05/22/2015    09:02:20 AM    from Abigail Wickes to All Participants:
hi all, my name is Abigail and I'm a marketing analyst for Oxford University Press. I'm looking forward to talking a little bit about what I do with usage data. :)
 
05/22/2015    09:02:21 AM    from Andrew Pace to All Participants:
Hello everyone, Andrew Pace, OCLC
 
05/22/2015    09:02:25 AM    from Kyan Chuong to All Participants:
Hi my name is Kyan Chuong. I am a librarian at the National Library of Medicine.
 
05/22/2015    09:02:53 AM    from Marshall Breeding to All Participants:
Marshall Breeding: member of steering committee, consultant with a broad interest in library-oriented technologies.  
 
05/22/2015    09:03:09 AM    from Todd Carpenter to All Participants:
Good morning everyone.  My name is Todd Carpenter.  I am the Executive Director of NISO and PI on this project.  I am also MC and host of today's event (although not the Webex host, that's Nettie!)
 
05/22/2015    09:03:10 AM    from Lisa Hinchliffe to All Participants:
Hi Everyone. Lisa Hinchliffe, Professor, Coord of Info Lit, Coord of Strategic Planning at U of Illinois Urbana Library. Member of NISO committee. Been doing presentations, etc. in this area. Serving on my library's privacy committee.
 
05/22/2015    09:03:20 AM    from Peter Murray to All Participants:
Hello, everyone.  Peter Murray from LYRASIS.
 
05/22/2015    09:03:20 AM    from Alan Rubel to All Participants:
Hi all: Alan Rubel here. Assistant professor in the University of Wisconsin, Madison iSchool / School of Library and Info Studies. Looking forward to learning from you all!
 
05/22/2015    09:03:25 AM    from Bonnie Tijerina to All Participants:
Hi. I'm Bonnie Tijerina, a fellow at Data & Society Research Institute and a member of this NISO steering group.
 
05/22/2015    09:03:41 AM    from Roger Schonfeld to All Participants:
Hi everyone, I am Roger Schonfeld, the director of Ithaka S+R's Library and Scholarly Communications program area. 
 
05/22/2015    09:03:46 AM    from Christopher Harris to All Participants:
Hello, I am director of the School Library System with the Genesee Valley Educational Partnership in Western New York and also am serving as the Youth and Technology Fellow with the American Library Association's Office for Information Technology Policy
 
05/22/2015    09:03:47 AM    from Deborah Caldwell-Stone to All Participants:
Hello, ODeborah Caldwelll-Stone, Deputy Director, ALA Office for Intellectual Freedom 
 
05/22/2015    09:03:47 AM    from Bobbi Newman to All Participants:
Hi I'm Bobbi Newman, I am a librarian, blogger, & phd student, loud privacy advocate, http://librarianbyday.net/
 
05/22/2015    09:03:49 AM    from Richard Entlich to All Participants:
Good morning all. I'm Rich Entlich, Collection Analyst at Cornell University Library. I work regularly with library use and user data.
 
05/22/2015    09:04:04 AM    from Laura Quilter to All Participants:
Hi -- Laura Quilter, copyright & information policy attorney/librarian at UMass Amherst.
 
05/22/2015    09:04:10 AM    from Daniel Ayala to Host (privately):
Hello, I am Daniel Ayala, Director of Information Security and Privacy at ProQuest. I am on the Steering Cte for this effort. I am relatively new to library and information services, but I have 20 years in security and privacy.
 
05/22/2015    09:04:17 AM    from Mike Robinson to All Participants:
Mike Robinson, University of Alask Anchorage, ALA Intellectual Freedom Committee Privacy Chair, looking forward again to discussions despite that its 5am here
 
05/22/2015    09:04:47 AM    from Deborah Caldwell-Stone to All Participants:
Good morning -  Deborah Caldwell-Stone, Deputy Director, ALA Office for Intellectual Freedom
 
05/22/2015    09:05:00 AM    from Lisa Hinchliffe to All Participants:
Mike - appreciate for dedication! Too bad virtual doesn't come with coffee delivery! 
 
05/22/2015    09:05:53 AM    from NISO HQ to All Participants:
Yes, Mike gets the prize! thanks for joining!
 
05/22/2015    09:06:28 AM    from Cliff Lynch to All Participants:
Good morning. I'm Cliff Lynch, Director of the Coalition for Networked Information
 
05/22/2015    09:09:57 AM    from Mei Zhang to Host (privately):
Hi, Mei Zhang, Ph.D student in University of Wisconsin-Madison, iSchool
 
05/22/2015    09:11:09 AM    from NISO HQ to All Participants:
technical assistance numbers: 877-812-4501 (US/Canada); 1 706-643-6127 (International)
 
05/22/2015    09:16:35 AM    from NISO HQ to All Participants:
yes, if in doubt send a message of any sort to NISOHQ, that's me (Nettie) and I will help.
 
05/22/2015    09:16:42 AM    from Eric Hellman to All Participants:
I'm Eric Hellman. I run Unglue.it. Member of Steering Committee. I've been writing about privacy issues on my blog (Go To Hellman) and in American Libraries.
 
05/22/2015    09:17:20 AM    from Karen Wetzel to All Participants:
Karen Wetzel, Program Manager for EDUCAUSE Center for Analysis and Research
 
05/22/2015    09:18:11 AM    from Wouter Haak to All Participants:
Wouter Haak, VP product strategy of Elsevier - platforms for Academic & Government. 
 
05/22/2015    09:18:48 AM    from Christopher Harris to All Participants:
Had to wrap my brain around some of our great chat yesterday about the potential differences between patron data and library data. https://medium.com/@infomancy/on-patron-data-and-library-data-bcdd5ea9ccf0
 
05/22/2015    09:20:02 AM    from Mike Robinson to All Participants:
nice graphic Christopher
 
05/22/2015    09:20:19 AM    from Christopher Harris to All Participants:
considering the difference between "patron data" and "library data" might help us continue to respect and uphold the idea of patron privacy while also describing general data that falls outside of that sphere that we can use for the benefit of the library
 
05/22/2015    09:22:10 AM    from Mike Robinson to All Participants:
yes, a lot of what we have traditionally considered patron data was not pii, i.e. very aggregated library usage data
 
05/22/2015    09:22:22 AM    from Karen Wetzel to All Participants:
Great suggestion, Christopher. 
 
05/22/2015    09:22:48 AM    from NISO HQ to All Participants:
don't forget if you are not speaking you should mute your line, either on your phone directly if it has that feature
 
05/22/2015    09:23:03 AM    from NISO HQ to All Participants:
or by typing *6 - that will mute via the confeerence line
 
05/22/2015    09:23:06 AM    from NISO HQ to All Participants:
#6 to unmute
 
05/22/2015    09:23:53 AM    from Eric Hellman to All Participants:
interesting graphic, Christopher, but I would argue that the division between patron data and library data is a false one. 
 
05/22/2015    09:25:21 AM    from Lisa Hinchliffe to All Participants:
And, I regularly work with the Internet Archive and wish it would let me opt-in to "hey, I found this thing keep track of it for me" 
 
05/22/2015    09:26:25 AM    from David Lee King to All Participants:
Eric - I'd agree. Certainly some of the items under "opt-in" aren't really choices that patron can make. Libraries need some way to connect a person to an item when it's checked out. So we have to have name and contact info in our systems. That's pretty much required info - not something a customer can "opt into"  (if I'm reading Chris's graphic correctly).
 
05/22/2015    09:26:53 AM    from Mike Robinson to All Participants:
I think calling the lefthand side pii (versus patron data) would be clearer.  but what do we call the middle/overlap area?
 
05/22/2015    09:27:14 AM    from Lisa Hinchliffe to All Participants:
One circulating copy of an ebook is absolutely reality for our libraries and users!
 
05/22/2015    09:27:23 AM    from Christopher Harris to All Participants:
Mike: love the PII label
 
05/22/2015    09:28:06 AM    from David Lee King to All Participants:
Mike - you could call it demographic info - that's a normal label for that type of info
 
05/22/2015    09:28:24 AM    from Abigail Wickes to All Participants:
middle/overlap = "demographic data"?
 
05/22/2015    09:28:27 AM    from Eric Hellman to All Participants:
PII is a legal fig leaf
 
05/22/2015    09:28:28 AM    from Christopher Harris to All Participants:
But the label demographic data is also applied to anonymous data
 
05/22/2015    09:28:40 AM    from Christopher Harris to All Participants:
The ala library bill of rights is a legal fig leaf
 
05/22/2015    09:29:06 AM    from Christopher Harris to All Participants:
we have all agreed to follow a document that has no legal standing and no teeth in the professional organization 
 
05/22/2015    09:29:16 AM    from Eric Hellman to All Participants:
A different sort of fig leaf, perhaps
 
05/22/2015    09:29:40 AM    from Deborah Caldwell-Stone to All Participants:
But state library confidentiality laws are .. law. 
 
05/22/2015    09:29:55 AM    from Christopher Harris to All Participants:
Differentiating PII (private data, use only with permission) and library data (free to mine for ethical use) is helpful for establishing principles
 
05/22/2015    09:30:11 AM    from Christopher Harris to All Participants:
deborah: but the laws don't say libraries can't use that data
 
05/22/2015    09:30:16 AM    from Richard Entlich to All Participants:
Some data points that I would add to Christopher's graphic include IP address (can be pii), as well as academic/administrative classifications, such as college, major, department, graduate field, patron status, etc.
 
05/22/2015    09:30:26 AM    from Christopher Harris to All Participants:
we can't share or publish the data, but the laws don't say we can't mine the heck out of it
 
05/22/2015    09:30:50 AM    from Christopher Harris to All Participants:
We haven't mined the heck out of it because of the ALA Bill of Rights fig leaf
 
05/22/2015    09:32:00 AM    from Lisa Hinchliffe to All Participants:
Chris - I'm not sure that there is "agreement to use" the bill of rights ... I find it is more that libraries "pledge allegiance to it" and use it as a shield when convenient. Little cynical - more than I am - but I think some reality. 
 
05/22/2015    09:32:07 AM    from Deborah Caldwell-Stone to All Participants:
They do if that use involves sharing with third parties or lack of security that leads to a data breach
 
05/22/2015    09:32:25 AM    from Mike Robinson to All Participants:
that's probably the biggest question we are circling around, can we do data mining in a way that sufficiently protects patron/ reader privacy?
 
05/22/2015    09:32:52 AM    from Lisa Hinchliffe to All Participants:
That is the Q I think. And, I think the answer is no, maybe, sometimes, yes, and absolutely. :) 
 
05/22/2015    09:32:53 AM    from Eric Hellman to All Participants:
What I mean about PII is that it's a legal concept that ignores how big data works today.
 
05/22/2015    09:33:27 AM    from Deborah Caldwell-Stone to All Participants:
I would say that the use of full names to ID  self-serve holds that are freely browsable by the public is an example of "library use" that violates both the law and the profession's ethics 
 
05/22/2015    09:34:06 AM    from Deborah Caldwell-Stone to All Participants:
Each use of data needs to be carefully examined 
 
05/22/2015    09:35:35 AM    from Christopher Harris to All Participants:
Defining where data falls in a sphere helps us figure things out though. Looking at the really bad graphic I sketched out, the example of full name on a public holds shelf would obviously be opt-in only. You could give them a library card number (anonymous id) and then have that labeled on the holds shelf for opt out usage though
 
05/22/2015    09:35:37 AM    from Lisa Hinchliffe to All Participants:
While I agree Deborah, I assume that in all of the "yes" version answers we are not making the data PUBLIC!
 
05/22/2015    09:38:13 AM    from Deborah Caldwell-Stone to All Participants:
Trina Magi, "A Fresh Look at Privacy-Why Does It Matter,Who Cares, and What Should Librarians Do about It?" ttp://journals.iupui.edu/index.php/IndianaLibraries/article/view/4229/pdf
 
05/22/2015    09:39:02 AM    from Eric Hellman to All Participants:
Any library that doesn't use https is essantially making all user activity, including PII PUBLIC!
 
05/22/2015    09:40:27 AM    from Lisa Hinchliffe to All Participants:
Though it needs to get fixed/implemeneted, I have yet to hear anyone argue for not https so maybe we have at least ONE point of agreement!  #SCORE!
 
05/22/2015    09:40:36 AM    from Peter Murray to All Participants:
Didn't Trina Magi have a more recent article on the topic as well?  I'm trying to find it through my citations.
 
05/22/2015    09:41:59 AM    from Peter Murray to All Participants:
Ah!  Here is is:  A Content Analysis of Library Vendor Privacy Policies: Do They Meet Our Standards? http://crl.acrl.org/content/71/3/254.short
 
05/22/2015    09:42:16 AM    from Peter Murray to All Participants:
(May 2010)
 
05/22/2015    09:42:33 AM    from Peter Murray to All Participants:
(Not more recent, but more recent to me.)
 
05/22/2015    09:42:40 AM    from Mike Robinson to All Participants:
eric, agreed that https is important.  however, patrons are probably more at risk from how their data is tracked, aggregated & stored by librarys and vendors versus snooping of individual http sessions in the clear
 
05/22/2015    09:43:01 AM    from Christopher Harris to All Participants:
Lisa: A point of agreement, and a point of problem. HTTPS is a duh thing for me, but in many schools it is being bypassed by filters using man-in-the-middle attacks to decrypt and filter secure traffic
 
05/22/2015    09:43:09 AM    from Deborah Caldwell-Stone to All Participants:
Also see her  "Fourteen Reasons Privacy Matters" http://www.jstor.org/stable/10.1086/658870
 
05/22/2015    09:43:32 AM    from Wouter Haak to All Participants:
Agree with Mike Robinson. In addition: https is good if all end-users are willing to log in. Not all end users are willing to do so on all 
platforms; hence more seamless (easy access) http use of platforms will probably be required as well. 
 
05/22/2015    09:43:32 AM    from Christopher Harris to All Participants:
So perhaps a point of patron education and continued policy advocacy to keep https secure
 
05/22/2015    09:43:51 AM    from Mike Robinson to All Participants:
that type of man-in-the-middle attack by ISPs should be illegal (maybe they are?)
 
05/22/2015    09:44:07 AM    from Bobbi Newman to All Participants:
I have that article & others on my reading list http://librarianbyday.net/2015/05/22/reading-list-patron-privacy-in-libraries-in-the-digital-age-nisoprivacy/
 
05/22/2015    09:44:21 AM    from Peter Murray to All Participants:
Bobbi++
 
05/22/2015    09:44:34 AM    from David Lee King to All Participants:
Great list, by the way Bobbi!
 
05/22/2015    09:45:10 AM    from Lisa Hinchliffe to All Participants:
Chris - good point. I actually had my first experience yesterday of a K12 email system refusing to deliver an email because of "inappropriate language" 
 
05/22/2015    09:45:47 AM    from Lisa Hinchliffe to All Participants:
Bobbi - a great list and I gave you two more books to read! :) 
 
05/22/2015    09:46:10 AM    from Christopher Harris to All Participants:
mike: by an isp, perhaps, but a school can likely do it because their users have no expectation to privacy
 
05/22/2015    09:46:11 AM    from Eric Hellman to All Participants:
Walter, you seem unaware of what https does- its orthogonal to login. can discuss out of band if you like
 
05/22/2015    09:46:17 AM    from Bobbi Newman to All Participants:
excellent! I also tweeted a list to The Filter Bubble, which I've read but is not on the list 
 
05/22/2015    09:47:30 AM    from Mike Robinson to All Participants:
man in middle is type of fraud, i.e. pretending to be certificate/website/domain you are not, very shady
 
05/22/2015    09:47:58 AM    from Christopher Harris to All Participants:
I agree. I would think the FCC might be a bit perturbed by this
 
05/22/2015    09:48:43 AM    from Alan Rubel to All Participants:
I hope this isn't too much self-promotion, but I have a couple of recent pieces on privacy and e-resources. One is: “Libraries, Electronic 
Resources, and Privacy: The Case for Positive Intellectual Freedom,” Library Quarterly 84(2) (April 2014):183-208 (preprint available at ssrn.com)
 
05/22/2015    09:49:46 AM    from Peter Murray to All Participants:
Go for it, Alan.
 
05/22/2015    09:50:15 AM    from Alan Rubel to All Participants:
The other is with Mei Zhang: Mei Zhang, “Four Facets of Privacy and Intellectual Freedom in Licensing Contracts for Electronic Journals” in College and Research Libraries: Coll. res. libr. May 2015 76:427-449; doi:10.5860/crl.76.4.427. Mei and I will discuss this at our lightning round later. 
 
05/22/2015    09:50:30 AM    from Alan Rubel to All Participants:
thanks, peter!
 
05/22/2015    09:52:12 AM    from Mike Robinson to All Participants:
yeah, the fact that summon delivers statistics console via mixed mode is bad both insecure and makes it unsuable for many librarians (they don't know how to get around the browser block)
 
05/22/2015    09:52:18 AM    from Bobbi Newman to All Participants:
Alan- I'll add these to my list! Thanks 
 
05/22/2015    09:53:33 AM    from Alan Rubel to All Participants:
Thanks Bobbi--any feedback, comments, or suggestions on how to extend from those of you on the ground would be greatly appreciated!
 
05/22/2015    09:53:43 AM    from Eric Hellman to All Participants:
I think that we need to be tolerant of mixed content, since its a symptom of transition to https
 
05/22/2015    09:53:44 AM    from Mike Robinson to All Participants:
i believe proquest is planning to replace their stastics console for summon, hopefully it will get fixed then
 
05/22/2015    09:55:09 AM    from David Lee King to All Participants:
With IP addresses - wouldn't most of those just point to dhcp ranges these days? hence you can see the one in the example comes from somewhere at Cornell Uni?
 
05/22/2015    09:55:12 AM    from Mike Robinson to All Participants:
eric, agree about mix content, just want them to work to fix it
 
05/22/2015    09:55:48 AM    from Daniel Ayala to All Participants:
Yes, in this case the mxed content is part of our transition - we are working on full HTTPS now (ProQuest)
 
05/22/2015    09:56:28 AM    from Mike Robinson to All Participants:
at my work, i have same dhcp assigned lease for monthes (unless I go on vacation with pc off)
 
05/22/2015    09:56:30 AM    from Lisa Hinchliffe to All Participants:
If publishers are retaining it, we should demand they share it with libraries! Or, Maybe libs should get a discount on the price if publishers retain the data since it creates values for the product? :) :) 
 
05/22/2015    09:56:44 AM    from Peter Murray to All Participants:
DLK: DHCP-assigned IP addresses can have long leases -- weeks to months.  
 
05/22/2015    09:56:52 AM    from Cliff Lynch to All Participants:
very much agree with Eric. A lot of these mixed page problems are transitional phenomena for a transition that's headed in the right direction
 
05/22/2015    09:57:09 AM    from Mike Robinson to All Participants:
daniel, good news about https at proquest
 
05/22/2015    09:57:29 AM    from Peter Murray to All Participants:
DLK: It becomes a "selector" that can be used to correlate other details from the user: where else they have gone and the PII they have entered into other sites.
 
05/22/2015    09:58:08 AM    from David Lee King to All Participants:
Ah - makes sense.
 
05/22/2015    09:58:43 AM    from Lisa Hinchliffe to All Participants:
"Privacy concerns" as a reason to not share data with libraries is "we don't want you to know how much we keep" IMO Let's be real and recognize that all data is tracked for some period of time ... even in a session so user can navigate among results. Question is protection, managemenet, etc. 
 
05/22/2015    10:00:09 AM    from Andrew Pace to All Participants:
Don't most publisher sites also have personal logins? Isn't there some tracking that is at the individual level and not just the IP address?
 
05/22/2015    10:00:41 AM    from David Lee King to All Participants:
Andrew - not all, but some certainly do. 
 
05/22/2015    10:00:42 AM    from Mike Robinson to All Participants:
as users start avoiding/dumping cookies, won't websites start moving more and more towards ip address tracking?
 
05/22/2015    10:01:27 AM    from Peter Murray to All Participants:
Mike: or the "supercookie" phenomenon.  Or browser fingerprinting.
 
05/22/2015    10:01:29 AM    from Eric Hellman to All Participants:
And how is the library privileged to insert themselve into the relationship between reader and publisher?
 
05/22/2015    10:01:32 AM    from Lisa Hinchliffe to All Participants:
With timestamp seems likely to be simple to trace to indiv users ... people typically have to login to access network. 
 
05/22/2015    10:03:19 AM    from Eric Hellman to All Participants:
Privacy protection depends a lot on how ezproxy is configured! Tracking can pierce the proxy anonymization.
 
05/22/2015    10:03:34 AM    from Andrew Pace to All Participants:
EZproxy can be used as an anonymizer, but it is increasingly unpopular with big publishers because of security breaches at the instintutional level
 
05/22/2015    10:04:10 AM    from Peter Murray to All Participants:
Andrew: security breaches of EZproxy at institutions?
 
05/22/2015    10:04:41 AM    from Andrew Pace to All Participants:
not breaches of EZproxy....breaches of the institutions identity provider 
 
05/22/2015    10:04:57 AM    from Andrew Pace to All Participants:
EZproxy is only middleware
 
05/22/2015    10:05:11 AM    from Peter Murray to All Participants:
Ah: patron's credentials being published or guessed by black hats.
 
05/22/2015    10:05:27 AM    from Mike Robinson to All Participants:
ezproxy gets hacked alot, i.e. login credentials are obtained some way, probably fishing, then actors use it do download licensed content in bulk
 
05/22/2015    10:05:57 AM    from Andrew Pace to All Participants:
you are right, Mike....BUT EZproxy is not getting hacked...it is being exploited with stolen credentials
 
05/22/2015    10:06:01 AM    from Deborah Caldwell-Stone to All Participants:
Are IP Addresses “Personally Identifiable Information”? http://moritzlaw.osu.edu/students/groups/is/files/2012/02/Lah_Formatted_Final.pdf
 
05/22/2015    10:06:05 AM    from Mike Robinson to All Participants:
yep, there are ways to keep an eye on bulk activity, thresholds you can set in ezproxy
 
05/22/2015    10:06:16 AM    from Peter Murray to All Participants:
Arguably not a hack of EZproxy, although EZproxy could have code that attempts to detect that and throttle such behavior.
 
05/22/2015    10:06:54 AM    from Daniel Ayala to All Participants:
right but EZProxy makes such activity much harder to detect and identify source by publishers/vendors
 
05/22/2015    10:06:56 AM    from Peter Murray to All Participants:
e.g.: block the same credentials being used from geographically distant IP addresses within a short period of time.
 
05/22/2015    10:07:17 AM    from Daniel Ayala to All Participants:
and disabling access to the EZProxy IP means the whole institution would lose access 
 
05/22/2015    10:07:46 AM    from Peter Murray to All Participants:
Daniel: Agree.  That should be a responsibilty of institutions that run EZproxy to detect and address such breaches.
 
05/22/2015    10:08:18 AM    from Todd Carpenter to All Participants:
Andrew: Since EZProxy is often a hosted service, what is the policy/practice regarding the EZP logs?
 
05/22/2015    10:08:27 AM    from Peter Murray to All Participants:
Managing EZproxy access should be an active process (or EZproxy should actively notify administrators of suspicious activity), not a passive activity.
 
05/22/2015    10:08:43 AM    from Andrew Pace to All Participants:
let's also not forget that EZproxy is a managed proxy server with ties to authentication systems....I'd be willing to bet that for each EZproxy implememntation on a campus, there are a handful of open proxies being run here and there....much easier to exploit
 
05/22/2015    10:08:51 AM    from Daniel Ayala to All Participants:
Peter: Yes, but often lack resources to identify it but are responsive when told of the issue.  I'd like to see it handled more proactively by the institution as I hate to shut off a full place/
 
05/22/2015    10:09:13 AM    from Mike Robinson to All Participants:
some publishers should and have notified customers of ezproxy breaches, we worked with one to close a breach
 
05/22/2015    10:09:50 AM    from Peter Murray to All Participants:
Sounds like there needs to be a "Service Level Agreeement" between publishers and institutions using EZproxy that specifies how responsive an institution needs to be to breaches detected by the publisher.
 
05/22/2015    10:10:07 AM    from Peter Murray to All Participants:
...with consequences outlined if the institution does not act in a reasonable amount of time.
 
05/22/2015    10:10:11 AM    from Daniel Ayala to All Participants:
i like that Peter.
 
05/22/2015    10:10:24 AM    from Peter Murray to All Participants:
Someone put that on a list!
 
05/22/2015    10:10:29 AM    from Mike Robinson to All Participants:
yes, we have been talking about if libraries can trust vendors.  proxy access reverses the conversation, can vendors trust libraries?
 
05/22/2015    10:10:45 AM    from Daniel Ayala to All Participants:
it's on the list Peter
 
05/22/2015    10:11:05 AM    from Peter Murray to All Participants:
Mike++
 
05/22/2015    10:12:00 AM    from Andrew Pace to All Participants:
As the one with product responsibility for EZproxy, I need to be VERY clear. EZproxy is a tool used by people who have breached identity providers. It is NOT the thing being breached.
 
05/22/2015    10:12:27 AM    from Daniel Ayala to All Participants:
Andrew: Very good point - it is the vehicle once the bad guy has stolen the keys
 
05/22/2015    10:12:39 AM    from Peter Murray to All Participants:
Andrew: agreed. an important clarification.
 
05/22/2015    10:12:50 AM    from Andrew Pace to All Participants:
thank you Daniel and Peter!
 
05/22/2015    10:13:25 AM    from Mike Robinson to All Participants:
andrew, agreed about ezproxy. 
 
05/22/2015    10:14:24 AM    from Christopher Harris to All Participants:
Thanks for speaking out for smaller libraries David!
 
05/22/2015    10:15:35 AM    from Mike Robinson to All Participants:
i was impressed that our relatively old version of locally installed ezproxy we were able to configure ssl correctly to protect against recent poodle/freak vunerabilities.  kudos to oclc
 
05/22/2015    10:17:02 AM    from Peter Murray to All Participants:
Does EZproxy need some sort of real-time console of accesses going through it that could flag bad activity?  A feature request?
 
05/22/2015    10:17:32 AM    from Peter Murray to All Participants:
(I haven't run EZproxy for years, so apologies if the software already has that functionality.)
 
05/22/2015    10:20:53 AM    from NISO HQ to All Participants:
As EzProxy is a honey pot for ID credential theft, is there some obligation to track and detect misuse?
 
05/22/2015    10:21:04 AM    from NISO HQ to All Participants:
that came from Jimmy Ghaphery of VCU
 
05/22/2015    10:21:13 AM    from Marshall Breeding to All Participants:
Andrew -- as I asked on twitter, where are the EZproxy logs stored for instances hosted by OCLC?  Also, does the traffic traverse the OCLC internal network?  
 
05/22/2015    10:22:04 AM    from Eric Hellman to All Participants:
have talked to crossref about https; they're working with IDF and CNRI to make the transition.
 
05/22/2015    10:22:25 AM    from Lisa Hinchliffe to All Participants:
My understanding is that the majority of mis-use od EXprozy we see is bc other credential systems are hacked/exposed and then those credentials are used in EZproxy. EZproxy itself not compromised for credentials.
 
05/22/2015    10:22:42 AM    from Andrew Pace to All Participants:
EZproxy logs are stored on the hosted servers and the traffic does not traverse the local OCLC network. We have part of the network dedicated to EZproxy hosted
 
05/22/2015    10:23:07 AM    from Christopher Harris to All Participants:
There is the fundamental difference between vendors/publishers and libraries. They don't shy away from INTERNAL USE to inform business decisions as compared to our hand-wringing over it
 
05/22/2015    10:24:18 AM    from Andrew Pace to All Participants:
Christopher: excellent point. I was sort of trying to get at that with my comment about publishers having their own identity stores
 
05/22/2015    10:24:28 AM    from Lisa Hinchliffe to All Participants:
Chris - YES! We need to use this data - we don't have infinite budgets, we need to config systems to max user experience, etc. etc. etc.
 
05/22/2015    10:24:45 AM    from Christopher Harris to All Participants:
INTERA
 
05/22/2015    10:25:18 AM    from Christopher Harris to All Participants:
INTERNAL USE, not sharing it out, has no real privacy/security implications beyond the regular risks of doing business on the internet
 
05/22/2015    10:25:33 AM    from Peter Murray to All Participants:
Using data for internal use is fine, but I would argue that libraries want to understand how deep that internal use gets to personally 
identifiable information.
 
05/22/2015    10:25:54 AM    from Christopher Harris to All Participants:
I would note that the reach out based on what was found from internal mining might start to get creepy without permission
 
05/22/2015    10:26:10 AM    from Peter Murray to All Participants:
Christopher: disagree.  If there is usage data that can be pinned to a person, a court order to the publisher would obligate the publisher to reveal that information.
 
05/22/2015    10:26:48 AM    from Christopher Harris to All Participants:
peter: the data is probably there anyway at so point in the library technology connection chain
 
05/22/2015    10:27:10 AM    from Peter Murray to All Participants:
That is why libraries want to know what PII can be discerned at the service provider level.
 
05/22/2015    10:27:13 AM    from Christopher Harris to All Participants:
And again, it is either scrubbed to make it anonymous, or the user has opted-in
 
05/22/2015    10:27:30 AM    from Lisa Hinchliffe to All Participants:
Libraries should absolutely understand how identifiable the data is - that is necessary to have the appropriate management and protections. 
 
05/22/2015    10:28:12 AM    from Christopher Harris to All Participants:
yes, but that is a different question. What I think we can start with is our library usage of data and the fact that for the most part we don't even use the anonymous data that is driving business decisions elsewhere
 
05/22/2015    10:28:31 AM    from Peter Murray to All Participants:
Christopher: can you clarify "the data is probably there anyway at so point in the library technology connection chain"
 
05/22/2015    10:28:57 AM    from Lisa Hinchliffe to All Participants:
Chris - yes, WHAT we do with the data (e.g., contacting indivs) is another important Q. We should be thoughtful, intentional, etc. Libraries are not obligated to be creepy just because they have data that could be used that way! :) 
 
05/22/2015    10:29:36 AM    from Christopher Harris to All Participants:
peter: so a lot of k-12 schools run keystroke loggers. forget https cracking, they have keystroke loggers that use biometric typing to id users even if they log in as someone else
 
05/22/2015    10:30:13 AM    from Christopher Harris to All Participants:
peter: even beyond that, simple internet logs will start to show that such and such ip went to the site at time/date
 
05/22/2015    10:30:34 AM    from Lisa Hinchliffe to All Participants:
I think we also need to bracket for this conversation whether/which libraries have capacity to use the data. If it is important to the business of running a library, we need to build the capacity where it doesn't exist. No reason each library needs to. Could be provided by consortium, etc. if small libs cant do alone/in-house.
 
05/22/2015    10:30:38 AM    from Peter Murray to All Participants:
Christopher: perhaps the data can be gleaned elsewhere, but that does not justify the storage of patron-specific activity data by the service provider.
 
05/22/2015    10:31:06 AM    from Christopher Harris to All Participants:
peter: absolutely not, never said that, don't believe that in any way
 
05/22/2015    10:31:33 AM    from Christopher Harris to All Participants:
peter: unless the patron opts in to allow it for their improved expereince
 
05/22/2015    10:32:04 AM    from Peter Murray to All Participants:
Christopher: Okay, then I don't know how to interpret "so a lot of k-12 schools run keystroke loggers" 
 
05/22/2015    10:32:29 AM    from Peter Murray to All Participants:
Christopher: It sounds to me like that says, if the library is capturing the data we can capture and use it too.
 
05/22/2015    10:32:36 AM    from Christopher Harris to All Participants:
peter: my point about internal use (in the lbirary I meant) not exposing the data to additional security risk beyond the regular level of background risk 
 
05/22/2015    10:33:01 AM    from Christopher Harris to All Participants:
peter: no, was saying that even if we aren't doing it and the vendor isn't doing it, it may still be happening
 
05/22/2015    10:33:29 AM    from Christopher Harris to All Participants:
peter: therefore if we are electing to use data (anonymous data I mean here) it isn't adding risk beyond the background risk 
 
05/22/2015    10:33:30 AM    from Peter Murray to All Participants:
Christopher: okay. I think we were talking past each other for a moment.
 
05/22/2015    10:34:01 AM    from Andrew Pace to All Participants:
WIth apologies, I need to step away for 30 minutes or so
 
05/22/2015    10:35:21 AM    from David Lee King to All Participants:
Christopher - with your keystroke logger example - is that administrator-level policy driven decisions, or is it IT department security freaks "helping" keep students focused on work in a weird way? I'd guess that at least in some cases, the principals/district leaders don't know what a keystroke logger is, and don't know that they're in use... ?
 
05/22/2015    10:38:20 AM    from Christopher Harris to All Participants:
In some cases they know they are in use and are supporting it because of the FUD they have expereinced from IT. I don't think there is full understanding of just how powerful the data being collected is
 
05/22/2015    10:40:34 AM    from David Lee King to All Participants:
Yep - administrators shouldn't let the IT dept make those decisions... just sayin
 
05/22/2015    10:41:45 AM    from Christopher Harris to All Participants:
I like the idea of a shibboleth type system that can pass attributes of a user while keeping the actual identity secret. Maybe each patron has a UID that we run through a password hash so we can't get it back the other way. I know big data sets might let a dedicated evaluater figure out the backtrack to a user given data points, but it mgiht be a start toward letting us access attributes about a user across platforms as Lisa mentioned in more of a middle ground that keeps PII private
 
05/22/2015    10:41:50 AM    from Abigail Wickes to All Participants:
this discussion is making me wish I had a background in IT
 
05/22/2015    10:43:29 AM    from Eric Hellman to All Participants:
While OUP "would never sell or give away any data" to be clear, it allows advertising networks to collect the same usage data on many of its ejournals.
 
05/22/2015    10:44:06 AM    from Lisa Hinchliffe to All Participants:
Eric - pointing out just how layered this is! not give/sell but let collect!
 
05/22/2015    10:45:37 AM    from Don Hamparian to All Panelists:
@Christopher that was one of the foundational design goals of Shibboleth. There are two challenges with Shibboleth - expense/technology challenges for institutions to adopt and the fact that the long tail of content providers don't support it today
 
05/22/2015    10:45:38 AM    from Christopher Harris to All Participants:
Pondering a tech potential solution: would hashing the IP address still allow evaluation of IP usage and correlation of IP usage while keeping the actual IP address inaccessible? Could that be a suggestion of an industry standard?
 
05/22/2015    10:46:23 AM    from Daniel Ayala to All Participants:
Chris: I think we talked about this before - perhaps a 3rd party library  provider that obfuscates the identity but facilitates the collecting of data for usage, enhancement but not tie to the person.
 
05/22/2015    10:46:29 AM    from Peter Murray to All Participants:
Christopher: not necessarily, I think.  One could simply create a table of all of the IP address and their hash results to reverse the process.
 
05/22/2015    10:47:03 AM    from Christopher Harris to All Participants:
@Don and @Daniel yeah...nice potential for a third party provider to help. make it open source for review and large management. IMLS grant anyone?
 
05/22/2015    10:47:21 AM    from Peter Murray to All Participants:
Christopher: some sort of anonymization still needs to be done on the IP address.  Perhaps turning 123.456.789.123 into 123.456.789.000
 
05/22/2015    10:48:17 AM    from Lisa Hinchliffe to All Participants:
This might protect data but to be useful the hashtagging has to follow patterns, right? So, somewhere there is a key that can reverse
 
05/22/2015    10:48:23 AM    from Mike Robinson to All Participants:
so we create a library-version of tor for user access...
 
05/22/2015    10:48:25 AM    from Richard Entlich to All Participants:
I would prefer to extract whatever demographic data that can be associated with an IP address before replacing it with another kind of anonymized identifer.
 
05/22/2015    10:49:01 AM    from Daniel Ayala to All Participants:
Nothign is foolproof from being reverse engineered - need to put some trust in our contracts and the relationships we have between vendors and librarie
 
05/22/2015    10:49:02 AM    from Daniel Ayala to All Participants:
s
 
05/22/2015    10:49:06 AM    from Peter Murray to All Participants:
Richard: I think I agree with that.  Same sort of thing as with the Shibboleth user attributes.
 
05/22/2015    10:49:38 AM    from Richard Entlich to All Participants:
Peter's idea of dropping the fourth quad will work at some institutions (those using classful routing), but not at places like Cornell that 
use CIDR (classless inter-domain routing).
 
05/22/2015    10:49:42 AM    from Christopher Harris to All Participants:
@daniel agree..nothing is totally secure and I don't really want to go to jail when someone with a warrent shows up and demands the keys or a backdoor
 
05/22/2015    10:50:32 AM    from Peter Murray to All Participants:
Daniel: tables of hashes of IP addresses are trivial to create, and would argue against its use in any attempt to anonymize traffic.
 
05/22/2015    10:50:40 AM    from Eric Hellman to All Participants:
hiding information with cryptographic techniques can be useful, but theres a danger of relying too much on it. Often better to keep the data sensitive and treat it as such
 
05/22/2015    10:50:50 AM    from Daniel Ayala to All Participants:
@Eric YES±!
 
05/22/2015    10:51:31 AM    from Peter Murray to All Participants:
A hash of the combination of an IP address and a session ID?  That might be okay.  (Would want to think some more about the possible hacks.)
 
05/22/2015    10:52:17 AM    from Christopher Harris to All Participants:
Whelp, I must run off to share all kinds of fun STEM stuff at one of my member high schools. Yay...game time!
 
05/22/2015    10:52:43 AM    from Lisa Hinchliffe to All Participants:
Would love to hear more about how this hastagging, etc. would let me still look at users as the travel between different publisher systems...
 
05/22/2015    10:53:17 AM    from Lisa Hinchliffe to All Participants:
If it removes that, then it removes my ability to better the user experience, develop services, allocate resources, etc.
 
05/22/2015    10:55:29 AM    from Mike Robinson to All Participants:
i wonder how much personal versus institutional level data we need for collection development?  I can see why you could want personal level data to improve user experience and for assessment in educational setting.  but why would you need personal level data for CD decisions?
 
05/22/2015    10:55:32 AM    from Peter Murray to All Participants:
Why is cooperation in an investiation problematic?
 
05/22/2015    10:58:46 AM    from Eric Hellman to All Participants:
compelled cooperation
 
05/22/2015    10:59:00 AM    from Lisa Hinchliffe to All Participants:
Mike - example: personal in order to aggregate characteristics. we license a database to serve a particular program bc unique indexing, etc. but, they never use it. all other use is just for the fulltext included (we can see bc via SFX not search within) and we have the fulltext elsewhere.
 
05/22/2015    10:59:30 AM    from Lisa Hinchliffe to All Participants:
Mike - I should not say "never" but relatively minimal and then other in database searching not tied to that dept
 
05/22/2015    11:00:08 AM    from Richard Entlich to All Participants:
I addressed Mike's question to some degree in my presentation yesterday. For effective CD, we don't need to know the behavior of specific individuals, but it's very helpful to know the behavior of various demographic groups that individuals belong to, and there is also value in being able to identify the behavior of distinct individuals, so we can quantify the size of the population using certain resources and services, without knowing specifically who that person is.
 
05/22/2015    11:01:00 AM    from Lisa Hinchliffe to All Participants:
Thanks Richard - yes, your examples yesterday were useful
 
05/22/2015    11:04:42 AM    from Laura Quilter to All Participants:
Agreements to compel cooperation by libraries are absolutely a non-starter. It would require much more extensive assessment of terms. 
 
05/22/2015    11:14:18 AM    from Mei Zhang to All Participants:
Kristin R. Eschenfelder et al., “How Institutionalized Are Model License Use Terms? An
Analysis of E-Journal License Use Rights Clauses from 2000 to 2009,” College & Research Libraries
74, no. 4 (2013): 351.http://crl.acrl.org/content/early/2012/04/16/crl-289.short
 
05/22/2015    11:14:19 AM    from Mike Robinson to All Participants:
many libraries send patrons to collection dept if they don't return the book
 
05/22/2015    11:15:36 AM    from Laura Quilter to All Participants:
Mike Robinson, "many" libraries?
 
05/22/2015    11:15:58 AM    from Lisa Hinchliffe to All Participants:
Different case tho - we don't refuse to check out books to other users until it is dealt with! :) 
 
05/22/2015    11:16:05 AM    from Mike Robinson to All Participants:
well, some
 
05/22/2015    11:16:09 AM    from David Lee King to All Participants:
Yep - in public libraries, that's normal practice
 
05/22/2015    11:16:31 AM    from Laura Quilter to All Participants:
At any rate, libraries turning users over to collection dept for their relations with the library is a different matter entirely than 
collaborating with vendor on violations of contract terms as defined by vendor. 
 
05/22/2015    11:16:44 AM    from Laura Quilter to All Participants:
That places libraries in a position of insuperable conflict of interest. 
 
05/22/2015    11:16:51 AM    from Mike Robinson to All Participants:
just trying to make the point, we do have history of enforcment/compliance in regards of use of physical items. 
 
05/22/2015    11:17:36 AM    from Mike Robinson to All Participants:
agreed, it is different when library assumes it themselves versus being compelled by agreement with publisher
 
05/22/2015    11:17:39 AM    from Laura Quilter to All Participants:
Enforcement of our own rights, where we set the rules and have the data.  That is different than enforcement of contractually determined rights where vendors establish the violations, terms, etc. 
 
05/22/2015    11:17:43 AM    from Lisa Hinchliffe to All Participants:
Did someone claim libraries shouldn't be involved in this at all in digital? I thought point was re balance and burdens, collective effect, etc.
 
05/22/2015    11:22:31 AM    from Alan Rubel to All Participants:
Lisa: yes, agreed. The point i would hope to make  is not that enforcement and cooperation are bad per se. Rather, it's about just what that entails and how to structure it.
 
05/22/2015    11:23:03 AM    from Mei Zhang to All Participants:
The page from Ted Bersgrom, talking about their license collection process, but does not provide link to the original data, http://www.econ.ucsb.edu/~tedb/Journals/BundleContracts.html
 
05/22/2015    11:28:25 AM    from Laura Quilter to All Participants:
I think the right model is not "monopoly" but "in loco parentis". 
 
05/22/2015    11:28:51 AM    from Laura Quilter to All Participants:
Of course we should still question whether & to what extent libraries ought to act on behalf of their users. 
 
05/22/2015    11:29:07 AM    from Lisa Hinchliffe to All Participants:
Laura - you think libs SHOULD pursue "in loco parentis"?
 
05/22/2015    11:31:08 AM    from Mike Robinson to All Participants:
user centric approach emphasizes transparency and choice over library making decisions for the users
 
05/22/2015    11:32:22 AM    from Bobbi Newman to All Participants:
I'm not sure who is speaking now but I completely agree
 
05/22/2015    11:33:33 AM    from Laura Quilter to All Participants:
Every intermediary makes decisions on behalf of its users. 
 
05/22/2015    11:34:20 AM    from Laura Quilter to All Participants:
I take it that Roger is suggesting that libraries operate not in a monopoly but in a competitive oligopoly, and that if we are too pure in principle we will be unattractive in practice and service. 
 
05/22/2015    11:35:11 AM    from Laura Quilter to All Participants:
This takes us back to the point from previous meetings, that libraries must educate users about what they get from a privacy-oriented library.  
 
05/22/2015    11:38:05 AM    from Eric Hellman to All Participants:
If libraries really offered "pure" privacy it would be one thing, but it's misleading users to salute the principles without acknowledging the gritty reality.
 
05/22/2015    11:38:38 AM    from Mike Robinson to All Participants:
my use of the web in general is diverse, sometimes i want personalization/contextual, other times i want as much anonymity as possile.  i think libraries should try to provide a similar range choice
 
05/22/2015    11:39:20 AM    from Mike Robinson to All Participants:
argree with eric that most libraries do not offer "pure" privacy
 
05/22/2015    11:39:50 AM    from Laura Quilter to All Participants:
User-centered privacy interests is really not just about libraries but about vendors, providers, other intermediaries. Roger is trying to make sure that libraries don't throw out fun services that users want just to be privacy purists. I would really rather see us all lead toward (a) figuring out useful ways to use data that do respect privacy, and (b) advocating for user privacy rules that apply broadly beyond libraries voluntary standards. 
 
05/22/2015    11:40:11 AM    from Lisa Hinchliffe to All Participants:
Laura - very useful summary "Roger is suggesting that libraries operate not in a monopoly but in a competitive oligopoly, and that if we are too pure in principle we will be unattractive in practice and service"
 
05/22/2015    11:40:40 AM    from Mike Robinson to All Participants:
Laura+1
 
05/22/2015    11:41:28 AM    from Peter Murray to All Participants:
Libraries may not provide the pure private environment today, but that is an education issue given the sprawl of technology in the past decade.
 
05/22/2015    11:43:07 AM    from NISO HQ to All Participants:
From Grace Buckler, listen-only attendee: This is a general comment regarding trust, best practices and compliance. Are libraries surveying different users' needs and stakeholders on a regular basis regarding their needs or concerns about privacy? They should. The goal of compliance and best practices should also be to conform to the needs of users - needs that are generated through different services offered by the libraries. These needs should be tailored to the best practices and regulatory requirements if libraries really want to build trust with the community.
 
05/22/2015    11:43:14 AM    from Deborah Caldwell-Stone to All Participants:
I agree, Laura
 
05/22/2015    11:43:43 AM    from Richard Entlich to All Participants:
Libraries are in a better position to offer services that require some monitoring of user's searching and reading behavior while offering solid guarantees that such data won't be repurposed for commercial uses, such as being shared with advertisers.
 
05/22/2015    11:43:57 AM    from Roger Schonfeld to All Participants:
Richard - that is exactly my point. Very well said.
 
05/22/2015    11:44:36 AM    from Roger Schonfeld to All Participants:
For those interested, I first wrote about some of these issues at www.sr.ithaka.org/blog-individual/user-centric-approach-privacy-academic-library 
 
05/22/2015    11:49:55 AM    from Richard Entlich to All Participants:
Couldl the participants who are blogging about these sessions please indicate it here, or share links to your blog posts on the listserv?
 
05/22/2015    11:50:25 AM    from Lisa Hinchliffe to All Participants:
There is also a twitter chat at #nisoprivacy ... so much info! :) 
 
05/22/2015    11:50:36 AM    from Lisa Hinchliffe to All Participants:
https://twitter.com/hashtag/nisoprivacy?src=hash&vertical=default&f=tweets
 
05/22/2015    12:00:56 PM    from Mike Robinson to All Participants:
good summary of today's discussions
 
05/22/2015    12:01:03 PM    from Roger Schonfeld to All Participants:
Very good summary
 
05/22/2015    12:01:14 PM    from Peter Murray to All Participants:
Agreed!
 
05/22/2015    12:01:26 PM    from Alan Rubel to All Participants:
agreed. v. good overview
 
05/22/2015    12:01:30 PM    from Laura Quilter to All Participants:
Agreed. Hit the points I am remembering. Looking thru notes. 
 
05/22/2015    12:01:37 PM    from Lisa Hinchliffe to All Participants:
Thanks Grace - yes, I think that is an implication of Roger's suggestion ... we need to understand users.
 
05/22/2015    12:01:53 PM    from Peter Murray to All Participants:
So much to read coming out of this as well...
 
05/22/2015    12:02:51 PM    from NISO HQ to All Participants:
All of you will be added to the "niso_privacy" mailing list later today (if you are not already on it)
 
05/22/2015    12:03:03 PM    from NISO HQ to All Participants:
this is OPT-OUT, so if you dont' want to be on it, just drop me a note at nlagace@niso.org
 
05/22/2015    12:03:18 PM    from NISO HQ to All Participants:
I'll post to that list with the links to the materials from today, once they are posted
 
05/22/2015    12:03:39 PM    from Bobbi Newman to All Participants:
I sent an email to the list this morning, I didn't receive it but can others on the list confirm it was posted?
 
05/22/2015    12:03:43 PM    from NISO HQ to All Participants:
I intend to get that up by the end of today, so you can have the whole weekend to read them!
 
05/22/2015    12:03:48 PM    from NISO HQ to All Participants:
yes, Bobbi - I saw it :-)
 
05/22/2015    12:04:56 PM    from NISO HQ to All Participants:
Yes, drop a line to nlagace@niso.org or tcarpenter@niso.org if you would like to come to the meeting in SF June 29-30
 
05/22/2015    12:04:57 PM    from Eric Hellman to All Participants:
despite Roger's talk, I think we need to add focus to users - what they want from libraries re privacy. How can we better understand?
 
05/22/2015    12:07:11 PM    from Bobbi Newman to All Participants:
Eric - yes
 
05/22/2015    12:07:19 PM    from Laura Quilter to All Participants:
What users "want" is not the only important criteria, since (a) users typically don't know the privacy trade-offs or the technology issues, and (b) users' interests in bargaining is not necessarily the same thing as libraries' first principals in being intermediaries for information. 
 
05/22/2015    12:07:24 PM    from Roger Schonfeld to All Participants:
Eric - finding out what user communities want from libraries in re privacy is a great idea. I don't see that as inconsistent with the approach I was proposing though.
 
05/22/2015    12:08:02 PM    from Laura Quilter to All Participants:
Civil liberties do not rest solely on individual or group desires / beliefs. 
 
05/22/2015    12:08:43 PM    from Bobbi Newman to All Participants:
good point Laura
 
05/22/2015    12:08:47 PM    from NISO HQ to All Participants:
thanks, everyone, for joining us this morning!
 
05/22/2015    12:09:08 PM    from Lisa Hinchliffe to All Participants:
Laura - knowing their wants also helps us understand what they value elsewhere that maybe libs could provide in better data protected ways
 
05/22/2015    12:09:08 PM    from Deborah Caldwell-Stone to All Participants:
Yes, Laura, thanks for making that point.
 
05/22/2015    12:09:11 PM    from Bobbi Newman to All Participants:
thank you
 
05/22/2015    12:09:11 PM    from Peter Murray to All Participants:
Bye!
 
05/22/2015    12:09:14 PM    from Mike Robinson to All Participants:
bye
 
05/22/2015    12:09:29 PM    from Abigail Wickes to All Participants:
Thanks everyone!
 
05/22/2015    12:09:35 PM    from Richard Entlich to All Participants:
Thanks Todd & Nettie. Hope you both feel better soon.
 
05/22/2015    12:09:37 PM    from Laura Quilter to All Participants:
happy weekend.