11 Association of Research Libraries Research Library Issues 297 2019 It’s also important to explicitly recognize a large class of online learning materials and electronic textbooks as potential environments for massive data collection as well. Here, historically, the library hasn’t been involved in the licensing process or terms, and it’s often extremely unclear whether student privacy is even being considered, much less protected, or whether data that would be helpful to the university for various reasons is actually being made available to the institution (or what happens to it if it is made available). Unlike research materials, students often have no choice about using these educational resources. My expectation is that, for many reasons (escalating costs, privacy liability, the uptake of open educational resources, etc.), libraries are going to become much more involved in these arrangements going forward. They have a great deal of expertise to bring, not just in privacy but also in other areas, such as preservation and archiving. The current ways in which most institutions select and contract for these resources is deeply problematic and overdue for re-examination. One of the biggest questions in understanding data collection by third parties is whether they can identify individual users accessing their platform. Even today, a great deal of authentication of users is done via proxy servers, which verify that a user is a member of a given university community and, once validated, pass that user (and all other validated users) on to external services from a common address known to the external service as only sending validated traffic. Ever since proxy servers came into use in the 1990s (indeed, there are forms of proxies that pre-date the web), there has been a belief that this process effectively anonymized traffic to external services and, hence, rendered the reader privacy issue largely moot as long as proxies were employed. This was probably at least generally true in the early days of the web. More than 20 years later, the various technologies for user tracking and re-identification have advanced greatly, fueled by the demands of various advertising and data collection platforms. It would require a very careful, determined, and sophisticated user to have much hope of avoiding tracking and re-identification today, with or without
Previous Page Next Page