Categories
Trust, Identity and Access Blogs UK Access Management Federation

I’m not a number, I’m a pseudonymous identifier…

“Are THEY listening to us?”

“Who’s they?”

“You know, the phones, the laptops?”

And so goes the conversation that I sometimes have with my wife. Perhaps after we’ve had a chat about hiking poles, when every ad on our social media feed then shows hiking poles, despite neither of us having directly Googled them. (Although admittedly, we have looked at various Lake District holiday options).

It’s not an unreasonable suspicion given the general lack of understanding about how pervasive tracking cookies are. Or that back in the day, ‘they’ really had been listening. Though that’s another story for another time.

Privacy versus Experience

Documentaries such as The Social Dilemma (2020) have shown us all how complete a picture online advertisers and retailers can build-up of an individual. Unless you conduct your internet activities in a virtual Faraday cage using Tor (which like any technology, can be used for good or bad), to a greater or lesser extent, this happens to us all.

Targeted ads, siloed opinion echo chambers; it’s a river that is difficult to swim upstream against while maintaining privacy. Particularly if you want to have anything like an adequate experience on the web.

This is especially dangerous when what you want is only one tempting click away, providing you “accept all” … But beware, terms and conditions will apply.

Preserving academic interests

Trading off privacy for personalised experiences can be beneficial, but not in an academic context.

You might be thinking – “I’ve nothing to hide, – I’ve not been labelled by PREVENT, not on an NSA watch list, my bank details are secure and I’m happy for retailers, streamers, service providers to know more about me. I like getting editorial news I agree with, adverts for clothes I would actually wear, and suggestions for new academic content I might use.”

You may well be right. And it is indeed a personal choice – but in the academic world we want and need more anonymity.

Service Providers should work hard to develop the full range of resources we might need, rather than a narrow, more profitable niche. Institutions and researchers need to keep their directions of research secret, and not have an algorithm used by third parties determine what they are working on.

Remember – the more a provider knows about you, the less they have to compete to serve you. It’s in their interest – not yours, and certainly not the sector’s.

We are seeing a lot of horizontal and vertical integration in the academic publisher space, such as Wiley (who have a content provision focus) and the acquisition of Atypon (hosting and access focus). Why? Well, it means there’s even more touchpoints to KNOW more about YOU.

And you may trust one vendor but what happens if they sell information about users onwards? Did you REALLY read the Apple iTunes T&Cs which come out at nearly 8000 words?

It doesn’t have to be a trade-off

The good news is that privacy and personalisation are not a trade-off when it comes to academic resources. It’s possible to offer these personalised experiences while preserving individual privacy. And that’s where UK Access Management Federation (UKf) steps in.

The raison d’etre of the UKf, is that WE don’t want to know anything about you. At all. That’s your business.

Most importantly – we also don’t want any of the Service Providers (publisher resources, databases and so on) you might connect to via the UKf, to know very much about you either.

Service Providers typically need know that you are A student or staff member, but not which student or staff member. The Service Provider would only usually need to know that you are enrolled at the subscribing institution.

Sometimes a Service Provider will need to know more. Perhaps for granular access – a large medical college with a small law department cohort for example, or research application or research provider such as the National Institutes of Health. However – these are edge cases. The exceptions. Not the law.

Achieving privacy-preserving personalisation

Personalisation is still possible with the use of pseudonymous identifiers. This means publishers can provide you with lightboxes – bespoke custom tools etc – but they are linked to an alias rather than your real name.

This should be music to the ears of institutions and service providers alike. Avoid the burden of looking after personal data, but deliver great staff and student experiences? Yes, please!  I mean, with the Information Commissioner’s Office (ICO) looking over your shoulder, who really needs the added stress?

Seamless Access, which emerged out of its forerunner, RA21, is another way of preserving privacy yet enhancing ease of user access- with privacy having been built into it from the ground up.

So long as the service provider is working with UKf, or a similar federation, it will be more than possible for them to offer staff and students personalised experiences, without having to get all of their personal data.

An individual choice, but a sector need

A decade ago, John Paschoud, at the London School of Economics, conducted a famous study (well, famous in our circles) at a freshers’ week. Students were asked to consent to give away a whole pile of personally identifiable information, in exchange for a Mars bar.

The result? Well, he ran out of Mars Bars….

Fast forward ten years, and people are giving away their identity wholesale. It’s a personal choice – and hey, if an individual determines that getting access to a free face morphing de-aging app to create a deepfake is worth some information, then that’s their choice.

It’s not, however, in the interests of the sector.

Speak Up. Say No. Say it Loud and Clear.

So back to the issue in hand: while UKf are not giving away very much to the service provider, you may be doing this in other areas of your organisation, or in your personal life.

You can say No to cookies. You can say No to personalised info being released. And in the academic arena – it’s vital we do so. We have the power to come together as a sector to put our foot down on dodgy or unnecessary data sharing practices. If we don’t act like we want to safeguard our privacy, it’s hard to expect others to care.

To get an idea of how Institutional Librarians feel about privacy preservation, I’d suggest this article by Mimi Carter . It offers a fascinating perspective on the issues around the trend for Service Provider mergers both horizontal and vertical integration, and the general trend towards behemoth organisations. The SPARC objection letter to the ProQuest Clarivate merger is an interesting read.

I’d really like to conclude by saying “We (Jisc) care, so you don’t have to,” but it is simply not true. For privacy to stay at the top of the agenda, and to keep Service Providers at least cognisant of the issue, we all need to care in every area of our academic online life….

We’re looking forward to seeing the results of the upcoming ICO consultation which called for views surrounding Anonymisation, pseudonymisation and privacy enhancing technologies guidance.

If you are a service provider who would like more information about how to enable this type of functionality, please get in touch with the UK federation service desk via service@ukfederation.org.uk who will be more than happy to help.

Mark Williams

Jisc Identity Verification Services Manager

ORCID iD: https://orcid.org/0000-0002-5737-0411

Leave a Reply

Your email address will not be published. Required fields are marked *