Copyright and Access Issues in the Realm of Electronic Publishing
Problems in the Permanent Retention of Electronic Records
Copyright and Access Issues in the Realm of Electronic Publishing
In implementing the on-line version of The American Anthropologist, AAA will encounter myriad issues relating to access. Major points of access will occur at two separate stages within the digital repository. On the back end, AAA must ensure that it has secured the rights from authors, researchers, advertisers, and other contributors to publish intellectual property on the Internet. On the front end, AAA must provide journal content to authorized end users.
Publishing Content on the Internet
With the rapid growth of on-line publishing, intellectual property concerns have become increasingly complex. Due to the traditionally unsupervised nature of the World Wide Web, many users assume that anything found on the Internet is free for the taking. Most on-line publishers, on the other hand, bear an obligation to themselves and to contributing writers to protect on-line content from copyright abuse. According to copyright lawyer Georgia Harper, copyright ownership ultimately comes down to the contract between the journal and the author. The wording of this contract must specifically define what rights the publisher assumes, and what rights the author retains, when copyright is transferred. The importance of clear-cut, ironclad copyright agreements cannot be overemphasized.
Because AAA can expect that the vast majority of AnthroSource clients will be using the portal primarily to access journal articles, the Association first needs to identify the point when a submitted article officially leaves the custody of the creator and becomes the property of the journal publisher. Even after the journal’s editors have evaluated the article as part of the peer review process, the manuscript still belongs completely to the original author. “In theory, the journal only obtains an assignment to the final version of the article that it publishes; all pre-publication drafts remain the property of the author.” Publishers could change the wording of a contract to allow peer editors more of a stake in the published manuscript, although this is not normally the case.
AAA also needs to clarify its stance in regards to self-archiving, the practice of depositing an electronic version of one’s own work in an Open Archives Initiative-Compliant digital repository. The author thereby makes the work directly available to the public. Many scholarly journals refuse to publish submissions that have been previously self-archived, but a growing number of electronic journal publishers currently support the self-archiving of article pre-prints by authors. AAA must decide whether or not to allow self-archiving by authors, and, if so, to what extent.
As an example of how some
electronic publishers negotiate authors’ rights, the
In return for permission to publish the article, the UT Press accepts accountability for maintaining high standards of editorial and production quality, as well as preserving the authenticity of the author’s manuscript. It is the publisher’s responsibility to carry the work forward while remaining true to the author’s research and intent.
AAA will need to examine the copyright policies that The American Anthropologist has used throughout its existence to identify potential problems in providing on-line journal content that has already been published in print form. Do author/publisher agreements from the journal’s earlier history state that the publisher has the right to use the material in any way, forever and throughout the universe, or are publishing rights limited to print copies? AAA’s previous experience in providing access to older articles via JSTOR has presumably addressed some of these questions.
An informal survey of available
copyright agreements indicates that most on-line journals place the burden on
the author to secure rights to any third-party photographs, illustrations, or
other material used in the article the author is submitting for
publication. Paid advertisements,
however, are a separate issue.
While advertisements and other promotional supplements are common to many
print journals, e-journal sponsors may not want their advertisements to exist in
perpetuity on the Internet. For
this reason, the
To promote scholarship and educational use of its material, AAA should identify “fair use” opportunities that it deems acceptable, such as granting educators the right to place materials on reserve, or other not-for-profit use of materials found in the AnthroSource portal. Giving away limited amounts of access for free may lead to further interest in the portal and encourage users to become full-fledged subscribers.
In sum, AAA should not attempt to publish anything on-line unless its legal right to do so has been assured. Detailed copyright agreements will be essential, and should be explicitly stated both to authors and to end users.
Once AAA has determined its distribution rights as an on-line publisher, the association must identify, define, and manage communities of end users.
Providing and Controlling Access to End Users in a Digital Repository Environment
“Through AnthroSource, scholars, teachers, practitioners, students and the interested public throughout the world will be able to access the body of peer-reviewed scholarship in anthropology, and exchange information and ideas . . . with great ease, speed, and affordability.”
In the American Anthropological Association (AAA)’s 36-page grant proposal to the Andrew Mellon Foundation, the word “access” appears 48 times. The proposal is to create an on-line resource for scholarly research in anthropology. The main goal of this web portal, called AnthroSource, is to provide electronic access to over a hundred years’ worth of anthropological work. Access is AnthroSource’s raison d’être.
AnthroSource – Restrictions on Access
AnthroSource does not intend to provide unlimited access to anyone with a valid Internet connection. Its primary purpose is to serve as a resource for AAA members, who will enjoy “access to the restricted Portal resources for the duration of their membership; lapsed members will lose member access to restricted content.”
Once the journal has accepted the final version of a scholarly article and reached a copyright agreement with the author, it becomes the responsibility of the publisher to guarantee protection from third-party use and/or modification. In order to protect the journal content from unauthorized access or other breach of copyright, AAA will need to implement a secure method for authentication (the process of establishing an individual’s identity) and authorization (the process of determining the access rights of an authenticated individual) of end users.
Identifying User Communities
The members of AAA itself will comprise AnthroSource’s primary user community. Additional communities may include academic institutions, libraries, museums, and individual users, who will be able to purchase subscriptions granting limited access to the content. Institutions with lapsed subscriptions will “retain perpetual license to AAA journal content to which they had access during the term of their subscription. AAA may opt to satisfy this requirement by providing the content to lapsed institutional subscribers on CD-ROM or a similar medium.”
Access rights for authors should also be addressed. After every issue of Libraries and Culture is published, the editors give each contributing author a free print copy of the journal. AAA may have similar policies in place for its anthropological journals, and will need to decide what electronic access rights should be granted to past, present, and future contributors.
AAA does intend to charge users for access to AnthroSource content, in order to cover the operating costs of maintaining the portal. Non-member subscribers are valued as important sources of revenue. Therefore, it is in AAA’s best interests to ensure that users attempting to access restricted content are legitimate subscribers, and that these users remain within the time frame boundaries of their subscription agreements.
Because AnthroSource is not meant to provide everyone with access to everything, it will be critical for the portal to implement a secure method of authenticating and authorizing users.
User Authentication vs. User Authorization
A user is authenticated when he or she establishes an identity with the content provider, commonly accomplished using a password and username. Each user has certain attributes linked to his or her identity (i.e. classification as student, faculty, or staff member in an academic setting) that can be used to signify which resources the user is permitted to access.
Users normally prove authenticity using one of three methods. The most prevalent, “something you know,” usually involves submitting a username and password, or answering a permanent secret (i.e. What is your mother’s maiden name?) that (presumably) only the individual end user would know. On the next level, authenticity is tested by “something you have,” such as a security card or similar identification device. The third method of authentication uses “something you are,” such as a fingerprint or retinal scan. The first method is the most inexpensive and easiest to implement, as well as the least secure. Likewise, the biometric approach is the most intrusive and costly, but the securest.
In the on-line environment, the username and/or password combination is the method most widely used. When attempting to provide access to potentially millions of users around the globe, the other approaches are impractical, overly intrusive, and expensive.
Clifford Lynch defines user authorization as “the process of determining whether an identity (plus a set of attributes associated with that identity) is permitted to perform some action, such as accessing a resource.” This ensures that a non-AAA member cannot access the portal’s restricted content.
Based on the aforementioned restrictions on access to AnthroSource content, the authentication system will need to determine whether any given user is:
The authorization system will then determine the range of content available to the authenticated user. The list of Literatum features indicates that producing “collections” based on date range is well within the capabilities of the software.
Authentication Options for AAA
To control what material is accessible to which subscribers, AnthroSource requires a “zoned” access system that will grant the highest level of access to portal administrators, a medium level of access to AAA members and subscribers, and a minimal level of access to the general public.
The University of California Press (UCP) offers a range of licensing services capable of managing access control. The software provider, Atypon, has also expressed a commitment to integrating new areas of access control as they arise.
AAA grant writers have a general idea of how AnthroSource users will be identified and authorized. “Non-AAA users will enter AnthroSource by registering, entering username and password, or by IP or other authentication. AAA members will access AnthroSource by logging onto the AAA website,” thus gaining access to the restricted, members-only section of the portal. Password-based credentials and IP recognition systems are two common authentication measures commonly used by digital repositories.
Passwords are the most widespread method of authenticating users in the electronic environment. Nearly all computer-literate people have encountered them in some form, or are at least familiar with them. According to a 2001 survey sponsored by the Association of Research Libraries (ARL), 78% of participating libraries employed password and username combinations to authenticate users of networked information resources. This method of authentication is also popular among many on-line journals.
Passwords are a relatively insecure form of authentication. As computation power multiplies exponentially, password-guessing programs have become increasingly sophisticated. Most computer users avoid selecting a “good” password (i.e. one that is at least six characters long and contains a suitable mix of upper- and lower-case letters, numbers, and/or other characters), as these are difficult to remember and awkward to type. Additionally, most users fail to change their passwords on a regular basis. These shortcomings on behalf of end users make it easier for third parties to obtain passwords and exploit existing user accounts. Passwords are also vulnerable to attack from keystroke-sniffing programs.
A proxy server acts as an agent between the content provider and the end user. The proxy first identifies the user via the user’s Internet Protocol (IP) address, a username and password, or a combination of both. In the ARL survey, 82% of responding institutions used IP address authentication and an overlapping 78% reported using password and username credentials, indicating that a substantial number of respondents use a combination of proxy servers and passwords as authentication measures. Using a combination of two or more authentication measures increases on-line security.
For AnthroSource’s purposes, a proxy server could be programmed to screen users as well as to make authorization decisions based on their credentials, allowing them access to (or restricting them from) various areas of the portal. This could be done anonymously, or the proxy could be used to create a detailed log of user activity and interaction with the portal. In terms of security, accountability will be low if anonymous access is offered.
Proxies are expensive to implement, and require the providing institution to invest in substantial amounts of processing power and memory needed to run the proxy servers. Servers must be reliable and large enough to accommodate the number of users a content provider expects to have. This system makes additional demands on the individual end user, who will have to reconfigure his or her Internet browser to work with the proxy. On the side of the content provider, each electronic resource will also have to be configured to pass through the proxy.
In terms of security, a proxy is only as good as its parent institution’s underlying authentication system. The content provider will need to establish secure communication with the proxy server, using certificates, session-level encryption, or other methods of authentication.
A Combined Approach
Using a combination of a proxy
server and username/password credentials is a reasonable user authentication
approach for a portal that intends to serve a diverse, worldwide user
community. HINARI (Health
InterNetwork Access to Research Initiative), a program that provides free access
to electronic medical journals to hospitals, libraries, and universities in
low-income countries, utilizes the combined password-and-proxy approach to serve
institutions in 113 different nations.
AAA has stated an intention to gather demographic data on AnthroSource users for research purposes. These data will presumably be used to determine who is (or is not) utilizing the AnthroSource portal, users’ professional affiliations, scholarly interests, and perhaps personal cultural background. Personal data will also be used to allow subscribed researchers to customize the layouts of their individual accounts.
While collecting this information will undoubtedly be important to AAA, administrators must also consider personal privacy of individual users, and should avoid harvesting data on a more granular level than is needed. AnthroSource should be able to find a balance between completely anonymous access, in which no user session can be linked with any individual; and completely identified access, in which user sessions are traced and connected with individual identities.
The method that Lynch refers to as “pseudononymous access with demographic information” allows the content provider to collect data on users while protecting individual privacy. This can be achieved by assigning each user a random number, then using the number (instead of the user’s name) to track demographic data and research habits.
Other Access Considerations
Authenticating users is an
important step in providing and controlling access to portal content, but it is
not the only consideration for AnthroSource. The layout of the website must be easily
navigable by users employing screen-reading software or other devices for the
disabled. In accordance with the
1998 amendment to the Rehabilitation Act, Congress established a series of
standards to ensure that information technology was accessible to and usable by
individuals with disabilities. AAA documents suggest that meeting these
requirements will not pose any problems for AnthroSource. “Atypon foresees no problem with
One area that AAA will need to
explore in more depth is the development of clear and practical guidelines for
identifying and authorizing indigenous end users. This process may be fairly
straightforward with well-documented indigenous groups such as Native American
tribes in the
References and Resources
(2003). Inside the security mind: Making the tough
HINARI. (2004). Health InterNetwork Access to Research Initiative Set-up Instructions
for Registered Users. Retrieved
“Literatum for the UC Press – List of Features.” (2003?).
Lynch, C. (1998). A white paper on authentication and access management issues in
cross-organizational use of networked information resources. Coalition for
Networked Information. Retrieved February 28 from
Miles, G., et al. (2004). Security assessment: Case studies for implementing the NSA
Skomal, S., &
global communities.” Proposal to the Andrew W. Mellon Foundation. American
(2002). Authentication: from passwords to public
“UCP Assumptions for Atypon Regarding the AAA Project.” (2003?).
· Guide to legal issues surrounding self-archiving.
Examples of Copyright Agreements for On-line Journals
(All URLs were active as of
Copyright Transfer Agreement from Dekker.com, an on-line publisher of scientific, technical, and medical journals:
Electronic Information Licence Agreement from the Royal Society of Chemistry, a British publisher of scientific journals:
Copyright Agreement from Algebra Montpellier Announcements, a French mathematics journal:
Transfer of Copyright Agreement for the publications of the American Physical Society:
Copyright Agreement form from Springer, an on-line publisher of health science journals:
End User License Agreements
Institutional License Agreement from the MIT Press:
Examples of Licensing Agreements, provided by the
Project RoMEO (Rights MEtadata for Open Archiving), information about copyright in
the digital age from
Self-Archiving FAQ from EPrints.org, an open archives initiative:
Resources on Free Access Theory from the dmoz.org Open Directory Project:
Copyright and Intellectual Property Resources
Scholarly Electronic Publishing Bibliography from the
including a section on Intellectual Property Rights:
Creative Commons, an initiative to develop more flexible copyright laws:
March 1999 issue of The Journal of Electronic Publishing, dedicated to intellectual property issues:
Harper, G. Personal communication,
Broyles, K. Personal communication,
 Harper, 2004.
 UCP Assumptions, p. 2.
 Lynch, C. (1998). A white paper on authentication and access management issues in
cross-organizational use of networked information resources. Coalition for
Networked Information. Retrieved
Oliver, B. Personal communication,
 Skomal & Berlin, p. 25.
 Ibid., p. 24.
 Lynch, p. 3.
 Miles, pp. 237-238.
 Lynch, p. 4.
 Literatum, p. 1.
 UCP Assumptions, p. 3.
 Skomal & Berlin, p. 16.
 Plum & Bleiler, p. 10.
 Smith, p. 98-99.
 Miles, p. 275.
 Smith, p. 36.
 Plum & Bleiler, p. 10.
 Lynch, p. 16.
 Ibid., p. 15.
 UCP Assumptions, p. 1.
 Ibid. p. 2.
 Lynch, p. 8.
 508 Law, ¶1.
 UCP Assumptions, pp. 1-2.