From: Eric Hellman <[log in to unmask]> Date: Wed, Sep 2, 2015 at 1:21 PM The Library Privacy Pledge has been finalized with significant changes to the schedule and lots of improvements based on feedback from the community. My blog post on it is at: http://go-to-hellman.blogspot.com/2015/08/update-on-library-privacy-pledge.html (note that I've set the "description" attribute on the blog to "Move Blogspot to HTTPS NOW.") The second part of the pledge for libraries asks them to make sure that their vendors - publishers, aggregators, etc. support HTTPS by the end of 2016 as contracts are renewed going forward. A brief review of the Liblicense Model License suggests to me that the best way to do this would be to use Schedule 3: Access and Authentication. Under "ACCESS METHOD:" language should be added to the effect that: "Licensed Materials shall be accessable from the Licensor's server using the HTTPS (HTTP over TLS) protocol. " As this list has many knowledgable licensing experts, (which I'm not) I would welcome correction if there's a better way to do it. Any libraries or publishers that want to get in on the initial wave of publicity (first week of November), send your endorsement to: [log in to unmask] (the 6-month implementation clock starts then). Eric Hellman President, Free Ebook Foundation (and Volunteer, Library Freedom Project) Founder, Unglue.it https://unglue.it/ http://go-to-hellman.blogspot.com/ twitter: @gluejar