EDUCAUSE has released Data Privacy Legislation: An Analysis of the Current Legislative Landscape and the Implications for Higher Education .

Here's an excerpt:

With the ubiquity of mobile devices and the increases in data breaches, Congress has responded with bipartisan support for comprehensive privacy legislation. As of August 2011, 18 bills have been introduced in the 112th Congress concerning data privacy. . . .

These privacy bills generally fall into three distinct areas: comprehensive online privacy protection, geolocation and mobile devices, and data security and breach notification. If enacted, many of the bills have implications for data collection, storage, and use that could affect higher education and campus IT operations and academic research.

| Digital Scholarship |

The Association of Research Libraries has sent a letter to the Federal Trade Commission regarding Google Books privacy issues.

Here's an excerpt:

This consent order presents a unique opportunity to shape best practices in reader privacy for a major online service provider. The marketplaces for e-books and for book search are both in formative stages, and the standards adopted by Google can be highly influential for other market participants. We urge the Commission to confirm that reader privacy deserves the same respect in the online world that it has long demanded in the physical world by insisting on strong protections for reader privacy in the comprehensive privacy program.

Read more about it at "In Comments to FTC, ARL Suggests Privacy Oversight for Google Books."

| Digital Scholarship | Digital Scholarship Publications Overview | Google Books Bibliography |

Senator Leland Yee (D-San Francisco) has introduced the Reader Privacy Act of 2011 in the California State Senate.

Here's an excerpt from the press release:

Today, California Senator Leland Yee (D-San Francisco) announced the Reader Privacy Act of 2011 – legislation that would require government agencies to seek a warrant or court order in order to access consumers' reading records from bookstores and online retailers.  SB 602 would establish consumer protections for book purchases similar to long-established privacy laws for library records.

"Current law is completely inadequate when it comes to protecting one's privacy for book purchases, especially considering the increasing popularity of online shopping and electronic books," said Yee. "Individuals should be free to buy books without fear of government intrusion and witch hunts. If law enforcement has reason to suspect wrongdoing, they can obtain a warrant for such information."

Many bookstores already collect information about readers and their purchases.  Digital book services can collect even more detailed information including which books are browsed, how long each page is viewed, and even digital notes made in the margins.

Historically, sensitive reader information has come under fire. During the McCarthy hearings of the 1950s, Americans were questioned about whether they had read Marx or Lenin. In the years following September 11, 2001, the FBI sought patron information from more than 200 libraries.

Just this past year, Amazon was asked by the North Carolina Department of Revenue to turn over 50 million purchase records including books, videos, and other expressive material. 

SB 602 will update California state law to ensure that government and third parties cannot access Californians' reading records without proper justification. . . .

SB 602 will receive its first hearing in Senate Judiciary Committee in April.

| Digital Scholarship | Digital Scholarship Publications Overview | Scholarly Electronic Publishing Bibliography 2010 |

The EDUCAUSE Learning Initiative has released Privacy Considerations in Cloud-Based Teaching and Learning Environments.

Here's an excerpt:

In this white paper, we outline the privacy issues relevant to using cloud-based instructional tools or cloud-based teaching and learning environments for faculty members and those supporting instruction. Our discussion of how teaching and learning in an increasingly technological environment has transformed the way we interact and interpret FERPA will help inform various choices that institutions can consider to best address the law, including policy and best-practice examples. We highlight practical suggestions for how faculty members can continue to use innovative instructional strategies and engage students while considering privacy issues. Finally, this paper discusses ways to further explore and address privacy locally and includes a comprehensive resource list for further reading.

| Digital Scholarship |

The EFF has released the "2010: E-Book Buyer's Guide to E-Book Privacy."

Here's an excerpt:

The guide is simply a review of privacy policies, to the extent we've been able to find them, plus additional information we received directly from Adobe and the Internet Archive. We haven't been able to do independent testing to verify how these e-book providers work in practice. Also, in discussing whether individuals are linked to their reading we have only addressed direct ways (i.e. Amazon or Google directly keeps that information in your account information) as opposed to indirect ways that require action from third parties like the ability to use your IP address gathered by logs to subpoena your ISP for your name).

| Digital Scholarship |

The EDUCAUSE Learning Initiative has released "7 Things You Should Know about Privacy in Web 2.0 Learning Environments"

Here's an excerpt from the announcement:

New media, social networking, collaboration sites, image and video-sharing sites, wikis, and blogs offer tremendous teaching and learning opportunities to educators and students, but their use raises concerns about privacy, especially as it relates to work that students are asked to complete as part of a course. New learning environments often leverage Web 2.0 or cloud-based tools that offer limited or no privacy protection. When they do, those privacy settings are frequently outside the control of either the institution or the faculty member. Nevertheless, FERPA places the burden of ensuring the privacy of the education record on the institution. Institutions are beginning to explore the connection between FERPA and student work along with their responsibilities in this area. Information and policy provided at the institutional level can help faculty members make choices about which tools to use and how to use them, and students should be educated about the risks of providing identifying personal information on third-party sites that may be public.

The EFF has released How Unique Is Your Web Browser?

Here's an excerpt from the press release:

New research by the Electronic Frontier Foundation (EFF) has found that an overwhelming majority of web browsers have unique signatures—creating identifiable "fingerprints" that could be used to track you as you surf the Internet.

The findings were the result of an experiment EFF conducted with volunteers who visited http://panopticlick.eff.org/. The website anonymously logged the configuration and version information from each participant's operating system, browser, and browser plug-ins—information that websites routinely access each time you visit—and compared that information to a database of configurations collected from almost a million other visitors. EFF found that 84% of the configuration combinations were unique and identifiable, creating unique and identifiable browser "fingerprints." Browsers with Adobe Flash or Java plug-ins installed were 94% unique and trackable.

"We took measures to keep participants in our experiment anonymous, but most sites don't do that," said EFF Senior Staff Technologist Peter Eckersley. "In fact, several companies are already selling products that claim to use browser fingerprinting to help websites identify users and their online activities. This experiment is an important reality check, showing just how powerful these tracking mechanisms are."

EFF found that some browsers were less likely to contain unique configurations, including those that block JavaScript, and some browser plug-ins may be able to be configured to limit the information your browser shares with the websites you visit. But overall, it is very difficult to reconfigure your browser to make it less identifiable. The best solution for web users may be to insist that new privacy protections be built into the browsers themselves.

NPR has released a digital audio recording and transcript of an interview with Daphne Keller (Google), Fred Von Lohmann (EFF), and Jessica Vascellaro (Wall Street Journal) about the Google Book Search Settlement.

Here's an excerpt:

[Von Lohmann] Unlike a bookstore or even a library, because these books will live online on Google's computers, where you will be accessing them, Google will have the ability to watch every page you read, how long you spend on any particular page, what page you read a minute ago and what page you're going to read a week from now. It really is as though every book comes with a surveillance camera that comes home with you. So we think it's really critical that this arrangement builds in real strong privacy protections because our nation's bookstores and libraries have fought hard for that, and we think we should accept no less online.

Paul Ohm, Associate Professor of Law at the University of Colorado Law School, has self-archived "Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization" at SSRN.

Here's an excerpt:

Computer scientists have recently undermined our faith in the privacy-protecting power of anonymization, the name for techniques for protecting the privacy of individuals in large databases by deleting information like names and social security numbers. These scientists have demonstrated they can often 'reidentify' or 'deanonymize' individuals hidden in anonymized data with astonishing ease. By understanding this research, we will realize we have made a mistake, labored beneath a fundamental misunderstanding, which has assured us much less privacy than we have assumed. This mistake pervades nearly every information privacy law, regulation, and debate, yet regulators and legal scholars have paid it scant attention. We must respond to the surprising failure of anonymization, and this Article provides the tools to do so.

Read more about it at "What Information Is 'Personally Identifiable'?"

The University of California School of Information's Google Books Settlement and the Future of Information Access Conference was held on August 28, 2009. Below is a selection of articles and posts about the conference.

• Google Book Search—Is It The Last Library?
• Google Book Search Settlement Plan Questioned
• Google Book Search? Try Google Library
• Google Books: A Metadata Train Wreck
• The Google Books Settlement
• Internet Archive Director: Don't Jump at the Google Books Settlement
• Internet Archive Stares Down Google Book Mine
• More Questions Than Answers on Google Books
• Privacy Missing from Google Books Settlement
• The Single Best Question Asked at the Google Books Settlement Conference
• Thoughts on Privacy and the Google Book Settlement
• Why It's So Hard to Get a Handle on the Google Books Settlement and Figure Out if Google's Doing Right By You

In "Warrants Required: EFF and Google's Big Disagreement about Google Book Search," Cindy Cohn discusses the Electronic Frontier Foundation's concerns over privacy issues in Google Book Search.

Here's an excerpt:

One of the most important of those protections is the assurance that your browsing and reading habits are safe from fishing expeditions by the government or lawyers in civil cases. In order to maintain freedom of inquiry and thought, the books we search for, browse, and read should simply be unavailable for use against us in a court of law except in the rarest of circumstances. We have other concerns about Google Book Search as well—concerns and data collection, retention, and reader anonymity—so this won't end the debate, but safeguards against disclosure are a central point of concern for us. . . .

Given this backdrop, we asked Google to promise that it would fight for those same standards to be applied to its Google Book Search product. . . .

Unfortunately, Google has refused. It is insisting on keeping broad discretion to decide when and where it will actually stand up for user privacy, and saying that we should just trust the company to do so. So, if Bob looks like a good guy, maybe they'll stand up for him. But if standing up for Alice could make Google look bad, complicate things for the company, or seem ill-advised for some other reason, then Google insists on having the leeway to simply hand over her reading list after a subpoena or some lesser legal process. As Google Book Search grows, the pressure on Google to compromise readers' privacy will likely grow too, whether from government entities that have to approve mergers or investigate antitrust complaints, or subpoenas from companies where Google has a business relationship, or for some other reason that emerges over time.

The Electronic Frontier Foundation has released a letter to Google about reader privacy and Google Book Search.

Here's an excerpt:

1. Protection Against Disclosure: Readers should be able to use Google books without worrying that the government or a third party is reading over their shoulder. Google needs to promise that it will protect reader records by responding only to properly-issued warrants from law enforcement and court orders from third parties. It also must promise that it will let readers know if anyone has demanded access to information about them.
2. Limited Tracking: Just as readers can anonymously browse books in a library or bookstore, they should also be able to search, browse, and preview Google books without being forced to register or provide any personal information to Google. And for any of its Google Book Search services, Google must not keep logging information longer than 30 days. Google should also not link any information it collects about reader use of Google Book Search to that reader’s usage of any other Google services without specific, affirmative consent.
3. User Control: Readers should have complete control of their purchases and purchasing data. Readers should be able to delete their records and have extensive permissions controls for their "bookshelves" or any other reading displays to prevent others from seeing their reading activities. Readers should be able to “give” books to anyone, including to themselves, without tracking. Google also should not reveal any information about Google book use to credit card processors or any other third parties.
4. User Transparency: Readers should know what information is being collected and maintained about them and when and why reader information has been disclosed. Google needs to develop a robust, enforceable privacy policy and publish the number and type of demands for reader information that are received on an annual basis.

Read more about it at "Don't Let Google Close the Book on Reader Privacy!."