Practical Steps to Address Piracy

Practical Steps to
Address Piracy
2017 PSP Annual Conference
Washington, DC
Chris Shillum, VP Platform and Data Integration
3 Feb 2017

Problems we are trying to solve
2
RA21
• Legitimate users sometimes resort to pirated content because
access is too difficult
• Publishers and libraries find it difficult to track and manage
security breaches
Scholarly Sharing
• Users are not sure what they are able to legitimately share
and where
• Scholarly platforms can’t check compliance with publisher
policies
Distributed Usage Logging
• Publishers, Authors and Librarians would like to know about
usage on all platforms

Chris Shillum, VP Platform and Data Integration, Elsevier
Meltem Dincer, VP Platform Capabilities, John Wiley and Sons
Co-chairs, STM RA21 Taskforce
RA21Resource Access in the 21st Century

The Journey from Print to Digital
4
•Institution to purchase from the publisher
•Institution to lend to its users
•Single point of entry
•Simple transaction
•Library cards
•Lock the doors at night
•Must return after use
•Prohibitively expensive to make copies of entire
collections
•Imitate print experience
•Optimize for ease of implementation
•IP Address Recognition
RA21

21st Century
5
•Technology evolved
•Multiple entry points
•Mobile and remote access
•Cumbersome user experience
•Easy to download an entire
library
RA21

How a user experiences access to resources on campus
1

How a user experiences access to resources on campus
7


How a user experiences access to resources off campus
1

9
2

10
3

11
4

12
5

13


Fundamental Expectations of the Community
• Researchers
– Seamless access to subscribed resources, from any device, from any location, from
any starting point
– A consistent, intuitive user experience across resources
– Increased privacy of personal data
– Streamlined text and data mining
• Resource Providers
– Ability to provide individualized and differentiated access for better reporting to
governing bodies and customers
– Ability to offer personalized services to accelerate insight and discovery
– Ability to ensure the integrity of content on both institutional and commercial platforms
• Customers
– Minimization of administrative burden of providing access to authorized user
communities
– Maximization the use of the resources purchased
– Protection of the privacy of user communities and advocacy for their security
14
RA21

RA21 Problem Statement
• Access to STM content and resources is traditionally managed via IP address
recognition.
• For the past 20 years, this has provided seamless access for users when on campus
• However, with modern expectations of the consumer web, this approach is increasingly
problematic:
– Users want seamless access from any device, from any location
– Users increasingly start their searches on 3rd party sites (e.g. Google, PubMed)
rather than publisher platforms or library portals and run into access barriers
– A patchwork of solutions exist to provide off-campus access: proxy servers,
VPNs, Shibboleth, however the user experience is inconsistent and confusing
– Publishers are facing an increasing volume of illegal downloads and piracy, and
fraud is difficult to track and trace because of insufficient information about the
end user
– The lack of user data also impedes the development of more user-focused,
personalized services by publishers.
– The increase in privacy and fraud also poses a significant risk to campus
information security
15
RA21

Hypothesis
1. In part, the ease of resource access within IP ranges makes off
campus access so difficult
2. In part, the difficulty of resource outside IP ranges encourages
legitimate users to resort to illegitimate means of resource access
∴ It is time to move beyond IP-recognition as the main
authentication system for scholarly content while making sure
the alternative is as barrier free as possible
16
RA21

STM RA21 Task Force*
Work to Date
17
* Initial RA21 Task Force included representatives from ACS, APA, Brill, CABI, CUP,
Elsevier, Emerald, IEEE, IOPP, Kluwer, OUP, SpringerNature, Thieme and Wiley
Apr 2016
• Initial proposal to the STM Board
Jun 2016
• Face to face task force meeting in 3 locations
Jul 2016
• Task force charter approved by the STM Board
Jul – Nov 2016
• Ground work by the task force
Dec 2016
• Outreach and call for participation
RA21

Going Forward – How Will it Work?
• Adopt a diverse, inclusive approach and achieve consensus across stakeholder groups
• Recommend new solutions for access strategies beyond IP recognition practices
• Explain the standard measures that publishers, libraries and end-users should undertake for
better protocols and security
• Test and improve solutions by organizing pilots in a variety of environments for the creation of
best practice recommendations
Note: The task force will not build a specific technical solution or an
industry-wide authentication platform
18
Dec 2016
- Outreach
meetings: STM
& CNI
- Website and
Survey launch
- Call for
participation
Feb 2017
- Survey and
Participation
Call deadline
Apr 2017
- Invitations for
Sounding
Boards
- Technical
meetings
May–Sep
2017
- Running
Pilots
Oct 2017
- Gathering
results
- Best Practice
recommendati
ons
Dec 2017
- Presenting
results at
meetings
- Inviting
feedback
RA21

RA21 Draft Principles
1. The user experience for researchers will be as seamless as possible,
intuitive and consistent across varied systems, and meet evolving
expectations.
2. The solution will work effectively regardless of the researcher’s starting
point, physical location, and preferred device.
3. The solution will be consistent with emerging privacy regulations, will avoid
requiring researchers to create yet another ID, and will achieve an optimal
balance between security and usability.
4. The system will achieve end-to-end traceability, providing a robust, widely
adopted mechanism for detecting fraud that occurs at institutions, vendor
systems, and publishing platforms.
5. The customer will not be burdened with administrative work or expenses
related to implementation and maintenance.
6. The implementation plan should allow for gradual transition and account
for different levels of technical and organizational maturity in participating
19
RA21

Aspects of the Problem Aspects of the solution
1. Only the user’s home institution can validate
their access to purchased content and services:
So, We need to do Contextual, Federated
Authentication
Federated authentication using SAML
• The only IDM standard that supports contextual
rather than just individual authentication
• Solves key aspects of the problem including
distributed trust, support for anonymity and
metadata exchange
• SAML federations reduce many–many agreements
to many–one–many agreements
2. The user can start their journey from anywhere
on the web, on any device, from any physical
location:
So, We need to solve the WAYF (Where Are You
From) question
Standard for universal session awareness
• Don’t ask the user to authenticate if they are already
authenticated
Layered approach to WAYF “signposting”
• Use whatever you already know about the user
(cookies, IP range, email address) to point them
back to the correct authentication point if not already
signed in
3. We all want access to be as barrier free as
possible:
So, We need to make it as simple as possible
for the user to understand what they need to do
Standardized user experiences and workflows
• Nothing will be as seamless as IP, but users will get
used it if they have to do the same thing every time.
Solution Outline
20
RA21

Testing the Hypothesis
• Pilot program through Q3 2017
• Broad spectrum of stakeholders
–STM member Task Force
–Standards bodies, esp. NISO
–Libraries
–Research and Education federation operators
–Technology managers
–Aggregators
–Proxy server providers
–Vendors
–Researchers
–Customers
–Other interested parties
• Address a variety of use cases
• Self organized, yet, registered and tracked under the larger umbrella
• Feedback and results shared with the community
21
RA21

What to Do Next?
• Visit: http://www.stm-assoc.org/standards-technology/ra21-resource-
access-21st-century/
• Librarians and other customers – have your technical staff
complete the survey: https://www.surveymonkey.com/r/RA21
• Everyone: Register your interest in participation by emailing:
smit@stm-assoc.org
22
c.shillum@elsevier.com
@cshillum
mdincer@wiley.com
#RA21
RA21

Nikko Goncharof, Springer Nature
Wouter Haak, Elsevier
Co-chairs, STM SCN TWG
Voluntary principles for article
sharing

Voluntary principles for article sharing on SCNs
In 2015, after conducting an open consultation, STM established a
core set of principles that:
– clarify how, where, and what content should be shared using Scholarly
Collaboration Networks (SCNs),
– improve the experience for all stakeholders,
– encourage publishers and SCNs to work together to facilitate sharing,
benefiting researchers, institutions, and society as a whole.
The principles, endorsements, FAQs, DOI tool and more, can be
accessed on How Can I Share It? www.howcanishareit.com
24

Principles > key points
• Publishers commit to facilitate the dissemination and discovery of
their authors’ scholarly articles
• Sharing should be allowed within a research collaboration group
• Publishers and libraries should extend their collective use of
standards such as COUNTER to quantify article use on networks
• Publishers and standards organizations should continue to work
together on tools that facilitate sharing (article versioning and access
rights metadata)
• Publisher policies on research collaboration group sharing and
public posting of articles should be clear and easily discoverable
25

Next steps
1. Publishing houses to make their sharing policies more explicit and
easy to find
2. Technical support group looking into the development of a
prototype system based on metadata tags in article PDFs to
facilitate simple and seamless sharing consistent with publisher
policies
3. Crossref’s Distributed Usage Logging (DUL) project will enable
non-publisher platforms like SCNs to report on usage according the
COUNTER standards
26

Next step #1 > How can I share it?
• Since the publication of the Principles a number of endorsing
publishing houses have updated their policies
• STM has launched a website – www.howcanishareit.com – with
additional information about the Principles, endorsing publishing
houses and SCNs, etc.
• The website hosts links to participating publishers’ policy pages
• The website hosts a DOI tool “Where can I share it” that can be used
to find clear-cut answers on which SCNs articles can be shared.
• Participating publishers:
– Brill
– Elsevier
– IOPP
– Oxford University Press
– Taylor & Francis
– Thieme
– Wiley
More publishing houses will be added shortly
27

Next step #2: Technical support group (TSG)
• Goal
The goal of the working group is to devise a simple and pragmatic
mechanism to enable Scholarly Collaboration Networks (SCNs) to
determine what their users are permitted to do with publisher copies of
scholarly content within the SCN platform - even when the platform does
not have a direct agreement with the publisher of the content in question
28
• Proposal
I. Embed DOI and JAV
tags in article PDFs
> SCNs identify the article
version
II. Add sharing policy
identifiers to the
existing Crossref
Metadata API
> SCNs obtain article-level
sharing terms

The Problem
• Researchers are increasingly using “alternative” (non-publisher)
platforms to store, access and share the literature
– Institutional and subject repositories
– Aggregator platforms (EBSCOhost, IngentaConnect)
– Researcher-oriented social-networking sites (e.g. Academia.edu,
ResearchGate, Mendeley)
– Reading environments and tools (e.g. ReadCube, Utopia Documents)
• Usage on these platforms is often legitimate, i.e. from researchers who
have access to the content via institutional subscription agreements,
however because the usage does not occur on the publishers’ own
platforms, it cannot be captured in the COUNTER-compliant usage
reports sent to subscribing customers, meaning that:
– Publishers are not able to demonstrate to their customers the true value of
their subscription holdings and are not able to provide authors will a full
picture of usage of their articles.
– Institutions are not able to make a full and accurate assessment of the
usage of the content they subscribe to when making purchasing decisions.
30
Distributed
Usage Logging

The Idea
• Build on the Crossref infrastructure to create a framework which allows usage
information to flow from the point of usage (the alternative platforms) to the
publishers, from where the data can be aggregated and incorporated into existing
COUNTER usage reporting streams.
31
1. Researchers read
articles on site of
choice
2. Sites log usage via
generic CrossRef API
Including DOI, IP
address, Institutional ID
3. CrossRef redirects
logging call to
publisher’s usage
logging API
4. Publishers include third-
party site usage in
COUNTER reports sent to
customers
Publisher A
Publisher C
Publisher BCrossRef
COUNTER
Institutional
Repository
Social
Networking
Site
Reading
Environment
Institution
Publishers register
usage logging API
URLs with CrossRef
COUNTER certifies
participants
Distributed
Usage Logging

Taking the Initiative Forward
Role of COUNTER
• Define semantics of
usage logging
messages
• Validate participants in
the scheme
• Define CoP and oversee
compliance auditing
process
Role of CrossRef
• Define syntax of usage
logging messages
• Build and operate
technical infrastructure
• Define technical API
specs
• Provide training and
documentation on
technical integration
Role of Platform
Vendors
• Integrate with logging
API
• Send usage events via
API to CrossRef
framework
• Adhere to COUNTER
defined CoP
Role of Publishers
• Integrate with logging
API
• Receive usage events
from API
• Incorporate into existing
COUNTER-compliant
usage reporting stream
32
Distributed
Usage Logging

Current status
• Crossref working group
– Initial pilot conducted demonstrating message passing between SCNs
and Publishers
– Privacy concerns → proposal to only share truncated IP
– Crossref working on mechanism for message authentication to prevent
usage click fraud
• COUNTER technical advisory group (TAG)
– Survey and focus groups conducted confirming strong interest in
receiving usage information across platforms.
– Draft policy on participation created
– DUL to be included in next COUNTER Code of Practice as optional
element (COP5)
33
Distributed
Usage Logging

More Info
www.stm-assoc.org/standards-technology/ra21-resource-access-21st-
century/
Register your interest in participation by emailing: smit@stm-assoc.org
www.howcanishareit.com
blog.crossref.org/2015/12/private-channel-dul.html
34
c.shillum@elsevier.com
@cshillum
RA21
Distributed
Usage Logging

Practical Steps to Address Piracy

More Related Content

What's hot (7)

Viewers also liked (19)

Similar to Practical Steps to Address Piracy (20)

Recently uploaded (20)

Practical Steps to Address Piracy

Editor's Notes