Welcome to this week’s Tip of the Hat! Last week was a busy news week, and you might have missed an important update that could affect your library. Here are some of the major privacy news updates that you might have missed.
Evernote and law enforcement requests
Last week Motherboard reported that Evernote gave user data to law enforcement as part of a drug investigation. The company received a warrant from the Drug Enforcement Administration requesting user data, including notes that have been recently deleted by the user – the article noted that Evernote still retains data deleted by the user for some time.
While the case itself is not connected to a library, many library staff use Evernote and other cloud products for work, including creating work documents, spreadsheets, and presentations to share with other library staff. Also, staff use cloud products such as Google Forms and SurveyMonkey to collect patron information. Limiting the amount of patron data in cloud products can reduce the risk of that data being handed over to other third parties such as law enforcement. If you decide to use a third-party cloud product such as Evernote, review their law enforcement request policies and other policies surrounding the sharing of user data to other third parties.
Michigan library patron data law challenge
Michigan lawmakers are considering changing state library privacy laws. Senate Bill 611 seeks to amend existing law to allow for library directors to release patron information to law enforcement without a court order. The following text is the change that would allow for such disclosure:
A library may disclose library records without a court order or the written consent described in subsection (2) under any of the following circumstances:
(a) Upon the request of a law enforcement officer who is investigating criminal activity alleged to have occurred at the library or if the library requests the assistance of a law enforcement officer regarding criminal activity alleged to have occurred at the library, the library may disclose to the law enforcement officer any library record pertinent to the alleged criminal activity. The library director and any other person designated by the library board or commission is authorized to determine whether to disclose library records subject to this subdivision. The library is not required to release library records under this subdivision and may require the law enforcement officer to obtain written consent or an order of the court as required in subsection (2)
The law also allows for additional disclosures of patron information to third parties, such as collection agencies.
(Thank you to OIF and Erin Berman for notifying us about this story!)
New web tracking guide
The Electronic Freedom Frontier (EFF) published Behind the One-Way Mirror, a comprehensive guide to web tracking. This guide goes into depth about the multitude of tracking methods, including mobile, web, and real-world user tracking. For readers who enjoyed the Web Cookies newsletters, this is a perfect resource to further explore the topic in depth.
LFI 2020 applications now open
The Library Freedom Institute is now accepting applications for its third cohort! This four-month institute allows library workers to learn more about privacy and libraries and to become privacy advocates in their libraries and their communities. If you are curious to learn about what all is covered in the Institute, you can view the course materials and resources for previous cohorts on the Library Freedom Project’s wiki. The third cohort is set to start in March 2020, and applications are due February 10th, 2020.
Ransomware – tell us your story
Libraries are no strangers to being the target of ransomware attacks. LDH is teaming up with Blake Carver to present “Held at Ransom: How Libraries Can Best Defend Against and Recover From Ransomware Attacks” at ALA Annual 2020 in Chicago. We are looking for your stories of dealing with ransomware at your library! We hope to gather information and stories that can help other libraries better prepare for ransomware attacks, as well as give them hope that there are ways to recover from the attacks. If you have a story to share, please fill out the form at https://forms.gle/i6J4vAN23GMR3Ez59.