Why We Need to Encrypt The Whole Web… Library Websites, Too

The Patron Privacy Technologies Interest Group was formed in the fall of 2014 to help library technologists improve how well our tools protect patron privacy.  As the first in a series of posts on technical matters concerning patron privacy, please enjoy this guest post by Alison Macrina.

When using the web for activities like banking or shopping, you’ve likely seen a small lock symbol appear at the beginning of the URL and noticed the “HTTP” in the site’s address switch to “HTTPS”. You might even know that the “s” in HTTPS stands for “secure”, and that all of this means that the website you’ve accessed is using the TLS/SSL protocol. But what you might not know is that TLS/SSL is one of the most important yet most underutilized internet protocols, and that all websites, not just those transmitting “sensitive” information, should be using HTTPS by default.

To understand why TLS/SSL is so important for secure web browsing, a little background is necessary. TLS/SSL is the colloquial way of referring to this protocol, but the term is slightly misleading – TLS and SSL are essentially different versions of a similar protocol. Secure Sockets Layer (SSL) was the first protocol used to secure applications over the web, and Transport Layer Security (TLS) was built from SSL as a standardized version of the earlier protocol. The convention of TLS/SSL is used pretty often, though you might see TLS or SSL alone. However written, it all refers to the layer of security that sits on top of HTTP. HTTP, or HyperText Transfer Protocol, is the protocol that governs how websites send and receive data, and how that data is formatted. TLS/SSL adds three things to HTTP: authentication, encryption, and data integrity. Let’s break down those three components:

Authentication: When you visit a website, your computer asks the server on the other end for the information you want to access, and the server responds with the requested information. With TLS/SSL enabled, your computer also reviews a security certificate that guarantees the authenticity of that server. Without TLS/SSL, you have no way of knowing if the website you’re visiting is the real website you want, and that puts you at risk of something called a man-in-the-middle attack, which means data going to and from your computer can be intercepted by an entity masquerading as the site you intended to visit.

Fig. 1: Clicking the lock icon next to a site with TLS/SSL enabled will bring up a window that looks like one above. You can see here that Twitter is running on HTTPS, signed by the certificate authority Symantec.
Fig. 1: Clicking the lock icon next to a site with TLS/SSL enabled will bring up a window that looks like one above. You can see here that Twitter is running on HTTPS, signed by the certificate authority Symantec. [Image courtesy Alison Macrina]
Fig. 2: Clicking “more information” in the first window will bring up this window. In the security tab, you can see the owner of the site, the certificate authority that verified the site, and the encryption details.
Fig. 2: Clicking “more information” in the first window will bring up this window. In the security tab, you can see the owner of the site, the certificate authority that verified the site, and the encryption details. [Image courtesy Alison Macrina]
Fig. 3: Lastly, clicking the “view certificate” option in the previous window will bring up even more technical details, including the site's fingerprints and the certificate expiration date.
Fig. 3: Lastly, clicking the “view certificate” option in the previous window will bring up even more technical details, including the site’s fingerprints and the certificate expiration date. [Image courtesy Alison Macrina]
Data encryption: Encryption is the process of scrambling messages into a secret code so they can only be read by the intended recipient. When a website uses TLS/SSL, the traffic between you and the server hosting that website is encrypted, providing you with a measure of privacy and protection against eavesdropping by third parties.

Data integrity: Finally, TLS/SSL uses an algorithm that includes a value to check on the integrity of the data in transit, meaning the data sent between you and a TLS/SSL secured website cannot be tampered with or altered to add malicious code.

Authentication, encryption, and integrity work in concert to protect the data you send out over TLS/SSL enabled websites. In this age of widespread criminal computer hacking and overbroad surveillance from government entities like the NSA, encrypting the web against interception and tampering is a social necessity. Unfortunately, most of the web is still unencrypted, because enabling TLS/SSL can be confusing, and often some critical steps are left out. But the digital privacy rights advocates at the Electronic Frontier Foundation are aiming to change that with Let’s Encrypt, a free and automated way to deploy TLS/SSL on all websites, launching in Summer 2015. EFF has also built a plugin called HTTPS Everywhere which forces TLS/SSL encryption on websites where this protocol is supported, but not fully set up (a frequent occurrence).

As stewards of information and providers of public internet access, librarians have a special duty to protect the privacy of our patrons and honor the public trust we’ve worked hard to earn. Just as we continue to protect patron checkout histories from unlawful snooping, we should be actively protecting the privacy of patrons using our website, catalog, and public internet terminals:

  • Start by enabling TLS/SSL on our library websites and catalog (some instructions are here and here, and if those are too confusing, Let’s Encrypt goes live this summer. If your website is hosted on a server that is managed externally, ask your administrator to set up TLS/SSL for you).
  • Install the HTTPS Everywhere add-on on all library computers. Tell your patrons what it is and why it’s important for their digital privacy.
  • Urge vendors, database providers, and other libraries to take a stand for privacy and start using TLS/SSL.

Privacy is essential to democratic institutions like libraries; let’s show our patrons that we take that seriously.

Alison Macrina is an IT librarian in Massachusetts and the founder of the Library Freedom Project, an initiative aimed at bringing privacy education and tools into libraries across the country. Her website doesn’t have any content on it right now, but hey, at least it’s using HTTPS! 

The inaugural in-person meeting of the LITA Patron Privacy Interest Technologies Group is at Midwinter 2015 on Saturday, January 31st, at 8:30 a.m. Everybody interested in learning about patron privacy and data security in libraries is welcome to attend! You can also subscribe to the interest group’s mailing list.

Getting Started with GIS

Layout 1Coming for the New Year: Learning Opportunities with LITA

LITA will have multiple learning opportunities available over the upcoming year. Including hot topics to keep your brain warm over the winter. Starting off with:

Getting Started with GIS (Geographic Information Systems)

Instructor: Eva Dodsworth, University of Waterloo

Offered: January 12 – February 9, 2015, with asynchronous weekly lectures, tutorials, assignments, and group discussion. There will be one 80 minute lecture to view each week, along with two tutorials and one assignment that will take 1-3 hours to complete, depending on the student. Moodle login info will be sent to registrants the week prior to the start date.

WebCourse Costs: LITA Member: $135 ALA Member: $195 Non-member: $260

Register Online, page arranged by session date (login required)

Here’s the Course Page

Getting Started with GIS is a three week course modeled on Eva Dodsworth’s LITA Guide of the same name. The course provides an introduction to Geographic Information Systems (GIS) in libraries. Through hands on exercises, discussions and recorded lectures, students will acquire skills in using GIS software programs, social mapping tools, map making, digitizing, and researching for geospatial data. This three week course provides introductory GIS skills that will prove beneficial in any library or information resource position.

No previous mapping or GIS experience is necessary. Some of the mapping applications covered include:

  • Introduction to Cartography and Map Making
  • Online Maps
  • Google Earth
  • KML and GIS files
  • ArcGIS Online and Story Mapping
  • Brief introduction to desktop GIS software

Participants will gain the following GIS skills:

  • Knowledge of popular online mapping resources
  • ability to create an online map
  • an introduction to GIS, GIS software and GIS data
  • an awareness of how other libraries are incorporating GIS technology into their library services and projects

Instructor: Eva Dodsworth is the Geospatial Data Services Librarian at the University of Waterloo Library where she is responsible for the provision of leadership and expertise in developing, delivering, and assessing geospatial data services and programs offered to members of the University of Waterloo community. Eva is also an online part-time GIS instructor at a number of Library School programs in North America.

Register Online, page arranged by session date (login required)

Re-Drawing the Map Series

Don’t forget the final session in the series is coming up January 6, 2015. You can attend this final single session or register for the series and get the recordings of the previous two sessions on Web Mapping and OpenStreetMaps. Join LITA instructor Cecily Walker for:

Coding maps with Leaflet.js

Tuesday January 6, 2015, 1:00 pm – 2:00 pm Central Time
Instructor: Cecily Walker

Ready to make your own maps and go beyond a directory of locations? Add photos and text to your maps with Cecily as you learn to use the Leaflet JavaScript library.

Register Online, page arranged by session date (login required)

Webinar Costs: LITA Member $39 for the single session and $99 for the series.

Check out the series web page for all cost options.

Questions or Comments?

For all other questions or comments related to the course, contact LITA at (312) 280-4268 or Mark Beatty, mbeatty@ala.org.

 

Register Now for LITA Midwinter Institutes

lita at midwinter 2015Whether you’ll be attending Midwinter or are just looking for a great one day continuing education event in the Chicago/Midwest area, we hope you’ll join us.

When? All workshops will be held on Friday, January 30, 2015, from 8:30-4:00 at McCormick Place in Chicago IL.

Cost for LITA Members: $235 (ALA $350 / Non-ALA $380, see below for details)

Here’s this year’s terrific line up:

Developing mobile apps to support field research
Instructor: Wayne Johnston, University of Guelph Library

Researchers in most disciplines do some form of field research. Too often they collect data on paper which is not only inefficient but vulnerable to date loss. Surveys and other data collection instruments can easily be created as mobile apps with the resulting data stored on the campus server and immediately available for analysis. The apps also enable added functionality like improved data validity through use of authority files and capturing GPS coordinates. This support to field research represents a new way for academic libraries to connect with researchers within the context of a broader research date management strategy.

Introduction to Practical Programming
Instructor: Elizabeth Wickes, University of Illinois at Urbana-Champaign

This workshop will introduce foundational programming skills using the Python programming language. There will be three sections to this workshop: a brief historical review of computing and programming languages (with a focus on where Python fits in), hands on practice with installation and the basics of the language, followed by a review of information resources essential for computing education and reference. This workshop will prepare participants to write their own programs, jump into programming education materials, and provide essential experience and background for the evaluation of computing reference materials and library program development. Participants from all backgrounds with no programming experience are encouraged to attend.

From Lost to Found: How user Testing Can Improve the User Experience of Your Library Website
Instructors: Kate Lawrence, EBSCO Information Services; Deirdre Costello, EBSCO Information Services; Robert Newell, University of Houston

When two user researchers from EBSCO set out to study the digital lives of college students, they had no idea the surprises in store for them. The online behaviors of “digital natives” were fascinating: from students using Google to find their library’s website, to what research terms and phrases students consider another language altogether: “library-ese.” Attendees of this workshop will learn how to conduct usability testing, and participate in a live testing exercise via usertesting.com. Participants will leave the session with the knowledge and confidence to conduct user testing that will yield actionable and meaningful insights about their audience.

More information about Midwinter Workshops.

Registration Information:
LITA members get one third off the cost of Mid-Winter workshops. Use the discount promotional code: LITA2015 during online registration to automatically receive your member discount. Start the process at the ALA web sites:

Conference web site:
http://alamw15.ala.org/
Registration start page:
http://alamw15.ala.org/rates 
LITA Workshops registration descriptions:
http://alamw15.ala.org/ticketed-events#LITA

When you start the registration process and BEFORE you choose the workshop, you will encounter the Personal Information page. On that page there is a field to enter the discount promotional code: LITA2015
As in the example below. If you do so, then when you get to the workshops choosing page the discount prices, of $235, are automatically displayed and entered. The discounted total will be reflected in the Balance Due line on the payment page.

preconference

Please contact the LITA Office if you have any registration questions.

Don’t Miss the OpenStreetMaps Webinar

madisonh2ocolormap

Before Hackforge’s Mita Williams Masters session on new spaces at the ALA 2015 Midwinter Meeting, you can attend her next LITA webinar, part of the “Re-drawing the Map”–a webinar series:

OpenStreetMaps: Trust the map that anyone can change

Tuesday December 9, 2014
1:00 pm – 2:00 pm Central Time
Instructor: Mita Williams
Register for this webinar

Ever had a map send you the wrong way and wished you could change it? Learn how to add your local knowledge to the “Wikipedia of Maps.”

It’s been said that “the map is not the territory”. But when when the most of the world’s websites and mobile apps rely on maps from private corporations who selectively show you places based on who you are (and who pays for the privilege), perhaps we should cede that territory for higher ground. It’s counter-intuitive to trust a map that anyone can edit, but OpenStreetMap is already the geospatial foundation of some of the world’s most popular sites including Pinterest, Evernote, and github. This session will introduce you to OpenStreetMap and show you how you can both contribute to and make use of the “Wikipedia of Maps”.

Full details

Can’t make the date but still want to join in? Registered participants will have access to the recorded webinar.

Cost:

  • LITA Member: $39
  • Non-Member: $99
  • Group: $190

Registration Information:

Register Online page arranged by session date (login required)

OR

Mail or fax form to ALA Registration
OR call 1-800-545-2433 and press 5
OR email registration@ala.org

Questions or Comments?

For all other questions or comments related to the course, contact LITA at (312) 280-4269 or Mark Beatty, mbeatty@ala.org.

Top Technologies Webinar – Dec. 2, 2014

Don’t miss the Top Technologies Every Librarian Needs to Know Webinar with Presenters: Brigitte Bell, Steven Bowers, Terry Cottrell, Elliot Polak and Ken Varnum

Offered: December 2, 2014
1:00 pm – 2:00 pm Central Time

See the full course description with registration information here.
or
Register Now Online, page arranged by session date (login required)

Varnum300pebWe’re all awash in technological innovation. It can be a challenge to know what new tools are likely to have staying power — and what that might mean for libraries. The recently published Top Technologies Every Librarian Needs to Know highlights a selected set of technologies that are just starting to emerge and describes how libraries might adapt them in the next few years.

In this webinar, join the authors of three chapters from the book as they talk about their technologies and what they mean for libraries.

Hands-Free Augmented Reality: Impacting the Library Future
Presenters: Brigitte Bell & Terry Cottrell

Based on the recent surge of interest in head-mounted augmented reality devices such as the 3D gaming console Oculus Rift and Google’s Glass project, it seems reasonable to expect that the implementation of hands-free augmented reality technology will become common practice in libraries within the next 3-5 years.

The Future of Cloud-Based Library Systems
Presenters: Elliot Polak & Steven Bowers

In libraries, cloud computing technology can reduce the costs and human capital associated with maintaining a 24/7 Integrated Library System while facilitating an up-time that is costly to attain in-house. Cloud-Based Integrated Library Systems can leverage a shared system environment, allowing libraries to share metadata records and other system resources while maintaining independent local information allowing for reducing redundant workflows and yielding efficiencies for cataloging/metadata and acquisitions departments.

Library Discovery: From Ponds to Streams
Presenter: Ken Varnum

Rather than exploring focused ponds of specialized databases, researchers now swim in oceans of information. What is needed is neither ponds (too small in our interdisciplinary world) or oceans (too broad and deep for most needs), but streams — dynamic, context-aware subsets of the whole, tailored to the researcher’s short- or long-term interests.

Webinar Fees are:

LITA Member: $39
Non-Member: $99
Group: $190

Register Online now to join us what is sure to be an excellent and informative webinar.

Current Learning Opportunities with LITA

LITA has multiple learning opportunities available over the next several months.  Hot topics to keep your brain warm over the winter.

Re-Drawing the Map Series

Presenters: Mita Williams and Cecily Walker
Offered: November 18, 2014, December 9, 2014, and January 6, 2015
All: 1:00 pm – 2:00 pm Central Time

Top Technologies Every Librarian Needs to Know

Presenters: Brigitte Bell, Steven Bowers, Terry Cottrell, Elliot Polak and Ken Varnum,
Offered: December 2, 2014
1:00 pm – 2:00 pm Central Time

Getting Started with GIS

Instructor: Eva Dodsworth, University of Waterloo
Offered: January 12 – February 9, 2015

For details and registration check out the fuller descriptions below and follow the links to their full web pages

Re-Drawing the Map Series

redrawmapthumbJoin LITA Education and instructors Mita Williams and Cecily Walker in “Re-drawing the Map”–a webinar series! Pick and choose your favorite topic.  Can’t make all the dates but still want the latest information? Registered participants will have access to the recorded webinars.

Here’s the individual sessions.

 Web Mapping: moving from maps on the web to maps of the web
Tuesday Nov. 18, 2014
1:00 pm – 2:00 pm Central Time
Instructor: Mita Williams
<completed>

Get an introduction to web mapping tools and learn about the stories they can help you to tell!

OpenStreetMaps: Trust the map that anyone can change
Tuesday December 9, 2014,
1:00 pm – 2:00 pm Central Time
Instructor: Mita Williams

Ever had a map send you the wrong way and wished you could change it?  Learn how to add your local knowledge to the “Wikipedia of Maps.”

Coding maps with Leaflet.js
Tuesday January 6, 2015,
1:00 pm – 2:00 pm Central Time
Instructor: Cecily Walker

Ready to make your own maps and go beyond a directory of locations? Add photos and text to your maps with Cecily as you learn to use the Leaflet JavaScript library.

Register Online page arranged by session date (login required)

Top Technologies Every Librarian Needs to Know

Varnum300pebWe’re all awash in technological innovation. It can be a challenge to know what new tools are likely to have staying power — and what that might mean for libraries. The recently published Top Technologies Every Librarian Needs to Know highlights a selected set of technologies that are just starting to emerge and describes how libraries might adapt them in the next few years.

In this webinar, join the authors of three chapters as they talk about their technologies and what they mean for libraries.
December 2, 2014
1:00 pm – 2:00 pm Central Time

Hands-Free Augmented Reality: Impacting the Library Future
Presenters: Brigitte Bell & Terry Cottrell

The Future of Cloud-Based Library Systems
Presenters: Elliot Polak & Steven Bowers

Library Discovery: From Ponds to Streams
Presenter: Ken Varnum

Register Online page arranged by session date (login required)

Getting Started with GIS

Layout 1Getting Started with GIS is a three week course modeled on Eva Dodsworth’s LITA Guide of the same name. The course provides an introduction to GIS technology and GIS in libraries. Through hands on exercises, discussions and recorded lectures, students will acquire skills in using GIS software programs, social mapping tools, map making, digitizing, and researching for geospatial data. This three week course provides introductory GIS skills that will prove beneficial in any library or information resource position.

No previous mapping or GIS experience is necessary. Some of the mapping applications covered include:

  • Introduction to Cartography and Map Making
  • Online Maps
  • Google Earth
  • KML and GIS files
  • ArcGIS Online and Story Mapping
  • Brief introduction to desktop GIS software

Instructor: Eva Dodsworth, University of Waterloo
Offered: January 12 – February 9, 2015

Register Online page arranged by session date (login required)

Questions or Comments?

For all other questions or comments related to the course, contact LITA at (312) 280-4268 or Mark Beatty, mbeatty@ala.org.

LITA Members: take the LITA Education Survey

LITA members, please participate in the LITA Education Survey. The survey was first sent out 2 weeks ago to all current LITA members.  Another reminder will appear in LITA members email boxes soon, or you can click the links in this posting. The survey should take no more than 10 minutes of your time and will help your LITA colleagues developing continuing education programs to meet your needs.

LITA Education Survey 2014

In our continuing efforts to make LITA education offerings meet the needs and wishes of our membership, we ask that you, the LITA members, take a few minutes to fill out the linked survey. We are looking for information on education offerings you have participated in recently and would like to know what topics, methods and calendar times work best for you.

The more responses we get the better chances we have to create education offerings that provide excellent value to you the LITA membership. We appreciate you taking 10 minutes of your time to complete the LITA Education Survey 2014.

Thank you for your time and input.

LITA Education Committee

LITA Midwinter Institutes

Registration for LITA’s Midwinter Institutes opened today with ALA’s joint registration! Whether you’ll be attending Midwinter or are just looking for a great one day continuing education event in the Chicago/Midwest area, we hope you’ll join us.

When? All workshops will be held on Friday, January 30, 2015, from 8:30-4:00

Cost for LITA Members: $235  (ALA $350 / Non-ALA $380)
(If you are a member of LITA use special code LITA2015 to receive the price of $235.)

Workshops Descriptions:

Developing mobile apps to support field research
Instructor: Wayne Johnston, University of Guelph Library

Researchers in most disciplines do some form of field research. Too often they collect data on paper which is not only inefficient but vulnerable to date loss. Surveys and other data collection instruments can easily be created as mobile apps with the resulting data stored on the campus server and immediately available for analysis. The apps also enable added functionality like improved data validity through use of authority files and capturing GPS coordinates. This support to field research represents a new way for academic libraries to connect with researchers within the context of a broader research date management strategy.

Introduction to Practical Programming
Instructor: Elizabeth Wickes, University of Illinois at Urbana-Champaign

This workshop will introduce foundational programming skills using the Python programming language. There will be three sections to this workshop: a brief historical review of computing and programming languages (with a focus on where Python fits in), hands on practice with installation and the basics of the language, followed by a review of information resources essential for computing education and reference. This workshop will prepare participants to write their own programs, jump into programming education materials, and provide essential experience and background for the evaluation of computing reference materials and library program development. Participants from all backgrounds with no programming experience are encouraged to attend.

From Lost to Found: How user Testing Can Improve the User Experience of Your Library Website
Instructors: Kate Lawrence, EBSCO Information Services; Deirdre Costello, EBSCO Information Services; Robert Newell, University of Houston

When two user researchers from EBSCO set out to study the digital lives of college students, they had no idea the surprises in store for them. The online behaviors of “digital natives” were fascinating: from students using Google to find their library’s website, to what research terms and phrases students consider another language altogether: “library-ese.” Attendees of this workshop will learn how to conduct usability testing, and participate in a live testing exercise via usertesting.com. Participants will leave the session with the knowledge and confidence to conduct user testing that will yield actionable and meaningful insights about their audience.

 

More details about these workshops will be coming in interviews with the instructors in October! If you have a question you’d like to ask the instructors, please contact LITA Education Chair Abigail Goben at [firstnamelastname]@gmail.com

 

 

 

 

LITA Bylaws & Organization Committee – IG Renewal Document

One of the jobs of the LITA Bylaws & Organization Committee is to oversee the formation and dissolution of LITA Interest Groups. I’ve created and updated a document that has both current names and dates of LITA Interest Groups, renewal dates, and past IGs that have been dissolved.

LITA Interest Group document

If anyone has any questions, please let me know: griffey at gmail.com

Meet your Board at Annual (including online!)

LITA Board portraint
Back: David Lee King, Rachel Vacek, Jenny Reiswig, Cindi Blyberg, Mary Taylor, Jason Griffey.
Front: Zoe Stewart-Marshall, John Blyberg, Aaron Dobbs, Andromeda Yelton, Lauren Pressley

Hi! We’re the Board, and we’d like to meet you.

Whether you’ll be in Vegas next week or not, there are lots of ways you can get in touch with us, get involved with what LITA’s doing, and tell us how you’d like us to represent you. Here’s your handy list of where we’re likely to be during Annual. Come chat with us!

Social media and Online

Programs and Social Events

LITA Open House
New to LITA? Want to learn more? Start here!

  • Friday, June 27, 2014 – 3:00pm to 4:00pm
  • Las Vegas Convention Center S224

Top Tech Trends

LITA Awards Presentation and President’s Program
Featuring Kimberly Bryant of Black Girls Code!

  • Sunday, June 29, 2014 – 3:00pm to 4:00pm
  • Las Vegas Convention Center S233

LITA Happy Hour

  • Sunday, June 29, 2014 – 5:30pm to 8:00pm
  • Kahunaville in the Treasure Island Hotel & Casino, 3300 Las Vegas Blvd S.

Check out the rest of LITA’s programs at Annual, too.

Board and Committee Meetings

Per the ALA open meeting policy, all meetings are open to all members (though some may have closed portions). You are welcome to attend.

Executive Committee

  • Friday, June 27, 2014 – 8:30am to 9:30am
  • Las Vegas Hotel Conference Room 03
  • Hashtag: #litabd
  • Agenda

All Committees Meeting
Most of LITA’s committees meet during this time slot. If you’re thinking of getting involved and want to learn more, this is a great chance to do so.

  • Saturday, June 28, 2014 – 10:30am to 11:30am
  • Las Vegas Convention Center Exhibit Hall, Mtg Rm A

LITA Board I

  • Saturday, June 28, 2014 – 1:30pm to 4:30pm
  • Las Vegas Convention Center S224
  • Hashtag: #litabd
  • Agenda

LITA Board II

  • Monday, June 30, 2014 – 1:30pm to 4:30pm
  • Las Vegas Convention Center N217
  • Hashtag: #litabd
  • Agenda

Hey, you read all the way to the bottom of the post! You’re awesome. High five. You deserve kittens.

adorable sleepy kittens hugging each other adorably