[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[InetBib] UB Bielefeld unterzeichnet die "Library Digital Privacy Pledge 2015" – mitzeichnen noch mgl.

Liebe Kolleginnen und Kollegen,

die Universitätsbibliothek Bielefeld beteiligt sich an der
„Library Digital Privacy Pledge 2015“. Wer ebenfalls unter den
Erstunterzeichnern sein möchte, sollte noch in diesem Monat eine
E-Mail an pledge@xxxxxxxxxxxxxxxxxxxxxxxxx senden. Natürlich können
Sie auch später noch unterzeichnen.

Es handelt sich um die Selbstverpflichtung (meine Übersetzung),
1.) innerhalb von sechs Monaten ab der Unterzeichnung alle Webdienste,
    die Ihre Bibliothek betreibt, auf HTTPS umzustellen und
2.) bis Ende 2016 Verträge mit externen Dienstanbietern nur noch dann
    abzuschließen oder zu verlängern, wenn sie HTTPS unterstützen.

Unten leite ich die CODE4LIB-E-Mail weiter, über die ich auf diese
Initiative aufmerksam geworden bin. Aktueller ist folgende Fassung:
http://go-to-hellman.blogspot.de/2015/08/update-on-library-privacy-pledge.html
Hochschulbibliotheken können von ihrem Hochschulrechenzentrum
kostenlos SSL-Zertifikate des Deutschen Forschungsnetzes beziehen.
Nach unseren Erfahrungen entsteht durch die Verschlüsselung keine
spürbar höhere Belastung der Server.

Ich könnte viel darüber schreiben, warum diese Maßnahme dringend
geboten ist, will das aber hier nur anreißen:

- Das Recherche- und Ausleihverhalten von BibliotheksnutzerInnen
  erzeugt sensible personenbezogene Daten, die geschützt gehören.

- Wenn Bibliotheken den Anspruch haben, Informationskompetenzen zu
  vermitteln, müssen sie mit gutem Beispiel vorangehen.

- Die soeben beschlossene Wiedereinführung der Vorratsdatenspeicherung
  wird dazu führen, dass Daten in die falschen Hände gelangen. Tun wir
  das unsere, damit diese Daten verschlüsselt sind. Ich schätze, wenn
  Willy Brandt noch lebte, würde er sagen: „Mehr Kryptographie wagen!“
  Vielleicht würde er auch die Verfassungsbeschwerde gegen die
  Vorratsdatenspeicherung <https://digitalcourage.de/weg-mit-vds>
  unterstützen. ;-)

Mehr zum Warum: „What Every Librarian Needs to Know About HTTPS“
https://www.eff.org/de/deeplinks/2015/05/what-every-librarian-needs-know-about-https
Weitere empfehlenswerte praktische Maßnahmen:
- https://libraryfreedomproject.org/resources/privacytoolkit/
- https://digitalcourage.de/support/digitale-selbstverteidigung

Wenn Sie noch Fragen haben, helfe ich gern.
Christian Pietsch
Universitätsbibliothek Bielefeld, Abteilung LibTec


----- Forwarded message from Eric Hellman <eric@xxxxxxxxxxx> -----
Date: Thu, 25 Jun 2015 00:01:22 -0400
From: Eric Hellman <eric@xxxxxxxxxxx>
To: CODE4LIB@xxxxxxxxxxxxxxx
Subject: [CODE4LIB] Draft for The Library Digital Privacy Pledge

edit or comment on the draft at 
https://docs.google.com/document/d/1LpV52oSefKhaKSGFcTPONKvXzZUxHbKaW8e6CHHREXk

The Library Digital Privacy Pledge of 2015

We are inviting the library community- libraries, vendors that serve libraries, 
and organizations to sign a "Library Digital Privacy Pledge".

For this first pledge, we're focusing on the use of HTTPS (SSL) to deliver 
library services and the information resources offered by libraries. Building a 
culture of Library Digital Privacy will not end with this pledge, but 
committing to this first modest step together will begin a process that won't 
turn back.

We focus on HTTPS as a first step because of its timeliness. At the end of July 
the Let's Encrypt initiative of the Electronic Frontier Foundation will launch 
a new certificate infrastructure that will remove much of the cost and 
difficulty involved in implementation of HTTPS, with general availability 
scheduled for September. Due to a heightened concern about digital 
surveillance, many prominent internet companies, such as Google, Twitter, and 
Facebook, have moved their services to HTTPS. The White House has issued a 
directive that all government websites must move their services to HTTPS by the 
end of 2016. We believe that libraries must also make this change, lest they be 
viewed as technology and privacy laggards, and dishonor their proud history of 
protecting reader privacy.

The 3rd article of the American Library Association Code of Ethics sets a broad 
objective:
We protect each library user's right to privacy and confidentiality with 
respect to information sought or received and resources consulted, borrowed, 
acquired or transmitted.

It's not always clear how to interpret this broad mandate, especially when the 
everything is done on the internet. However, one principle of implementation 
should be clear and uncontroversial:

Library services and resources should be delivered, whenever practical, over 
channels that are immune to eavesdropping.

The current best practice: dictated by this principle is as following:

Libraries and vendors that serve libraries and library patrons, should require 
HTTPS (SSL) for all services and resources delivered via the web.

The Pledge for Libraries:
1. All web services and resources that we directly control will require SSL by 
the end of 2015.
2. Starting in 2016, We will not sign or renew any contracts for web services 
or information resources that do not commit to require SSL by the end of 2016.

The Pledge for Publishers and Vendors:
1. All web services that we control will enable SSL by the end of 2015.
2. All web services that we offer will require SSL by the end of 2016.

The Pledge for Organizations:
1. All web services that we directly control will enable SSL by the end of 2015.
2. We encourage our members to support and sign the appropriate version of the 
pledge.

Schedule:
This document will be open for discussion and modification until finalized by 
July 27, 2015. The finalized pledge will be published on the website of the 
Library Freedom Project. We expect a number of discussions to take place at the 
Annual Conference of the American Library Association and associated meetings.
The Library Freedom Project will broadly solicit signatures from libraries, 
vendors and publishers.
In September, in coordination with the Let's Encrypt project, the list of 
charter signatories will be made announced and broadly publicized to popular 
media.

FAQ

Q: Why the focus on HTTPS?
A: We think this issue should not be controversial and is relatively easy to  
explain

Q. How can my library/organization/company add our names to the list of 
signatories?
A. Email us at [pledge]@libraryfreedomproject.org Please give us contact info 
so we can verify your participation.

Q. Is this the same as HTTPS Everywhere?
A. No, that's a browser plug-in which enforces use of HTTPS.

Q. My Library won't be able to meet the implementation deadline. Can we add our 
name to the list once we've completed implementation? Y
A. Yes.

Q. A local school uses an internet filter that blocks https websites to meet 
legal requirements. Can we sign the pledge and continue to serve them?
A. Most of the filtering solutions include options that will whitelist 
important services. Work with the school in question to implement a work-around.

Q. What else can I read about libraries using HTTPS?
A. The Electronic Frontier Foundation has published What Every Librarian Needs 
to Know About HTTPS


Eric Hellman
President, Gluejar.Inc.
Founder, Unglue.it https://unglue.it/
http://go-to-hellman.blogspot.com/
twitter: @gluejar

----- End forwarded message -----

-- 
   Christian Pietsch, http://www.ub.uni-bielefeld.de/~cpietsch
   Universität Bielefeld, Universitätsstr. 25, 33615 Bielefeld
   Universitätsbibliothek, UHG L3-126, Tel. +49 521 106 2644
   LibTec: Bibliothekstechnologie und Wissensmanagement
Listeninformationen unter http://www.inetbib.de.