From: Ken Masters <[log in to unmask]>
Date: Tue, 4 Dec 2012 08:41:48 +0400

Hi All

> I agree that the clause is a silly one and that reasonable endeavours or
> suchlike is the most a vendor might expect but have many librarians been
> sued or is this another joke by Dr. Masters?

The binary forming of this question is problematic: the possibility
that no librarian (or institution) has yet been fined or sued should
not mean that this can be taken as a joke.

Here are a few safe assumptions:

- Lawyers do not put jokes into contracts.

- If the word "reasonable" has not been put into the clause, then it
is not by error.  It has been done for a purpose.

- Even if you do wish to take the "reasonable endeavours" route of
defence, user names and passwords like "tester," "testuser,"
"testpass," etc, will not be easy to defend.

- If, after the clause has been pointed out by the institution, the
representative still insists that it stays, then it is definitely
there for a reason.  More, the fact that you pointed that clause out
to the representative is a strong argument that you were aware of that
condition, and understood it and its implications; ignorance of the
law is rarely a defence, but, in that instance, you've made any
defence well-nigh impossible.

Rather, two other questions should be considered:

Q: Are there documented instances where user access codes (usernames
and passwords, including ones like "testpass", etc) have been made
publicly accessible (e.g. on the Internet)?
A: Yes, hundreds.

Q: Do libraries and institutions expose themselves to legal action
because of this?
A: Read your contracts, and have your lawyers read them also.

Regards

Ken

Dr. Ken Masters
Asst. Professor: Medical Informatics
Medical Education Unit
College of Medicine & Health Sciences
Sultan Qaboos University
Sultanate of Oman


On 15 November 2012 00:01, LIBLICENSE <[log in to unmask]> wrote:
>
> From: Anthony Watkinson <[log in to unmask]>
> Date: Tue, 13 Nov 2012 20:54:35 +0000
>
> I agree that the clause is a silly one and that reasonable endeavours or
> suchlike is the most a vendor might expect but have many librarians been
> sued or is this another joke by Dr. Masters?
>
> Anthony
>
> -----Original Message-----
>
> From: Ken Masters <[log in to unmask]>
> Date: Tue, 13 Nov 2012 08:40:52 +0400
>
> Hi All
>
> It's quite easy, actually.  There is no particular action, because it
> includes EVERYTHING.
>
> Given that the terms of use will include prevention of allowing outsiders
> access, it simply means (for example)  that the client (you) has the
> responsibility of ensuring that not a single one of your staff and students
> ever shares a user name and password with anyone else, never has their
> computers hacked with spyware, stolen, accessed through wifi snoopers, etc.,
> that your entire university database of usernames and passwords is
> absolutely secure, and that, if any breach occurs that allows an outsider to
> access the journal, then you'll find yourself paying a fine or in court.  I
> mean, those are surely not unreasonable demands (if you're working for Fort
> Knox or the CIA, that is).
>
> When you query that at the time of signing, you'll probably be told not to
> worry too much about it, as those are just "fairly standard and legal
> clauses" that "everyone signs." The rep will probably even crack a silly
> joke about "you know how stuffy the lawyers are."  When the breach occurs,
> however, you'll find out just how quickly that defence vapourises, and just
> how expert those lawyers actually are.
>
> Regards
>
> Ken
>
> Dr. Ken Masters
> Asst. Professor: Medical Informatics
> Medical Education Unit
> College of Medicine & Health Sciences
> Sultan Qaboos University
> Sultanate of Oman