Jump to content
  • Librarian's Letter to Google Security

    aum

    • 354 views
    • 8 minutes
     Share


    • 354 views
    • 8 minutes

    Dear Google Security Team,


    My name is Shelley Rosen. I’m the Adult Services Librarian at the Walnut Street West Branch of the Free Library of Philadelphia, Philadelphia’s public library. I am writing in a last ditch effort to communicate to you a constant systemic problem we face at public libraries around the world every single day, which is caused specifically by Google’s sign-in and account recovery systems.


    The way Google’s two-factor authentication system is designed, sets up poor and elderly people to be locked out of their accounts again and again, and without access to their email, they lose their welfare benefits, their housing, and struggle to find work.


    As you know, GMail is the #1 email provider in the nation, and many of our patrons use GMail for their personal and professional email addresses. You are also certainly aware that Google now requires two-factor authentication any time a user logs in from a new device.


    What you may or may not know is that there are a great number of people in this country who exclusively access the internet from the Public Library and nowhere else. 13.6% of the country has no home internet access whatsoever; neither cellular nor DSL nor anything else (according to the U.S. Census). However, this number is not evenly distributed across regions and demographics.


    In Philadelphia, that number is 28.4%; keeping in mind that this includes having a data plan for your cell phone. We also have patrons who own a phone with data plan, but the library is still their exclusive access to computers, especially because they depend on library staff to guide them through the interface as many are not tech literate. All-in-all, a third or more of Philadelphia exclusively uses the public library to access their GMail accounts. In certain zip codes and neighborhoods, up to 60% of people exclusively use the public library to access the internet. Elsewhere in the country, there are counties and towns and the library is the only access anyone has to the internet; but despite this they still require the use of computers to interface with today’s society. Many government welfare forms, housing applications, and jobs applications these days require the use of the internet exclusively with no option to fill things out in person.


    For security reasons, our computers wipe all session information after a patron logs off. This is standard practice at all libraries. What this means is that Google consistently recognizes our patrons as logging in from a “new location” every single time they log into their email account; thus requiring two-factor authentication every single time.


    However, it is very common for poor working-class people to have their cellular service shut-off due to a missed payment on their phone bill. Often, they have had to sell their phone to make rent, or their phone has been stolen or broken and they cannot afford a new one and when they do finally get a new one they are unable to get their old phone number transferred over. Many people get their phones from a social service organization which will not replace a lost phone, or which will issue them a completely different phone number if they lose access to the old phone. Many never own a phone to begin with.


    When this happens, patrons are locked out of their accounts, sometimes permanently, with no support line to turn to. It is a daily occurrence, if not multiple times a day, where I am tasked with trying to get someone back into their Google account only to hit a dead end with nothing we can do. Today, July 19th 2021, an old woman came in to print out paystubs from her email that she needed in order to re-certify her income for her subsidized housing.

     

    The certification was due by the end of the day. Because she did not have her old phone and phone number, we were completely unable to get her back into her email. Because she could not get into her account, we could not get access to her paystubs, and she will not be able to recertify her income. If she does not recertify her income, she could lose her low-income housing. This elderly woman, looked to be in her 70s, might lose the roof over her head, due to being unable to log into her Google account, because she lost her old phone and with it, her phone number. She was very distraught and I had to explain to her that there was nothing we could do because Google does not have any kind of support line and logging in required her phone number. The only options given for account recovery involved her phone. Even when we clicked “I don’t have my phone” it asked her to open the Google app from the phone that she does not have. And this is a daily occurrence at the public library.


    This happens every day. People lose job opportunities, lose housing, lose food stamps, people become in violation of their parole, or lose access to their children; because they could not log into their Google account due to a missed phone bill payment or a lost phone, and some sort of important paperwork could not be sent to the right person or access or something. And it’s not just our branch. Other librarians I’ve talked to have all said that this is a common occurrence at libraries around the country even in less impoverished areas of the country.

    fwHH9LEENhJVxS7fQN9kz5QcNQ_6MjHYM1TlTWQnVha609GKE-gPY1tV2fJrCTc7SrTGw7ctg0833ZAU0NPH7wG6ZIfPm7lukHQUN0RvBGhEw1H3IkiUvQ8xiF8KoMMlTDvfqw1QbtYUM-c


    This is a systemic problem which disproportionately affects poor people and people of color. In 2015, the U.S. Census found that 36.4% of Black Americans had no broadband and no computer. Only 49.3% had their own computer and phone with broadband internet access at home. That’s less than half of Black Americans nationwide living the kind of lifestyle that Google’s account security requires you to live in order to easily log into your account without constantly being locked out.


    I haven’t even mentioned the problems we face when an elderly person forgets their password and tries to enter it too many times. There doesn’t seem to be any warning given that if they fail too many times they may permanently lose access to their account; given that the other recovery options require a phone or phone number they do not have access to.


     As a member of the Library Freedom Project, I do know about the importance of two-factor authentication in keeping accounts safe and secure. I regularly educate patrons on two-factor authentication and the importance of two-factor authentication and how to prevent themselves from getting locked out and how to create strong memorable passwords. But no matter how much I try to prevent it, every day there is someone who faces some sort of terrible life situation because a private company in California we have no way of contacting decided that every single person surely owns an expensive piece of technology that they will never lose or have disconnected. I wish sometimes I could purchase thousands of YubiKeys to give to patrons to keep with their house keys; which would prevent lockouts, but unfortunately I would require 450,000 YubiKeys to get one to everyone in Philadelphia who needs it, which is simply not in our budget.


     I have written this letter and taken unconventional means to try and get in touch with you because I am sick of watching patrons become frustrated and dejected at being unable to get into their email accounts and facing severe material consequences because of it. Having to explain that I have no ability to change Google’s website and no matter how much they explain to me why they couldn’t afford their phone bill or how they lost their phone that there’s simply nothing I can do because I can’t even call Google and talk to a person about it.


     Today I decided I would try to change Google. There simply must be a way to change how Google handles two-factor authentication which does not constantly lock out poor people who use the public library to access their email. It must be possible to make it so we do not constantly reach these dead-ends where Google tells patrons to endlessly loop through “I don’t have my phone” and “Try another way” until their account becomes locked permanently due to too many failed attempts. Some way to contact customer support, or answer a security question, or something else. Perhaps even a way of saying “I’m using the library computer!” or even maybe at account creation checking off “I always log in from public computers” or “I don’t have consistent access to a phone” and opting-in to a different form of verification. Something.


    I am not asking for money, or compensation of any kind. I just want you to fix this systemic issue so that my patrons will have one less barrier trapping them in poverty. I am pleading to you to consider how your designs and decisions affect the 30% of Philadelphians who do not and cannot live your tech-centered lifestyles. If you wish to contact me to discuss the details of which screens patrons get stuck on, etc. my contact information is:


    SHELLEY ROSEN
    Adult/Teen Librarian
    Walnut Street West Branch
    215-685-7671 - [email protected]
    201 S 40th Street, Philadelphia, PA 19104
    (She/her/hers -or- They/them/theirs)

     

    Source

    • Like 1
    • Thanks 2

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...