Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

What Every Librarian Needs to Know About HTTPS

EFF – “Librarians have long understood that to provide access to knowledge it is crucial to protect their patrons’ privacy. Books can provide information that is deeply unpopular. As a result, local communities and governments sometimes try to ban the most objectionable ones. Librarians rightly see it as their duty to preserve access to books, especially banned ones. In the US this defense of expression is an integral part of our First Amendment rights. Access isn’t just about having material on the shelves, though. If a book is perceived as “dangerous,” patrons may avoid checking it out, for fear that authorities will use their borrowing records against them. This is why librarians have fought long and hard for their patrons’ privacy. In recent years, that include Library Connection’s fight against the unconstitutional gag authority of National Security Letters and, at many libraries, choosing not to keep checkout records after materials are returned. However, simply protecting patron records is no longer enough. Library patrons frequently access catalogs and other services over the Internet. We have learned in the last two years that the NSA is unconstitutionally hoovering up and retaining massive amounts of Internet traffic. That means that before a patron even checks out a book, their search for that book in an online catalog may already have been recorded. And the NSA is not the only threat. Other patrons, using off-the-shelf tools, can intercept queries and login data merely by virtue of being on the same network as their target. Fortunately, there is a solution, and it’s getting easier to deploy every day. HTTPS, the secure version of HTTP, encrypts all traffic between a web browser and a server. The conventional wisdom of the 1990s was that HTTPS was only necessary to protect credit card numbers and passwords. But that opinion has changed for two reasons: First, it’s become clear how frequently information is spied on for non-financial reasons, and second, improved algorithms and processing speeds have made HTTPS dramatically cheaper. For instance, Google reported only a 1% increase in CPU costs from deploying HTTPS. The other former cost of HTTPS, obtaining a certificate, has gone from very expensive to completely free over the last decade. It can be complicated to obtain and configure even a free certificate, but EFF, Mozilla, and several other organizations are working to eliminate the hassle with a new project called Let’s Encrypt, which will offer certificates that are both free and easy to set up. To celebrate the American Library Association’s Choose Privacy Week, EFF offers five recommendations for libraries..”

Sorry, comments are closed for this post.