Cybersecurity & Privacy: What's Ahead for 2017 - ALA Midwinter 2017

©2016 ProQuest LLC. All rights reserved.

Security & Privacy:What’s Ahead for 2017

Library Edition

Daniel Ayala (@buddhake)Director, Global Information Security, ProQuest

ALA Midwinter 2017Atlanta, Georgia

©2016 ProQuest LLC. All rights reserved.2

First, a story…


Modern technology is amazing.

3

The sky is the limit…

…but there is reason for

caution


Security & privacy go beyond the library

4


Library as Hub of Privacy & Security


Protect the Systems!Protect the Users!Protect the Data!

6

Device Security



7

MalwareRansomware



8

Phishing



9

Browser Security



10

Mobile Devices


A few words on

11

P R I V A C Y


USA Patriot Act


USA Freedom Act


Consumer Services Devour Data


Anonymisation & Tor


Personalisation


Opt-in vs Opt-Out


Net Neutrality Rollback*

*In discussion, not yet submitted for public comment


ISP Browsing Data Privacy Rollback*

*In discussion, not yet submitted for public comment


Tools

20

Ghostery (Chrome) – https://www.ghostery.com

1Blocker (Mac/iOS) - http://1blocker.com

BuiltWith (Chrome) - https://builtwith.com

Malwarebytes - https://www.malwarebytes.com

Deep Freeze - http://www.faronics.com/products/deep-freeze/

Tor - https://www.torproject.org

Let’s Encrypt (SSL) - https://letsencrypt.org


Shared responsibility for privacy


Transparency


Anonymisation


Options & Informed Consent


Sharing Data w/ Others


Support Anonymous Use


Access to One’s own User Data


Accountability


RA21RA21’s mission is to align and simplify pathways to subscribed content across participating scientific platforms. RA21 will address the common problems users face when interacting with multiple and varied information protocols.

http://www.stm-assoc.org/standards-technology/ra21-resource-access-21st-century/


Balance

30

Security & Privacy Utility


Foundational thinking31

Data will always be collected

Collection != Privacy Violation

Serve the user/patron!

Set principles for use & sharing

If you collect it, use it wiselyand get rid of it when you’re done!

TRUST!(but verify)


Give patrons/users the information, options

to make smart, well-informed privacy decisions32


Security & privacy go beyond the library

33

Give patrons/users the information, optionsto make smart, well-informed privacy

decisions


HTTPS 11 Available Now, +5 More Soon

All new ProQuest products, HTTPS only

HTTPS only - later this summer

http://www.proquest.com/blog/pqblog/2017/Why-Those-HTTPS-Messages-Mean-Something-to-You-.html



ProQuest platform (search.proquest.com)ProQuest Dialog (search.proquest.com/professional) ProQuest Administrator Module (PAM) Legacy RefWorksThe New RefWorksEbook CentralProQuest Research CompanionPi2 Drug Safety TriagerAlexander Street Platform (search.alexanderstreet.com)Alexander Street Academic Video Store (search.alexanderstreet.com/store) Alexander Street Admin Portal

NOW

!



PivoteLibraryCultureGramsSIRSHeritageQuest OnlineProQuest Congressional (congressional.proquest.com)SO

ON!


Privacy Policy Full Update Coming SoonWhat data is collected

How it is usedWith whom it is sharedEU/USA Privacy Shield Compliant


When it comes to privacy and accountability, people always

demand the former for themselves and the latter for everyone else.

– David Brin


Resources & CreditsNISO Consensus Framework to Support Patron Privacy in Digital Library and

Information Systems - http://www.niso.org/topics/tl/patron_privacy/ALA Code of Ethics - http://www.ala.org/advocacy/proethics/codeofethics/codeethics

ALA Library Privacy Guidelines for e-book Lending and Digital Content Vendors - http://www.ala.org/advocacy/library-privacy-guidelines-e-book-lending-and-digital-content-vendors

STM RA21 - http://www.stm-assoc.org/standards-technology/ra21-resource-access-21st-century/

Stock photography via Stocksnap.io and Shutterstock.com

39


Q&A

Internet

Cybersecurity & Privacy: What's Ahead for 2017 - ALA Midwinter 2017