Copyright and Access Issues in the Realm of Electronic Publishing

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Aubrey Carrier

May 5, 2004

 

 

INF392K

Problems in the Permanent Retention of Electronic Records

 

 

School of Information

The University of Texas at Austin

 

 

 

 

 


Copyright and Access Issues in the Realm of Electronic Publishing

 

 

In implementing the on-line version of The American Anthropologist, AAA will encounter myriad issues relating to access.  Major points of access will occur at two separate stages within the digital repository.  On the back end, AAA must ensure that it has secured the rights from authors, researchers, advertisers, and other contributors to publish intellectual property on the Internet.  On the front end, AAA must provide journal content to authorized end users.

 

Publishing Content on the Internet

 

With the rapid growth of on-line publishing, intellectual property concerns have become increasingly complex.  Due to the traditionally unsupervised nature of the World Wide Web, many users assume that anything found on the Internet is free for the taking.  Most on-line publishers, on the other hand, bear an obligation to themselves and to contributing writers to protect on-line content from copyright abuse.  According to copyright lawyer Georgia Harper, copyright ownership ultimately comes down to the contract between the journal and the author.[1]  The wording of this contract must specifically define what rights the publisher assumes, and what rights the author retains, when copyright is transferred.  The importance of clear-cut, ironclad copyright agreements cannot be overemphasized.

 

Because AAA can expect that the vast majority of AnthroSource clients will be using the portal primarily to access journal articles, the Association first needs to identify the point when a submitted article officially leaves the custody of the creator and becomes the property of the journal publisher.  Even after the journal’s editors have evaluated the article as part of the peer review process, the manuscript still belongs completely to the original author.  “In theory, the journal only obtains an assignment to the final version of the article that it publishes; all pre-publication drafts remain the property of the author.”[2]  Publishers could change the wording of a contract to allow peer editors more of a stake in the published manuscript, although this is not normally the case.

 

AAA also needs to clarify its stance in regards to self-archiving, the practice of depositing an electronic version of one’s own work in an Open Archives Initiative-Compliant digital repository.[3]  The author thereby makes the work directly available to the public.  Many scholarly journals refuse to publish submissions that have been previously self-archived, but a growing number of electronic journal publishers currently support the self-archiving of article pre-prints by authors.[4]  AAA must decide whether or not to allow self-archiving by authors, and, if so, to what extent.

 

As an example of how some electronic publishers negotiate authors’ rights, the University of Texas Press uses a standard “consent to publish” form.  This agreement grants the Press all rights to the material (including electronic publishing).  The author is granted free permission for any future use.  In some cases, authors reserve future rights to the material or ask that it be left uncopyrighted.  Even when material may be reproduced free of charge, UT Press expects to be explicitly credited as the manuscript’s original publisher.  The Press’ “consent to publish” agreements strive for as much flexibility as possible, using terms that are agreeable to the author while meeting the Press’ needs for publishing the material.  For some journals, the author signs the consent form at the time the submission is formally accepted; for others, the author does not grant permission to publish until after reviewing a copyedited version of the manuscript. [5]

 

In return for permission to publish the article, the UT Press accepts accountability for maintaining high standards of editorial and production quality, as well as preserving the authenticity of the author’s manuscript.  It is the publisher’s responsibility to carry the work forward while remaining true to the author’s research and intent.

 

AAA will need to examine the copyright policies that The American Anthropologist has used throughout its existence to identify potential problems in providing on-line journal content that has already been published in print form.  Do author/publisher agreements from the journal’s earlier history state that the publisher has the right to use the material in any way, forever and throughout the universe, or are publishing rights limited to print copies?  AAA’s previous experience in providing access to older articles via JSTOR has presumably addressed some of these questions.

 

An informal survey of available copyright agreements indicates that most on-line journals place the burden on the author to secure rights to any third-party photographs, illustrations, or other material used in the article the author is submitting for publication.  Paid advertisements, however, are a separate issue.  While advertisements and other promotional supplements are common to many print journals, e-journal sponsors may not want their advertisements to exist in perpetuity on the Internet.  For this reason, the University of Texas Press does not include advertisements in on-line journal content.[6]  If the Association intends to put third-party advertisements on-line, it will need to clarify terms of use with sponsors and other advertisers, detailing how long the advertisements may continue to be published on-line.  If, for whatever reason, the publisher and the advertiser do not sign a contract, all rights belong to the advertiser.[7]

 

To promote scholarship and educational use of its material, AAA should identify “fair use” opportunities that it deems acceptable, such as granting educators the right to place materials on reserve, or other not-for-profit use of materials found in the AnthroSource portal.  Giving away limited amounts of access for free may lead to further interest in the portal and encourage users to become full-fledged subscribers.

 

In sum, AAA should not attempt to publish anything on-line unless its legal right to do so has been assured.  Detailed copyright agreements will be essential, and should be explicitly stated both to authors and to end users.

 

Once AAA has determined its distribution rights as an on-line publisher, the association must identify, define, and manage communities of end users.

 

Providing and Controlling Access to End Users in a Digital Repository Environment

 

 “Through AnthroSource, scholars, teachers, practitioners, students and the interested public throughout the world will be able to access the body of peer-reviewed scholarship in anthropology, and exchange information and ideas . . . with great ease, speed, and affordability.”

--Skomal & Berlin

 

In the American Anthropological Association (AAA)’s 36-page grant proposal to the Andrew Mellon Foundation, the word “access” appears 48 times.  The proposal is to create an on-line resource for scholarly research in anthropology.  The main goal of this web portal, called AnthroSource, is to provide electronic access to over a hundred years’ worth of anthropological work.  Access is AnthroSource’s raison d’être.

 

AnthroSource – Restrictions on Access

 

AnthroSource does not intend to provide unlimited access to anyone with a valid Internet connection.  Its primary purpose is to serve as a resource for AAA members, who will enjoy “access to the restricted Portal resources for the duration of their membership; lapsed members will lose member access to restricted content.”[8]

 

Once the journal has accepted the final version of a scholarly article and reached a copyright agreement with the author, it becomes the responsibility of the publisher to guarantee protection from third-party use and/or modification.  In order to protect the journal content from unauthorized access or other breach of copyright, AAA will need to implement a secure method for authentication (the process of establishing an individual’s identity) and authorization (the process of determining the access rights of an authenticated individual) of end users.[9]

 

Identifying User Communities

 

The members of AAA itself will comprise AnthroSource’s primary user community.  Additional communities may include academic institutions, libraries, museums, and individual users, who will be able to purchase subscriptions granting limited access to the content.  Institutions with lapsed subscriptions will “retain perpetual license to AAA journal content to which they had access during the term of their subscription.  AAA may opt to satisfy this requirement by providing the content to lapsed institutional subscribers on CD-ROM or a similar medium.”[10]

 

Access rights for authors should also be addressed.  After every issue of Libraries and Culture is published, the editors give each contributing author a free print copy of the journal.[11]  AAA may have similar policies in place for its anthropological journals, and will need to decide what electronic access rights should be granted to past, present, and future contributors. 

 

AAA does intend to charge users for access to AnthroSource content, in order to cover the operating costs of maintaining the portal.[12]  Non-member subscribers are valued as important sources of revenue.[13]  Therefore, it is in AAA’s best interests to ensure that users attempting to access restricted content are legitimate subscribers, and that these users remain within the time frame boundaries of their subscription agreements.

 

Because AnthroSource is not meant to provide everyone with access to everything, it will be critical for the portal to implement a secure method of authenticating and authorizing users.

 

User Authentication vs. User Authorization

 

Authentication

A user is authenticated when he or she establishes an identity with the content provider, commonly accomplished using a password and username.  Each user has certain attributes linked to his or her identity (i.e. classification as student, faculty, or staff member in an academic setting) that can be used to signify which resources the user is permitted to access.[14]

 

Users normally prove authenticity using one of three methods.  The most prevalent, “something you know,” usually involves submitting a username and password, or answering a permanent secret (i.e. What is your mother’s maiden name?) that (presumably) only the individual end user would know.  On the next level, authenticity is tested by “something you have,” such as a security card or similar identification device.  The third method of authentication uses “something you are,” such as a fingerprint or retinal scan.  The first method is the most inexpensive and easiest to implement, as well as the least secure.  Likewise, the biometric approach is the most intrusive and costly, but the securest.[15]

 

In the on-line environment, the username and/or password combination is the method most widely used.  When attempting to provide access to potentially millions of users around the globe, the other approaches are impractical, overly intrusive, and expensive.

 

Authorization

Clifford Lynch defines user authorization as “the process of determining whether an identity (plus a set of attributes associated with that identity) is permitted to perform some action, such as accessing a resource.”[16]  This ensures that a non-AAA member cannot access the portal’s restricted content.

 

Based on the aforementioned restrictions on access to AnthroSource content, the authentication system will need to determine whether any given user is:

The authorization system will then determine the range of content available to the authenticated user.  The list of Literatum features indicates that producing “collections” based on date range is well within the capabilities of the software.[17]

 

Authentication Options for AAA

To control what material is accessible to which subscribers, AnthroSource requires a “zoned” access system that will grant the highest level of access to portal administrators, a medium level of access to AAA members and subscribers, and a minimal level of access to the general public. 

 

The University of California Press (UCP) offers a range of licensing services capable of managing access control.[18]  The software provider, Atypon, has also expressed a commitment to integrating new areas of access control as they arise.[19]

 

AAA grant writers have a general idea of how AnthroSource users will be identified and authorized.  “Non-AAA users will enter AnthroSource by registering, entering username and password, or by IP or other authentication.  AAA members will access AnthroSource by logging onto the AAA website,” thus gaining access to the restricted, members-only section of the portal.[20]  Password-based credentials and IP recognition systems are two common authentication measures commonly used by digital repositories.

 

Passwords

Benefits

Passwords are the most widespread method of authenticating users in the electronic environment.  Nearly all computer-literate people have encountered them in some form, or are at least familiar with them.  According to a 2001 survey sponsored by the Association of Research Libraries (ARL), 78% of participating libraries employed password and username combinations to authenticate users of networked information resources.[21]  This method of authentication is also popular among many on-line journals.

Drawbacks

Passwords are a relatively insecure form of authentication.  As computation power multiplies exponentially, password-guessing programs have become increasingly sophisticated.  Most computer users avoid selecting a “good” password (i.e. one that is at least six characters long and contains a suitable mix of upper- and lower-case letters, numbers, and/or other characters), as these are difficult to remember and awkward to type.[22]  Additionally, most users fail to change their passwords on a regular basis.[23]  These shortcomings on behalf of end users make it easier for third parties to obtain passwords and exploit existing user accounts.  Passwords are also vulnerable to attack from keystroke-sniffing programs.[24]

 

Proxy Servers

Benefits

A proxy server acts as an agent between the content provider and the end user.  The proxy first identifies the user via the user’s Internet Protocol (IP) address, a username and password, or a combination of both.  In the ARL survey, 82% of responding institutions used IP address authentication and an overlapping 78% reported using password and username credentials, indicating that a substantial number of respondents use a combination of proxy servers and passwords as authentication measures.[25]  Using a combination of two or more authentication measures increases on-line security.

 

For AnthroSource’s purposes, a proxy server could be programmed to screen users as well as to make authorization decisions based on their credentials, allowing them access to (or restricting them from) various areas of the portal.  This could be done anonymously, or the proxy could be used to create a detailed log of user activity and interaction with the portal.  In terms of security, accountability will be low if anonymous access is offered.[26]

 

Drawbacks

Proxies are expensive to implement, and require the providing institution to invest in substantial amounts of processing power and memory needed to run the proxy servers.  Servers must be reliable and large enough to accommodate the number of users a content provider expects to have.  This system makes additional demands on the individual end user, who will have to reconfigure his or her Internet browser to work with the proxy.  On the side of the content provider, each electronic resource will also have to be configured to pass through the proxy.[27]

 

In terms of security, a proxy is only as good as its parent institution’s underlying authentication system.  The content provider will need to establish secure communication with the proxy server, using certificates, session-level encryption, or other methods of authentication.

 

A Combined Approach

Using a combination of a proxy server and username/password credentials is a reasonable user authentication approach for a portal that intends to serve a diverse, worldwide user community.  HINARI (Health InterNetwork Access to Research Initiative), a program that provides free access to electronic medical journals to hospitals, libraries, and universities in low-income countries, utilizes the combined password-and-proxy approach to serve institutions in 113 different nations.  The University of Texas at Austin’s General Libraries System uses a similar approach to allow off-campus users access to electronic library resources.  Because AAA members already use passwords to access certain areas of the Association’s website, implementing the same feature within AnthroSource should be painless and convenient for most users.

 

User Identification

AAA has stated an intention to gather demographic data on AnthroSource users for research purposes.[28]  These data will presumably be used to determine who is (or is not) utilizing the AnthroSource portal, users’ professional affiliations, scholarly interests, and perhaps personal cultural background.  Personal data will also be used to allow subscribed researchers to customize the layouts of their individual accounts.[29]

 

While collecting this information will undoubtedly be important to AAA, administrators must also consider personal privacy of individual users, and should avoid harvesting data on a more granular level than is needed.  AnthroSource should be able to find a balance between completely anonymous access, in which no user session can be linked with any individual; and completely identified access, in which user sessions are traced and connected with individual identities.

 

The method that Lynch refers to as “pseudononymous access with demographic information” allows the content provider to collect data on users while protecting individual privacy.[30]  This can be achieved by assigning each user a random number, then using the number (instead of the user’s name) to track demographic data and research habits.

 

Other Access Considerations

Authenticating users is an important step in providing and controlling access to portal content, but it is not the only consideration for AnthroSource.  The layout of the website must be easily navigable by users employing screen-reading software or other devices for the disabled.  In accordance with the 1998 amendment to the Rehabilitation Act, Congress established a series of standards to ensure that information technology was accessible to and usable by individuals with disabilities.[31]  AAA documents suggest that meeting these requirements will not pose any problems for AnthroSource.  “Atypon foresees no problem with ADA compliance” and intends to comply with the act “to the fullest practical extent.”[32]

 

One area that AAA will need to explore in more depth is the development of clear and practical guidelines for identifying and authorizing indigenous end users.  This process may be fairly straightforward with well-documented indigenous groups such as Native American tribes in the U.S., but it will be considerably more difficult to authenticate and authorize indigenous users who are dispersed geographically, and/or living in extremely remote areas.

 


 

 

References and Resources

 

Broyles, K.  Personal communication, 30 April 2004.

 

Day, K.  (2003).  Inside the security mind: Making the tough decisions.  New Jersey: 

Prentice Hall.

 

“508 Law.”  Retrieved March 15, 2004 from 

http://www.section508.gov/index.cfm?&FuseAction=Content&ID=12

 

Harper, Georgia.  Personal communication, 12 April 2004.

 

HINARI.  (2004).  Health InterNetwork Access to Research Initiative Set-up Instructions

for Registered Users.  Retrieved March 2, 2004 from 

http://www.healthinternetwork.org/src/HINARI_set_up.doc

 

“Literatum for the UC Press – List of Features.”  (2003?). 

 

Lynch, C.  (1998).  A white paper on authentication and access management issues in

cross-organizational use of networked information resources.  Coalition for

Networked Information.  Retrieved February 28 from 

http://www.cni.org/projects/authentication/authentication-wp.html

 

Loughborough University.  (2003).  Publisher copyright policies & self-archiving.  Retrieved 3 April 2004 from

http://www.lboro.ac.uk/departments/ls/disresearch/romeo/index.html

 

Miles, G., et al.  (2004).  Security assessment: Case studies for implementing the NSA

IAM.  Rockland, MA: Syngress Publishing.

 


Oliver, B.  Personal communication, 27 April 2004.

 

Plum, T., & Bleiler, R.  (2001).  User authentication.  Washington, D.C.:  Association of

Research Libraries.

 

Skomal, S., & Berlin, S.N.  (2003).  “AnthroSource: Enriching scholarship and building

global communities.”  Proposal to the Andrew W. Mellon Foundation.  American

Anthropological Association.

 

Smith, R.E.  (2002).  Authentication: from passwords to public keys.  Boston: Addison-

Wesley.

 

“UCP Assumptions for Atypon Regarding the AAA Project.”  (2003?).

 

University of Southampton.  (2002).  EPrints.org Self-Archiving FAQ.  Retrieved 31 March 2004 from http://www.eprints.org/self-faq/#self-archiving

·        Guide to legal issues surrounding self-archiving.

 


Additional Resources

 

Examples of Copyright Agreements for On-line Journals

 

(All URLs were active as of May 4, 2004)

 

Copyright Transfer Agreement from Dekker.com, an on-line publisher of scientific, technical, and medical journals:

http://www.dekker.com/misc/files/copyrightrelease.pdf

 

Electronic Information Licence Agreement from the Royal Society of Chemistry, a British publisher of scientific journals:

http://www.rsc.org/is/journals/current/ej_use.htm

 

Copyright Agreement from Algebra Montpellier Announcements, a French mathematics journal:

http://www.emis.de/journals/AMA/copyright.html

 

Transfer of Copyright Agreement for the publications of the American Physical Society:

http://forms.aps.org/author/copytrnsfr.pdf

 

Copyright Agreement form from Springer, an on-line publisher of health science journals:

http://www.springerpub.com/store/copyright_ip.html

 

 

End User License Agreements

 

Institutional License Agreement from the MIT Press:

http://mitpress.mit.edu/journals/inst_license.pdf

 

Examples of Licensing Agreements, provided by the Yale University Libraries:

http://www.library.yale.edu/~llicense/publishers.shtml

 

 

Self-Archiving Resources

 

Project RoMEO (Rights MEtadata for Open Archiving), information about copyright in the digital age from Loughborough University’s School of Information Science:

http://www.lboro.ac.uk/departments/ls/disresearch/romeo/index.html

 

Self-Archiving FAQ from EPrints.org, an open archives initiative:

http://www.eprints.org/self-faq/

 

Resources on Free Access Theory from the dmoz.org Open Directory Project:

http://dmoz.org/Society/Issues/Intellectual_Property/Free_Access_Theory/

 

 

Copyright and Intellectual Property Resources

 

Scholarly Electronic Publishing Bibliography from the University of Houston Libraries:

http://info.lib.uh.edu/sepb/sepb.html

including a section on Intellectual Property Rights:

http://info.lib.uh.edu/sepb/lcopyr.htm

 

Creative Commons, an initiative to develop more flexible copyright laws:

http://creativecommons.org/

 

March 1999 issue of The Journal of Electronic Publishing, dedicated to intellectual property issues:

http://www.press.umich.edu/jep/04-03/index.html

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 



[1] Harper, G.  Personal communication, 12 April 2004.

[2] Ibid.

[3] University of Southampton.  (2002).  EPrints.org Self-Archiving FAQ.  Retrieved 31 March 2004 from http://www.eprints.org/self-faq/#self-archiving

 

[4] Loughborough University.  (2003).  Publisher copyright policies & self-archiving.  Retrieved 3 April 2004 from http://www.lboro.ac.uk/departments/ls/disresearch/romeo/index.html

 

[5] Broyles, K.  Personal communication, 30 April 2004.

[6] Ibid.

[7] Harper, 2004.

[8] UCP Assumptions, p. 2.

[9] Lynch, C.  (1998).  A white paper on authentication and access management issues in

cross-organizational use of networked information resources.  Coalition for

Networked Information.  Retrieved 28 February 2004 from 

http://www.cni.org/projects/authentication/authentication-wp.html

 

[10] Ibid.

[11] Oliver, B.  Personal communication, 27 April 2004.

[12] Skomal & Berlin, p. 25.

[13] Ibid., p. 24.

[14] Lynch, p. 3.

[15] Miles, pp. 237-238.

[16] Lynch, p. 4.

[17] Literatum, p. 1.

[18] Ibid.

[19] UCP Assumptions, p. 3.

[20] Skomal & Berlin, p. 16.

[21] Plum & Bleiler, p. 10.

[22] Smith, p. 98-99.

[23] Miles, p. 275.

[24] Smith, p. 36.

[25] Plum & Bleiler, p. 10.

[26] Lynch, p. 16.

[27] Ibid., p. 15.

[28] UCP Assumptions, p. 1.

[29] Ibid. p. 2.

[30] Lynch, p. 8.

[31] 508 Law, ¶1.

[32] UCP Assumptions, pp. 1-2.