Library Privacy Checklist 6: Public Access Computers and Networks

Library Privacy Checklist 6: Public Access Computers and Networks

This checklist is intended to help libraries of all capacities take practical steps to implement the principles that are laid out in the Library Privacy Guidelines for Public Access Computers and Networks.

Priority 1 are actions that hopefully all libraries can take to improve privacy practices. Priority 2 and Priority 3 actions may be more difficult for libraries to implement depending on their technical expertise, available resources, and organizational structure.

Priority 1 Actions

1. Use analog signage and/or splash screens to explain the library’s network and wifi access policies, including any privacy-related information.
   1. Make a policy decision about the level of privacy versus convenience that the library will offer its wifi users and adequately warn users of potentials for traffic interception and other risks of an insecure network.
2. Set up public computers to purge downloads, saved files, browsing history, and other data from individual user sessions. This can be accomplished
   1. on logout via the computer reservation system if the library uses such a system;
   2. by using restoration software such as CleanSlate or Deep Freeze;
   3. by configuring browsers to clear all history and other usage data upon exit.
3. Ensure that paper sign-up sheets for public computers, devices, or classes are destroyed when no longer needed.
4. Offer classes and other educational materials to users about best practices for privacy and security when using the library’s public computers.
5. Offer privacy screens to patrons who desire to use them.

Priority 2 Actions

1. Use antivirus software on all public computers.  Ensure that antivirus software that is installed has the ability to block spyware and keylogging software.
2. Ensure that any computer reservation management system records, print management  records, or ILS records in regards to computer use are anonymized or destroyed when no longer needed.
3. Configure any content filters to not collect or store browsing data.
4. Anonymize or destroy transactional logs for network activity when no longer needed.
5. Perform regular security audits on all public computers, including digital inspection of security risks and flaws and physical inspection for unknown devices.

Priority 3 Actions

1. Install plugins on public computers to limit third party tracking, enable private browsing modes, and force HTTPS connections.
   1. HTTPS Everywhere
   2. Privacy Badger
   3. See guides about Firefox security options, e.g. Firefox and Security Add-Ons for Windows - Secure Web Browser
2. Install the Tor browser on public computers as a privacy option for patrons.
3. Offer the privacy-oriented Tails OS on bootable USB or CDROM for use on public computers or patron devices.
4. Install malware-blocking, ad blocking, and anti-spam features on firewalls.
5. Segment the network to isolate staff computers, public computers, and wireless users into their own subnets.
6. Ensure that any applications and operating systems on public computers are disabled from automatically sharing activity data with software publishers (e.g. error reporting).

Resources

• Security in-a-box. Basic Security for Windows.
• Library Freedom Project. Privacy Toolkit for Librarians.
• Data Privacy Project. Mapping Data Flows.
• Federal Trade Commission. Public Wi-Fi Networks.
• San José Public Library. Security: How the Internet Works.
• F-Secure. Threat Descriptions.
• How to Geek. How to Choose the Best VPN Service for Your Needs.
• National Information Standards Organization (NISO). NISO Consensus Principles on User’s Digital Privacy in Library, Publisher, and Software - Provider Systems (NISO Privacy Principles).
• Protecting Patron Privacy Practices Computers by Matthew Beckstrom (book).
• Tor Project: Anonymity Online.