From: "Hersh, Gemma (ELS-CAM)" <[log in to unmask]> Date: Tue, 23 May 2017 22:40:56 +0000 Hi Chris, like most other publishers, we permanently archive all of the content we publish, in perpetuity, with independent third parties such as Portico and CLOCKSS. We have also taken additional steps above and beyond this standard good practice, making us more prepared than many other platforms should something go wrong. We maintain our own local archive and have an archiving agreement with the National Library of the Netherlands. This ensures that if we are unable to provide access (temporarily, in an emergency or permanently) content is still available and that it is archived in perpetuity. This is the case for all of our content, regardless of the business model it is published under. Further information about this is available here: https://www.elsevier.com/about/our-business/policies/digital-archive Gemma Hersh Elsevier On 22 May 2017, at 04:35, LIBLICENSE <[log in to unmask]<mailto:[log in to unmask]>> wrote: From: "C.H.J. Hartgerink" <[log in to unmask]<mailto:[log in to unmask]>> Date: Fri, 19 May 2017 04:42:40 -0400 Simply put: yes. With copyrighted content served on only one platform, there is the risk of a single point of failure, and if their servers are affected it could create downtime. Didn't ScienceDirect have a recent outage? Ransomware or any other cyber attacks can result in these kinds of things. With open content, we can distribute and remove this issue (one service down, copies available elsewhere). Cheers, Chris -------- Original Message -------- From: Ian Robson <[log in to unmask]<mailto:[log in to unmask]>> Date: Thu, 18 May 2017 15:35:37 +0000 Thanks for the clarification, Chris. What impact do you think ransomware could have on a publisher's internal systems? If a publisher experienced a ransomware attack, is it conceivable that this could affect their ability to serve licensed content and/or provide administrative support? Best, Ian Ian Robson Head, Collection Development Dana Porter Library University of Waterloo 200 University Ave. West Waterloo, Ontario, Canada N2L3G1 +1 519 888 4567 ext. 31586 -----Original Message----- From: "C.H.J. Hartgerink" <[log in to unmask]<mailto:[log in to unmask]>> Date: Wed, 17 May 2017 01:43:37 -0400 Ransomware occurs on the end-user's equipment; incorporating that into an agreement implies that the publisher would be responsible for the end-user's computer, which doesn't make sense. One scenario is that one could incorporate something into a license that publishers will maximize security of the platform for the end-user, which would be more versatile if a range of cyber-attacks occur. But this would be accompanied with liability, and I am unsure whether that commitment will go through negotiations. Something that can be addressed in licenses fairly easily, and is a larger threat I think, is that of publisher websites not using HTTPS. It allows for someone in the network to hijack the content being served really easily. For example, ScienceDirect isn't HTTPS by default and if someone in a hospital network would hijack that domain and replace all mentions of a drug (e.g., "norepinephrine" with "glucose"; this is simple to do for any cyber-attacker) it could affect treatment decisions. There are many scenario's I can imagine that would be detrimental to society and science. I recommend to include a clause for any agreement that the publisher commits to serving their content and platform only in HTTPS. This is super easy to do with tools like CertBot, so insufficient funds are for most publishers not a problem. Cheers, Chris -------- Original Message -------- From: "Maher, Stephen" <[log in to unmask]<mailto:[log in to unmask]>> Date: Tue, 16 May 2017 19:22:53 +0000 Random questions about ransomware: Is ransomware and other malware a concern to publishers in relation to making its content accessible online to its customers? Can/should we call for specific language in our licenses with publishers that addresses the threat of ransomware? (e.g. in the event a publisher's contents are blocked due to ransomware) Thank you, Stephen Stephen Maher, MSIS | Assistant Director NYU Health Sciences Library 212.263.8935 [log in to unmask]<mailto:[log in to unmask]>