Library CryptoParty: 9/22, 4-6pm

crypto_800x600Curious about privacy, surveillance, or encryption?

Is the stuff on Mr. Robot real?

Find out:
Thursday, September 22 from
4-6:00 pm in
Milne 208.

At Milne Library’s CryptoParty, work with staff one-on-one to explore tools for better privacy and hear short talks on topics including: Tor, SciHub, the Internet of Things, social engineering, and more.

Better privacy is for everyone. All levels of comfort with technology are welcome!

Can’t make it? Our Systems Librarian, maintains a guide about some of the topics we’ll cover.

Apple, the FBI, and your phone.

via flicker, CC BY-NC-ND 2.0
via flicker, CC BY-NC-ND 2.0

Over time, phones become extensions of ourselves. There’s a lot on your phone: the entertainment you like, texts to friends, family, and partners, your search history, thousands of pictures and video. Although this doesn’t seem like much, your phone reveals where you’ve been, who you’re with, and what you care about.

Apple is appearing in the news because of a San Bernardino county-owned iPhone confiscated by the Federal Bureau of Investigation. In general, phones issued by a workplace have higher level security features, and the FBI would like for Apple to create a backdoor for law enforcement to access this particular phone. The FBI’s request is insists it will only apply to this phone, one time. This is oversimplifying the situation for the sake of this writing–a more detailed explanation of the technology and its implications is available here.

The government tends to frame this argument as a trade-off: less privacy for greater security, and who doesn’t want more safety? But, any backdoor developed for law enforcement—even in secret—would be exploited, as data breaches happen all the time without our devices being handed over to investigators.

Apple has confronted the FBI about this before—an article in Wired suggests a handful of other cases. The FBI choosing this incident to lean harder on Apple is masterful. The narrative has all the components driving people to hand over their privacy: terrorists, violence, and investigators just trying to do their jobs in the interest of safety. But who pays for the development of features to bypass operating system security? What does Apple pay for developers to create the impossible, unhackable feature? What does the public pay in access to private spaces?

In security, it’s never about just one phone and cases create precedence which can ultimately erode privacy. Like Barbara Fister I wonder: what is the public interest here? Like Jason Griffey I wonder what I can do as a librarian to protect the interests of my users?

Over the next few weeks, I’ll be writing more about surveillance, privacy, and what students can do to empower themselves.

If you’d like to learn more about privacy online but aren’t sure where to start, try the Library Freedom Project’s basic class in online privacy.

If you’d like to encrypt a device, check out the tutorials at Electronic Frontier Foundation.

The library uses Google Analytics for many projects. The library doesn’t use any identifying information, but you should still have a choice. Here is how you can opt out if you’d prefer not to be tracked.

Password Security

With the holiday online buying season gearing up, it’s a good time to think about your online security. Mashable just published a list of the 25 Worst Passwords of 2011.  If any of your passwords are on the list, you might want to think about changing things up a bit. Lifehacker has some great tips for picking and remembering passwords.

Some have turned to password management software to help keep track of their many passwords.  The major issue with such programs is that you must download the software and can only access it from that single device. 

An alternative to downloading password management software might be Open ID, which allows you to sign into websites with a universal ID and password.  You can choose to use an account that you’ve already created.  Some of the more well known OpenID providers include Google, Facebook, Yahoo!, Microsoft, AOL, and Twitter.  If you have one of these accounts, you already have an OpenID identity.