Week 12: more corporate surveillance

I’m REALLY interested in thinking about the legislative angle to all this and what effective advocacy to lawmakers looks like. I loved Gary’s idea of sitting down with local policymakers and showing them Wireshark to freak them out, and I think that’s a great way to start off illustrating the problem and then shift to a list of demands. I wonder what a set of legislator questions/requests would look like, if we were to make a best practices type document about it?

BTW, here are the links Gary shared:

I really like the idea of making a set of best practices for taking with legislators/people in authority. I feel like so much of this stuff boils down to basically asking people to consider 1) How could this technology/information be used beyond the ways in which it is marketed to consumers? and 2) How might this affect someone whose circumstances are different than yours?

This is going to be a long anecdote and I’m not sure this is the best spot for it but I wanted to share it in case anyone else finds it useful when talking with patrons or holding workshops.

A few months ago, a marketing postcard arrived at my house addressed to my elementary school-aged kid, about signing up for summer classes at the community college where I work. At first I just found it funny and my coworkers and I were joking about how maybe they’re taking this early enrollment thing a little far. I wouldn’t have done anything else, except that I work here and we’re basically all in the same building.

I visited our marketing person to see if my kid’s name could be removed from the mailing list, and she was surprised about it because this mailing list that they had purchased was supposed to target people in certain towns between certain ages, something like 17-28, so she did some more digging. A few days later she got back to me and said that the mailing house they work with had purchased the list from Experian. The mailing house recommended that I request a credit report for my child because their name showing up on that list–i.e. listed as an age that they are clearly not–could indicate that their identity has been stolen (possibly as a result of the Equifax hack) and someone has opened accounts in their name.

I’m still waiting to receive the credit reports, so I don’t know yet whether or not their identity was stolen. It is super difficult to request a credit report for a minor–you have to provide loads of information, all by mail, and then wait for several months.

Anyway, I wanted to share this because I think it gets back to what Rosalie (I think it was Rosalie a few months ago who mentioned this, but I could be wrong) said about cultivating a sense of when things feel icky or wrong. I never would have thought that a piece of junk mail could be a sign of identity theft. Also, I had no idea that the credit reporting agencies were in the business of selling mailing lists (and who knows what else). I mean, I guess it makes sense, but I didn’t know it before.

I’ve been thinking more on this today and I’m going to start drafting something up. I’m also asking a journalist friend with a lot of experience grilling legislators if he has ideas for what a doc like this should include. I’m thinking it should have both proactive and reactive stuff – what to ask your lawmakers to do in general vs what to ask them for when something has just gone wrong (a la Cambridge Analytica). And we’ll break it down by local, state, federal. Maybe he can even come and guest lecture on Tuesday if people are into it! Are people into it?

Wow. WOW. This is nuts!! So not only might your child’s identity have been stolen because of the Experian breach, but now marketing companies are buying up that stolen data and using it to sell products back to you. It’s incredible. I really hope you are able to get this resolved on behalf of your child (and yourself!). And I"m also thinking about the power of personal anecdotes like these in our best practices…contacting a local legislator and telling them a story like this would be huge.

Thanks for sharing the story. It’s so true about the “creepiness factor”… a lot of understanding privacy is just having an awareness about data, and knowing that it’s being sourced from somewhere and exchanged. It blows my mind that these marketing companies are essentially trading in stolen data. But there isn’t anything to stop them because there aren’t any consequences. So this is where we need to get our lawmakers involved.

This is where my jaw literally dropped. Please keep us updated when you hear more, this is bananas!

Yes please! Very interested in hearing from this friend and also building up this document.

Interested! I’m sorry to be hanging by a thread here (HA!), but I’m in a good place for listening, just not so good at responding and creating at the moment (soon!).

Claire! Day 6 of my new job as the electronic resources person at my school, and I feel like you have just focused my life so much.

Front and center in my day now:


um I freaking love this!

1 Like

These are great questions, @clobdell and perfect to build an entire discussion around (and like @mtkinney said, our entire jobs). I really like the idea of creating a best practices document as well. At my job we just finalized our goals for the next three years and one of them is helping libraries engage with local lawmakers. I’d love to have (and help create) a document that librarians and administrators can use to help guide these discussions.


We’re into it, Alison!

1 Like

Um, this is a great goal.


I’m still marinating on how to best bring this info to patrons, but I was happy to see that consumer reports is getting involved. I find that Consumer Reports has a strong reputation among older patrons, which is a demographic with lower digital literacy. I shared the consumer reports article with other reference librarians, and I did some searches on the site to see the types of articles and product reviews they’ve conducted on cybersecurity. So it’ll be something I can work into my reference practice.

1 Like

@kellymce, we also discussed “influencing policy” as one of our goals at our Digital Safety Meeting last week. @Sarah_in_Oregon, I also liked the Consumer Reports reading. I shared the short videos with my team as something we could link to from our web page until we find time to make our own short videos.

1 Like

I feel like everyone one is being constructive and proactive, and this is scare tactic-y / complain-y (and I think this has been written about elsewhere) but have you seen this product from Gale, Analytics-on-Demand? Features they market:

“Learn who your users are and find more like them using this well-known household-based segmentation system from Experian.” (emphasis mine)

and patron voter analysis.

@librarianbryan, that reminds me!! I meant to post about this at the start of the Week 12 discussion. A month ago I had a demo of a product called Patronlink from Infogroup (the people behind Reference USA). This service allows libraries to learn more about the demographics in their area, find out who doesn’t have a library card, and market to them. Beyond just basic stuff. They mine data from Amazon and Google to determine their income, buying habits, hobbies, online habits, and more. It connects directly to the library’s ILS, so it has access to all of that information as well.

It seems like I was one of the few people that actually asked them about their policies in regards to how this information is stored, secured, and used. Here is their website: https://www.patronlink.com/know-your-community-and-patrons/

Has anyone dealt with this product? It seems to be slowly rolling out to libraries.

I asked a Gale rep about this at ALA last year and the rep couldn’t answer a single one of my questions about how the data would be used and secured. She was actually pretty resentful of my questions. Really scary stuff. @josh, what kind of response did you get from the Infogroup people when you asked those questions?

BTW, I just sent everyone an email about journalist Dell Cameron coming to speak on Tuesday. Please send me any ideas you have for questions to ask him about how to speak with lawmakers about this stuff!

One question I had–are libraries that sign up for this sharing their data with Experian, or just paying for Experian data?

based on this, it’s unclear:

" Mosaic Profiles: Understand patron data with household-based segmentation from Experian, which classifies all U.S. household neighborhoods into 71 unique profiles."

Because “patron data” implies that it’s data that we have, but maybe what they mean is “data that Experian already has about people in your geographic area”.

Maybe someone wants to call a Gale rep and pretend to be an interested customer?? :slight_smile:

I enjoyed reading the Consumer Reports article too. I think their involvement may add weight for the need for protecting digital privacy for those people who otherwise may not pay attention to the issue.

1 Like

I think it is data Experian already has about people in your geographic area. You can find Mosaic profiles in another database, DemographicsNow. I used Mosaic reports for the project I did as part of PLA’s Inclusive Internship this summer. My intern and I were focusing on increasing literacy in my branch’s service area and researched educational attainment and income levels in the area. DemographicsNow was one of the sources we used. We found a large segment of the population was classified in a particular Mosaic group. We looked at reports for that group and narrowed our focus further to career literacy and financial literacy as a result.

I’m going to upload a report to Github as an example. I’m pretty certain the data is not coming from the library. But Alison, your question does make me ponder.

1 Like