Category Archives: Legal Issues

Plan, Prepare, Act

Warning: This is a very long post. There are lots of resources mentioned, laws referenced, and opinions given. If you’re looking for a TL;DR version for a tweet, here you go:

Recent immigration enforcement efforts by the current administration should be alarming to libraries & we need to have action plans in hand.

Read on for lots, lots more.

Table of Contents

Libraries and Immigration
Threat Models
Why Libraries?
How to Prepare
Laws Regarding Resistance
Call to Action

Libraries and Immigration

With the release on Feb 21st of Department of Homeland Security (DHS) memos (one and two) detailing increased efforts relating to the efforts of Immigration and Customs Enforcement (ICE) and related federal offices (Customs and Border Control ((CBP)) and the like), the threat that there may be immigration raids in libraries continues to grow. I have been trying to gather information about such threats since the initial increase in ICE raids began just a few weeks ago, and here is what I’ve discovered, links to resources, and some of my thoughts on the matter.

Since Trump took office, ICE and CBP have been on a much, much looser leash when it comes to the allowances they have to question, detain, and remove non-citizens from the US. Reports of mothers being removed from their children, removal of someone after a court appearance, arresting people leaving church-based hypothermia shelters, and the like have shown a willing disregard for humanitarian instincts and that no location should consider itself safe from the threat of immigration officers entering your space, questioning individuals, and potentially removing them for deportation.

Threat Models

As I see it, there are two threats for libraries that emerge from the current reimagining of US immigration policy. The first is similar to the threat that the PATRIOT act and other historical efforts have illustrated: the use of library-gathered information to target or identify an individual or group of people. That information could be circulation records, attendance lists for library programs, library card records, and the like. Libraries are aware of the threat to these sorts of records, there are State laws that outline limitations and protections for that information, and we have a history of protecting it. There are myriad resource that will give libraries tips on how to manage their technology in such a way to limit the information  they keep, and action plans that outline how to react to an information request.

The second threat is, however, a new(ish) one. That threat is to the patrons inside or around your library, and the threat that an “enforcement action” could result in ICE agents entering your building, asking patrons for proof of citizenship, detaining those that cannot provide such, and expeditiously moving those patrons into “detention centers” and from there to deportation and out of the US entirely. If we protect patrons information so closely, with so much effort and vigor, how much more effort must we put forth in protecting the patrons themselves? What are the limits of protecting individuals in your community?

Why Libraries?

Given libraries’ efforts in assisting  immigrant populations of the US, and that many libraries provide significant citizenship assistance, we should be very aware of the potential for a visit by ICE officers. Public libraries in particular should have an action plan for this, in the same sort of way that we had action plans for an FBI visit post-9/11 in regards to the PATRIOT act.

The Department of Homeland Security does specify “Sensitive Locations” within which ICE must meet a higher degree of legal proof before they are empowered to enter, question, detain, or remove someone. These include schools, hospitals, churches, and more:

it is worth noting that libraries are NOT called out in this list. It’s possible that they could be construed as part of “educational-related activities,” but in practice that refers to school activities that may take place after official school hours. I do not believe that any of the above categories affirmatively includes libraries.

Even if libraries WERE to be construed as Sensitive Locations, that designation only protects what ICE refers to as an “enforcement action”:

The question of what powers ICE and CBP can bring to bear is a complicated one. Within the borders of the US, ICE has particular limits to their operations. They cannot enter a private home without permission or a warrant, for example. However, there is special legal dispensation given in US law to what is commonly known as the 100 Mile Zone, that is, any area within 100 miles of the border of the US.

As you may note, that 100 mile zone includes enormous sections of the population of the US, including the entirety of Florida, Hawaii, Maine, Michigan, and most of the largest cities (New York, Los Angeles, Houston, Chicago, Miami, San Francisco, and more. Within this zone, CBP has more authority to pursue immigration issues. The memos linked above direct ICE to hire an addition 10,000 agents, and CBP to hire an addition 5,000 agents, in order to pursue immigration issues more aggressively.  I hope that it is obvious why this might be worrisome.

Finally, while we are seeking things to worry about, there’s the Delegation of Immigration Authority Section 287(g). This allows the Department of Homeland Security to “partner” with local and/or state law enforcement and thus allow the local officers to act on immigration issues…effectively, a form of ICE deputization.  The memos linked above also direct ICE to more regularly use this in their enforcement efforts, increasing the number of officers available to detain and arrest immigrants even further.

How to Prepare

Given the combination of the broad powers assigned to DHS and the zeal with which the current administration appears to be going after immigrants, I believe strongly that it would be a dereliction of our duty to our communities to not consider how to respond to the potential of immigration officer activity in your library. This is a situation of not if, but when.

The resources linked below are almost all available in both English and Spanish, and most of those that are designed to be handed out to patrons are available in several languages.

A first step is being the information resource that your patrons need. Print and distribute rights cards for your patrons, so that they understand what their rights are here in the US, and how they should and shouldn’t interact with ICE agents. Here is a page with even more resources for patrons, many of which you could provide in your buildings.

This Community Raid Preparedness Checklist is a fantastic resource (with more coming from the same group), and outlines several steps that libraries should be looking at as quickly as they possibly can. NILC also has a presentation called Raids: What is Happening and How to Respond that was put together jointly with the Southern Poverty Law Center, and other stakeholders just a week ago that outlines the current state of things as well as possible responses.

The National Immigration Project has a variety of other amazing resources that libraries should have on hand, discuss, and implement where they can, including this FAQ that answers questions in a framework that I feel is very useful for libraries.

Finally, the most thorough response document I have found is this one, the Defend Against ICE Raids and Community Arrests toolkit, which has well-considered suggestions, resources, and ideas in it. It focuses on home raids, but much of the advice can be adjusted and used for public places.

ALA has a Libraries Respond page entitled Immigrants, Refugees, and Asylum Seekers with links to ALA statements on service to these communities, as well as a few external links to resources. Some of the resources are older than I would like, but there are links to more current news reporting on the current situation. I would prefer to see ALA taking a much stronger stance on this, but understand their limitations.

Laws Regarding Resistance

In classic Internet style, here is where I remind you that I Am Not A Lawyer. Luckily, my friend Kyle K. Courtney is a lawyer, and a damned good one. He is, however, not your lawyer, and this section is meant as a summary of possibly applicable laws and cases regarding interfering with federal officers. The more you know, the better off you are in developing your action plan. Take it away, Kyle:


The concept of resisting, opposing, impeding, intimidating, or interfering with federal agents’ duties has been considered by the courts for decades, and is governed by federal statutes. It is important that you know and understand the law surrounding these actions. While we outline some of the major laws here, there are usually a large segment of ways you can be held or, of course, simply detained and later charged with misdemeanors.

Main Federal Statutes

18 U.S.C.A. § 111

This federal statute makes it a crime for anyone forcibly to assault, resist, oppose, impede, intimidate, or interfere with certain enumerated federal officers and employees while they are engaged in the performance of their official duties.

Note also that 18 U.S.C.A. § 1114 is critical to determining the official status of the person assaulted, so, in order to fall within the scope of 18 U.S.C.A. § 111, the person assaulted must be within the definition of government officers, etc. as defined in § 1114.

The statute provides for two offense levels:

  • simple assault—a misdemeanor
  • forcible assault—a felony
  • Enhanced penalty for a forcible assault that involves use of a deadly or dangerous weapon or one that inflicts bodily injury.

The elements of the offense of an assault on a federal officer are:

(1) a forceful assault;
(2) committed voluntarily and intentionally;
(3) against an officer employed by the federal government who was then engaged in the performance of an official duty or on account of the performance of official duty.

*Cases have found that § 111 does not require that the assailant be aware that the victim is a federal officer.

  • The scope of what a federal officer is “employed to do,” for purposes of determining whether an officer is engaged in the performance of official duties within the meaning of the statute, is not defined by whether the officer is abiding by the laws and regulations in effect at the time of the incident, nor is the touchstone whether the officer is performing the functions covered by his or her job description. Rather, the test is whether the officer was engaged in what he or she was employed to do rather than being on what the courts refer to as a “personal frolic.” There is no bright-line test, it is a case-by-case factual judgment.

28 U.S.C.A. § 1501

There is also a lesser offense of willful and knowing obstruction defined in 28 U.S.C.A. § 1501, making it a misdemeanor to obstruct, resist, or oppose any officer of the United States in attempting to serve or execute any legal or judicial writ or process.

A § 1501 violation contains all of the elements of a § 111 violation, except the element of force is required for a conviction under § 111.


18 U.S.C.A. § 1071

§1071 makes it a federal offense for a person to harbor or conceal any person for whose arrest a warrant or process has been issued under the provisions of any law of the United States, so as to prevent that person’s discovery or arrest, after notice or knowledge that a warrant or process has been issued for his arrest.

The federal offense of harboring or concealing a fugitive so as to prevent his discovery and arrest may be viewed as being comprised of three elements. Thus, in order for § 1071 to be applicable there must be:

(1) an act or acts of harboring or concealing done so as to prevent the discovery and arrest of an individual;
(2) a warrant or process issued under the provisions of any law of the United States for the arrest of the individual who is harbored or concealed; and
(3) notice or knowledge on the part of the person who performs the act or acts of harboring or concealing, before the performance of such act or acts, that a warrant or process has been issued under the provisions of any law of the United States for the arrest of the individual who is harbored or concealed

Sample Cases

The following caselaw is a sample of the enforcement of the federal statutes listed above. Some are specific to immigration and border patrol officers, while other are interpretations of the statutes for any enumerated federal officers and employees. There are even a few cases where third parties attempt to resist, oppose, impede, intimidate, or interfere with federal officers that are engaged in the performance of their official duties, namely arresting another party.

CASE CITATION SUMMARY
Bennett v. U.S., 285 F.2d 567 (5th Cir. 1960) In a prosecution for assault on an immigration officer, it is not necessary to prove scienter, that is, that the accused knew the object of the assault was a federal officer (Border Patrol officers in plain clothes on horseback)
U.S. v. Varkonyi, 645 F.2d 453 (5th Cir. 1981).

 

It is no defense that the accused was attempting to protect his or her private property from trespassers who were immigration officers.
United States v. Vigil, 431 F.2d 1037 (10th Cir. 1970)

 

Third person does not have right to assist in resisting the arrest of another if third person knows or has good reason to believe the person making arrest is government official authorized to make arrest and official is not clearly using unnecessary force.
United States v. Ulan, 421 F.2d 787 (2d Cir. 1970)

 

Demonstrating bystander, who voluntarily intervened and struck federal deputy marshal in attempt to prevent arrest of co-demonstrator was found guilty of assaulting and interfering with federal deputy marshal in performance of his official duties
U.S. v. Davis, 690 F.3d 127 (2nd Cir. 2012) Evidence was insufficient to support defendant’s conviction for misdemeanor of resisting arrest which showed only that defendant ran from a DEA agent and, when tackled to the ground, struggled against being handcuffed, primarily by putting their hands under their stomach. There was no evidence that defendant engaged in any conduct that demonstrated a desire to injure an agent or would cause an agent to apprehend immediate injury.
U.S. v. Steele, 550 F.3d 693 (8th Cir. 2008) When defendant’s mother gave federal officer permission to enter her house and defendant was extremely angry and made threatening gestures, a reasonable juror could determine that defendant was not justified in using force to resist arrest.
U.S. v. Span, 970 F.2d 573 (9th Circ. 1992) Defendants do not have a right to resist arrest by federal officers even if supported by probable cause
U.S. v. Cunningham, 509 F.2d 961 (D.C. 1975) Federal officers engaged in performance of their duty may not be forcibly resisted; the subject of officers’ action must submit peaceably and seek legal redress thereafter.
U.S. v. Beyer, 426 F.2d 773 (2nd Cir. 1970) Even if warrant of arrest or arrest itself had been invalid, defendant was not entitled to resist arrest by physically assaulting federal officer executing warrant
Darrah v. City of Oak Park, 255 F.3d 301 (6th Cir. 2001)

 

Federal court (applying state law) found that while arrestees have the right to use physical force to resist an unlawful arrest, third-party intervenors do not have the same right.
United States v. Heliczer, 373 F.2d 241 (2d Cir. 1967)

 

Bystander was guilty of assaulting a federal narcotics agent and interfering with agent’s performance of official duties because bystander attempted to kick one of the agents, even though bystander had opportunity to inquire of the agents about the arrest of another party, but did not do so.

“[A]s a general rule, he has no right to intervene if in fact a lawful arrest is being made by a federal agent, whether the bystander knows it or not, because, like the person being arrested, he is subject to [other caselaw] and to a great degree takes a chance in assisting another to resist arrest.”

Amaya v. U.S., 247 F.2d 947 (9th Cir. 1957) Defendants, suspected to be aliens by an immigration officer, were found guilty of who 18 U.S.C.A. § 111, when immigration officer entered a public café and commenced asking persons therein suspected to be aliens as to their place of birth. The officer was struck by the first defendant while questioning the man, who was edging toward the front door. As the officer attempted to handcuff the first defendant, a co-defendant jumped the officer and took his gun.
U.S. v. Cho Po Sun, 409 F.2d 489 (2d Cir. 1969) Two immigration officers, employed to assist in obtaining compliance with immigration laws, were assaulted by the defendant when they went into the kitchen of a restaurant where six Asian employees were present and asked the defendant questions as to his citizenship status.

*Note: The court rejected the defendant’s argument that the officers had no right to interrogate him, since he was neither an alien nor a person reasonably believed to be an alien whom they were authorized by 8 U.S.C.A. § 1357 to interrogate.

United States v. Cain, 413 F. Supp. 2d 197 (W.D.N.Y. 2006)

 

U.S. Marshals were arguably engaged in the performance of official duties when they were allegedly assaulted while assisting state officers in executing a state arrest warrant, acting pursuant to a MOU where state and federal officers worked together in apprehending persons with outstanding state and federal bench warrants.

Call to Action

I feel strongly that the aggressive pursuit and removal of immigrants, in the manner of the current administration, is morally wrong and inhumane. It is driven by racism and xenophobia, and has at its base some of the ugliest of human beliefs. In Stand, Fight, Resist I wrote:

Libraries are powerful forces for good. Now is the time to muster our powers, to stand brave against the people who seek to limit and reduce our rights and our understanding of the world….This country, and the people in it, deserve a better world than the one that is currently being forced upon them. Use your power as pillars of your communities, as the guardians of knowledge and the providers of help, use that power now to resist the normalization of fascism and bigotry, of hate and fear and greed. Stand for truth and knowledge, justice and equity for all. Stand for facts, and stand for those who are most at risk. Stand against the horrorshow revealing itself to us, and fight with those who are determined to create equity among people, justice in the face of the unjust, and love out of hate.

I’m not sure how to say it better than that. Libraries must stand for justice and freedom for all people, for the best parts of our republic. We need to continue to fight on the information front, to show that immigrants who come to this country bring with them the strength that will make the US better than it is now.

Concretely, libraries need a clear and direct set of policies that outline their response to an immigration enforcement action. We need to have those in place now, as quickly as possible. There needs to be a clear set of directives for your staff, meetings to gather feedback and to clarify your local threat model (libraries on borders will have very different sets of threats than non-border libraries), and connections made with local civic and non-profit groups that are already active in this space. You need to have meetings with your Mayor, City Council, and local representatives about this issue. We need to be ready to protect our communities.

As bad as things are in this moment, they are going to get much, much worse. The administration has a stated goal of the removal of all undocumented immigrants in the US, which amounts to over 10 million people. There is no way to do this humanely, or with respect for human dignity and agency. It is the equivalent of rounding up, processing, and deporting every single person in New York City and Chicago, combined. It is easy on the Internet to fall into Godwin’s Law, and until recently one could expect that comparison of a current practice to the Nazi Party was, in fact, somewhat hyperbolic. Rounding up 11 million people, placing them into “detention centers” and attempting to remove them from our society…I’m not sure there are comparisons other than the Nazis that make any sense of it.

We are better when we embrace differences, when the marketplace of ideas is a bustling mercado and souq. None of us is as smart as all of us, and we are going to need all of us if we are to find that future where the United States is still a shining city upon the hill. That light is dimmed now, and sputtering, but it isn’t dark just yet. Libraries are partial keepers of this flame, and we need to be prepared to protect the people in our communities when they are threatened, however and whenever we can.

Plan. Prepare. Act.

Apple, the FBI, and Libraries

I’m sure most people who might read this blog are at least familiar that there is currently a battle occurring between Apple and the FBI over access to information on a phone that had been used by the San Bernardino terrorist. The details of that case are fascinating and nuanced, and can be summarized very roughly as:

The FBI has obtained a court order that compels Apple to create a new version of iOS that is different from the existing version that lives on the phone in question in three ways: one, that the new version will bypass the time-delay between password attempts that is standard for iOS; two, that the new version will be able to enter password attempts in a programmatic fashion instead of through finger presses on the screen; and three, that the new version of iOS will disable the security setting that may be active that erases the phone unrecoverably if 10 password attempts are incorrect. The reason that the FBI needs this to access the information that is stored on the phone is that iOS uses encryption to secure the information on the phone when it is, in the parlance of computer security types, “at rest.” The FBI could make a bit-for-bit copy of the software that is on the phone, and examine it until the heat death of the universe, and not be able to decrypt the information into a readable form.

While the court order and the responses on both sides are not directly about encryption, the reason that this is a question at all is encryption…if the FBI could dump the contents and read them, there would be no need for them to access the phone at all. Indeed, the information from the phone that they do have, given to them by Apple, is from a 6-week-old iCloud backup of the device that isn’t encrypted (currently, iCloud backups are NOT encrypted, or rather, they are encrypted but with a key that Apple has).

Why is this relevant to libraries? I think it’s past time that we start paying very close attention to the details of our data in ways that we have, at best, hand-waved as a vendor responsibility in the past. There have been amazing strides lately in libraryland in regards to the security of our data connections via SSL (LetsEncrypt) as well as a resurgence in anonymization and privacy tools for our patrons (Tor and the like, thank you very much Library Freedom Project).

Data about our patrons and their interactions that isn’t encrypted at rest in either the local database or the vendor database hosted on their servers (and our electronic resource access, and our proxy logins, and, and, and…) is data that is subject to subpoena and could be accessed in ways that we would not want. It is the job of the librarian to protect the data about the information seeking process of their patrons. And while it’s been talked about before in library circles (Peter Murray’s 2011 article is a good example of past discussions) this court case brings into focus the lengths that some aspects of the law enforcement community will go to in order to have the power to collect data about individuals.

For a great article on the insanity associated with the government’s position on this, please take a moment and read James Allworth’s The US has gone F&*%ing Mad. Also take a look at the wonderful article by Barbara Fister from Inside Higher Ed, wherein she boils the case down and does some deft analysis of the situation (sidenote: I’m a massive fan of Barbara’s writing, if you do not regularly read her stuff, fix that).

It’s fairly clear, I think, that the FBI is using this case to seek to set a precedent that would allow for future access to information on iOS devices. The case was chosen specifically to have the right public relations spin for them, it’s a thing that is technically possible (unlike a request to “break the encryption” which may actually not be technically possible), and they have asked for a tool to be created that is easy generalizable to other iOS devices. I back Apple on this, and believe that strong security measures (including but not limited to strong encryption) make us safer.

And I would feel lots, lots better about the state of data in libraries if I knew we were using strong encryption that protects our data. I would love to see an architecture for a truly secure (from a data standpoint) ILS, because I’m pretty certain that none of the ones in use right now are even close. In the same way that I’m certain that Apple is working on producing a version of iOS that they cannot access at all….we need to architect and insist on the implementation of data storage that even we can’t get directly into. If patrons want us to keep their lending history (and we have some evidence that opting in to such a system is something that patrons do want), then let’s insist that our ILS treat that data like toxic waste: behind closed and locked vaults that neither we nor the vendor can access.

Tor, Libraries, and the Department of Homeland Security

During an appearance on the LITA Top Technology Trends panel in 2014, I was discussing privacy of patron data, and mentioned that I thought it was a good idea for libraries to run Tor nodes on library servers. So when the Library Freedom Project launched their Tor in Libraries project, I was totally behind them…I even did a Tor workshop for Librarians for their workshop at ALA Annual in San Francisco.

If you aren’t familiar with Tor, I recommend reading the Wikipedia article. The TL:DR version is that Tor is a protocol and a network that is currently the best mechanism that we have for accessing information on the Internet anonymously. There are a few ways that one can use Tor, ranging from using an operating system that routes all your Internet traffic over the Tor network to just using the Tor browser, which just anonymizes your web traffic.

The way that Tor anonymizes your traffic is through a combination of encryption and blind routing,  When you initially connect to the Tor network, the connection is encrypted in much the same way that the connection to your bank would be, via a public key encryption system. When you make a request for a website through the network, the Tor protocol bounces the request from one network node to the next, encrypting the traffic at every hop. Once the traffic gets a couple of hops away from the originating computer, it’s impossible to know where the request came from. Eventually the traffic exits the Tor network, back onto the regular old Internet, and gathers what you asked for, then reverses the process to get back to you.

The result is that, under ideal conditions, it is completely impossible to track or trace what’s being transmitted via Tor. For Tor to continue to operate, it needs two sorts of nodes….relay nodes that act as the “bouncing” nodes for inside the network, and exit nodes that are the places where the traffic goes out of the encrypted Tor network and back onto the regular Internet. You need both, although a ratio of more relay nodes to fewer exit nodes is fine. The traffic that goes across relay nodes is completely anonymous…from the perspective of both the network and the individual server, it is just a random string of binary code. Only at the exit nodes does the traffic decrypt, and thus exit nodes bear the brunt of all of the requests going across the network. The traffic for the broader network all has to squeeze itself through exit nodes, and the fewer exit nodes there are, the easier it is for them to be monitored…although you can’t tell where the requests for the information came from without advanced knowledge.

So why am I talking about Tor? Because I wanted to set up the story that broke last week about the first library in the US to publicly go live with a Tor relay (a middle relay) getting pressured by their local police to turn it off. The police were, in turn, pressured by the US Department of Homeland Security. From the original article on the event:

In July, the Kilton Public Library in Lebanon, New Hampshire, was the first library in the country to become part of the anonymous Web surfing service Tor. The library allowed Tor users around the world to bounce their Internet traffic through the library, thus masking users’ locations.

Soon after state authorities received an email about it from an agent at the Department of Homeland Security.

“The Department of Homeland Security got in touch with our Police Department,” said Sean Fleming, the library director of the Lebanon Public Libraries.

After a meeting at which local police and city officials discussed how Tor could be exploited by criminals, the library pulled the plug on the project.

“Right now we’re on pause,” said Fleming. “We really weren’t anticipating that there would be any controversy at all.”

He said that the library board of trustees will vote on whether to turn the service back on at its meeting on Sept. 15.

That’s tomorrow, for those keeping track at home.

Why do I think that libraries should be running Tor nodes? I had a long discussion about this on Twitter recently, but let me use the freedom of more than 140 characters to try and talk through my thinking on this. Tor is, currently, the best option that people have for anonymous speech on the Internet. It is possible to create accounts without using your real name, it’s possible to use wifi at coffeeshops and your local library to prevent your IP from being recorded…but for real anonymity of network traffic, nothing beats using Tor.

Anonymous speech is important because it is a necessary component of the freedom of speech. The US Supreme Court has ruled again and again that the right to anonymous speech is a protected part of the First Amendment, saying in McIntyre v. Ohio Elections Commission:

Anonymity is a shield from the tyranny of the majority…It thus exemplifies the purpose behind the Bill of Rights and of the First Amendment in particular: to protect unpopular individuals from retaliation…at the hand of an intolerant society.

Libraries have been concerned over time with the Freedom to Read, but to doubt the role of the library in the Freedom of Speech in the US is to fundamentally misunderstand the Library (and possibly speech itself). Speech is a necessary precursor to Reading, as creation is a necessary precursor to consumption. Libraries are and should be cornerstones of free expression in the United States, and have worked to provide access to the tools of speech for years and years.

For the Department of Homeland Security to use the boogie-man of “bad things happen on Tor” as a lever to get the relay turned off is the worst sort of fear mongering. Any tool can be a weapon, and any communications mechanism can and probably will be used to enable illegal activity. There is enormously more illegal activity on the open Internet, and yet libraries everywhere provide open and robust access to the Internet via both terminal and wifi. To paint Tor as a haven for thieves and drugs and child pornography is to misunderstand not only the Tor network but to, in my opinion, to mistake the forest for the trees. Yes, tools can be used for immoral and illegal things. But that does not make the tool either immoral nor illegal.

The only rational explanation for the DHS pressuring the library to shut down their Tor relay node is that the DHS doesn’t want individuals, including US citizens, to have more robust mechanisms for anonymous speech. Per the US Supreme Court’s rulings on the links between anonymity and freedom of speech, this indicates to me that the DHS is actively attempting to prevent free and open speech on the Internet.

That is not ok with me, and it absolutely should not be ok with libraries.  

If you have made it this far, please visit the EFF’s Take Action page on this effort and sign.

Adobe Digital Editions and infoleaks

Eliminate DRMThe online library world exploded today over the revelation that Adobe Digital Editions, software that is required for many library-focused eBook services, evidently leaks like a sieve when it comes to our user’s information. The TL:DR version of the story is that ADE appears to be sending in plain text to Adobe’s servers information such as: the book you are reading, title, publisher, which pages you have read and which page you are currently on. Much longer discussions about the leak and potential fallout here:

Andromeda and Galen then both went on to touch on some of the core problems with this leak, focusing on the conflict between Adobe’s action and the ethics of librarianship, and the possible role that ALA may have in bridging the gaps in libraries’ knowledge of these actions.

There are a few things I wanted to emphasize about this situation. The first is that several of the reports have noted that earlier versions of Adobe Digital Editions didn’t seem to “spy on its users” in the way that the most recent version (version 4) does, and recommend using earlier versions. The truth of the matter is that of course the earlier versions are spying on users…they just aren’t doing it in as transparent a manner as the current version. We need to decide whether we are angry at Adobe for failing technically (for not encrypting the information or otherwise anonymizing the data) or for failing ethically (for the collection of data about what someone is reading). It’s possible to be angry at both, but here’s a horrible truth: If they had gotten the former right and encrypted the information appropriately, we’d have no idea about the latter at all.

I think that Andromeda has it right, that we need to insist that the providers of our digital information act in a way that upholds the ethical beliefs of our profession. It is possible, technically, to provide these services (digital downloads to multiple devices with reading position syncing) without sacrificing the privacy of the reader. For example (and this is just off the top of my head) you could architect the sync engine to key off of a locally-hashed UserID + BookID that never left the device, and only transmit the hash and the location information in a standardized format. This would give you anonymous page syncing between devices without having to even worry about encryption of the traffic, as long as you used an appropriate hash function. I would prefer this approach, because (as mentioned above), if the entire communications stack is encrypted, it’s a black box for anyone attempting to see inside and verify what the vendor is actually collecting. There are answers to this as well (encryption keys that the vendor never sees at all, for example, and are totally local to the user’s device a la Apple’s latest security enhancements).

There are technical solutions that satisfy our ethical concerns. We need to insist that our vendors care enough about our ethics that the technical answers become a market differentiator. We need to insist that this is important and then we need to make them listen.

Creative Commons NC clause and 3D printing

I was browsing through some 3D printing files today, STLs that both I produced and were produced by others. For example, I designed and uploaded a 3D case for a LibraryBox that others have downloaded and printed. It is CC licensed, specifically CC BY-NC. I was looking at other STL files that had a CC NC license applied to them, and it made me think what that NC is really protecting.

Obviously, at the very least, the license prevents others from selling the STL files. Does it, however, prevent someone from using the files to create the physical object (that is, using a 3D printer to print the box itself out) and then selling the object? My instinct says yes, as the physical object is an instantiation of the digital file. But let’s scale the example up…what if someone built a house based on CC NC licensed plans? Could they ever legally sell the house?

This is purely theoretical. To my knowledge, no one is selling my designs, and I’m not planning to sell anyone else’s. But I am curious where the line between licensing a digital file and the resultant legal implications of the physical instantiation of that file might be.

The only case and real discussion I can find online is this case that was written up by Make, US Legal Lessons from Canada’s First STL IP Infringement Case. The discussion there indicates that Make’s author, Michael Weinberg, doesn’t believe that, once printed, there is any protection for a utilitarian object under copyright law (and since that’s what underpins Creative Commons, nothing there either).

Anyone want to weigh in on this?

Heresy and Patron Data

I’ve spent a lot of time over the last several years thinking, writing, and speaking about ebooks. I’m on the Board of Directors of Library Renewal, a group dedicated to finding ways to make the ebook experience a good one for libraries, publishers, and authors. And I’ve spoken all over the US and Internationally about eReaders and how digital content changes libraries. So what I am about to suggest is something that has been rattling around in my head for some time now, and I feel like it’s something that I’d love to hear other thoughts about.

So as the Joker said in The Dark Knight Returns:

When we look at how libraries, pubishers, and authors all interrelate vis a vis electronic content, specifically ebooks, the models that are largely being forwarded are straightforward economic models. The rights-holders have content, we want content, we pay them for content. Most of the disagreement comes down to the details: how much are we paying, and what rights do with have to the content that we are paying for. The majority of “new” models that are being trumpeted in libraryland, like the Douglas County Public ebook model, are just differently-arranged ways of doing exactly the same thing…which, admittedly, gives different outcomes on the two contentious fronts (cost and rights) but isn’t actually new in any significant way.

In an economic system, when one side of an equation (libraries) want something from another side (rights-holders), there is an exchange of value that takes place wherein both sides agree that said value exchange is fair in both directions. Libraries pay money for content…this is, at its base, just a value exchange between libraries and publishers.

Libraries don’t want a free ride as far as ebooks are concerned. Every single librarian that I have spoken with is perfectly willing to continue to pay for content. Unfortunately, the economics of libraries are such that when we want more rights (the ability to check out ebooks to any number of patrons simultaneously, or the right to ILL ebooks, etc) we don’t have the ability to exchange our typical economic instrument (money) for them. Think about Amazon and their ability to put the Harry Potter books into their Lending Library…freely available to anyone with an Amazon Prime membership. Libraries would kill for the right to do this, but Amazon is the one that can write the check. If we had tens or hundreds of millions of dollars to throw at publishers, we could dictate any rights we wished. But we don’t.

So the question that’s been bugging me is: what else do we have, besides cash, that is of value to the rights holders and could be traded for more of what we want. Libraries generate value in enormous numbers of ways, but what do we have that publishers might want that would give us some bartering ability?

Some librarians have started looking at these value-exchanges in a new way. Toby Greenwalt, a librarian at the Skokie Public Library, started asking what the value was to the publishers of the awards that the American Library Association gives out for childrens and young adult titles, and Andromeda Yelton followed up with a look at how those awards related to the ability for libraries to lend those books electronically. Here’s something that the ALA does, which appears to be significant value to publishers, with no visible complimentary exchange of value going the other direction.

Finally we get to what I’ve been thinking of as my heretical idea. Because when I think about what other thing of value that libraries have that could potentially be traded to publishers in order to get an equivalent set of value back from them in the way of ebook rights, I keep coming back to one thing:

Information. Information about our patrons, information about our circulations of individual books, and demographic information about our users and what books they read.

I know. A lot of librarians just stopped reading, or perhaps began clutching the arms of their chairs a bit too tightly. Patron information! The holiest of holies in library land, the Thing Which Must Not Be Shared! One of the core tenets of librarianship is that the borrowing history of the individual is sacrosanct. And for very, very good reasons…it doesn’t take a paranoid person to see the ways in which reading histories should be kept private, from the teenager looking for information about sexuality to the individual checking out a book about chronic illness (you wouldn’t want your insurance company to know that, now would you). As the saying goes, “show me what you read and I’ll tell you who you are”.

But this information is valuable. Publishers would love to know more about their readers, as it helps them to make better decisions about what to publish, how to market, and what sorts of books that a given population is more likely to buy. The amount of data that libraries could have in this realm is enormous, and could be a huge lever with which to move the playing field that we are all currently on regarding ebooks.

I am very aware, there are huge problems with this idea. The data in many cases is actually non-existent (libraries are very good about dumping this data so that it can’t be used by law enforcement or others in negative ways against readers). In order to maintain any sort of patron trust, there would have to be serious thought given to sanitization of the data, stripping of individually identifying information, and more (and yes, I am aware that stripping of individually identifying information has been shown to be basically useless…I retain some hope that there is a way to do it that isn’t). It is also the case that with the rise of cloud-based ILS systems that this information is going to be more available than ever, and centralized on servers that are out of library’s control.

But if we want the next decade to be a good one for us, libraries and librarians need to put some serious thought into what our other value-creation areas are, and how we can begin to identify and trade on those against the rights-holders. Because our money is getting thin, our prices are going up, digital is likely to kill our existing model completely, and we need new ways to think about these things.

What else do we have? What sort of leverage do we have that we aren’t using? What can we bring to the negotiating table that we haven’t yet?

SOPA and Publishers

Here is a list of all of the companies signed to SOPA (which, while delayed until after the first of the year, isn’t dead):
Companies supporting SOPA

While there are a few surprises (GoDaddy? A DNS company that supports breaking DNS? Huh?) most of the names on the list are exactly who you’d expect: copyright holders that are clearly desperate to hold on to their business model. These happen to include publishers like Hachette, Harper-Collins, Macmillan, Elsevier, Hyperion, McGraw-Hill, Pearson Education, Penguin, Random House, Scholastic, and Norton. Not to mention all of the video/music companies that produce content that libraries spend money on: Sony, Universal, Disney, etc.

For those who aren’t keeping up with SOPA and PIPA and what exactly it is that the above companies are suggesting, let’s be clear: SOPA and PIPA are both so completely bad that I have trouble describing how bad they really are. I consider myself a writer, and I have trouble conjuring forth a description about just how incredibly fucked the USA would be if we allow these ridiculous bills to pass into law. So I’ll let someone else say it for me. Mr. Savage:

Make no mistake: These bills aren’t simply unconstitutional, they are anticonstitutional. They would allow for the wholesale elimination of entire websites, domain names, and chunks of the DNS (the underlying structure of the whole Internet), based on nothing more than the “good faith” assertion by a single party that the website is infringing on a copyright of the complainant.

Or maybe Mr. Dotorow? Or how about, oh…the engineers who built the Internet in the first place? Or maybe even the Stanford Law Review? All of them agree (as do I) that SOPA and PIPA would break the fundamental way that the Internet works, making the US into a third-world-country of ‘net access, and threatening the very concept of Free Speech online.

These are agressive, wrong headed pieces of legislation that attempt to find a technical solution to a legislative problem…we already have laws that punish individuals who infringe upon copyrights. This would be the equivalent of legislating the ability for private companies to decide to close down roads and revoke your drivers license just because someone claimed they saw you take a drink, instead of simply having and enforcing laws against driving under the influence.

So what can libraries do? I think we should let these signatories know that we disagree fundamentally with SOPA and PIPA and indeed any law that would lessen the freedom of speech on the Internet. Tell everyone you speak with at these companies that this is not the sort of thing that we will support. If SOPA and PIPA are still on the table at the time of ALA Midwinter, I plan to try to speak with as many employees of these companies as I can about this. I suggest you do the same.

Ripping your books

A really great article from Christopher Harris over on the American Libraries E-Content blog called “What’s Next? Book Match?” is getting passed around the web today. The pull quote that seems to be catching everyone’s attention is:

If I can rip my CD to an MP3, why can’t I scan my book to an EPUB?

I just wanted to step in and say: You can. There is decent case law in place that indicates that format shifting of personal copies is allowable in the United States. There is also strong case law in place for the ability to personally back up media that you legally aquire…both of these indicate that while there may be no clear “Yes you can” statement in copyright law, there is a lot of evidence that it’s perfectly ok for individuals given Fair Use rights in the US.

Moreover, there’s easier and easier ways to digitize books out there. If you haven’t seen the DIY Book Scanner project, go and check it out. This group is doing awesome stuff towards making digitizing books something that isn’t nearly as time-consuming as it once was. Plus, as I often point out in my presentations to libraries and librarians, if you think that digitizing books is going to be difficult forever, well…think again:

Apple intentionally hurting eBook stores

Apple announced the terms of their in-App Subscription Service this morning, and it does indeed look like they are shooting directly at Amazon. What I’m concerned about is the fallout from these new rules on other apps…here’s the paragraph that causes me issue, with the pertinent passage highlighted.

Publishers who use Apple’s subscription service in their app can also leverage other methods for acquiring digital subscribers outside of the app. For example, publishers can sell digital subscriptions on their web sites, or can choose to provide free access to existing subscribers. Since Apple is not involved in these transactions, there is no revenue sharing or exchange of customer information with Apple. Publishers must provide their own authentication process inside the app for subscribers that have signed up outside of the app. However, Apple does require that if a publisher chooses to sell a digital subscription separately outside of the app, that same subscription offer must be made available, at the same price or less, to customers who wish to subscribe from within the app. In addition, publishers may no longer provide links in their apps (to a web site, for example) which allow the customer to purchase content or subscriptions outside of the app.

To summarize: publishers are allowed to sell subscriptions on their own websites, but if they do, they must also allow for in-app purchase of said subscription, and there has to be pricing parity between the two methods. This means that, for instance, a newspaper couldn’t offer a subscription on their site for $5, but make the in-app purchase $8…this prevents publishers from variably pricing things higher in the App in order to pad the price to take into account Apple’s 30% of the sale price. So far, so good…it’s that last sentence that really worries me:

In addition, publishers may no longer provide links in their apps (to a web site, for example) which allow the customer to purchase content or subscriptions outside of the app.

Notice that in that sentence, Apple stopped talking about subscriptions and now include content generally. This single lline is the one that, I think, kills eReader software on iOS devices. This means that Amazon can’t keep the Kindle app the way it currently works, which is to tap a button inside the app that then takes you to the Kindle store in Safari. That’s not allowed given the above. That will apply to Barnes & Noble’s Nook software, as well as any other eReader software that I’m aware of on iOS. eBook providers like Amazon and B&N almost certainly can’t afford to move all their sales to in-app purchases because of the 30% Apple “tax”. This means that either they raise prices and move into Apple’s ecosystem, or they stop allowing purchases of books at all on iOS devices.

The rules appear to allow Amazon to sell Kindle books for iOS on the Amazon website directly (obviously Apple can’t do anything about that) but it seems to break any connection between the app and said site. This intentionally damages the user experience for this and other eBook apps, and is the main reason I can’t believe that Apple is pushing this as hard as they are. This is much different than other limitations that Apple has placed on the development of Apps…this isn’t hardware based limitation (multitasking) or anything like that…this seems to be purely a “show us the money” limitation. I’m really disappointed if this is the way that Apple chooses to enforce this, because while they are guilty of many things, intentionally hurting usability has never been one of them.

What I’m really curious about is this: Is Apple going to push these requirements for any App that allows for any purchase…like, for instance, the Amazon app that allows you to shop on Amazon directly. Or Zappos, or Ebay, or any number of other apps that act as a front-end for purchasing goods. If that’s the case, I think that Apple is in for some real trouble and pushback from companies, and possible legal repercussions. Seems like it can’t possibly be legal for the manufacturer of a computer (which is what the iPhone/iPad/iPod touch is, after a recent legal decision) to require that anything purchased on that computer provide them with a cut. I’ll be keeping my eyes on this one.