Here are some links to stories and opinions about last week's announcement of a The National Strategy for Trusted Identities in Cyberspace.

The announcement: The National Strategy for Trusted Identities in Cyberspace. Posted by Howard A. Schmidt on June 25, 2010, The White House Blog.

The draft strategy itself: National Strategy for Trusted Identities in Cyberspace - Creating Options for Enhanced Online Security and Privacy, Department of Homeland Security (June 25, 2010)

• White House Proposes Vast Federal Internet Identity Scheme by Lauren Weinstein (June 25, 2010). "a rather chilling document -- tellingly hosted on Department of Homeland Security servers -- that proposes the creation of a vast, federally-led Trusted identities in Cyberspace infrastructure that would potentially reach into nearly every aspect of Internet use, from financial transactions to comments on blogs."
• White House wants to help you "blog anonymously". By Jon Stokes. ars technica (June 29, 2010)
• Analysis: Three privacy initiatives from the Office of Management and Budget. by Andy Oram, O'Reilly Radar, (Jun 28, 2010). "I can understand the strategy's reliance on PKI as the only social structure available to back up assertions of identity. But this is the wobbly leg of the table that holds up the OMB proposal. The document should recognize the flaws of PKI..."

Online 'Cookies' Crumble Under Tougher Fed Guidelines, by Chris Strohm, Tech Daily Dose (June 25, 2010).

An OMB spokesman said that the federal government is issuing new policies today governing how agencies may use Web "cookie" files and other technologies to collect information from visitors to government Websites.

White House bars agencies from posting some statistics, by Aliya Sternstein, NextGov (01/27/2010).

According to this article, datasets posted to data.gov by the Nuclear Regulatory Commission, the Peace Corps, the Agriculture Department's Food Safety and Inspection Service, the Interior Department's Bureau of Reclamation, and the Social Security Administration have been removed by the Office of Management and Budget "because they raised privacy, security or other concerns."

The article is based on work done by OpenTheGovernment.org which is tracking agency participation with the Open Government Directive here.

This year will probably be remembered (among other things!) as the year of the e-book-reader device hype. We've seen new Kindles, the B&N Nook, the FBReader, applications for book reading on iPhones and other handheld devices, and more. And, of course, there is the elephant-in-the-room of the Google book scanning project. (I find it so odd that so much of the popular press refers to the Google "Library" when it is clearly a Google book store.)

It will be a while before we know if the digital age will turn into the end of sharable books (see: Welcome to the library. Say goodbye to the books), but we certainly should be tracking the development of the advantages and disadvantages of e-books and e-book readers.

The Electronic Frontier Foundation is helping us track how these developments affect privacy:

• An E-Book Buyer's Guide to Privacy, Commentary by Ed Bayley.

EFF has created a first draft of our Buyer's Guide to E-Book Privacy. We've examined the privacy policies for the major e-readers on the market to determine what information they reserve the right to collect and share.

In Google we trust? Think again, by Joe Newman, Public Citizen (October 21, 2009).

A Gmail user who did nothing wrong had his or her account shut down because of [a] bank’s monumental screw up. And Google, a company that basically prints its own cash, didn’t lift a finger to protect the rights of one of its users.

A group of researchers has released a report on 'Flash cookies' -- persistent identifiers used by popular Adobe Flash presentations on the web.

• Soltani, Ashkan, Canty, Shannon, Mayo, Quentin, Thomas, Lauren and Hoofnagle, Chris Jay, Flash Cookies and Privacy (August 10, 2009).

This is a pilot study of the use of 'Flash cookies' by popular websites. We find that more than 50% of the sites in our sample are using flash cookies to store information about the user. Some are using it to 'respawn' or re-instantiate HTTP cookies deleted by the user. Flash cookies often share the same values as HTTP cookies, and are even used on government websites to assign unique values to users. Privacy policies rarely disclose the presence of Flash cookies, and user controls for effectuating privacy preferences are lacking.

For advertisers and others who want to track user behavior, the ability of users to control, block, and delete traditional HTTP cookies is a problem. The authors quote one company as saying that while all advertisers use HTTP cookies for targeted advertising, "cookies are under attack." That same company announced that it had, "developed a backup ID system for cookies set by web sites, ad networks and advertisers, but increasingly deleted by users.... [These cookies] cannot be deleted by any commercially available anti- spyware, mal-ware, or adware removal program. They will even function at the default security setting for Internet Explorer."

See also:

• You Deleted Your Cookies? Think Again, By Ryan Singel, Wired (August 10, 2009).
• Local Shared Object Wikipedia.

The Electronic Frontier Foundation (EFF), those defenders of online free speech, privacy, innovation, and consumer rights, have begun an action to tell Google to protect reader privacy. Please sign the petition and send a clear message to Google CEO Eric Schmidt to protect reader privacy.

You shouldn't be forced to pay for digital books with your privacy. Tell Google it needs to develop a robust privacy policy that gives you at least as much privacy in books online as you have in your neighborhood library or bookstore. Google must:

• Protect your reading records from government and third party fishing expeditions by responding only to properly-issued warrants and court orders, and by letting you know if someone has demanded access to information Google has collected about you.
• Make sure that you can still browse and read anonymously by not forcing you to register or give personal information and by deleting any logging information for all services after a maximum of 30 days.
• Separate data related to Google Book Search from any other information the company collects about you, unless you give it express permission.
• Give you the ability to edit and delete any information collected about you, transfer books from one account to another without tracking, and hide your "bookshelves" or other reading lists from others with access to your computer.
• Keep Google Book Search information private from third parties like credit card processors, book publishers, and advertisers.

And since Google is clearly angling itself as a "library" -- even publishing a "Google librarian newsletter"! -- I would ask all who submit an EFF petition to include the American Library Association's (ALA) Library Bill of Rights and a link to the ALA Intellectual Freedom Manual, which states:

Privacy is essential to the exercise of free speech, free thought, and free association. The courts have established a First Amendment right to receive information in a publicly funded library. Further, the courts have upheld the right to privacy based on the Bill of Rights of the U.S. Constitution. Many states provide guarantees of privacy in their constitutions and statute law. Numerous decisions in case law have defined and extended rights to privacy.

In a library (physical or virtual), the right to privacy is the right to open inquiry without having the subject of one’s interest examined or scrutinized by others. Confidentiality exists when a library is in possession of personally identifiable information about users and keeps that information private on their behalf.

Protecting user privacy and confidentiality has long been an integral part of the mission of libraries. The ALA has affirmed a right to privacy since 1939. Existing ALA policies affirm that confidentiality is crucial to freedom of inquiry. Rights to privacy and confidentiality also are implicit in the Library Bill of Rights’ guarantee of free access to library resources for all users.
--Privacy: an interpretation of the Library Bill of Rights

What Google knows about you. "Google may know more about you than your mother does. Got a problem with that?" By Robert L. Mitchell, Computerworld, May 11, 2009.

Online tools really aren't free. We pay for them with micropayments of personal information

I notice, too, that the Google Privacy Policy does not say that Google is committed to privacy. It says, "At Google, we’re committed to transparency and choice."

Two recent stories in the New York Times summarize the issue of privacy in the digital age.

• Do We Need a New Internet?, By JOHN MARKOFF, New York Times, February 15, 2009.
• As Data Collecting Grows, Privacy Erodes, By NOAM COHEN, New York Times, February 16, 2009.

Markoff, in an article about the problems of security on the Internet, looks at how a more secure Internet might work. He says, "What a new Internet might look like is still widely debated, but one alternative would, in effect, create a 'gated community' where users would give up their anonymity and certain freedoms in return for safety. Today that is already the case for many corporate and government Internet users."

And Cohen looks at how officially benign, anonymous data collection on the current Internet is often neither benign nor anonymous. He says that, "We are typically told that personal information is anonymously tracked for one reason -- usually something abstract like making search results more accurate, recommending book titles or speeding traffic through the toll booths on the thruways. But it is then quickly converted into something traceable to an individual, and potentially life-changing."

Attempts to reauthorize the E-Government Act of 2002 (116 Stat. 2899, Public Law 107–347, Dec. 17 2002) are being held up, apparently because of an amendment that would require federal agencies to conduct privacy impact assessments before using outside contractors to manage personal information.

• Amendment likely to prevent e-gov act reauthorization, By Andrew Noyes, CongressDaily, 12/11/2008.

The bill would also add language to ensure government information is accessible via commercial search engines. (See also: Much Government Information Still Not Searchable on Google, etc.)

Library Perspective. Interview with Emily Sheketoff, Executive Director of the Washington Office of the American Library Association, CSPAN, 11/06/2008. [30 minutes, Flash Video].

Sheketoff discusses federal copyright, privacy, and piracy policy and how those issues could be effected by President-Elect Barack Obama’s administration. Paul Sweeting, editor of Content Agenda was the guest host.

On Wednesday (December 3, 2008) the Majority Staff of the House Committee on Homeland Security hosted a series of roundtable discussions on the future of privacy, civil rights, and civil liberties at the Department of Homeland Security. There is a schedule for the event, "A Path Forward: Constitutional Protections in Homeland Security," here with a list of participants and topics, but that does not look like a permanent link. There is also a link to a live audio feed (hosted by a dot-com, not the House), but I gather it was only "live" since it does not work today.

I'm not sure of the status of such single-party, staff-not-members hearings and whether we can ever expect a transcript of such things. Is there a category of "government publication" into which this fits? or is this just another piece of fugitive ephemera?

There is a news story about the meeting here:

• Panel: Government data-mining programs lack oversight, by Stephanie Condon, CNet,
  December 3, 2008.

The panelists said that too many loopholes exist in the Privacy Act, government data mining programs are ineffective, and information-sharing programs are growing without any accountability. This "discussion" seems interesting and worth documenting somewhere.

OMB sponsors online discussion of privacy issues, By Nancy Ferris, FCW, October 23, 2008.

The Office of Management and Budget has asked the National Academy of Public Administration to hold a public discussion this month of health care privacy issues through an interactive Web site.

The “National Dialogue on Health Information Technology and Privacy” will take place the week of Oct. 27 at www.thenationaldialogue.org.

The site is also using Twitter (use tag #nationaldialogue) and Youtube (see: http://www.youtube.com/user/natldialogue).

"A panel of academy fellows will review the postings and produce a report in December with recommendations for the new administration."

As you probably know, early this month, a judge ordered Google, which owns YouTube, to turn over to Viacom records of which users watched which videos on YouTube. (Google Told to Turn Over User Data of YouTube by Miguel Helft, New York Times, July 4, 2008.) As the Times noted, "The amount of data covered by the order is staggering, as it includes every video watched on YouTube since its founding in 2005. In April alone, 82 million people in the United States watched 4.1 billion clips there.... Some experts say virtually every Internet user has visited YouTube."

What relevance does this have for documents librarians and government-information-using-citizens? Simply, this: whenever an information provider collects and retains records of information use it puts the privacy of information users at risk regardless of its own intentions. As an editorial in the Los Angeles Times said yesterday:

...the lawsuit illustrates how YouTube threatens its users' privacy simply by collecting and retaining so much data. Just because Viacom isn't interested in users' identities doesn't mean that other copyright holders, law enforcement agencies or aggrieved parties won't be.

Stanton's order is a reminder that websites shouldn't retain personally identifiable data any longer than the law or their services require. Google argues that the data enable it to improve its services, combat fraud and personalize offerings. Its approach, though, reflects an engineer's habit of hoarding information for the sake of as-yet-unimagined features, not the cautious practices of a privacy-conscious company.
-- Why is YouTube hoarding data?, Los Angeles Times, July 10, 2008.

See also

Will GPO guarantee user privacy? Can it?

Nevada Library Assn presentation: Privacy

Privacy: "I have nothing to hide"

Privacy and the "Terrorist Surveillance Act"

A new, in-depth story by Naomi Klein examines "Golden Shield," China's prototype for a high-tech police state. She says that China is building its systems with the help of U.S. defense contractors, that the global homeland-security business is bigger than Hollywood and the music industry combined, and that the U.S. Government is mining China's experiences for ideas for its own surveillance programs.

• China's All-Seeing Eye, by Naomi Klein, Rollingstone, May 29, 2008. "Like everything else assembled in China with American parts, Police State 2.0 is ready for export to a neighborhood near you."

Klein says that the United States is providing China's rulers with something even more valuable than surveillance technology: "...the ability to claim that they are just like us. Liu Zhengrong, a senior official dealing with China's Internet policy, has defended Golden Shield and other repressive measures by invoking the Patriot Act and the FBI's massive e-mail-mining operations." And, the Chinese rationalize surveillance of their own citizens the same way many do in the United States: "If you are a law-abiding citizen, you shouldn't be afraid... The criminals are the only ones who should be afraid." (See also: Privacy: "I have nothing to hide" and Privacy and the "Terrorist Surveillance Act.")

Klein notes that human-rights activists say that although the surveillance tools used by China and the U.S. are the same, the political contexts are radically different. "China has a government that uses its high-tech web to imprison and torture peaceful protesters, Tibetan monks and independent-minded journalists." But she also notes that Guantánamo Bay, the erosion of the Fourth Amendment prohibition against illegal searches and seizures, and the fact that the U.S. currently has more people behind bars than China despite a population less than a quarter of its size all mean that "the lines are getting awfully blurry."

What relevance does this have for government information specialists? As we at FGI have pointed out before, when the only "authentic" copy of government information is available from government-controlled computers rather than from privacy-protecting libraries, the freedom to read is eroded and the infrastructure for government spying on what you are reading is enabled. (See also: Will GPO guarantee user privacy? Can it?.)

See also: China's Golden Shield: Corporations and the Development of Surveillance Technology in the People's Republic of China, by Greg Walton, October 2001, Rights & Democracy.