LISTSERV - LIBLICENSE-L Archives

LIBLICENSE-L Archives

LibLicense-L Discussion Forum

LIBLICENSE-L@LISTSERV.CRL.EDU

	LISTSERV Archives
	LIBLICENSE-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Ransomware and Publishers
From:	LIBLICENSE <[log in to unmask]>
Reply To:	LibLicense-L Discussion Forum <[log in to unmask]>
Date:	Tue, 23 May 2017 19:16:53 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (114 lines)

From: "Hersh, Gemma (ELS-CAM)" <[log in to unmask]>
Date: Tue, 23 May 2017 22:40:56 +0000

Hi Chris, like most other publishers, we permanently archive all of
the content we publish, in perpetuity, with independent third parties
such as Portico and CLOCKSS. We have also taken additional steps above
and beyond this standard good practice, making us more prepared than
many other platforms should something go wrong.  We maintain our own
local archive and have an archiving agreement with the National
Library of the Netherlands. This ensures that if we are unable to
provide access (temporarily, in an emergency or permanently) content
is still available and that it is archived in perpetuity. This is the
case for all of our content, regardless of the business model it is
published under. Further information about this is available here:

https://www.elsevier.com/about/our-business/policies/digital-archive

Gemma Hersh
Elsevier

On 22 May 2017, at 04:35, LIBLICENSE
<[log in to unmask]<mailto:[log in to unmask]>> wrote:
From: "C.H.J. Hartgerink" <[log in to unmask]<mailto:[log in to unmask]>>
Date: Fri, 19 May 2017 04:42:40 -0400

Simply put: yes. With copyrighted content served on only one platform,
there is the risk of a single point of failure, and if their servers
are affected it could create downtime. Didn't ScienceDirect have a
recent outage? Ransomware or any other cyber attacks can result in
these kinds of things. With open content, we can distribute and remove
this issue (one service down, copies available elsewhere).

Cheers,
Chris

-------- Original Message --------
From: Ian Robson <[log in to unmask]<mailto:[log in to unmask]>>
Date: Thu, 18 May 2017 15:35:37 +0000

Thanks for the clarification, Chris. What impact do you think
ransomware could have on a publisher's internal systems? If a
publisher experienced a ransomware attack, is it conceivable that this
could affect their ability to serve licensed content and/or provide
administrative support?

Best,

Ian

Ian Robson
Head, Collection Development
Dana Porter Library
University of Waterloo
200 University Ave. West
Waterloo, Ontario, Canada N2L3G1
+1 519 888 4567 ext. 31586

-----Original Message-----
From: "C.H.J. Hartgerink" <[log in to unmask]<mailto:[log in to unmask]>>
Date: Wed, 17 May 2017 01:43:37 -0400

Ransomware occurs on the end-user's equipment; incorporating that into
an agreement implies that the publisher would be responsible for the
end-user's computer, which doesn't make sense. One scenario is that
one could incorporate something into a license that publishers will
maximize security of the platform for the end-user, which would be
more versatile if a range of cyber-attacks occur. But this would be
accompanied with liability, and I am unsure whether that commitment
will go through negotiations.

Something that can be addressed in licenses fairly easily, and is a
larger threat I think, is that of publisher websites not using HTTPS.
It allows for someone in the network to hijack the content being
served really easily. For example, ScienceDirect isn't HTTPS by
default and if someone in a hospital network would hijack that domain
and replace all mentions of a drug (e.g., "norepinephrine" with
"glucose"; this is simple to do for any cyber-attacker) it could
affect treatment decisions. There are many scenario's I can imagine
that would be detrimental to society and science.

I recommend to include a clause for any agreement that the publisher
commits to serving their content and platform only in HTTPS. This is
super easy to do with tools like CertBot, so insufficient funds are
for most publishers not a problem.

Cheers,
Chris

-------- Original Message --------
From: "Maher, Stephen"
<[log in to unmask]<mailto:[log in to unmask]>>
Date: Tue, 16 May 2017 19:22:53 +0000

Random questions about ransomware:

Is ransomware and other malware a concern to publishers in relation to
making its content accessible online to its customers?

Can/should we call for specific language in our licenses with
publishers that addresses the threat of ransomware?

(e.g. in the event a publisher's contents are blocked due to ransomware)

Thank you,

Stephen

Stephen Maher, MSIS | Assistant Director NYU Health Sciences Library
212.263.8935
[log in to unmask]<mailto:[log in to unmask]>

ATOM RSS1 RSS2

LISTSERV.CRL.EDU