LFP Director Alison Macrina joined last week’s Logan Symposium panel “Fighting the Global Arena” with David Mirza Ahmad of Subgraph and Julian Assange, moderated by Jérémie Zimmerman. Watch the recording here.
We are thrilled to be the recipients of the Free Software Foundation’s 2015 Award for Projects of Social Benefit, joining an amazing list of past winners like Tor Project, Wikimedia, and Creative Commons. You can read all about the award at the link above. Thank you to the FSF community for recognizing the impact of our work, and we look forward to living up to this honor in 2016 and beyond.
Editor’s note: below is a guest post from Paige Sundstrom, an awesome MLIS student who worked with a group of other students at the University of Washington investigated privacy practices and needs in libraries, at both the individual and institutional level. We were impressed with the work of these students and asked Paige to write up a summary of the project in order to amplify the work of these students and encourage other MLIS students to build on this research. Are you a library science student focusing on privacy? Want to hear more about the research project these UW students conducted? Please get in touch!
Hi! I’m Paige — a first year MLIS student at the University of Washington’s iSchool. Last quarter I worked with three fantastic ladies (Alexa, Alexandra, and Stephanie <3 <3 <3) on a research project on Internet privacy and am excited to share my/our experience with all of you!
Below are links to the resources discussed at the Idaho Library Directors’ Summit:
This weekend is the American Library Association’s Midwinter Meeting in Boston, MA, and Library Freedom Project is all over the dang place. Here’s where you’ll find us during #alamw16:
7 January 2016, 7 pm: EMW Drink Salon on Tech and Ethics in Libraries (please note, this has been moved to Industry Lab and is sold out/waitlist only). Alison and Nima will join Andromeda Yelton and Jason Griffey for a panel about privacy education in libraries.
9 – 11 January 2016, all day: Library Freedom Project booth at ALA MW Exhibits Hall. Alison, Nima, and Kade will be at booth 2232 to answer your questions about LFP and give you lots of free stickers.
9 January 2016, 9-10 am: Alison will be on the Knight Foundation panel with past News Challenge winners.
10 January 2016, 1-2:30 pm: Alison and Nima will present at the RUSA ETS Hot Topics seminar about Tor Browser and Tor relays in libraries, in the Seaport Hotel, Plaza Ballroom C.
We are thrilled to share some exciting news about the future of Library Freedom Project. Thanks to a grant from the Rose Foundation’s Consumer Privacy Rights Fund, Nima Fatemi will be joining Library Freedom Project as our chief technologist. Nima has been a dedicated volunteer with LFP for over a year, most notably helping create the highly successful Tor exit relay pilot project that we recently concluded in New Hampshire. With support from Rose Foundation, we’ll be able to continue the exits project at scale, with Nima traveling to libraries all over the country to implement relays. Nima will also conduct privacy trainings in libraries, taking them to a more advanced level, and help libraries set up privacy-protecting infrastructure.
Yesterday, Representative Zoe Lofgren sent a letter to Department of Homeland Security secretary Jeh Johnson, expressing her concern with DHS actions against the library in Lebanon, New Hampshire, where we set up our Tor exit relay pilot. In this letter, Rep. Lofgren asks DHS to provide her with any other instances of the agency interfering with the public’s use of privacy-enhancing technologies.
We want to express our thanks to Rep. Lofgren for standing up for our right to use privacy tools like Tor, and we eagerly await the DHS response to her request.
April and Alison gave a brief webinar for the Georgia Library Association’s Carterette series. Below are the links from that webinar:
The following post is by Chuck McAndrew of Lebanon Public Libraries, and Alison Macrina of Library Freedom Project. Each section is labeled with its author.
Completing the Tor exits pilot at Lebanon Public Library – Chuck and Alison
On Friday, November 6th, we turned the Lebanon Public Library’s Tor non-exit relay into an exit — thus marking the completion of a project that started small, but grew to international prominence late this summer after a now infamous failed attempt at intervention by the Department of Homeland Security. After the community responded overwhelmingly in favor of the relay, and the excitement died down, those of us from Lebanon Public Library and Library Freedom Project were left with the more mundane work of completing the pilot. Turning the middle relay into an exit was an entirely unremarkable process — just a simple edit to a configuration file, and then a reload of the Tor service. What’s remarkable, however, is the symbolic significance of this pilot: it marks the first time that a public library has ever hosted a Tor exit relay. And it’s means that Library Freedom Project’s Tor relay initiative pilot phase is officially a success. The path to achieving this milestone has certainly been an interesting one, and Lebanon Public Libraries has been honored to participate and lead the way for other libraries. Now, Library Freedom Project encourages other libraries to join this initiative, and so Chuck (of Lebanon Public Library) and Alison (of LFP) co-wrote this blog post about our pilot experience in the hopes that other libraries will be inspired to do the same.
Why a Tor exit relay? – Chuck and Alison
Libraries have long been guardians of privacy and intellectual freedom for their communities; these values have been in the American Library Association’s Code of Ethics since 1939, and library patron privacy is codified into many state laws, including Lebanon Public Library’s home state of New Hampshire. Today, the freedom to read means more than just providing access to books; it means protecting people’s right to freely access information — in both physical and digital spaces. The Tor network provides strong protections for online anonymity and privacy, allowing people to read, write, and research without the chilling effects of surveillance. By participating as one of many volunteer relay operators in the Tor network, Lebanon Public Library continues the library tradition of protecting people’s privacy while helping make Tor strong. For more on why we started the Tor relay initiative, read our original announcement post. Lebanon Library’s Tor exit relay is only the beginning of their privacy protections for patrons: they’re offering GNU/Linux computers with Tor Browser, Firefox with privacy-protecting extensions, classes on increasing online privacy, and more.
How did we make this happen? – Chuck
From the start of this pilot program, the Library Freedom Project has been outstanding at providing us with support. On the technical side of things, Nima Fatemi (Library Freedom Project technologist and core member of The Tor Project) has been an amazing resource. He has guided us on the setup of the relay, provided security suggestions, and helped with our network setup. Much of what we ended up doing was at Nima’s suggestion, and it has worked out extremely well for us.
Nima and Alison traveled up to New Hampshire to help us setup our relay. We initially set it up on an old desktop computer that I had. It worked perfectly fine on that, but I was bothered by having an old desktop sitting in my LAN room. In the end, I decided to change it over to a virtual machine. It has been sitting on my server chugging away ever since. I am a huge fan of virtualization whenever possible and it has worked out very well. Anyone with the knowledge to set up a virtual machine shouldn’t have much trouble making this work. However, it doesn’t take a real server to run a Tor relay. Most desktop computers are perfectly capable of doing so.
One of the big concerns that we had going into this project was that it not impact our current level of service to our patrons. Our main worries were making sure that the relay didn’t take bandwidth away from our patrons and that nothing about the Tor network impacted our patron’s ability to surf the internet. Some websites do not like Tor traffic and will block any IP address that is associated with a Tor exit relay. Before we converted our relay to an exit relay, we wanted to make sure that Tor traffic went out on a different IP address than our public internet to avoid any possible problems, and Nima was helpful in ensuring that this all happened smoothly.
Happily for us, setting up this relay coincided with some changes to our network which we had been planning for other reasons. In the end, taking Nima’s suggestions and working with local open source advocate Bill McGonigle from BFC Computing, we were able to significantly improve our network and lower our operating costs. Initially, we had two lines coming in to our library. One was for the public internet and the other for the staff. We were able to drop one of those lines by introducing a pfSense firewall. This allowed us to safely firewall off the Tor relay and send Tor traffic out its own IP address (our account already had a 5 IP bundle). This also helped alleviate our second concern. The pfSense firewall allowed us to monitor how much bandwidth was being used by each interface. This helped us to donate as much bandwidth as we could while ensuring that our patron’s web browsing was unaffected. Having the data provided by pfSense was a great help to us.
Although there was a cost involved with bringing Bill in to help us change our network setup, it was offset by the cost savings of being able to cancel one line. I now feel very confident that we have a secure, easily managed network that provides me with lots of information about what is going on on our network. Setting up your network to securely accommodate a Tor relay is potentially the most expensive part of this project. How costly (or if there is any cost at all) will depend on the library’s current network setup and level of in-house IT knowledge. Other libraries participating in this project can rely on the expertise of LFP staff to ensure that your relay won’t impact current services.
Lessons learned – Chuck
This project has been a success in many ways. We are strengthening the Tor network by hosting an exit relay. We are benefiting people all over the world who need privacy and anonymity. We are living up to the core values of librarianship. We also have once again proven the relevance of public libraries in the digital age. We have started a conversation about privacy in our community and used that to educate our patrons about many of these important issues. That is all to the good, but we did learn many lessons along the way. If we were starting over, there are some things that I would do differently and some lessons that I am glad to have learned.
Lesson 1: Engage the community from the start.
When our library received push back from law enforcement it was largely due to our amazing community support that we were able to proceed. We are extremely thankful that they came out and let it be known that these were important issues to them. However, it would have been better if we had engaged our community prior to starting this project. If we had been able to point to the strong community support we had, we could have avoided a lot of uncertainty during this project. We started this project because we felt it was important and felt that it would be important to our community. In the end, we were validated, but it would have been very nice to know for sure before hand.
Lesson 2: People care about privacy.
It is a common narrative that privacy is dead and/or most people don’t care about privacy. This is wrong. People do care about privacy and intellectual freedom. People often feel powerless in the face of pervasive surveillance by huge corporations and national governments. If you have no realistic way to defend yourself, the sane thing to do is to accept the situation. However, a very different picture emerges when people start to learn about tools which are easy to use and that give them the power to enforce their privacy. All of a sudden you have people from all walks of life who are very interested in these issues. The problem isn’t that people don’t care, it is that they are being told over and over that there is nothing that they can do about it. Projects such as this one show people that there is hope. People find that extremely empowering. No one is saying that people shouldn’t be able to share whatever they want online. With social media, people share all kinds of information about themselves. What we are saying is that people should be the ones who get to control what information is shared about them. This message is very powerful, especially when combined with education about how to achieve it.
Lesson 3: You can have an impact.
Technology is a powerful tool. It can be intimidating, and even overwhelming, but it can also let you do amazing things. Compared to many libraries across the country, the Lebanon Public Libraries are a small system. If you would have told us two years ago that we would be involved in an international conversation about privacy and intellectual freedom, I am sure that many people here would have laughed. But, thanks to the support of our community, we are. You don’t have to wait for someone bigger, or better funded, or more important to do something. Everyone has the ability to make an impact.
What’s next for the LFP Tor relay initiative? – Alison
After all of the excitement after DHS and the local police tried to intervene in the pilot project, we ended up with more attention to this project than we initially anticipated, which created a bottleneck for LFP staff. We’ve finally emerged on the other side and have been planning out our next steps, including creating a resource packet of ideological, legal, and technical resources for our interested libraries. We’ve heard from libraries across the US who are interested in participating, and our network of free software technologists and advocates all over the world are busy setting up their own relay initiatives with local libraries — in places from Sweden to Australia. Very soon, we’ll be making a big announcement with some good news about the relay initiative and its future, but in the meantime, interested libraries can contact us for more information by emailing exits (at) libraryfreedomproject (dot) org. Thanks to everyone for all of their support for Lebanon Public Library, Library Freedom Project, and our Tor exits initiative. Our success is due in part to our amazing community.
Today, Alison gave a quick talk to students at the School of Information & Communications Technologies SAIT Polytechnic. Here’s a list of links that she discussed:
Canadian Civil Liberties Union: https://ccla.org/
Library Freedom Project resources, including class curricula (all CC-BY-SA licensed): https://libraryfreedomproject.org/resources/
Let’s Encrypt: https://letsencrypt.org/
Signal (for iOS or Android): https://whispersystems.org/blog/just-signal/
Mass Surveillance Isn’t the Answer to Fighting Terrorism (NYT editorial): http://www.nytimes.com/2015/11/18/opinion/mass-surveillance-isnt-the-answer-to-fighting-terrorism.html?ref=topics
NYT Editorial Slams “Disgraceful” CIA Exploitation of Paris Attacks, But Submissive Media Role Is Key: https://theintercept.com/2015/11/18/nyt-editorial-slams-disgraceful-cia-exploitation-of-paris-attacks-but-submissive-media-role-is-key/
Surveillance in the Stacks (book about the FBI’s Library Awareness Program): https://www.worldcat.org/title/surveillance-in-the-stacks-the-fbis-library-awareness-program/oclc/21905912