Upload
proquest
View
232
Download
0
Embed Size (px)
Citation preview
©2016 ProQuest LLC. All rights reserved.
Security & Privacy:What’s Ahead for 2017
Library Edition
Daniel Ayala (@buddhake)Director, Global Information Security, ProQuest
ALA Midwinter 2017Atlanta, Georgia
©2016 ProQuest LLC. All rights reserved.2
First, a story…
©2016 ProQuest LLC. All rights reserved.
Modern technology is amazing.
3
The sky is the limit…
…but there is reason for
caution
©2016 ProQuest LLC. All rights reserved.
Security & privacy go beyond the library
4
©2016 ProQuest LLC. All rights reserved.5
Library as Hub of Privacy & Security
©2016 ProQuest LLC. All rights reserved.
Protect the Systems!Protect the Users!Protect the Data!
6
Device Security
©2016 ProQuest LLC. All rights reserved.
Protect the Systems!Protect the Users!Protect the Data!
7
MalwareRansomware
©2016 ProQuest LLC. All rights reserved.
Protect the Systems!Protect the Users!Protect the Data!
8
Phishing
©2016 ProQuest LLC. All rights reserved.
Protect the Systems!Protect the Users!Protect the Data!
9
Browser Security
©2016 ProQuest LLC. All rights reserved.
Protect the Systems!Protect the Users!Protect the Data!
10
Mobile Devices
©2016 ProQuest LLC. All rights reserved.
A few words on
11
P R I V A C Y
©2016 ProQuest LLC. All rights reserved.12
USA Patriot Act
©2016 ProQuest LLC. All rights reserved.13
USA Freedom Act
©2016 ProQuest LLC. All rights reserved.14
Consumer Services Devour Data
©2016 ProQuest LLC. All rights reserved.15
Anonymisation & Tor
©2016 ProQuest LLC. All rights reserved.16
Personalisation
©2016 ProQuest LLC. All rights reserved.17
Opt-in vs Opt-Out
©2016 ProQuest LLC. All rights reserved.18
Net Neutrality Rollback*
*In discussion, not yet submitted for public comment
©2016 ProQuest LLC. All rights reserved.19
ISP Browsing Data Privacy Rollback*
*In discussion, not yet submitted for public comment
©2016 ProQuest LLC. All rights reserved.
Tools
20
Ghostery (Chrome) – https://www.ghostery.com
1Blocker (Mac/iOS) - http://1blocker.com
BuiltWith (Chrome) - https://builtwith.com
Malwarebytes - https://www.malwarebytes.com
Deep Freeze - http://www.faronics.com/products/deep-freeze/
Tor - https://www.torproject.org
Let’s Encrypt (SSL) - https://letsencrypt.org
©2016 ProQuest LLC. All rights reserved.21
Shared responsibility for privacy
©2016 ProQuest LLC. All rights reserved.22
Transparency
©2016 ProQuest LLC. All rights reserved.23
Anonymisation
©2016 ProQuest LLC. All rights reserved.24
Options & Informed Consent
©2016 ProQuest LLC. All rights reserved.25
Sharing Data w/ Others
©2016 ProQuest LLC. All rights reserved.26
Support Anonymous Use
©2016 ProQuest LLC. All rights reserved.27
Access to One’s own User Data
©2016 ProQuest LLC. All rights reserved.28
Accountability
©2016 ProQuest LLC. All rights reserved.29
RA21RA21’s mission is to align and simplify pathways to subscribed content across participating scientific platforms. RA21 will address the common problems users face when interacting with multiple and varied information protocols.
http://www.stm-assoc.org/standards-technology/ra21-resource-access-21st-century/
©2016 ProQuest LLC. All rights reserved.
Balance
30
Security & Privacy Utility
©2016 ProQuest LLC. All rights reserved.
Foundational thinking31
Data will always be collected
Collection != Privacy Violation
Serve the user/patron!
Set principles for use & sharing
If you collect it, use it wiselyand get rid of it when you’re done!
TRUST!(but verify)
©2016 ProQuest LLC. All rights reserved.
Give patrons/users the information, options
to make smart, well-informed privacy decisions32
©2016 ProQuest LLC. All rights reserved.
Security & privacy go beyond the library
33
Give patrons/users the information, optionsto make smart, well-informed privacy
decisions
©2016 ProQuest LLC. All rights reserved.34
HTTPS 11 Available Now, +5 More Soon
All new ProQuest products, HTTPS only
HTTPS only - later this summer
http://www.proquest.com/blog/pqblog/2017/Why-Those-HTTPS-Messages-Mean-Something-to-You-.html
©2016 ProQuest LLC. All rights reserved.35
http://www.proquest.com/blog/pqblog/2017/Why-Those-HTTPS-Messages-Mean-Something-to-You-.html
ProQuest platform (search.proquest.com)ProQuest Dialog (search.proquest.com/professional) ProQuest Administrator Module (PAM) Legacy RefWorksThe New RefWorksEbook CentralProQuest Research CompanionPi2 Drug Safety TriagerAlexander Street Platform (search.alexanderstreet.com)Alexander Street Academic Video Store (search.alexanderstreet.com/store) Alexander Street Admin Portal
NOW
!
©2016 ProQuest LLC. All rights reserved.36
http://www.proquest.com/blog/pqblog/2017/Why-Those-HTTPS-Messages-Mean-Something-to-You-.html
PivoteLibraryCultureGramsSIRSHeritageQuest OnlineProQuest Congressional (congressional.proquest.com)SO
ON!
©2016 ProQuest LLC. All rights reserved.37
Privacy Policy Full Update Coming SoonWhat data is collected
How it is usedWith whom it is sharedEU/USA Privacy Shield Compliant
©2016 ProQuest LLC. All rights reserved.38
When it comes to privacy and accountability, people always
demand the former for themselves and the latter for everyone else.
– David Brin
©2016 ProQuest LLC. All rights reserved.
Resources & CreditsNISO Consensus Framework to Support Patron Privacy in Digital Library and
Information Systems - http://www.niso.org/topics/tl/patron_privacy/ALA Code of Ethics - http://www.ala.org/advocacy/proethics/codeofethics/codeethics
ALA Library Privacy Guidelines for e-book Lending and Digital Content Vendors - http://www.ala.org/advocacy/library-privacy-guidelines-e-book-lending-and-digital-content-vendors
STM RA21 - http://www.stm-assoc.org/standards-technology/ra21-resource-access-21st-century/
Stock photography via Stocksnap.io and Shutterstock.com
39
©2016 ProQuest LLC. All rights reserved.40
Q&A