Tag Archives: Open Rights Group

CryptoParty Newcastle and user privacy in libraries

The following post was contributed by Aude Charillon. Aude is a curious librarian interested in intellectual property, digital literacy, open data, online rights, and currently working at Newcastle Libraries.

CryptoParty Newcastle postcard

On Sunday 22 May, we held a CryptoParty at Newcastle City Library.

What’s a cryptoparty?

A cryptoparty is an informal gathering of individuals where people discuss, learn and share their knowledge of tools and systems to protect their privacy and electronic communications. It’s called “crypto” because of cryptography and encryption.1

Why did we hold a cryptoparty in a public library?

I personally believe that libraries exist to defend people’s right to enrich and improve their own lives, their environment and society. We library and information professionals make this happen by facilitating access to and the sharing of information, knowledge and culture.

In public libraries we already do a lot around digital skills and literacy: we teach people how to use a computer and the Internet, how to search efficiently and be critical about the information they may find… Privacy is a right enshrined in the Universal Declaration of Human Rights; knowing how to protect it in the digital world is part of knowing how to use the internet and technology efficiently. I feel that teaching library users how to protect their privacy and providing them with the tools to do so is simply the next step for improving digital skills, and it fits with our role as librarians. (Thankfully, my manager agrees!!)

“No one shall be subjected to arbitrary interference with his privacy, family, home or correspondance, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.”
[Universal Declaration of Human Rights, article 12]

How was CryptoParty Newcastle really organised?

Ian Clark pointed out in an article that CryptoParty Newcastle was probably the first to take place in a public library in the UK, but quite frankly that wasn’t at all what was on our minds when we set off in this direction.

The way it really happened is through individuals – not necessarily librarians –expressing interests and taking the initiative.

This is where I explain that I am, in a personal capacity, keen on the defense of online rights – I am not what you would call an activist but I am a member of the UK Open Rights Group (ORG) and a supporter of La Quadrature du Net.

One day in early March, the following message appeared on the (then dormant) ORG North East mailing list:

Every time I see the snoopers' charter in the news again, I think to myself, we should put on another cryptoparty.

If we have a core of at least four people who want to make it happen, I'm sure we can do it. Say sometime in May? I can find a venue in Durham but am open to someone else finding a venue elsewhere.

Anyone up for it?

I was “up for it” because attending a cryptoparty was a chance for me to learn about privacy tools from people who used them – I wanted this event to take place, so I thought I might as well help make it happen! And because of the reasons outlined above, I was able to offer a space at Newcastle City Library.

A core group of four met, a date was set and a format agreed – you can see some of our preparations on the CryptoParty Newcastle wiki. The fact that the impetus came from individuals rather than institutions is reflected in the vocabulary we used on the event’s main page: the event was hosted by ORG North East and Newcastle Libraries. We promoted the cryptoparty through the ORG North East and Newcastle Libraries channels, local Linux user groups mailing lists, and it even attracted the attention of the Newcastle City Council Communications team who made a short video!

What happened on the day?

There were 6 people on the organising team and about a dozen participants turned up. We had picked topics and arranged to have one per table, so people could go to the tables they wanted, to learn about the tools they were most interested in. It was very informal and this system seemed to work pretty well. We also had handouts, which were brilliant and that people took home with them.

In a nutshell, people spent the afternoon discussing the tools, learning how to install and use them and eating cake!

Most participants had already had a go with at least one of the tools, so it was also interesting to hear how people were using them. A couple had never used any of them but felt they should learn more about how to protect their privacy and communications. A couple of people were very experienced and some conversations became very technical! All in all, everyone seemed to get something out of the event.

At the end of the day, we started talking about the next cryptoparty. We managed to recruit some of the participants to help with organising / helping out at the next event and we have a date pencilled in for October.

For more in-depth views on the day you may like to read a write-up from one of the participants and a piece by one of the other organisers: “What we learned from hosting our cryptoparty”.

Handouts cropped

What can you do for user privacy in your library?

First of all, you may like to make your library users aware of why they might want to use privacy tools and help them get started with some of these.

A great way to do this is obviously to organise a cryptoparty – because who doesn’t want to come to a party to talk about rights online and to improve their digital skills?! Don’t worry if you do not have experience of the tools: find the people who do and who may be interested in helping you out. Members of your local ORG branch (or the association in your area that’s advocating for online rights) might be able to help, but you could also try the local tech community – especially the user groups of open source systems as they often have similar ethics. There is not one format for cryptoparties: it’s worth looking at what others have done and decide with your co-organisers what works best for you.

Another way to teach your users about privacy tools is to hold digital literacy sessions. You may already be delivering one-to-one sessions or group workshops on using a tablet, accessing online journals and resources, etc. so why not add another topic on protecting one’s privacy while browsing the Internet?

Second, you might like to actually offer some of those tools on your library’s public computers or support them through your library’s infrastructure. This is where your favourite IT colleagues will have a few things to say – but, as they say in Newcastle: “shy bairns get nowt”.

The easier thing to put in place would be to offer alternative, more privacy-minded browsers on your public PCs. You may already have Internet Explorer and / or Chrome installed; you could also offer Firefox with the HTTPS Everywhere and Privacy Badger add-ons, and of course DuckDuckGo as the default search engine. The next thing could be to also offer Tor Browser – though if you have a content filtering system in place your IT colleagues might say no (and add a few more reasons why).

If you have bandwith to spare and an understanding IT department part of a very forward-thinking organisation you could also get your library to become a Tor exit node, or at least a Tor relay, to support the Tor network.

Your best resource (in English) is probably going to be the amazing Library Freedom Project based in the US. You can learn from their digital privacy education session slides or use their toolkit on running a Tor exit node in your library, among other things!

[1] This is my interpretation. See also the definition on the CryptoParty website, at: https://www.cryptoparty.in (Accessed 4 June 2016)