“The webinar where Cory presented was the first mention I’d seen of a new group called the Scholarly Networks Security Initiative (SNSI). SNSI is the latest in a series of publisher-driven initiatives to reduce the paywall’s friction for paying users or library patrons coming from licensing institutions. GetFTR (my thoughts) and Seamless Access (my thoughts). (Disclosure: I’m serving on two working groups for Seamless Access that are focused on making it possible for libraries to sensibly and sanely integrate the goals of Seamless Access into campus technology and licensing contracts.)…”
“I question whether such rich personally identifiably information (PII) is required to prevent illicit account access. If it is collected at all, there are more than enough data points here (obviously excluding username and account information) to deanonymize individuals and reveal exactly what they looked at and when so it should not be kept on hand too long for later analysis.
Another related, though separate endeavor is GetFTR which aims to bypass proxies (and thereby potential library oversight of use) entirely. There is soo much which could be written about both these efforts and this post only scratches the surface of some of the complex issues and relationships affect by them.
The first thing I was curious about was, who is bankrolling these efforts? They list the backers on their websites but I always find it interesting as to who is willing to fund the coders and infrastructure. I looked up both GetFTR and SNSI in the IRS Tax Exempt database as well as the EU Find a Company portal and did not find any results. So I decided to do a little more digging matching WHOIS data in the hopes that something might pop out, nothing interesting came of this so I put it at the very bottom….
It should come as no surprise that Elsevier, Springer Nature, ACS, and Wiley – which previous research has shown are the publishers producing the most research downloaded in the USA from Sci-Hub – are supporting both efforts. Taylor & Francis presumably feels sufficiently threatened such that they are along for the ride….”
“This is the world we live in. That is what I understand from reading about the Scholarly Networks Security Initiative. and it’s now famous webinar, via Bjorn Brembs october post.
I just found this, after the post I wrote yesterday. I had no idea about this collaboration between publishers and academics to put spyware on academic networks for the benefit of publishers.
What I find worrying is not that publishers, like Elsevier, Springer Nature or Cambridge University Press, want to protect their business against the Sci-hub threat. This is natural behaviour from a commercial point of view. These businesses (not sure about CUP) see their activity atacked, so they fight back to keep their profit up.
The problem is with the academics. Why do they help the publishers? For whose benefit?…”
“A recent proposal recommending the deployment of surveillance software in order to monitor those accessing academic material has drawn fire from digital rights advocates and scientists.
The plan was outlined on October 22 during a virtual webinar hosted by a consortium of the world’s leading publishers of scientific journals, featuring security experts discussing the threats posed by cyber-criminals and digital piracy to academic research.
One speaker proposed a novel tactic publishers could take to protect their intellectual property rights against data theft: introducing spyware into the proxy servers academic libraries use to allow access to their online services, such as publishers’ databases. …”
“Institutions and publishers have always collaborated on ways to ensure researchers, students and faculty have access to critical research information in efficient and secure ways.
The proliferation of online resources for learning, research and basic operations has also meant a proliferation in cyber-attacks targeting institutions, publishers and other service providers. Fighting cyber-attacks is not a task any one entity can do alone.
The purpose of this virtual security summit is to discuss security threats to the research ecosystem with the aim to engender closer collaboration between publishers
and academics in dealing with these threats….”
“After many years of fierce resistance to open access, academic publishers have largely embraced — and extended — the idea, ensuring that their 35-40% profit margins live on. In the light of this subversion of the original hopes for open access, people have come up with other ways to provide free and frictionless access to knowledge — most of which is paid for by taxpayers around the world. One is preprints, which are increasingly used by researchers to disseminate their results widely, without needing to worry about payment or gatekeepers. The other is through sites that have taken it upon themselves to offer immediate access to large numbers of academic papers — so-called “shadow libraries”. The most famous of these sites is Sci-Hub, created by Alexandra Elbakyan. At the time of writing, Sci-Hub claims to hold 79 million papers.
Even academics with access to publications through their institutional subscriptions often prefer to use Sci-Hub, because it is so much simpler and quicker. In this respect, Sci-Hub stands as a constant reproach to academic publishers, emphasizing that their products aren’t very good in terms of serving libraries, which are paying expensive subscriptions for access. Not surprisingly, then, Sci-Hub has become Enemy No. 1 for academic publishers in general, and the leading company Elsevier in particular. The German site Netzpolitik has spotted the latest approach being taken by publishers to tackle this inconvenient and hugely successful rival, and other shadow libraries. At its heart lies the Scholarly Networks Security Initiative (SNSI), which was founded by Elsevier and other large publishers earlier this year. Netzpolitik explains that the idea is to track and analyze every access to libraries, because “security” ….”
From Google’s English: “However, instead of offering transparent open access contracts on fair terms, Elsevier has adopted a different strategy in the fight against shadow libraries like Sci-Hub. These must be fought as “cybercrime”, if necessary also with technological means. Within the framework of The Scholarly Networks Security Initiative (SNSI) , founded in conjunction with other major publishers, Elsevier is campaigning for libraries to upgrade with security technology. In a SNSI webinar titled” Cybersecurity Landscape – Protecting the Scholarly Infrastructure “Hosted by two senior executives at Elsevier, one speaker recommended that publishers develop their own proxy or proxy plug-in for libraries to access more (usage) data (“develop or subsidize a low-cost proxy or proxy plug-in). existing proxies ”). With the help of an “analysis engine”, not only could the location of access be better delineated, but biometric data (eg typing speed) or striking usage patterns (eg a student pharmacy suddenly interested in astrophysics). Any doubt that this software could also be used – if not primarily – against shadow libraries like SCI-HUB was dispelled by the next speaker.”
“This past week, these public relations efforts were dialed up a notch or ten to a whole new level. At an SNSI webinar entitled „Cybersecurity Landscape – Protecting the Scholarly Infrastructure“, hosted by two Elsevier employees, one of the presenters suggested „develop or subsidize a low cost proxy or a plug-in to existing proxies“ in order to collect user data. That user data, it was explained, could be analyzed with an “Analysis Engine” to track biometric data (e.g., typing speed) or suspicious behavior (e.g., a pharmacology student being suspiciously interested in astrophysics). The angle towards Sci-Hub was confirmed by the next speaker, an Ex-FBI agent and security analyst.
Considering the track record of academic publishers, this reeks strongly of PR attempts to ‘soften the target’, i.e., to make installing publisher spyware on university servers sound less outrageous than it actually is. After the PRISM debacle, the publishers now seem to have learned from their PR mistakes. This time, there is no ‘pitbull’ around. This time, there is only a strange article in a major newspaper, a shady institute where it appears hard to find out who founded it, who is running it and who funds it.
SNSI is an apparent PR project aimed at compromising, not strengthening, network security at research institutions. However, unlike with PRISM, this time the PR effort may pay off.”
“SNSI brings together publishers and institutions to solve cyber-challenges threatening the integrity of the scientific record, scholarly systems and the safety of personal data….
Members include large and small publishers, learned societies and university presses and others involved in scholarly communications….”