Trust No One...

"Deep Throat said "trust no one." And that's hard, Scully. Suspecting everyone, everything, it wears you down. You even begin to doubt what you know is the truth. Before, I could only trust myself. Now, I can only trust you... and they've taken you away from me." - Fox Mulder, The X-Files

When the topic of 'trust' was announced for GLAM Blog Club I honestly had too many ideas to talk about. There is the trust people put in libraries, the trust libraries put on people, how much we (don't) trust our government, and trust in our technology and those who control it. Looking at how I would talk about each of those it soon became clear I had trust issues and it reminded me of someone.

OK, so I do have a large, framed 'I want to believe' poster in my study, and I use various methods of encrypted communication, but does that really make me a paranoid conspiracy nut? I sometimes get the feeling that people see me that way though, especially when I talk about patron privacy, data protection, and how woefully unsecure our Library Management Systems are.

Slide Show

This is the point where Mulder would turn off the lights and turn on the carefully curated slide carousel. Each click would highlight a seemingly random piece of a larger puzzle, with Scully rolling her eyes and attempting to debunk the blurry photo of an exsanguinated cow. You have been warned.

[slide click]

Trust in Libraries

Working in a public library I see first hand how much the public trust us. Almost everyday people will hand me their unlocked mobile devices and say 'it's all too complicated, do the thing for me'. I barely let my phone out of my sight let alone hand it over to someone else, but more often than not staff come to me in the closed work room with a patron's phone in their hand and ask for advice. If this was the TSA or Border Force I could be cloning their device, checking social media accounts, and compromising any encryption. We're not though. We are the library, and people trust us to help them print out Centrelink forms, bank statements, fill out passport applications, set up two factor authentication, upload CVs, and check social media. The list is endless.

My previous work at, the then named, FPWA library put another layer of trust on my job. Clients would often come upstairs to our small library, directly from a clinic appointment where they had just been diagnosed with something, or given a slip of paper with an unfamiliar word scrawled on it. Those clients trusted me to handle their questions professionally, respectfully, and discreetly. To discuss sexual health topics openly in a library with a stranger? That is huge. How would a similar query be handled in a public library though. Does the patron trust a library to be unbiased when providing information? What happens when a question posed by a patron goes against a librarian's core belief? Do we act like pharmacists and refuse to help, but make sure we point them to a library that will? What would that do to someone's trust in the library? These are questions we need to consider when thinking about trust, do people trust libraries more than they should or are we just unaware of how much people trust us in the first place?

[slide click]

In Patrons We Trust

When you look at it, public libraries have trust at their core. Without trust, there is no library service. We loan thousands of expensive items every day, to hundreds of people, and for the most part it all comes back. Sure, there are accidents and items get damaged or lost, but I can count on one hand the number of people who have maliciously stolen items from libraries and even then most weren't library members to begin with. At my last job there was a deep distrust of the patron. Every excuse they gave was a lie and it was our job to catch them out. There are reasons I left that position.

"Public libraries have trust at their core. Without trust, there is no library service."

I get it though. We curate these wonderful collections and want to share them with our communities. If someone damages a new DVD, we may not be able to replace it immediately, and the wait list of fifty people will get longer and angrier. If it didn't work though, if all our patrons were shifty thieves out to steal everything and throw books in the bath, well, libraries wouldn't work. We need to trust that the majority of people will do the right thing and share the resources and protect our property, otherwise the whole thing collapses and we start chaining books to shelves again.

[slide click]

An Honest Government

I don't think anyone can blame me for having a distrust of the government, be it ours or someone else's. It's also been established that libraries are not neutral, and I don't think they should be. The problem I see is that all public libraries are funded and run by local government, and more often than not it's this body that has the last say. I think libraries are going to have a tougher time (if not already), to be the warm, welcoming place we keep telling everyone we are. What happens when government policy starts to enforce particular viewpoints? What happens when facts are changed and they become lies? Will libraries rush to fill their shelves with the latest climate change denial books because that's what our government is pushing? Or will we fight back and refuse to purchase propaganda material?

Especially in the US, but also in Australia, we have to be careful about slow changes in our government. These policies that slip in directing us to use certain suppliers over others, subject areas that need 'rounding out', and providing access to databases to other departments. You can already see libraries being directed to remove material and replace it with state sanctioned items, it's not a 'what-if' scenario. It's happened before and it will happen again. What you need to ask yourself is, will you blindly follow orders or will you #resist? I hope it doesn't come to it, but I'd like to believe I'd follow Iku Kasahara's example, and if required defend our rights to the end.

[slide click]

If You Trust It, You Should Have Encrypted It

When we put our trust in technology, we put our trust in those who control it. This includes Library Management Systems, third party eBook providers, and public wifi vendors. I've mentioned the Library Freedom Project before, their work has influenced me to create a Defence Against the Digital Dark Arts session for my library which I'll be running this year. The Library Freedom Project shows that there is a need for public education in regards to protecting oneself from surveillance, from both private and government entities. What if libraries being 'neutral' actually means being a place where you won't be spied on?

I know from previous places of work that while many of us struggle to protect our patrons, many find it too hard or just don't care. At several vendor presentations I've attended, I raised the question of security, where the data is going, who has access to it, etc. and what was scarier than the vendor not knowing the answer was the fact I was the only one in a room of librarians who even cared. Trusting that a library vendor has you and your patrons' best interests at heart is foolish. When you have to request the salting and hashing of patron passwords (at cost) on your database, or query why we're still sending user data over plain text SIP2 connections, or even discover that a fourth party is skimming your patron data, you need to re-evaluate your trust levels and ask 'am I protecting my patrons, or selling them out?'

[slide click]

Be More Like Scully

As the lights come up and I sit back in my chair, waiting to see if I've converted my colleagues to thinking the world is out to get them, I realise that it's a lot to take in. A lot to believe. I think back to my teen years when I first played around with PGP encryption on my emails. Nobody I knew had even heard of encryption back then.¹ I sadly put away my public key and went back to emailing people and chatting over MSN. Now, I get excited when people give me a ProtonMail contact address. Things take time and while I may be an early adopter for most things, people eventually come round. My problem is that by the time libraries come round it may be too late.

Even Scully, initially sent to debunk Mulder and his wild theories,² eventually came round to most things. Admitting we have a problem is a good first step, but we're beyond that now. Why aren't we demanding vendors put basic encryption on our library databases? Why are we shrugging our shoulders at giving data to third parties? Is it too hard or do we not care?

I think ultimately I want to be able to trust my profession to do the right thing. To protect vulnerable people. To stand up against those who mean harm to our core beliefs. While there are some amazing people out there doing exactly this, there needs to be more. We need more Scullys out there, standing up to their oddly attractive Assistant Directors,³ saying, 'Hey, you know what? This Mulder guy has a point.'

Trust?

While this is a bit of a rambling post,⁴ I feel that the GLAM sector as a whole needs to work on our trust issues. We should always be questioning who we trust, and why we trust them. Just because a system has been around for a long time, doesn't mean we shouldn't question it. I don't think the issue of trust in the GLAM sector will ever go away, nor should it. If libraries are to be trusted by the public like we so often claim, what are we doing to earn that trust? What protections have you put in place to make your gallery, library, museum, or archive, safe; and what would you be willing to do to keep it that way?

I would love to hear discussions around these and other topics. Please head over to the newCardigan Discourse page or even better, write a GLAM Blog Club post of your own!

Remember, the trust is out there!