Category Archives: Personal

SXSW 2016

I attended my first SXSW conference this past week, and have been struggling about how to describe it. On one hand, I was able to find interesting things and have a great time. On the other, the conference felt so very desperate, like a marketing team and a brogrammer had a kid. It was a non-stop barrage of things that were really-well-known being well-known (Game of Thrones, Mr. Robot) and things that weren’t well-known trying desperately to be so.

Libraries and librarians were, as always, the saving grace in the midst of the chaos. I spent time with the Library IdeaDrop house this year, and all I can say is that they run a tight ship, full of interesting people and awesome events. I would be a part of it again in a heartbeat.

I wrote up my experiences for American Libraries, here’s the three-part story:

And here are all the interviews that I did with IdeaDrop this year:

SESSION 6 from Idea Drop & ER&L on Vimeo.

Jason Griffey @ #IdeaDrop from Idea Drop & ER&L on Vimeo.

Knight News Challenge from Idea Drop & ER&L on Vimeo.

SESSION 8 from Idea Drop & ER&L on Vimeo.

Copyright and Creators: 2026 @ #IdeaDrop from Idea Drop & ER&L on Vimeo.

Digital Content and the Legality of Web Scraping from Idea Drop & ER&L on Vimeo.

LibraryBox GSoC logo banner

LibraryBox & Google Summer of Code

I am thrilled to be able to announce that The LibraryBox Project has been invited to be one of the projects included in the Berkman Center for Internet & Society’s Google Summer of Code.

If you aren’t familiar with the Google Summer of Code, it is a program that gets undergraduates connected to open source projects via mentor organizations. The goal is to give the students experience working on useful open code, while projects benefit from their skills to set and meet development goals. Google pays the students a stipend, and the whole open source community wins.

The LibraryBox Project has a few different goals in mind for the summer, and is looking for awesome students who want to make a difference in the world. If you’re a student that is interested in working on an international open source project that is being used in more than 40 countries and on all 7 continents, one that makes a difference in education in developing nations and acts as a tool for activism and social change in repressive countries, come join us.

Applications open March 14th, and close March 25th.

If you know anyone that’s applying, send them our way.

Libraries in the Exponential Age

In late summer of 2015, I was invited to take part in a gathering at the Aspen Institute for a discussion that revolved around the general theme of how libraries can be more innovative and can drive innovation in their communities. It was one of the best groups and conversations that I have ever had around the general topic of the future of libraries, and I’m thrilled that the work we did is coming out in the form of some great writing and tools.

First up, on the Knight Foundation blog, is the post that explores the work that I was a part of, including a video I did talking about one of the things I’m most concerned about for the future of libraries.

From this and other gatherings, the Aspen Institute has built out a website and an action guide that:

…leads you through a variety of strategic activities and provides worksheets that evaluate the current level of support for your library and the resources needed to plan and convene your own community dialogue.

I’d recommend that libraries and librarians take a good look at these resources. The reports coming out of this work are among the best that I’ve read about the future of libraries, and I’d highly recommend that you take the time to look at both Rising to the Challenge: Re-Envisioning Public Libraries and Libraries in the Exponential Age. The latter is the one I was a part of, and I have almost no complaints about the way it approaches the future of libraries.

NT 100 WINNER 2015 BLUE - RGB

LibraryBox recognized in the 2015 Nominet Trust 100

I’m very happy to announce that The LibraryBox Project has been named among the 2015 NT100 – Nominet Trust’s annual celebration of 100 inspiring ‘tech for good’ ventures from around the world. Among this year’s companies selected for inclusion are Google X’s Project Loon and Open Street Maps…I’m gobsmacked that LibraryBox can be included in a list with those amazing projects.

The included projects all use digital technology to tackle the world’s social problems from lifesaving health tech to knowledge sharing via SMS text messaging.

Following a global call for nominations earlier this year The LibraryBox Project was selected by ten judging partners from the tech and charity world in recognition of our work. The judges included such companies as Comic Relief, Creative England, Facebook, Latimer, Nominet, Oxfam, O2 Telefonica, Salesforce and Society Guardian.

Thank you to everyone involved in The LibraryBox Project, especially Matthias Strubel, without whom it wouldn’t be as amazing as it is. Thanks also to the Kickstarter backers that made the v2.0 possible, and to the Knight Foundation Prototype Grant for enabling the development of the v2.1. If you’d like to learn more about The LibraryBox Project, a good place to start is the talk I did at Harvard Law School for the Berkman Center for Internet & Society earlier this year.

Learn more and and explore the 2015 NT100 here: socialtech.org.uk/nominet-trust-100/2015

IMG_2723

Estonian E-Residency


IMG_2720

On August 26th, 2015, I applied to be a digital citizen of the country of Estonia. On November 18th, 2015, I took the train from Boston to New York City, walked to the Consulate General of Estonia, and I officially became an Estonian E-resident.

IMG_2735

What does that even mean, and why would I do it?

Estonia is one of the very first countries to implement a robust electronic identity card system for their citizens. The ID card is a smart card that has a chip embedded in it that enables a robust public-key encryption implementation that allows the owner of said card to legally sign documents electronically. Estonia has been building out their infrastructure for electronic signatures and digital identity for over a decade, and Estonian citizens can do a vast amount of interaction with their government through this system, including things like the DMV, registering for governmental programs, and even voting in elections. The system is being overseen by Taavi Kotka, the CIO of Estonia and founder of Skype.

The E-Residency program is an extension of this system to non-Estonian citizens. In its current state, the card allows me to open and run a business in Estonia if I would like (completely remotely), to set up a bank account (not completely remotely, but the banks are promising that soon), and to interact with a handful of companies that recognize the card as a legal identity document. While I don’t currently need to do any of these things, I am intrigued by the potential for robust digital identities to conduct business and interact with agencies in the real world, and right now Estonian E-Residency is the only way to do that as an American citizen.

According to the Estonian dashboard that tracks these things, I am one of 443 applicants from the US, but only 239 of us have actually picked up our cards. So somewhere in the US there’s 238 other people that are interested in playing around with this technology.

esotnia numbers

Becoming an E-Resident involves applying, paying a 50 Euro processing fee, and if accepted, picking up your E-Residency kit at an Estonian Consulate. The kit comes with your smart card, as well as a USB card reader and instructions for using the two together to interact with online portals securely.

IMG_2739IMG_2740

IMG_2742

IMG_2741

Once you have these in your possession, you can log in to the Estonia E-Residency portal, use your card for authentication, and access the currently-available services through your browser.

I’m doing this partially because I am very curious about the future of the program, and hope that this might enable some interesting things over the next few years. If I’m honest with myself, it’s also because I read far too much cyberpunk literature as an impressionable youth, and the concept of digital citizens of a physical nation-state thrills the hell out of me.

The other aspect of this program that I find interesting is that they are opening the platform for developers to use their cards as an authentication method. Obviously there isn’t enough uptake for that to be useful yet, but systems like this one may well become standards over the next decade and knowing how to use them now will only be an advantage.

As I find interesting uses for my E-Residency, I’ll post about it here. For now, I’m just happy to be one of the first in the US to have the opportunity to test this authentication and identity platform.

3j12wWM

TSA Master Keys, Threat Models, and Encryption

Earlier this year, someone noticed that the Washington Post had published a story with the following picture:

TSA Master Keys

Once that photo was noticed, a few intrepid hackers began a search for higher resolution photos, which weren’t long in coming. From those photos, they reverse-engineered CAD files of the keys, and the results are STL files for the 7 Master Keys that the TSA has for luggage locks in the US. Here are two different Github repos with the downloadable files.

On Saturday, Oct 17 2015, while testing the setup of a new 3D printer, I decided to see how easy it would be to use one of these keys on a TSA approved lock. There happened to be a luggage lock laying around the Berkman Fellows room that no one knew the combination of, so I had a test subject within easy reach. Within about 15 minutes, I had a key printed. I spent about 2-3 minutes cleaning it (smoothing edges and picking off rough spots in the printing). Maybe 2 minutes after that, I had the lock open.

This is the perfect illustration of why security that has backdoors for law enforcement isn’t actually security. Once there is an intentionally created hole in your security strategy, you should assume that anyone that you are attempting to prevent accessing your luggage/email/passwords will ALSO have access to your intentionally created security hole. This is the same concept that Cory Doctorow uses in his condemnation of DRM (you can’t lock something up with a key and then give the key to the person you are trying to prevent accessing your thing) as well as the argument against giving backdoor access keys for encryption algorithms to governmental agencies. It is simply impossible to have security, whether that term is used for physical objects, communication, storage of information, or anything else, and also to have holes intentionally added to the system for the benefit of “the good guys”. Once the key exists, anyone can make their own copy of it.

printing key

With government around the world arguing for technology companies to build in “golden keys” for encryption used on phones and other digital devices, we need to be wary of anyone that believes that such access would only be used for good, or only by the right groups.

Why is strong and reliable encryption so important?  I think Bruce Schneier said it most plainly:

If we only use encryption when we’re working with important data, then encryption signals that data’s importance. If only dissidents use encryption in a country, that country’s authorities have an easy way of identifying them. But if everyone uses it all of the time, encryption ceases to be a signal. No one can distinguish simple chatting from deeply private conversation. The government can’t tell the dissidents from the rest of the population. Every time you use encryption, you’re protecting someone who needs to use it to stay alive.

This is why the Library Freedom Project and their work to put Tor Nodes in Libraries is so important. It’s why libraries should be moving all of their services to encrypted channels. In many ways, this isn’t just about protecting our patron’s information (although that is a good and sufficient reason to use these services and to be worried about electronic security).

Encryption is like vaccination…we shouldn’t be driven to do it because it helps us. We should be driven to do it because it helps the world.

There is also an argument for libraries to use and support strong encryption for free speech reasons, but that will take another post and a more subtle argument.

EgoPost: Two articles about me

This was my first week as a Berkman Fellow, and there were a couple of articles that came out about my time here. The first was a very kind article by my Alma Mater, the University of North Carolina School of Information and Library Science. The second was from Berkman themselves, an interview with me about what I’m working on while here.

From the UNC-SILS article:

“I’m most excited about connecting with the people associated with the Berkman Center, and by extension the library community in the Boston area,” Griffey said. “Berkman has a history of supporting the mission of libraries, but I’m really excited about the opportunity to spread the word about the amazing work that libraries are doing and make connections between them and the other fellows. I’m also looking forward to finding people to collaborate with on my own project, and see what new voices and minds can bring to it.”

and from Berkman:

“I am interested in the rise over the last several years of what I am calling the “hyperlocal webserver”. A number of projects are attempting to provide access to digital resources  to users through the use of inexpensive, low-powered offgrid and offline webservers, including my own open source project LibraryBox. Others in this space include PirateBox, the RACHEL project servers, occupy.here, The IDEAS Box project, the OLPC project’s School Server, and many more. These projects have in common that all are designed to allow for local connectivity without access to the broader Internet. The power of localized digital delivery is only now being realized, especially in areas where there is insufficient infrastructure to support the demand for information access.

My interest is in the potential for these technologies (and possibly others) to allow for shadow networks to arise quickly where needed and wanted. The ever-shrinking costs of hardware capable of supporting these sorts of hyperlocal micronetworks drive the overhead for building one down to trivial amounts, but the technical knowledge needed to set up and manage one is still more than the average Internet user can handle. I want to reach out to the projects above, hardware makers, UX designers, and network engineers to try and develop a process and project that makes it as easy as possible for anyone to create or assist in community-based networks that allow for digital sharing and communication even when offline or offgrid. I am interested in what happens when communities are given the tools that can allow for unmediated and uncontrolled sharing and communication, and what sort of emergent behaviors and services might arise from those tools.”

Inclusive vs Safe

I was listening to an episode of Accidental Tech Podcast, Not a Cactus in Sight, (one of my favorite podcasts, mostly because I’m a total John Siracusa fanboy), and during their discussion of the Reddit community John mentioned two tweets by Laurie Voss that totally made my brain explode with thought:

(here I think Voss is using “inclusive” in a legalistic/law oriented way, not in a norm or cultural sense…inclusion means “the ability to be a part of a community regardless of any aspect of your identity”…a lack of exclusion of any type)

Prior to the World Wide Web, I was an avid Usenet user, falling deeply into any number of alt. and rec. subgroups. Usenet was, in retrospect, where I learned so many things about “being online”, including tone, behavior, expectation….the entire culture of many parts of the social web were preceded and predicted by Usenet. Reddit is one of these spaces, as the concept and execution of a site that’s basically many user-driven bulletin boards is, in abstraction, just a modern execution of Usenet.

Reddit has been in the tech news a lot lately, and while I’m not interested in debating the pro and con of the decisions that have been made there, I think it’s fairly obvious that there’s a lot of terrible things on Reddit and that the response to said terrible things has been horribly blundered. I agree with the ATP guys above in their analysis…if you want to build a horrible place, keep doing what you’re doing Reddit…but that’s not a place that non-horrible people will choose to continue to hang out. I think there are lots and lots of other online communities that have been ran very well and have managed to be smart and useful places to have discussions online…the premiere example of this is probably Metafilter. It isn’t clear if Twitter and Facebook will do as well over time dealing with their respective issues.

There is, however, another social space that includes text based information resources that I am very attached to and fond of: the library. And in thinking about the axes of “inclusion” and “safety”, I realized that the rhetoric of the library world is very much the same rhetoric that is often used in the online spaces to justify what is usually horrific behavior. The oft-used quotation is Jo Godwin’s fantastic turn of phrase “A good library contains something in it to offend everyone.” Library collections are constrained by collection development policies that are driven by their local boards and communities, while calling back to the ALA Library Bill of Rights:

  1. Books and other library resources should be provided for the interest, information, and enlightenment of all people of the community the library serves. Materials should not be excluded because of the origin, background, or views of those contributing to their creation.
  2. Libraries should provide materials and information presenting all points of view on current and historical issues. Materials should not be proscribed or removed because of partisan or doctrinal disapproval.
  3. Libraries should challenge censorship in the fulfillment of their responsibility to provide information and enlightenment.
  4. Libraries should cooperate with all persons and groups concerned with resisting abridgment of free expression and free access to ideas.

In a way, a library collection is a conversation between the librarians and the community, written not letter by letter or word by word, but book by book over the course of decades or even centuries. That conversation is under the same tensions that online conversations are as it relates to safety and inclusivity. When someone challenges a book, they are in effect saying “this is a kind of speech that makes me feel unsafe.” And as Voss notes, the library gets to decide who to side with: those that feel unsafe, or those that make them feel unsafe. In the library, that answer is almost always the latter.

This isn’t to say that there aren’t limits…each library draws its own limits of the things they are willing to collect. In my personal opinion, not collecting particular items is not problematic; for example, I would have no trouble as a librarian not purchasing nor shelving anything published by the KKK.

I’m intentionally trying to frame this in the most difficult way, because I think it’s a difficult thing to navigate. Let me state my own position, straightforwardly: I think that the Library Bill of Rights is a positive document, and that the library providing access to material that the majority of their patrons would disagree with is absolutely fine. I also think that individuals deserve to be protected and feel safe in their activities and surroundings. The tension between these two positions puts me in a disharmony…I dislike being contradictory in my positions.

It has been pointed out by those much smarter about these things than I that librarianship has inclusivity issues written deep in its core. While our collection development statements tend towards inclusivity of multiple perspectives on social issues, once purchased those collections are often described and presented to the community using a grammar that is anything but. For many public libraries, the Dewey classification system is massively problematic, and Library of Congress subject headings are no better. We have inclusivity issues baked into our classifications (indeed, it’s likely epistemologically impossible to categorize without exclusion of some sort).

I don’t know how these issues get reconciled. How do you square inclusion and safety of spaces, both real and virtual? What are your thoughts on that dichotomy? Is it a false one? I’d love to hear from the library community about these seemingly opposing perspectives.

AspenLogoWhiteOnBlue_1920x1080

Leadership Roundtable on Library Innovation

Last week I attended the Aspen Institute Leadership Roundtable on Library Innovation, a gathering of 30 individuals from a variety of backgrounds (both library and non-library) whose goal was to have 3 days worth of discussions about how to make libraries in the United States more innovative. I don’t know if the entire list of participants has been made public, but the attendees were easily some of the smartest and most thoughtful people that I’ve had the pleasure of working with. As I mentioned in my initial post about the Roundtable, I was concerned about diversity in the voices in the room, and while I’m not qualified to truly judge how well that went, I did notice one particular bias that I am interested in calling out and pursuing as a part of the conversation. But more on that in a minute.

The roundtable opened day one with a presentation by John Seely Brown, otherwise known simply as JSB. If you aren’t familiar with JSB, take a second and look over his wikipedia page to get an idea of his importance. His speech was interesting and set the stage for a lot of the discussions that sprang forth over the next few days. Take a look:

Day two began with a presentation on Design Thinking from Michelle Ha Tucker from IDEO. I’m totally sold on human centered design as a key to rethinking the way libraries do what they do, and have done a number of workshops on process on that front. If you aren’t familiar, take a look at her presentation, framed well around library issues:

From our initial discussions about innovation considered broadly, we broke up into three working groups that set about considering what it would take for Libraries to innovate in different areas. The areas identified were Engagement/Access/Inclusion, Learning & Creativity, and Public Forum & Citizenship, and each group discussed what innovation in each of these areas looked like, how that could be translated into the library sphere, and what a project might look like if it attempted to instantiate that solution. I was a part of the Public Forum & Citizenship group, and we spent most of our time revolving around the problem of libraries acting in concert with one another and bemoaning the lack of overarching structures for working together…a common theme from the larger discussions of the Roundtable.

There were several of these emergent themes that repeated themselves during the week. The lack of some form of national organization that allowed economic centralization for libraries was maybe the largest though…the non-librarians in the room were flabbergasted to discover how very local the library economy is, and how much it prohibits collective purchasing efforts.

The largest tension in the discussions for me was the bias that I alluded to earlier, that of urban vs rural libraries. There was repeated use of a statistic that I’m still not clear on the provenance of, that 295 libraries in the U.S. serve 30% of the population of the country…obviously all of them in large urban areas. Anyone familiar with Libraryland could name the large public library systems included in those numbers: New York Public, Los Angeles Public, Chicago Public, Boston Public, Miami-Dade, Denver Public, and a small handful more. Given that there are roughly 9000 public libraries in the U.S., I understand the concentration on those areas of easy implementation…but I rankle more than a little at the lack of acknowledgement of the greater need for support in rural America. The poorest parts of rural America are much poorer than the equivalent urban poverty centers, and they lack nearly any support system for their poverty. In much of the poorest areas of the U.S., the rural south, the public library is the only place that’s accessible for educational resources beyond school age.

So while I understand striking with efforts where the highest number might be affected, I also want to keep reminding people about the needs of the rural United States. Let’s not forget those that need us most even while we try to maximize our efforts.

eRate

One of the largest discussions of the Roundtable revolved around the FCC and its eRate plans for internet access in libraries and schools. An FCC staffer was there to walk through the options for libraries, and to give us numbers on how bad library participation in eRate really is. Everyone in the room agreed why this was the case, the CIPA requirement for filtering. It was nice timing that just after our discussion of this issue, the ALA released a formal statement on CIPA that begins, in part:

“CIPA specifically requires public libraries and schools seeking e-rate discounts for internet connections to install technology protection measures, i.e., content filters, to block two categories of visual images that are unprotected by the First Amendment: obscene images and images of child pornography.”

and concludes

“CIPA-mandated content filtering has had three significant impacts in our schools and libraries. First, it has widened the divide between those who can afford to pay for personal access and those who must depend on publicly funded (and filtered) access. Second, when content filtering is deployed to limit access to what some may consider objectionable or offensive, often minority viewpoints religions, or controversial topics are included in the categories of what is considered objectionable or offensive. Filters thus become the tool of bias and discrimination and marginalize users by denying or abridging their access to these materials. Finally, when over-blocking occurs in public libraries and schools, library users, educators, and students who lack other means of access to the Internet are limited to the content allowed by unpredictable and unreliable filters.

The negative effects of content filters on Internet access in public libraries and schools are demonstrable and documented. Consequently, consistent with previous resolutions, the American Library Association cannot recommend filtering. However the ALA recognizes that local libraries and schools are governed by local decision makers and local considerations and often must rely on federal or state funding for computers and internet access. Because adults and, to a lesser degree minors, have First Amendment rights, libraries and schools that choose to use content filters should implement policies and procedures that mitigate the negative effects of filtering to the greatest extent possible. The process should encourage and allow users to ask for filtered websites and content to be unblocked, with minimal delay and due respect for user privacy.”

None of this is untrue, and I agree with all of it: Internet Filtering is a joke, a crime against the freedom of information access, a risk to privacy of the reading experience, and simply doesn’t work. However, the current opportunities from the eRate program are…well, if not once-in-a-lifetime, they are pretty close. The FCC is trying very hard to incentivize the construction of fiber to every library. All of them. eRate will pay for between 10-80% of the construction costs for fiber to the library, including things like huge fiber runs into rural areas and the hubs and switches necessary to make it work inside the building. And in places where the State has a matching program, the FCC + State match can pay for 100% of the costs.

This is like the Rural Electrification Act, except for the next-gen connectivity that will be needed by communities over the next decade. In rural areas, getting fiber anywhere is nearly impossible…it isn’t worth the infrastructure costs for providers to run the fiber. But if someone else is paying to run it, and it runs to a conveniently located place in a community like a library, the most expensive part of the work is done. This will enable communities to be connected that could never be previously. The FCC staffer was talking about future-proofing this construction by aiming for 10 Gbps connections to these libraries…a sort of super connectivity. This is important, potentially transformative stuff for communities and libraries.

So what are the difficulties? The first is the aformentioned CIPA rules about filtering…which some libraries are happily complying with now. Note that the rules for CIPA don’t say that you have to filter! They just say that you must “install technology measures”, have a policy in place, and hold a meeting with you constituents about said policy. It is possible to comply with the rules for CIPA at a very low level…blacklisting pornographic sites via DNS filtering on computers in your children’s area, for example. I believe it is possible to meet the letter of the law, not impede access to information, and use eRate funds to increase connectivity in areas that badly need it.

After talking at length to an FCC staffer about this program, I do honestly believe that connectivity is their goal. They aren’t out hunting for libraries that “fail” some CIPA test. If we can find a way to meet the minimum requirements for CIPA and not compromise our information ethics, we should do so.

The second difficulty in eRate funding is the application process itself. It is…non-trivial. In this case, I think we need to find models that libraries can follow, and that consortia need to focus on offering eRate application as a service to their member libraries.

Conclusions

The Aspen Institute will be producing a report from our discussions, with recommendations for libraries. The Knight Foundation produced a nice summary of our work on their blog, and I’m sure that more will trickle out as other participants write up their thoughts. I’m interested in working in the areas I know of rural America to try and use the new FCC eRate push to try and get more communities connected, and I’m very interested to continue these conversations over the next year.