“Through the looking glass: envisioning new library technologies” securing your digital library with encryption
| DOI | https://doi.org/10.1108/LHTN-12-2014-0106 |
| Pages | 5-7 |
| Published date | 02 March 2015 |
| Date | 02 March 2015 |
| Author | Peter Fernandez |
| Subject Matter | Library & information science,Librarianship/library management,Library technology |
“Through the looking glass: envisioning new
library technologies” securing your digital
library with encryption
Peter Fernandez
Everything from our e-mail to the newest
generation of wearable devices depends
on technology that communicates with
other technology. This ability to share
information across devices enables much
of the technological infrastructure that
libraries and their patrons depend on.
However, many of the methods used to
share information are indiscriminate
about how that information is broadcast,
and it can be surprisingly easy to
inadvertently share information that was
intended to be secure.
In an increasingly interconnected
world, encryption technology can be a
powerful tool for those who wish to
control those who have access to the
information stored on, and communicated
by, their favorite technology. Moreover, as
libraries continue to act as technology hubs
for their patrons, understanding encryption
tools can help library staff make informed
decisions about the implications of the
software their patrons use. This column will
provide context for understanding why
encryption is important and provide some
examples of applications designed to make
it easier than ever to control who has access
to the information transmitted by the
technology we use.
E-Books and the lack of encryption
The importance of encryption, and
how easy it is to take for granted, was
recently highlighted by the changes in a
new version of Adobe Digital Editions.
Because this software is bundled with the
popular Digital Rights Management, it is
required by many vendors to enable
reading of e-books, including by many
publishers who provide e-books through
libraries. After the update, the software
began to transmit its users’ data
unencrypted through the Internet. In effect,
library patrons using this version of the
software would be broadcasting
information about their usage, including a
timestamp, the title of the book, the
author, the year of publication, the book’s
subject and description, and pages read to
anyone interested in intercepting the data.
Most patrons would not be aware that this
activity was happening, and if not for a
public outcry, many libraries would be
unlikely to know about such
consequences of this e-book delivery
method. This example highlights why it
is important for libraries to take an active
role in understanding the encryption
technology being provided to their
patrons and used by their staff. It can be
easily assumed that information held by
these technologies is secure in ways that
it is not. However, information that is
transmitted online is almost always done
in a way that can be easily intercepted.
The easiest way to keep it secure is not to
avoid having it be intercepted, but to
encrypt it so that it is unintelligible when
it is intercepted.
Because of the outcry around this
particular issue, it is likely that Adobe
will relatively quickly fix this particular
problem. It is less clear that libraries or
patrons have developed sufficiently
systematic ways to prevent this kind of
problem from happening again or
detect such a problem.
What exactly is encryption?
Encryption alone will not solve all
security problems, but it is an effective
tool and a necessary, if sometimes lacking,
component of many technologies. It is a
constantly evolving field that has been
developing at least since Julius Caesar
started encoding his private
correspondence with a cypher. At its
most basic level, that is still what
encryption does. It takes information in
its rawest form and scrambles it, so that
it becomes indecipherable to anyone
who does not have a way to decode it.
Since the advent of computers, both
our ability to easily encrypt and decrypt
information in complicated ways has
increased dramatically. For instance,
using a relatively simple tool called the
Text Mechanic Encryption Generator
(http://textmechanic.com/Encryption-
Generator.html), I can take a simple
phrase such as: “Encryption made
easy!” and have it converted/encrypted
into “yZwoqL6⫹ic0FX6YhMzMh9
a⫹euPfjN48hMTIhwiE5IS7rURWuoU
gHNA⫽⫽”. I can just as easily use the
same tool to decrypt the text into my
original message as long as I use the
same key or cypher. That key tells the
program exactly how the text should be
changed so that it can switch back and
forth between the two versions. That
key can then be given to someone on
the other end of the communication so
that they (or more accurately their computer
program) can convert the text into its
original form and read it. Anyone else who
intercepted my message in transit and did
not have access to the key would be unable
to interpret my message.
Clearly, this method only works as
long as nobody can intercept the key
used to encrypt the message. However,
since information transmitted online
would usually need to include the key
in order for it to beread, both the key and
the message would be intercepted if
transmitted together. Therefore, modern
encryption often uses two asymmetrical
keys, one t o encrypt the data (A) and a
separate one to decrypt it (B). For
instance, Jane’s program can transmit
publically the key (A) that is needed to
encrypt data that can only be decrypted
by Jane’s private key (B). Anyone can
know the public key (A) needed to
encrypt data to be sent to Jane, as long
as she is the only one who knows the
LIBRARY HITECH NEWS Number 1 2015, pp. 5-7, © Emerald Group Publishing Limited, 0741-9058, DOI 10.1108/LHTN-12-2014-0106 5
To continue reading
Request your trial