From: Eric Hellman <[log in to unmask]>
Date: Wed, Sep 2, 2015 at 1:21 PM

The Library Privacy Pledge has been finalized with significant changes
to the schedule and lots of improvements based on feedback from the
community. My blog post on it is at:

http://go-to-hellman.blogspot.com/2015/08/update-on-library-privacy-pledge.html

(note that I've set the "description" attribute on the blog to "Move
Blogspot to HTTPS NOW.")

The second part of the pledge for libraries asks them to make sure
that their vendors - publishers, aggregators, etc. support HTTPS by
the end of 2016 as contracts are renewed going forward. A brief review
of the Liblicense Model License suggests to me that the best way to do
this would be to use Schedule 3: Access and Authentication. Under
"ACCESS METHOD:" language should be added to the effect that:

"Licensed Materials shall be accessable from the Licensor's server
using the HTTPS  (HTTP over TLS) protocol. "

As this list has many knowledgable licensing experts, (which I'm not)
I would welcome correction if there's a better way to do it.

Any libraries or publishers that want to get in on the initial wave of
publicity (first week of November), send your endorsement to:

[log in to unmask] (the 6-month implementation clock starts then).

Eric Hellman
President, Free Ebook Foundation (and Volunteer, Library Freedom Project)
Founder, Unglue.it https://unglue.it/
http://go-to-hellman.blogspot.com/
twitter: @gluejar