Cybersecurity & Privacy: What's Ahead for 2017 - ALA Midwinter 2017

transcript

Security & Privacy:What’s Ahead for 2017

Library Edition

Daniel Ayala (@buddhake)Director, Global Information Security, ProQuest

ALA Midwinter 2017Atlanta, Georgia

First, a story…

Modern technology is amazing.

The sky is the limit…

…but there is reason for

caution

Security & privacy go beyond the library

Library as Hub of Privacy & Security

Protect the Systems!Protect the Users!Protect the Data!

Device Security

MalwareRansomware

Phishing

Browser Security

Mobile Devices

A few words on

P R I V A C Y

USA Patriot Act

USA Freedom Act

Consumer Services Devour Data

Anonymisation & Tor

Personalisation

Opt-in vs Opt-Out

Net Neutrality Rollback*

*In discussion, not yet submitted for public comment

ISP Browsing Data Privacy Rollback*

*In discussion, not yet submitted for public comment

Ghostery (Chrome) – https://www.ghostery.com

1Blocker (Mac/iOS) - http://1blocker.com

BuiltWith (Chrome) - https://builtwith.com

Malwarebytes - https://www.malwarebytes.com

Deep Freeze - http://www.faronics.com/products/deep-freeze/

Tor - https://www.torproject.org

Let’s Encrypt (SSL) - https://letsencrypt.org

Shared responsibility for privacy

Transparency

Anonymisation

Options & Informed Consent

Sharing Data w/ Others

Support Anonymous Use

Access to One’s own User Data

Accountability

RA21RA21’s mission is to align and simplify pathways to subscribed content across participating scientific platforms. RA21 will address the common problems users face when interacting with multiple and varied information protocols.

http://www.stm-assoc.org/standards-technology/ra21-resource-access-21st-century/

Balance

Security & Privacy Utility

Foundational thinking31

Data will always be collected

Collection != Privacy Violation

Serve the user/patron!

Set principles for use & sharing

If you collect it, use it wiselyand get rid of it when you’re done!

TRUST!(but verify)

Give patrons/users the information, options

to make smart, well-informed privacy decisions32

Security & privacy go beyond the library

Give patrons/users the information, optionsto make smart, well-informed privacy

decisions

HTTPS 11 Available Now, +5 More Soon

All new ProQuest products, HTTPS only

HTTPS only - later this summer

http://www.proquest.com/blog/pqblog/2017/Why-Those-HTTPS-Messages-Mean-Something-to-You-.html

ProQuest platform (search.proquest.com)ProQuest Dialog (search.proquest.com/professional) ProQuest Administrator Module (PAM) Legacy RefWorksThe New RefWorksEbook CentralProQuest Research CompanionPi2 Drug Safety TriagerAlexander Street Platform (search.alexanderstreet.com)Alexander Street Academic Video Store (search.alexanderstreet.com/store) Alexander Street Admin Portal

PivoteLibraryCultureGramsSIRSHeritageQuest OnlineProQuest Congressional (congressional.proquest.com)SO

Privacy Policy Full Update Coming SoonWhat data is collected

How it is usedWith whom it is sharedEU/USA Privacy Shield Compliant

When it comes to privacy and accountability, people always

demand the former for themselves and the latter for everyone else.

– David Brin

Resources & CreditsNISO Consensus Framework to Support Patron Privacy in Digital Library and

Information Systems - http://www.niso.org/topics/tl/patron_privacy/ALA Code of Ethics - http://www.ala.org/advocacy/proethics/codeofethics/codeethics

ALA Library Privacy Guidelines for e-book Lending and Digital Content Vendors - http://www.ala.org/advocacy/library-privacy-guidelines-e-book-lending-and-digital-content-vendors

STM RA21 - http://www.stm-assoc.org/standards-technology/ra21-resource-access-21st-century/

Stock photography via Stocksnap.io and Shutterstock.com

Cybersecurity & Privacy: What's Ahead for 2017 - ALA Midwinter 2017

Internet