<ul><li>Online Journal Security Issues </li></ul><ul><li>A Charleston Panel Discussion </li></ul><ul><li>John McDonald </l...
Security of licensed content <ul><li>Online publishing led to licensing of academic research materials </li></ul><ul><ul><...
Prohibited Uses <ul><li>Usual prohibited uses (…or duh!) </li></ul><ul><ul><li>altering, recompiling, reselling, publishin...
License 1 <ul><li>Subscriber will use its best reasonable efforts to ensure that Authorized Users are notified of the impo...
License 2 <ul><li>If an Authorized User fails to abide by these Terms and Conditions of Use or other terms of this License...
Example 1: Proactive <ul><li>JSTOR Open Proxy  </li></ul><ul><ul><li>Open proxy at Caltech </li></ul></ul><ul><ul><li>Easy...
Example 2: Reactive <ul><li>Recent usage made of this service from your institution exceeds what is regarded as normal and...
Example 2: Curing <ul><li>Note that systematic and programmatic downloading are two of the Prohibited Uses listed in the I...
Example 3: Incomplete information <ul><li>This email is to notify you that we have detected unusual spider activity on our...
Improved Security  <ul><li>Libraries </li></ul><ul><ul><li>Pro-active enforcement of license terms  </li></ul></ul><ul><ul...
Why should we care? <ul><li>Provide seamless access to information with a minimum of intermediation   </li></ul><ul><li>Ne...
Upcoming SlideShare
Loading in …5
×

Online Journal Security Issues: A Charleston panel discussion

374 views

Published on

Presentation given at Charleston Conference, November 9, 2006

  • Be the first to comment

  • Be the first to like this

Online Journal Security Issues: A Charleston panel discussion

  1. 1. <ul><li>Online Journal Security Issues </li></ul><ul><li>A Charleston Panel Discussion </li></ul><ul><li>John McDonald </li></ul><ul><li>California Institute of Technology </li></ul><ul><li>November 9, 2006 </li></ul>
  2. 2. Security of licensed content <ul><li>Online publishing led to licensing of academic research materials </li></ul><ul><ul><li>Licenses adapted from database & software models </li></ul></ul><ul><li>Clauses focused on explicit definitions of users and usage </li></ul><ul><ul><li>Who (authorized users) </li></ul></ul><ul><ul><li>What (licensed content) </li></ul></ul><ul><ul><li>When (term and renewal) </li></ul></ul><ul><ul><li>Where (jurisdiction) </li></ul></ul><ul><ul><li>How (technical aspects) </li></ul></ul><ul><li>And Why…(as in)… Restrictions on Use </li></ul><ul><ul><li>Prohibited users </li></ul></ul><ul><ul><li>Prohibited use </li></ul></ul>
  3. 3. Prohibited Uses <ul><li>Usual prohibited uses (…or duh!) </li></ul><ul><ul><li>altering, recompiling, reselling, publishing or republishing, making persistent local copies, altering copyrights or changing publisher or authors names, etc. </li></ul></ul><ul><li>Common breaches (…or what seems logical to the publisher but not to our users) </li></ul><ul><ul><li>Systematic or programmatic copying or downloading. </li></ul></ul><ul><ul><li>Downloading by volume (too much or too much from the same issue) </li></ul></ul><ul><ul><li>Allowing unauthorized users to access content </li></ul></ul>
  4. 4. License 1 <ul><li>Subscriber will use its best reasonable efforts to ensure that Authorized Users are notified of the importance of respecting the intellectual property rights in the License Material and of the sanctions that may be imposed or claims that may be made for failing to do so, and that Authorized Users are notified of and comply with the terms and conditions of this License Agreement and any and all user guidelines or restrictions provided by Agent or Publisher from time to time. </li></ul><ul><li>Subscriber [is not] liable for breach of the terms of the license agreement by an authorized user provide that the subscriber did not cause, knowingly assist, or condone the continuation of such breach after becoming aware of such breach. </li></ul><ul><li>License will be terminated if…any party hereto commits a material or persistent breach of any term of this License Agreement and fails to remedy the breach within 30 days of notification. </li></ul>
  5. 5. License 2 <ul><li>If an Authorized User fails to abide by these Terms and Conditions of Use or other terms of this License, Publisher reserve the right in its sole discretion to suspend or terminate such Authorized User’s access to the Product immediately without notice, in addition to any other available remedies. </li></ul><ul><li>Notwithstanding the above, except in the case of a material breach which Publisher deems dangerous to the integrity and security of the Product, Publisher shall give prior written notice to the Licensee of its intention to terminate such Authorized User’s access and shall allow the Licensee and/or the Authorized User 60 days after receipt of such notice to cure the breach or agree to abide by the terms and conditions of this license. </li></ul>
  6. 6. Example 1: Proactive <ul><li>JSTOR Open Proxy </li></ul><ul><ul><li>Open proxy at Caltech </li></ul></ul><ul><ul><li>Easy to identify the user </li></ul></ul><ul><ul><li>Due to misconfigured server </li></ul></ul><ul><ul><li>No security breach </li></ul></ul><ul><li>Proactive handling of potential prohibited use </li></ul>
  7. 7. Example 2: Reactive <ul><li>Recent usage made of this service from your institution exceeds what is regarded as normal and reasonable. </li></ul><ul><li>This activity was isolated to two hosts identified at IP address 131.215.***.*** and 131.215. .***.*** on December 18th. </li></ul><ul><li>Many of the requests were sequential and systematic--that is, 1,083 requests, in “Journal of Exceptional Downloads” were downloaded consecutively and within short intervals. </li></ul><ul><li>Access from the IP ranges 131.215.***.*** and 131.215. .***.*** have been temporarily suspended. </li></ul>
  8. 8. Example 2: Curing <ul><li>Note that systematic and programmatic downloading are two of the Prohibited Uses listed in the Institutional User Agreement that you signed. </li></ul><ul><li>We would appreciate it if you would investigate the situation and report back your findings to Publisher. </li></ul><ul><li>Please note that we would like a reply by January 10th; </li></ul><ul><li>If no reply is received and/or this systematic downloading continues, access may be suspended from the entire IP range for your institution. </li></ul><ul><li>We also require an assurance from you that such systematic downloading will not take place again. </li></ul>
  9. 9. Example 3: Incomplete information <ul><li>This email is to notify you that we have detected unusual spider activity on our site originating from the following IP address: 131.215.xx.xxx </li></ul><ul><li>As a preventive measure we have blocked this IP address from accessing the site any more. </li></ul><ul><li>Please note that this may prevent valid users of your institution from accessing the site if they are coming in from the same IP. To unblock this IP address you must contact the publisher who will be able to analyze the problem and unblock it. You may reply to this email to contact us. </li></ul><ul><li>We apologize for any inconvenience. </li></ul>
  10. 10. Improved Security <ul><li>Libraries </li></ul><ul><ul><li>Pro-active enforcement of license terms </li></ul></ul><ul><ul><ul><li>Notification & Education </li></ul></ul></ul><ul><ul><li>Technical systems at the library to ensure compliance </li></ul></ul><ul><ul><li>Reactive enforcement process </li></ul></ul><ul><ul><li>Identifying security breaches when notified </li></ul></ul><ul><ul><li>Communicating to publishers </li></ul></ul><ul><li>Publishers </li></ul><ul><ul><li>Improved technical systems </li></ul></ul><ul><ul><li>Definitions of trigger events </li></ul></ul><ul><ul><li>Communication to subscribers </li></ul></ul><ul><ul><li>Information provided to subscribers </li></ul></ul>
  11. 11. Why should we care? <ul><li>Provide seamless access to information with a minimum of intermediation </li></ul><ul><li>Negotiate clear and explicit licenses </li></ul><ul><li>Provide information according to license terms </li></ul><ul><li>Reduce impact of misuse by one on the potential use by others </li></ul><ul><li>Ensure that our usage metrics are accurate representations of usage. </li></ul>

×