Alison Macrina had bad news for the 30 or so librarians in the darkened auditorium on a recent Friday. “Your password is bad,” she informed them. “I’m really sorry. Everything you’ve learned about passwords is wrong. It’s not your fault.”
Macrina was nearly an hour into a presentation on digital privacy. She and her colleagues had covered encrypted browsers, tracking, mobile security, surveillance laws, and what to do if federal agents show up with a letter from the government demanding library records. Many of the librarians were bent over their notebooks, scribbling frantically as Macrina whipped through her slides.
Macrina, 30, is not your grandmother’s librarian. She has a kaleidoscopic illustration from a Mother Goose book tattooed on her arm, occasionally poses for selfies in red lipstick, and wears a small piece of hardware called a security token around her neck like a pendant. Macrina has worked as a public librarian for nearly a decade, but she’s not shelving books; she’s fighting Big Brother.
“Like a lot of other librarians, I started thinking about privacy a lot more acutely, I think, right after Snowden,” she told me. “I didn’t know just how much privacy was being violated, and what we weren’t doing to address it.” The American Library Association has counted privacy among its “core values” since 1939, but Macrina thinks that now, in the age of dragnet data collection by intelligence agencies and corporations, librarians aren’t taking enough concrete steps to protect their patrons, in many cases because they don’t have the technical skills.
Under the Patriot Act, the government can demand library records via a secret court order and without probable cause that the information is related to a suspected terrorist plot. It can also block the librarian from revealing that request to anyone. Nor does the term “records” cover only the books you check out; it also includes search histories and hard drives from library computers. The Muslim-American who uses a library computer to correspond with family abroad, or the activist planning a demonstration against police brutality—those digital trails are vulnerable to surveillance, along with everyone else’s.
The government’s power to vacuum up our personal details seems unstoppable, but a lot of it depends on how much we give away. Macrina wants librarians and library users to be less complicit. She installed privacy-protection tools on computers at the library where she worked in Watertown, Massachusetts, and started teaching classes on digital privacy to patrons. Soon, she was leading workshops throughout New England, working with the American Civil Liberties Union to explain how the government collects data and about the various tools that librarians can use to protect their patrons. They started calling their partnership the Library Freedom Project, and in January they won a Knight Foundation grant to scale up the program.
Macrina’s project is not just about bringing libraries up to speed. It’s also about leveraging their unique position as community institutions to invigorate a pallid public dialogue about the surveillance state and civil liberties. Key sections of the Patriot Act are due to expire on June 1, but there has been little public scrutiny so far of the congressional debate about extending or reforming those provisions.
Librarians have frequently been involved in the fight against government surveillance. The first librarian to be locked up for defending privacy and intellectual freedom was Zoia Horn, who spent three week in jail in 1972 for refusing to testify against anti–Vietnam War activists. During the Cold War, librarians exposed the Federal Bureau of Investigation’s attempts to recruit library staffers to spy on foreigners, particularly Soviets, through a national effort called the Library Awareness Program.
The post-Snowden Internet age is no different. In January, the District of Columbia Public Library presented a 10-day series called “Orwellian America,” which included an all-day reading of 1984, a cyber-security workshop, and a panel discussion during which NSA whistleblower Kirk Wiebe informed the audience that “There’s an assault on the United States Constitution, and it’s real.” The Brooklyn Public Library has hosted several “cryptoparties” to teach people how to use privacy software. The San Jose Public Library is launching a pilot program to teach privacy literacy to patrons of all ages. “There’s a budding movement of librarians as privacy warriors,” Macrina said. “We’re seeing each other pick this up and getting more confidence in what we know and what we can bring to the privacy conversation: Namely, our background and relationship with local communities.”
* * *
On June 5, 2013, the Guardian published the first in a series of stunning reports based on the Snowden documents: The National Security Agency was collecting the records of phone calls made by millions of Verizon customers on an “ongoing, daily basis,” according to a previously unknown order from the Foreign Intelligence Surveillance Court. Collecting and storing the “metadata” from these calls allows the NSA “to build…a comprehensive picture of who any individual contacted, how and when, and possibly from where, retrospectively,” Glenn Greenwald reported. The program itself was cause for alarm, but the bigger, more shocking story was how the government justified the bulk collection of this personal data: with a part of the Patriot Act known as Section 215.
Long before Section 215 was associated with the Snowden disclosures, it was known as the “library records” provision. In the weeks after 9/11, the FBI announced that some of the hijackers had used public libraries in Florida to plan and coordinate with one another. Although the bureau was able to collect the records of their visits by way of traditional subpoenas, there was a good bit of handwringing from the right about libraries becoming “safe havens” for terrorists, as a Justice Department spokesperson put it. “We put Americans’ lives at risk if we foolishly provide sanctuaries—even in our public libraries—for terrorists to operate,” argued Wisconsin Representative F. James Sensenbrenner Jr., now a critic of the government’s broad interpretation of the Patriot Act, during the debate about reauthorizing the law in 2005.
Congress rushed to give law enforcement greater spying power in the stacks. Section 215 allows the FBI to request “any tangible thing” relevant to a terrorism investigation, without having to show probable cause that the “thing” is actually connected to a terrorism suspect. The provision applied to library circulation records, patron lists, Internet records, and hard drives, and it prohibited any library worker who received such a request from discussing it with anyone.
Nevertheless, reports that librarians were receiving requests from law enforcement began trickling out within months of the law’s passage. In a survey conducted not long after by the University of Illinois, 85 libraries said that they had been asked by law enforcement about patron information related to September 11. “The FBI is poised to intrude once more on library confidentiality, this time with an arsenal of surveillance that even our library confidentiality laws may not be able to prevent,” a retired librarian named Herbert Foerstel, who’d helped to raise the alarm about the bureau’s Library Awareness Program in the 1980s, warned in a Baltimore Sun op-ed in the spring of 2002.
By 2003, librarians around the country had launched a revolt. Librarians in Paulding County, Ohio, among other places, posted signs warning computer users that “due to national security concerns,” their “Internet surfing habits, passwords and e-mail content” might be monitored by law enforcement. Others distributed informational handouts or organized community hearings about the government’s new surveillance powers. Libraries began to destroy computer-use wait-lists, hard- drive caches, and other records. “It used to be a librarian would be pictured with a book,” a Santa Cruz librarian named Barbara Gail Snider remarked in The New York Times. “Now it is a librarian with a shredder.”
Audrey Evans, who was a college student in Arkansas at the time, had what she calls a “crystallizing moment” when she heard about a library warning sign that read, “The FBI has not been here,” and then, in smaller type below: “Watch very closely for the removal of this sign.” The subversive message intrigued her. “It was an effort of resistance, and of getting around something, and simultaneously making the public aware of what was going on,” she told me recently. The conversation librarians were having about civil liberties “revealed the values of the public library as an institution, and became a grounding spot for me as a political-consciousness moment. I started thinking that maybe I would want to be a librarian one day.” She got an internship at the Clinton Presidential Library and, after college, went on to study law librarianship. Several other people that I spoke with for this story, including Alison Macrina, told me similar stories about how the activism of librarians after 9/11 shaped their political perspective.
The rebellion eventually attracted enough attention that in a September 2003 speech, Attorney General John Ashcroft attacked the librarians directly, accusing them of “baseless hysteria.” Records had not been sought from libraries under Section 215, Ashcroft insisted, and the FBI had no interest in “checking how far you have gotten on the latest Tom Clancy novel.” Ashcroft used the word “hysteria” five other times throughout the speech, and then again a few days later during a speech in Memphis.
“In a field dominated by women, to use the word ‘hysterical’ is pejorative in the extreme,” said George Christian, the executive director of a Connecticut consortium called Library Connection. “That got my goat,” he added. Nevertheless, Christian and many of his colleagues “took [Ashcroft] at his word that librarians were not being targeted.” Christian took a few precautions—establishing a policy that any information requests from law enforcement would go directly to him, for example—and then he “went on to other priorities.”
Two years later, a pair of FBI agents served him a national-security letter demanding that he surrender “all subscriber information, billing information and access logs of any person” who had used a particular computer at one of the libraries he managed. The letter included a gag order forbidding Christian from discussing its contents with “any person.”
Christian refused to comply and called his lawyer. For almost a year, he and three colleagues, represented by the ACLU and identified in court documents only as John Does, fought the request and gag order. The identities of the Connecticut Four, as the plaintiffs came to be known, were eventually revealed by The Washington Post’s Barton Gellman, who wrote that their case “affords a rare glimpse of an exponentially growing practice of domestic surveillance under the Patriot Act,” which “transformed [national-security letters] by permitting clandestine scrutiny of US residents and visitors who are not alleged to be terrorists or spies.” The FBI was issuing some 30,000 NSLs each year, Gellman reported, with no review from a prosecutor, jury, or judge.
Meanwhile, Congress was in the process of renewing the Patriot Act. Lawmakers reauthorized the law in March 2006 without adding significant new civil-liberties protections, and just weeks later, the government dropped its appeal of the Connecticut Four case, allowing the plaintiffs to speak openly for the first time. Christian and his colleagues were dismayed by the timing. “We wanted to let the world of librarians and Congress know that in point of fact this instrument was being used, but we were never allowed to talk about it because of the gag order,” said Christian. By the time the order was lifted, it was too late.
Incidentally, earlier that same week the FISA court broadened its interpretation of Section 215 so that a telephone company’s entire call-records database could be considered a “tangible thing,” subject to collection and storage by the NSA. Of course, it did so in secret. For years the government continued to dismiss questions about what Section 215 really authorized, until the Snowden leaks revealed, at least in part, the “significant gap between what most Americans think the law allows and what the government secretly claims the law allows,” as Senator Ron Wyden and former Senator Mark Udall wrote in a 2012 letter to Attorney General Eric Holder.
“I think none of us dreamed that the government would really be engaged in violating privacy on the scope that Snowden revealed,” Christian said. But then he also never expected to get a visit from two FBI agents. Because of the gag orders, it is impossible to know how many other libraries have received similar requests. At the very least, the case of the Connecticut Four, like the Snowden leaks, validated those who refused to take the government’s assertions regarding Section 215 at face value. Adam Eisgrau, the managing director for the ALA’s Office of Government Relations, told me that as a result, we know now that librarians “were not hysterical, but absolutely prescient.”
* * *
I met Eisgrau at the Washington office of the ALA. Books, with call numbers affixed to their spines, line one wall in the lobby. The 21st-century library is still about books, Eisgrau said, but increasingly less so. The digital shift has increased the privacy challenges, but it has also made libraries a crucial bridge over the technology divide in underserved communities. More than 250 libraries in the US now offer public access to 3-D printers, for example. In Chicago, where 40 percent of residents don’t have access to the Internet at home, the main library has robots and a “maker lab” with 3-D printers and laser cutters, which entrepreneurs use to create jewelry and prototypes for guitars, among other things. As Eisgrau pointed out, “Librarians have not only been on the cutting edge of every kind of information technology to evolve—they are the cutting edge. That’s their job. That was true when technology meant tape recorders and typewriters…. Librarians today have as much to do with people who say ‘sssh’ and wear high-neck blouses as a fish does to a bicycle.”
The ALA, for its part, is active in debates about Internet-policy issues ranging from net neutrality to censorship and surveillance. Seeking to amplify the voices of librarians in policy-making, the organization has asked its members to devote one hour a week to advocacy. After the Snowden disclosures, the ALA joined other civil-liberties groups, technology companies, and activists in an aggressive push for legal reforms, including of the Patriot Act. One of the things that Eisgrau hopes to achieve is more freedom for the recipients of NSLs to challenge them.
“It’s very difficult to talk about surveillance until something happens like the Edward Snowden revelations,” said Barbara Jones, director of the ALA’s Office of Intellectual Freedom. “A lot of people had not thought about these things, but librarians tend to be thoughtful people. People assume we’re protecting their privacy, and we have to tell them that has now been compromised. And that’s very sad.”
Amy Sonnie, a librarian and activist in Oakland, told me that there’s a debate within the profession about whether librarianship is, or should be, politically neutral. “I can and should be an advocate around issues that impact our ability to fulfill our mission, and privacy is one of those issues,” she said. Sonnie and Macrina both see privacy as not just an issue of intellectual freedom, but also of social justice. “We serve members of communities who have been historically under greater surveillance than the rest of the population: immigrants, Muslim-Americans, people of color, political dissidents,” Macrina explained.
Many advocates hope that the impending sunset of Section 215 and other provisions of the Patriot Act will force the intelligence community’s allies and the Obama administration to choose between significant reforms and losing the statutes completely. But the bill being debated as this goes to press does not fully end bulk data collection and is at best a band-aid, as it imposes limited transparency and oversight measures. Even letting Section 215 expire won’t correct the balance of power, which has slipped from Congress to the intelligence agencies.
To Macrina, that just makes her work to protect privacy even more urgent. “People feel despair about the ability of legislation to make real change,” she said, “but something about using technology is empowering. And once you empower them a little, they’re more likely to go lobby for change at the legislative level.”