simply pointed at a target and then fired: the user enters the IP address of a server and then clicks the large button labelled “IMMA CHARGIN MAH LAZER”. When co-ordinated, a mass group use of LOIC can send thousands of requests at once. However the use of LOIC is not secure: assurances – from the Anonymous #command channel and journalists from sites like Gizmodo – that IP addresses of LOIC-attack participants can not be logged on a targeted server are wrong: “The DDoS’ed site can still monitor its traffic, culling and keeping IP addresses, which can be subsequently used to identify participants.” (Coleman, 2014)

A DDoS attack is fairly simple hacking: it does nothing more than disrupt a service in a way easy to recover from and temporarily take down a public face of a company.

(Monroe, 2011: image licensed as CC BY-NC 2.5)

The real issue is what hacking can be done under the cover of a DDoS attack. While server defences are weakened by devoting processing power to dealing with requests and while sysadmins are distracted fending off the attack, a hacker can covertly perform more malicious hacks like accessing data in a server’s database or changing passwords or planting code or simply ‘rm -rf /’-ing the whole server.

The impetus for this kind of malicious DDoS attack can be political or simply, in the words of hackers, “for the lulz” (Coleman, 2014). DDoS as a tactic for political activism has become associated with the trickster hacker collective, Anonymous, who have used it to take down the websites and servers of various companies or groups. Since DDoS can be used to crash a server, it has been used to take down websites from the Church of Scientology’s site to Sony’s Playstation Network to PayPal (Coleman, 2014).

The use of DDoS as a tool for political activism is hotly debated among hackers. Groups like the Pirate Party and AnonOps (operational planners of Anonymous) disagree about the ethics and efficacy of using DDoS (Coleman, 2014). On one hand are those who argue that DDoSing is nothing more than another “large-scale, rowdy, disruptive [tactic] to draw attention and demand change.” (Coleman, 2014): no different fundamentally from a sit-in protest, a direct action blockade, or an occupation of a physical space. The only differences are squatting on digital space rather than physical space and the increased numbers of participants that can be involved in a protest via DDoS. Anonymous also argue that the visibility of the action and its ability to get the mainstream media’s attention justifies its use to highlight political and social justice issues. In 2013, Anonymous posted a petition on whitehouse.gov asking that DDoS be recognised as a legal form of protesting, the same in kind as the Occupy protests (whitehouse.gov, 2013).

On the other hand, other hackers invoke principles of free speech and freedom of information to decry the use of DDoS. With an absolutist view of free speech, taking a website offline is depriving the company or group that owns the website from expressing their views (via the medium of webpages) and also depriving the public of information. Oxblood Ruffin of the Cult of the Dead Cow hacker collective reasons that “Anonymous is fighting for free speech on the Internet, but it’s hard to support that when you’re DoS-ing and not allowing people to talk. How is that consistent?” (Mills, 2012) When using a botnet, there are also ethical concerns in harnessing someone’s computer without their consent to participate in illegal activity.

On the other other hand, a “more dynamic view of free speech could take power relations into account. By enabling the underdog—the protester or infringed group—to speak as loudly as its more resourceful opponents (in this case, powerful corporations), we might understand a tactic like DDoS as a leveler: a free speech win.” (Coleman, 2014)

In a sample of a chat log from anIRC chatroom, #antiactaplanning (quoted in Coleman, 2014), Anonymous members debated the use of DDoS on a US Government website:

<golum>: Whatever, listen. I’ve heard all the arguments for NOT ddosing. But the truth is we need to wake them up.

[…]

<golum>: I understand that ddosing could potentially harm our cause.

<golum>: But I think the risk is worth it.

<fatalbert>: well i as for myself disagree therefore im not helping with ddos

<golum>: We need attention

<+void>: OMG ITS THE ANONYMOUS, THE ONLY THING THEY DO IS DDOS, OMGOMGOMOGMOMG LETS MAKE ACTA PASS ON POSITIVE

<golum>: No.

<golum>: matty—how did contacting the politicians go?

<BamBam>: Yeah I’ve always kinda hated ddos

<golum>: Look. i’ve heard the arguments I just wanted to say, we should do this.

It’s unclear why Janet, the network enabling internet access for UK HEIs, came under attack this week. At the same time, the Jisc website received a direct DDoS attack as well (Jisc, 2015). It’s worth noting that although internet access through Janet in the UK was disrupted, users were still able to access the wider web by routing their traffic outside of the UK network either through a VPN like Bitmask (https://bitmask.net/) or through the Tor Project’s Tor Browser (https://www.torproject.org/). Such tools are often mistakenly perceived as being used exclusively by hackers, those accessing the ‘Dark Web’, criminals, or terrorists. Following the November 2015 Paris attacks by Daesh, the French Government have openly discussed banning the use of Tor Browser in the same way as Iran or China (Griffin, 2015). In reality, online privacy tools have legitimate and valid uses for defense in computer security: whether against DDoSers or governments and corporations conducting mass digital surveillance.

Whether morally legitimate or not, DDoSing is an effective tactic for hackers and other political activist groups. The core strength of DDoS is that it exploits a weakness in the fundamental principle of the internet: computers using telecommunications networks to request data from one another.

 

References:

Coleman, G., 2014. Hacker, hoaxer, whistleblower, spy: the many faces of Anonymous. London: Verso.

Griffin, A., 2015. ‘France could ban public Wi-Fi and Tor anonymous browsing following Paris attacks’ in The Independent, 2015-12-07 http://www.independent.co.uk/news/world/europe/france-could-ban-public-wi-fi-and-tor-anonymous-browsing-after-paris-attacks-a6763001.html

Jisc, 2015. ‘DDoS attack disrupting Janet network’ on Jisc website, 2015-12-08 https://www.jisc.ac.uk/news/ddos-attack-disrupting-janet-network-08-dec-2015

Martin, A. J., 2015. ‘UK research network Janet under ongoing and persistent DDoS attack’ on The Register, 2015-12-07 http://www.theregister.co.uk/2015/12/07/janet_under_persistent_ddos_attack/

Mills, E., 2012. ‘Old-time hacktivists: Anonymous, you’ve crossed the line’ on CNET, 2012-03-30 http://www.cnet.com/news/old-time-hacktivists-anonymous-youve-crossed-the-line/

Monroe, R., 2011. ‘CIA’ on xkcd, 2011-08-01 https://xkcd.com/932/

whitehouse.gov, 2013. ‘Make, distributed denial-of-service (DDoS), a legal form of protesting.’ on petitions.whitehouse.gov, 2013-01-07 https://petitions.whitehouse.gov/petition/make-distributed-denial-service-ddos-legal-form-protesting

The private sector and the digital divide: an unhelpful invasion of public library spaces?

Image c/o Taichiro Ueki on Flickr used under a CC-BY-NC-ND 2.0 license.

Ever since the emergence of the internet, there have been concerns about those excluded as services increasingly move online. Commonly referred to as the “digital divide”, this exclusion has manifested itself in two distinct ways: lack of access (first level) and that of skills (second level). Progress has been made with the former in recent years as the numbers of those without internet have steadily declined, but the latter has proven far more difficult to address.

Over the course of the past two years, the number of people that have never accessed the internet has fallen by approximately 15% (from just over 7m in the first quarter of 2013 to just under 6m in the equivalent quarter in 2015). However, a lack of internet skills is still stubbornly high. In a BBC online skills survey last year, the corporation found that 20% of UK adults lacked basic online skills. Indeed, the overall lack of skills (particularly across the poorest households) remained unchanged between 2013 and 2014. These findings have been reinforced by a recent report by Go.On UK that found that more than 12m people “do not have the skills to prosper in the digital era”.

Traditionally, public libraries have been a key mechanism to close this so-called divide. Indeed, the People’s Network was borne out of this effort to close the gap and help more people get online. Libraries were seen as the ideal place to provide the support required. They offer a neutral space free from corporate influence, and are staffed by individuals trained to seek out and evaluate information. However, recent years have seen widespread library closures and cuts to staffing levels that have seriously impeded the services they provide. As a result, the libraries crucial role in bridging the digital divide has been severely undermined.

Whilst the role of libraries in tackling the digital divide has diminished, private sector organisations have stepped in to fill the gap. In March 2015, for example, BT and Barclays announced that they were going to work together to connect more people to the internet and to provide support to help people develop the skills they need. In order to provide this access and support, BT and Barclays would be working with local authorities to deliver the initiative in public libraries and community centres in England.

The delivery of this initiative is particularly interesting given the role of public libraries in this area and begs the question why such an initiative needs the direction of either Barclays or BT given the support public libraries have provided. However on the surface, in terms of closing the digital skills gap, there appears to be some benefit in their involvement. For example, Barclay’s Code Playground initiative is potentially a useful way to teach children how to code – a skill that is increasingly regarded as an important one for children to develop (although there are differing views on the extent to which coding itself should be prioritised). However, this option is only available if they can visit a Barclays branch during a weekday with an adult and can provide a laptop. An option, therefore, not available to those without a computer at home or those whose circumstances prevent a visit to the bank on a weekday.

Initiatives such as the Code Playground could, of course, be delivered effectively by public libraries should they have the funding and staffing to make it happen. Indeed, with public libraries being far more accessible to the general public (and a lot more child-friendly) there is a real opportunity here for libraries to develop the digital skills of the next generation and help the UK lead the world in bringing through the next generation of coders.  Delivering such an initiative that requires individuals to visit a branch and bring expensive equipment with them is perhaps not the most effective way of addressing the deeply entrenched digital skills divide.

The move to enlist Barclays and BT into the drive to tackle the digital skills gap emerged as an outcome of the Digital Inclusion Charter, where 38 signatories committed in December 2014 to reduce the number of people who are offline by 25% by 2016. The public library scheme will be run by Barclays Digital Eagles and BT’s Digital Friends. BT volunteers will be “working with trained Barclays staff – called Barclays Digital Eagles”, although it is difficult to determine who BT will employ as “Digital Friends” to deliver this initiative.

Furthermore, there is a lack of clarity regarding Barclays “Digital Eagles”: are they Barclays staff that have volunteered for these roles and been given extra training? Are these people experts who were recruited specifically to provide this service in libraries? Or are they simply bank staff doing this as an additional duty? It is unclear from the information currently in the public domain etc how Barclay’s will deliver this service. What we do know is that of the 377 UK-wide vacancies available at Barclays in August 2015, none have the title “Digital Eagle”.

Problems presented by the BT/Barclays partnership

There are a multitude of problems presented by this tie-up between BT/Barclays, and public libraries in England.

  • The encroachment of a commercial enterprise into a neutral public space such as public libraries is fundamentally at odds with the ethos of freely providing access to services for all.

 

  • The attempt by commercial enterprises to take over the roles of public servants: on what basis are volunteers working on behalf of a commercial body able to better provide the service than trained staff/volunteers working in public libraries?

 

  • How long is this funding going to last? It’s stated to be a two year project, but what happens when it ends? How will Barclays, BT and the government ensure that the development of digital skills continues after the project comes to a close?

 

  • Hardware – with Barclays Code Playground scheme (designed to help teach children to code), children have to bring their own laptop to the sessions. As this pairing of BT and Barclays seems to cover the internet connection (BT) and skilled support (Barclays), has there been any consideration regarding the provision of hardware? All three are required to effectively tackle a lack of digital skills, how will they ensure all three are available? Or is it only accessible to those who can provide the equipment?

 

  • Staffing – are commercial enterprise staff going to be allowed to use a public, neutral space? What will be the checks and controls on suitability of Barclays staff to work with often vulnerable users, such as Disclosure verification? Can we be sure that the staff provided by Barclays/BT will adhere to the highest levels of trust and privacy, meeting the standards expected of professional librarians?

 

  • Will BT or Barclays be allowed to use this neutral public space to promote their own commercial enterprises? Will there be any requirement for them to be entirely neutral when dealing with issues in terms of communications and banking?

 

  • When will this service be available? Is it only during dedicated sessions, as with those Barclays currently hold in their branches? Or will it be available during library opening hours, whatever they may be? Will BT/Barclays staff be available on evenings and weekends when the library is open?

 

  • Confusion over availability – digital TV means viewers across the UK will be seeing adverts for this service, which is actually only going to be available in England and Wales. This creates unrealistic expectations in potential service users of the resources available to them in their location, which their local public library staff will have to deal with.

 

Before the commencement of such an initiative, some clarity on these issues would be helpful and made clear to the general public.

Comment from CILIP – the professional body for librarians

To date, CILIP have not made any official comment on the implications of this collaboration between BT and Barclays, restricting their references to the announcement to a single tweet linking to a story published on The Bookseller website on 19th March. They also tweeted a link to another Bookseller story about the official launch of the pilot scheme on the 22nd July, but have not voiced any official concerns about this intrusion of commercial enterprises into a public space. Whilst there has been no comment to date, a representative from CILIP has attended all the meetings of the overseeing body, the Leadership for Libraries taskforce and have therefore been aware of the developments. It’s possible, of course, that all of the concerns raised above have been put forward by CILIP and these have been factored in to the development of the project.

The implementation of the scheme

The launch of the trial scheme took place on 22nd July 2015. As most of the publicity was on Government websites and the sites of the companies involved, the launch seems to have gone somewhat under the radar, aided by the lack of commentary by the professional body.

The press release mentions 100 libraries and community centres being involved in the scheme. The initial reports stated the scheme would cover “57 libraries and 13 community centres across the country. A further 10 sites, including a care home, a charity home and a homeless centre will also be provided with free wi-fi” – a total of 80 sites. Details of the remaining twenty sites are not currently clear which begs the question, what’s happened to involvement of the care home, charity home and homeless centre in the scheme? BT state that “more than 100 libraries and community centres” will deliver the project. The first Leadership for Libraries meeting indicates that the funding is for “80 libraries and 20 community centres in areas of social deprivation”, but in a later meeting the scheme is proposed to cover “100 sites including over 50 libraries”. Thirty libraries appear to have been dropped from the scheme, but there is no indication as to why.

Trying to locate specific detail about this scheme appears to be particularly difficult. How many libraries and other locations are actually involved in this scheme? Where can we find out which ones they are, and where they are? Why is there no consistency in the messages being published about this scheme? One of the risks of commercial enterprises being involved in public spaces and services is that the entire culture of a corporate body is focussed on protecting its own sensitive commercial secrets – a culture at odds with public body accountable to the public. The result seems to be what we have here with the BT/Barclays tie-up: a project that is both difficult to verify and one riddled with conflicting information.

Alternative approaches

In contrast to the above approach of inviting commercial enterprises to take possession of elements of a public space and services, an alternative project has also recently been launched in England by Arts Council England (ACE). As part of the drive to increase skills, ACE have announced the availability of  £7.1 million in funding for public libraries in England to access, which will run for six months and help enable free wifi access across all public libraries in England. Confusingly though, that initiative is also a “key development” of the Leadership for Libraries Taskforce in parallel to the BT/Barclays project.

Final questions

It would be helpful if BT, Barclays, and the Leadership for Libraries Taskforce address the issues raised above, and communicated with greater clarity about the nature of the scheme and how it will be delivered. Answers to the following questions would be particularly beneficial in terms of the roll-out of this scheme:

  1. How many public libraries are involved in this initiative? Which specific ones are they?
  2. What restrictions are there on the employees of commercial enterprises while in a neutral public space? Are they allowed to promote their products, or try and gain a commercial advantage by attempting to gain clients while positioned within public libraries?
  3. Was any analysis done on the viability of asking commercial enterprises to donate funds to public libraries to allow public library staff to provide the services which those commercial enterprises now wish to provide in libraries, prior to BT and Barclays being given permission to place their own staff within those spaces?
  4. What protections are in place for the vulnerable users of public libraries who make use of the resources provided by the BT/Barclay partnership? Both in terms of the checking of the commercial participants in this scheme, and ensuring that no inappropriate promotion of products is being undertaken.
  5. Who is responsible for the security of the machines which participants will use for the initiative, e.g. ensuring that no malware is installed on the machines involved.
  6. What is the long-term plan for supporting this approach to developing digital skills in the general public, once this project is completed?

Will TalkTalk be held to account for cyber-attack?

talktalk
It’s good to Talk, but it would be even better if you could do so and know your personal data is secure. (Image c/o on Flickr.)

The following article was contributed by Tim Turner, trainer & consultant on Data Protection, FOI, PECR and information rights.

“Reports that say that something hasn’t happened are always interesting to me, because as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns – the ones we don’t know we don’t know.”

Donald Rumsfeld’s comment on the fact that sometimes we don’t know what we don’t know is notorious for its lack of clarity, but it is a very helpful summary of most massive data protection or security incidents. Take the recent TalkTalk debacle, in which the telco’s website was hacked, and a quantity of personal data was accessed and presumably stolen. We don’t actually know much more than that: we don’t know how the hack happened, we don’t know for certain who committed the act, we don’t know how much data has been stolen and most importantly, we definitely don’t know whether any laws have been breached.

There is a lot to keep an eye on. TalkTalk’s hastily assembled FAQs was emphatic that the Data Protection Act has not been breached by this incident, and the company has generally been at pains to hashtag every tweet with #cyberattack, painting itself as the victim. Meanwhile the company’s Chief Executive Dido Harding’s headlong rush into every available TV studio has impressed some with her frank admission that TalkTalk could have done more to protect customer data, but thrown the ‘no breach claim’ into doubt.

Data Protection law is built on eight principles, and the seventh principle requires that organisations put in place “appropriate” levels of technical and organisational security. The fact that whoever hacked the TalkTalk website has committed a crime in doing so does not absolve TalkTalk of responsibility. The 7th principle explicitly requires measures to prevent unauthorised and unlawful processing of personal data, so anyone whose website might be the gateway to personal data has to have proactive protections to repel a hacker. Several companies have already fallen foul of the 7th principle and received substantial monetary penalties after falling victim to hackers, including Sony Playstation Online, the British Pregnancy Advisory Service and the travel company Think W3. In each case, a criminally-motivated hacker was assisted by inadequate security and lack of testing.

All sorts of considerations can increase the burden of security. If an organisation is large and more high-profile, if they hold a large amount of personal data, or if a hack might expose sensitive data that might lead to harm, the measures must be progressively more robust. All three of these factors apply to TalkTalk. Harding has claimed that TalkTalk’s security was “head and shoulders” above that of its competitors, and if that can be proved, TalkTalk are off the hook. But with a Chief Executive who has already admitted that their security might have been found wanting, and the arrest of a 15 year old boy in connection with the hack (putting paid to some of the more lurid theories about some kind of Russian / ISIS / Cyber-Jihadi / SPECTRE agent being the perpetrator), presumably we know for certain that the Information Commissioner will act swiftly and decisively to enforce the law?

Well, not quite. Data Protection does not allow for summary justice. The Information Commissioner needs to prove at least on the balance of probabilities that there were appropriate measures to prevent hacking that TalkTalk should have had in place but didn’t. TalkTalk will have to be able to make their case, and the ICO will have to listen. The DP framework allows for the possibility that TalkTalk can be hacked and yet no breach has occurred – the breach is not the incident, but the absence of measures to prevent it.

The omens are nevertheless not auspicious. As well as Harding’s unwise comments, TalkTalk’s track record is troubling. In 2008, the company received an enforcement notice from the ICO, requiring them to stop such basic errors as customers being able to see each others’ records online. Much more recently, TalkTalk’s security was audited by the ICO, and in a break with the normal practice, TalkTalk refused consent for the executive summary to be published (despite other organisations allowing quite negative summaries to go online).

The most important thing that we do know is that the TalkTalk hack does not just put the company in the frame. The Information Commissioner is better at enforcing on security matters than nearly any other aspect of Data Protection but their appetite for taking on large organisations is inconsistent: there may be £250,000 penalties for Sony, but until recently, only unenforceable undertakings on a largely unrepentant Google. Many activists can recall big Data Protection scandals like press misuse of private data (which the ICO discovered but did not tackle) or secret trials of the Phorm internet tracking software (which some suspect went unpunished because the trails were carried out by BT). If the ICO fails to act, it will need an extremely persuasive justification to calm the outrage that will likely follow, and we simply don’t know if such an explanation exists, whatever the law says.

Toddling into the future

Fireworks

Well, another year has flown by, which means that Informed has just turned 2! In terms of what we’re meant to be doing now, does that put us into the Terrible Two stage, when we should start having temper tantrums? Perhaps though we’ll just skip the misbehaving bit, and get on with the informing plan!

The team took a little bit of a late summer/autumn break, and we’ve had some rearrangements of the responsibilities and makeup of the team, which we will announce soon. We’ve also been making some plans behind the scenes to try out a new venture, which we will also be launching in the near future. It will be something we’ll be looking for volunteers to help with, so if you’re interested in becoming more involved with Informed, keep an eye out for an upcoming announcement.

As always when we look back at our activities over the last year, we’d like to take this opportunity to thank everyone who’s been involved with the Informed project, both as the contributors of excellent articles published on the site, and as the volunteer staff working to solicit and moderate the content. As we are composed of a small team of volunteers, everyone’s contribution to the Informed project is hugely valued, and we thank everyone who’s been involved. But we’re not a static project, so if you feel like you’d like to get involved, or you feel you have an idea for a topic that you’d like to write about, please get in touch with the team via our contact form.

The problem with LIS education

Library and Information Studies (LIS) is a paradox: a vocational academic subject. People who study it plan to work as practitioners, but those who teach it need to be academics.

Studying librarianship as an academic discipline provides aspirant professionals with a reflective overview of the topic and a good understanding of principles that can be applied across varied situations. It should give graduates the ability to apply critical and analytical thinking to their daily work and make considered decisions as they increasingly take on responsibility. Highly practical skills tend to date quickly and are far better taught on the job than in an academic environment, so it is important that LIS courses provide a reflective and intellectual overview of issues in the profession. Moreover, academic research is a vital contributor to the health of the profession, telling us what is not immediately apparent about our information sources, workplaces and users and what we might expect from them in the future.

And yet it is also immensely important that LIS academics have a sound, practical understanding of the information workplace. How can someone teach the next generation of practitioners, when they have not themselves worked in a practitioner role for five years or more? How can they provide students with the preparation they need for their careers if it is not a career they themselves have undertaken?

This post is not intended to criticise LIS academics. I am a practitioner who worked for her PhD part-time while working full-time and who also teaches as a sessional lecturer on an accredited LIS course. I have nothing but respect for those many full-time academics that combine academic teaching and research with deep involvement in the working community, who find the time to speak at conferences and write articles and books which will have little or no impact on their record as an academic. My criticism is for a system which does not support the development in both directions.

I recently made an unsuccessful application for a full-time lecturer position. I met all the essential criteria, but not all that were desirable. Of course there might be many reasons for my not being shortlisted, not least the impressive pool of early career LIS academics whom I have met in my travels. The criteria I did not meet were around things like applying for grant funding and involvement with wider faculty activities, which is very difficult experience to acquire as a full-time practitioner. I can attest that academic achievement while working full time is extremely difficult. While I have been prepared to put time into writing and submitting articles for peer-review, I have not – as a full-time researcher might have – co-written articles with senior academics for high-impact journals. This is not to suggest that, as an academic, carrying out difficult research whilst in the middle of one’s PhD in order to be third-listed in the article credits is an easy option. But it is an almost essential step to academic achievement for an early careers researcher.

I do not blame selection committees for the decisions they make. LIS Department Heads rightly want to be recognised for their academic prestige in the Faculties of Arts, Social Sciences, Technology or Management in which they reside. The Deans of these Faculties need to demonstrate a high level of achievement at the Research Excellence Framework (REF) in research outputs and impacts. Of course they will assess candidates who demonstrate best how they will meet the not inconsiderable challenges facing UK Universities. And practitioner experience does not do this. Anecdotally, I have heard of department heads who have argued for the selection of practitioners with excellent professional records, and who had published in the information trade press, but have been unsuccessful because the candidates had not published sufficiently in high-impact academic journals.

Increasingly stringent demands are made on academics, not just to teach well and carry out research, but to raise funds, recruit students and undertake administrative work. Some have spoken out against what they see as a change in culture and, in particular, an attack on the humanities and social sciences (for example, Marina Warner in the LRB). This affects Library and Information Studies departments and there is evidence that information schools and courses are suffering under these changes. But I think they face further problems. There is no part of the measurement and reward system that compensates harried LIS academics for time and effort spent engaging with the profession. Combining an academic and a practitioner career is not just difficult, but is often perceived negatively by both employers and universities. And making the kind of mid-career move from practice to academia which characterised many of the great Information Studies teachers and researchers of the last fifty years is far, far harder than it once was.

The people who lose out in this situation are, I believe, the students. LIS students are unusual in that their career choice almost guarantees that they will never be high earners and yet they must get into considerable debt in order to acquire their qualification. It is a tribute to their commitment that so many of them are still prepared to undertake post-graduate study under the circumstances. Understandably, many complain about the quality of teaching and support and LIS academics themselves have demonstrated their concern that students are properly equipped for the workplace. My feeling is that if we ask students to acquire £9000 of debt to obtain a LIS MA or MSc, we should guarantee that they will be taught by those with a good understanding of the contemporary workplace. Although academics need to have excellent academic brains and to continue the valuable research the profession needs, a vocational degree requires up-to-date knowledge of the workplace. At present, students only receive this because of the unstinting commitment of certain academics to straddle the worlds of the academic and the practitioner. I don’t know how sustainable this is in the changing world of UK Universities. And that can only be bad for the standards of LIS courses and the students who take them.

Katharine Schopflin