OLA SuperConference 2016

I was thrilled to spend the last few days at the Ontario Library Association SuperConference 2016, the largest library conference in Canada. I was invited to be the Spotlight Speaker for the Ontario Public Library Association, and gave a talk I ambitiously titled “Incubating Ourselves: Internal Iteration and the Quest for Better Libraries.”

The presentation itself was design as a series of stories, with an introduction dealing with innovation itself, and how libraries might consider what and how to approach innovation in their own operations and activities. The core of the talk was two stories about me, the first illustrating why libraries offering innovative technology to their patrons can help change their patron’s lives, and the second about how the same technology can also help to improve libraries themselves. I closed with a look at near-future tech that I think will impact society, as a suggestion about what libraries and librarians should be looking at as next-stage technology for themselves and their patrons. Throw in a bit about LibraryBox and Measure the Future, and that’s a lot to get into an hour, but I think it came together really well.

While the presentation doesn’t hold up remarkably well without the audio bits, if you’d like to take a look, here are the slides from the talk:

Two things stood out to me as a result of this talk. The first is that it was the first of my talks to have a Graphic Recorder/Graphic Facilitator assigned to it, and I’m over the moon with how amazingly cool the resulting poster turned out. If you aren’t familiar with the idea of Graphic Facilitation, here’s a video on the process:

So here’s my talk in graphic form, with details of different parts pulled out:

IMG_3382

IMG_3388

IMG_3383

IMG_3385

IMG_3386

IMG_3387

The other thing that I was really thankful for was that people seemed to appreciate the effort I make in trying to not only present good ideas, but to do so with some style:

Canadians really ARE the most polite and friendliest people around. :-)

Thanks again for having me, OLA! It was fantastic, and I hope to be back someday keynoting for you.

State of the Union 2016 Tag Cloud

Every year since 2007, I’ve done a weighted word cloud as a visualization of the State of the Union address by the President of the United States. Here’s the 2016 version, with all of the previous versions linked for comparison. Hard to believe I’ve been doing this for a decade at this point!

State of the Union 2016
State of the Union 2016

 

Libraries in the Exponential Age

In late summer of 2015, I was invited to take part in a gathering at the Aspen Institute for a discussion that revolved around the general theme of how libraries can be more innovative and can drive innovation in their communities. It was one of the best groups and conversations that I have ever had around the general topic of the future of libraries, and I’m thrilled that the work we did is coming out in the form of some great writing and tools.

First up, on the Knight Foundation blog, is the post that explores the work that I was a part of, including a video I did talking about one of the things I’m most concerned about for the future of libraries.

From this and other gatherings, the Aspen Institute has built out a website and an action guide that:

…leads you through a variety of strategic activities and provides worksheets that evaluate the current level of support for your library and the resources needed to plan and convene your own community dialogue.

I’d recommend that libraries and librarians take a good look at these resources. The reports coming out of this work are among the best that I’ve read about the future of libraries, and I’d highly recommend that you take the time to look at both Rising to the Challenge: Re-Envisioning Public Libraries and Libraries in the Exponential Age. The latter is the one I was a part of, and I have almost no complaints about the way it approaches the future of libraries.

ALA Midwinter 2016

Next week brings with it the ALA Midwinter 2016 meeting, which means I’m bundling myself up and heading back to Boston for a few days to revel in more library than anyone can take. This is my first ALA conference in almost a decade in which I don’t have overwhelming amounts of LITA commitments (the last ten years looked like: Created an interest group > Chaired said Interest Group > Chaired committee > Elected as Director-at-Large to Board > Appointed as committee chair and Parliamentarian of board). So what did I do with all of my newfound freedom and time?

Over-scheduled myself like mad, of course.

Here’s a quick rundown of things I’m getting myself into at ALA Midwinter! If you’d like to meet with me about anything, I would love to talk to you. Drop me an email and let’s find some time to meet up!

Booth 2232

For the first time, the Measure the Future Project will have a booth in the ALA Midwinter Exhibit Hall! We will be showing off examples of what we’re building, including hardware and software, and will be taking signups for libraries and librarians interested in the project. I’ll be at the booth any time I’m not speaking at one of the below, so if you’re looking for me, it’s a good bet that’s where I’ll be. We’ll have cool giveaways, a LibraryBox sharing information about the project, and we’re sharing a booth with the Library Freedom Project (who are basically made of cool and awesome and you know you want to come hang out).

Thursday

7-10pm
EMW Drink Salon on Tech & Ethics: Libraries
EMW Bookstore, 934 Massachusetts Ave, Cambridge, MA
https://emwdrinksalon-libraries.splashthat.com/

This is going to be an amazing time. Trust me. Take a look at the website, register, come have some drinks and talk tech and ethics with a bunch of awesome people.

Saturday

Knight News Challenge on Libraries 2016
9-10am, Convention Center Room 206A/B
Myself and a few other of the winners of the previous Knight News Challenge for Libraries will be on a panel with Knight Foundation staff to discuss how you (YES YOU) can apply for a News Challenge grant. Open to individuals as well as organizations, this is IMNSHO the very best funding available for library projects. If you have any ideas that you’ve been kicking around, now is the time to pick them up and dust them off and polish them up. Another News Challenge is coming this year, and if you want to know how to apply from previous grantees….this is the way to do it.

Master Series: Measuring the Future
12:30pm-1:30pm, Convention Center Room 206A/B
One of the most valuable assets a library has is the physical building itself, but aside from gate count we have remarkably little information about how it’s used. What if you could have a Google Analytics style dashboard and understanding of what happened in your library yesterday? Over time, longitudinal data about activity in your library can do amazing things: allow you to plan staffing predictively, let you A/B test displays or furniture arrangements, check what rooms are most popular during different parts of the day or year, and much more. Why just collect statistics when you can use them to actively make your library better for both staff and patrons? Come have a discussion with us about these issues and let us know what you’d like to see from the Measure the Future project!

Sunday

LITA Top Technology Trends
10:30-11:30am, Convention Center Room 253A
I’ve been lucky enough to be a part of this august panel a handful of times in the past, and I’m thrilled to be included again. This time around I will be talking about Blockchain and its potential to revolutionize library systems, with a detour over into the Rise of the Machines (AI, computer vision, semantic analysis, ubiquitous computing, mesh networks, Internet of Things) and how that is going to make the future stranger than we can imagine. This is a do-not-miss panel (not because of me, but…trust me).

LITA Happy Hour
6:00-8:00pm, MIJA Cantina & Tequila Bar, Quincy Market, 1 Faneuil Hall Marketplace
The best gathering of library technologists anywhere, LITA Happy Hour is an amazing time full of awesome people. This is the best place to meet tons of techie librarians, and is where I will be happily sipping a drink amongst friends. Come introduce yourself and say hello if you make it!


 

This doesn’t count the half-dozen other non-public meetings I’m attending, or seeing friends and such. It’s gonna be fun, and exhausting, and great. Come see me at the booth! I look forward to meeting all the librarians I don’t know yet, and can’t wait to see old friends.

LibraryBox Stickers Group

LibraryBox v2.1

After a much-too-long development timeline, I am beyond thrilled to finally announce that LibraryBox v2.1 is officially available!

Updates

This release brings with it some long-needed upgrades, including:

  • Multi-language support for the user interface and a dozen languages built-in
  • New CSS-styled file directory listings, including responsive design for tablets and smartphones
  • Even more hardware is now supported, including our least-expensive hardware ever, the GL-iNet router that lets you build a LibraryBox for less than $25.
  • DLNA support for playing media from your LibraryBox on your TV or other DLNA compatible device
  • An improved upgrade process for future code releases that means no more need to SSH into your LibraryBox to upgrade it
  • General stability and speed improvements that make using LibraryBox even better for everyone

Sales

One other change for the Project is that we are moving our “standard hardware” from the TP-Link MR3020 to the MR3040, and from this point forward if you choose to purchase a Librarybox directly from the Project rather than building your own (and we do suggest you build your own!) you will receive from us an MR3040 + 32GB USB drive instead of the older MR3020 +16GB package. Better hardware and more storage for the same price!

Thanks

None of this is possible without the fantastic people that are a part of the LibraryBox Project, but without a doubt it isn’t possible without the patience and skill of Matthias Strubel. Nearly everything good about the v2.1 is because of his amazing talents, and I would like to thank him for being a partner and friend on this project.

The LibraryBox Project couldn’t have gotten this release out the door without support from the community and users. The v2.1 release of LibraryBox was partially funded by a Prototype Grant from the John S. and James L. Knight Foundation, and couldn’t have been done without them. We would also like the thank the Berkman Center for Internet & Society at Harvard University for their support and resources during the last few months of the v2.1 development.

The LibraryBox Project is also supported by purchases of the product, and we’d like to thank those that have chosen to buy a LibraryBox from us directly. If you would like to support the LibraryBox Project in its future development, please contact us.

 

NT 100 WINNER 2015 BLUE - RGB

LibraryBox recognized in the 2015 Nominet Trust 100

I’m very happy to announce that The LibraryBox Project has been named among the 2015 NT100 – Nominet Trust’s annual celebration of 100 inspiring ‘tech for good’ ventures from around the world. Among this year’s companies selected for inclusion are Google X’s Project Loon and Open Street Maps…I’m gobsmacked that LibraryBox can be included in a list with those amazing projects.

The included projects all use digital technology to tackle the world’s social problems from lifesaving health tech to knowledge sharing via SMS text messaging.

Following a global call for nominations earlier this year The LibraryBox Project was selected by ten judging partners from the tech and charity world in recognition of our work. The judges included such companies as Comic Relief, Creative England, Facebook, Latimer, Nominet, Oxfam, O2 Telefonica, Salesforce and Society Guardian.

Thank you to everyone involved in The LibraryBox Project, especially Matthias Strubel, without whom it wouldn’t be as amazing as it is. Thanks also to the Kickstarter backers that made the v2.0 possible, and to the Knight Foundation Prototype Grant for enabling the development of the v2.1. If you’d like to learn more about The LibraryBox Project, a good place to start is the talk I did at Harvard Law School for the Berkman Center for Internet & Society earlier this year.

Learn more and and explore the 2015 NT100 here: socialtech.org.uk/nominet-trust-100/2015

IMG_2723

Estonian E-Residency


IMG_2720

On August 26th, 2015, I applied to be a digital citizen of the country of Estonia. On November 18th, 2015, I took the train from Boston to New York City, walked to the Consulate General of Estonia, and I officially became an Estonian E-resident.

IMG_2735

What does that even mean, and why would I do it?

Estonia is one of the very first countries to implement a robust electronic identity card system for their citizens. The ID card is a smart card that has a chip embedded in it that enables a robust public-key encryption implementation that allows the owner of said card to legally sign documents electronically. Estonia has been building out their infrastructure for electronic signatures and digital identity for over a decade, and Estonian citizens can do a vast amount of interaction with their government through this system, including things like the DMV, registering for governmental programs, and even voting in elections. The system is being overseen by Taavi Kotka, the CIO of Estonia and founder of Skype.

The E-Residency program is an extension of this system to non-Estonian citizens. In its current state, the card allows me to open and run a business in Estonia if I would like (completely remotely), to set up a bank account (not completely remotely, but the banks are promising that soon), and to interact with a handful of companies that recognize the card as a legal identity document. While I don’t currently need to do any of these things, I am intrigued by the potential for robust digital identities to conduct business and interact with agencies in the real world, and right now Estonian E-Residency is the only way to do that as an American citizen.

According to the Estonian dashboard that tracks these things, I am one of 443 applicants from the US, but only 239 of us have actually picked up our cards. So somewhere in the US there’s 238 other people that are interested in playing around with this technology.

esotnia numbers

Becoming an E-Resident involves applying, paying a 50 Euro processing fee, and if accepted, picking up your E-Residency kit at an Estonian Consulate. The kit comes with your smart card, as well as a USB card reader and instructions for using the two together to interact with online portals securely.

IMG_2739IMG_2740

IMG_2742

IMG_2741

Once you have these in your possession, you can log in to the Estonia E-Residency portal, use your card for authentication, and access the currently-available services through your browser.

I’m doing this partially because I am very curious about the future of the program, and hope that this might enable some interesting things over the next few years. If I’m honest with myself, it’s also because I read far too much cyberpunk literature as an impressionable youth, and the concept of digital citizens of a physical nation-state thrills the hell out of me.

The other aspect of this program that I find interesting is that they are opening the platform for developers to use their cards as an authentication method. Obviously there isn’t enough uptake for that to be useful yet, but systems like this one may well become standards over the next decade and knowing how to use them now will only be an advantage.

As I find interesting uses for my E-Residency, I’ll post about it here. For now, I’m just happy to be one of the first in the US to have the opportunity to test this authentication and identity platform.

Anonymous Communication on the Web

I wasn’t sure how my previous post would go over, but after some back-and-forth emailing with the reporter on the piece, WTVC asked me to come in for an interview on anonymity and the “deep web”. So I did!

We talked for almost an hour, and for some stupid reason I didn’t think to record the interview myself (will not make that mistake again). They did a fine job representing my views, although clearly edited the piece for a specific audience. I’ll admit that I probably got too heavy into the weeds of the details of Tor. They were particularly touchy about my correcting the use of “Deep Web” and “Dark Web” as useful categories. I just kept using anonymity, security, privacy and tried very hard not to fall into using their very fuzzy language to describe something with lots of complexity.

My talking points revolved around how anonymity is a requirement for the freedom of speech in a free society, and that fear-based reports like their last one are actually damaging to how people should react to the world (my example, that they didn’t use, was that instead of worrying about the incredibly rare possibility of child-abduction due to predators on Tor, perhaps parents should be more worried about driving their child to school in the morning, since it was orders of magnitude more dangerous). I suppose we’ll see if there’s any feedback that comes from this as a positive concept.

I’m glad they gave me the chance to come in and talk, and I do hope it’s useful for someone out there in Chattanooga to see that wanting anonymity and privacy online isn’t just something to abet criminal activity. Privacy issues online are something that increasingly everyone should be aware of, because the risks are going to be omnipresent as we continue to move our lives into the digital space.

Deep Dark Web

A local Chattanooga news station, WTVC, ran a story about the Deep Dark Web this week. It is so, so badly done that I felt it necessary to write the producers of the work a letter about it, and decided that I would include both the above link to their story and my response here.

My letter to WTVC

Dear Producers of “Chattanooga Police Explain Dangers Of The Deep And Dark Web”:

I have so very many problems with your Deep/Dark web story from earlier this week, that it may be difficult for me to hit all of the points that I found wrong at best, and massively misleading at worst.

You failed to appropriately delineate any aspects of the technology in the piece, conflating web browsers with protocols, and generally confusing how anonymous communication works on the Internet. You mention Tor (https://www.torproject.org), the network protocol for anonymous routing of communications, but only in the service of the Tor Browser, a web interface that runs on top of said network.

More worrisome, you presented the very worst sort of fear journalism by not only presenting an “expert” in “hacktivism” that came off as little more than a stereotype talking about secret murder games without any sort of proof or questioning. The police officer was almost worse, suggesting that parents might worry if their teenagers had something to hide on their devices….of course teens have things to hide. They are teenagers. It is practically their job to find things which they do not want their parents knowing. Conflating child abduction (an incredibly rare occurrence, as I’m sure you know) with kids use of Snapchat or WhatsApp is just terrible, terrible reporting. It’s fear mongering and false from nearly every angle.

The fact that your “expert” couldn’t think of any reasons that people might want to communicate anonymously with each other is a sign of massive social privilege. Nearly any member of any minority group in the US might have reason to communicate anonymously with others, usually because of a fear of retribution from their immediate family or social circle. Imagine an LGBTQ teen struggling with self-identity in a very conservative area, and how anonymous communication might be important. Imagine how repressive regimes throughout the world make open communication between groups literally a life and death issue.

Or maybe just think about how anonymity of speech is a necessary component of the freedom of speech in the US. You are supposed to be journalists, and defending the anonymity of sources is a primary function of your job. You should know about SecureDrop (https://securedrop.org) and other tools that leverage these technologies to ensure that open communication is a thing that is maintained here in this country.

You are supposed to be better than fear mongering and misunderstanding.

Jason Griffey
Fellow, Berkman Center for Internet & Society
Harvard University
http://jasongriffey.net

3j12wWM

TSA Master Keys, Threat Models, and Encryption

Earlier this year, someone noticed that the Washington Post had published a story with the following picture:

TSA Master Keys

Once that photo was noticed, a few intrepid hackers began a search for higher resolution photos, which weren’t long in coming. From those photos, they reverse-engineered CAD files of the keys, and the results are STL files for the 7 Master Keys that the TSA has for luggage locks in the US. Here are two different Github repos with the downloadable files.

On Saturday, Oct 17 2015, while testing the setup of a new 3D printer, I decided to see how easy it would be to use one of these keys on a TSA approved lock. There happened to be a luggage lock laying around the Berkman Fellows room that no one knew the combination of, so I had a test subject within easy reach. Within about 15 minutes, I had a key printed. I spent about 2-3 minutes cleaning it (smoothing edges and picking off rough spots in the printing). Maybe 2 minutes after that, I had the lock open.

This is the perfect illustration of why security that has backdoors for law enforcement isn’t actually security. Once there is an intentionally created hole in your security strategy, you should assume that anyone that you are attempting to prevent accessing your luggage/email/passwords will ALSO have access to your intentionally created security hole. This is the same concept that Cory Doctorow uses in his condemnation of DRM (you can’t lock something up with a key and then give the key to the person you are trying to prevent accessing your thing) as well as the argument against giving backdoor access keys for encryption algorithms to governmental agencies. It is simply impossible to have security, whether that term is used for physical objects, communication, storage of information, or anything else, and also to have holes intentionally added to the system for the benefit of “the good guys”. Once the key exists, anyone can make their own copy of it.

printing key

With government around the world arguing for technology companies to build in “golden keys” for encryption used on phones and other digital devices, we need to be wary of anyone that believes that such access would only be used for good, or only by the right groups.

Why is strong and reliable encryption so important?  I think Bruce Schneier said it most plainly:

If we only use encryption when we’re working with important data, then encryption signals that data’s importance. If only dissidents use encryption in a country, that country’s authorities have an easy way of identifying them. But if everyone uses it all of the time, encryption ceases to be a signal. No one can distinguish simple chatting from deeply private conversation. The government can’t tell the dissidents from the rest of the population. Every time you use encryption, you’re protecting someone who needs to use it to stay alive.

This is why the Library Freedom Project and their work to put Tor Nodes in Libraries is so important. It’s why libraries should be moving all of their services to encrypted channels. In many ways, this isn’t just about protecting our patron’s information (although that is a good and sufficient reason to use these services and to be worried about electronic security).

Encryption is like vaccination…we shouldn’t be driven to do it because it helps us. We should be driven to do it because it helps the world.

There is also an argument for libraries to use and support strong encryption for free speech reasons, but that will take another post and a more subtle argument.