Monday, April 10, 2017

Research Access for the 21st Century

This is the second of my posts from CNI's Spring 2017 Membership Meeting. The first is Researcher Privacy.

Resource Access for the 21st Century, RA21 Update: Pilots Advance to Improve Authentication and Authorization for Content by Elsevier's Chris Shillum and Ann Gabriel reported on the effort by the oligopoly publishers to replace IP address authorization with Shibboleth. Below the fold, some commentary.

RA21 is presented as primarily a way to improve the user experience, and secondarily as a way of making life simpler for the customers (libraries). But in reality it is an attempt to cut off the supply of content to Sci-Hub. As such, it got a fairly rough reception, for three main reasons:
  • In an open access world, there's no need for authorization. Thus this is yet more of the publishers' efforts to co-opt librarians into being "personal shoppers moonlighting as border guards" as Barbara Fister puts it. As someone who has been involved in implementing Shibboleth and connecting to institution's identity infrastructure I can testify that the switch to Shibboleth might in the long run make librarians lives easier but between now and the long run there stands a whole lot of work. Since it is intended to protect their bottom lines, the publishers should pay for this work. But instead they are apparently seeking grant funding for their pilot program, which is pretty cheeky. Maintaining their bottom line is not exactly in the public, or the funding agencies, interest.
  • The analysis of the user experience problem on which the PR for this effort is based is flawed, because it is publisher-centric. Sure, Shibboleth could potentially reduce the burden on the off-campus user of logging in to many different publisher Web sites. But if that is the problem, there are much simpler solutions to hand that libraries, rather than publishers, can implement. Simply proxy everything, as Sam Kome (see here) reported the Claremont Colleges do successfully, or use VPNs (which would have the additional benefit of making off-campus users much safer). But, as studies of the use of Sci-Hub show, the real problem is the existence of the many different publisher Web sites, not the need to log into them. What readers want is a single portal providing access to the entire academic literature, so they only have to learn one user interface. Yet another example of the power of increasing returns to scale in the Web world.
  • Even if in an ideal world the use of Shibboleth could completely prevent the use of compromised credentials to supply sites such as Sci-Hub, which in the real world it can't, doing so is in no-one's interest. The presence of copies on these sites is not a problem for readers, whether or not they use those copies. The presence of copies on those sites is in the librarian's interests, as they may exert downward pressure on publisher prices. If copies elsewhere were really a serious problem, ResearchGate's 100M copies, about half of which are apparently copyright violations, would be twice as big a threat as Sci-Hub. None of those copyright violations are the result of compromised credentials, so Shibboleth implementation wouldn't cut them off. Publishers seem content to live with ResearchGate.

6 comments:

David. said...

At TechDirt, Glyn Moody reports on Elsevier's Latest Brilliant Idea: Adding Geoblocking To Open Access:

"But gold open access papers that aren't fully accessible outside Europe simply aren't open access at all. The whole point of open access is that it makes academic work freely available to everyone, everywhere, without restriction -- unlike today, where only the privileged few can afford wide access to research that is often paid for by the public."

Nothing says "open access" like blocking people who haven't paid from access.

David. said...

Nine months later, librarians and Roger Schonfeld are starting to wake up to the threat from "Research Access 21":

"Is it too late to create a user-centric alternative?"

Yes. Because its not about users or privacy, its about cutting off the supply of content to SciHub.

David. said...

Lisa Hinchcliffe's tweetstorm starts:

"One can't help but be struck that in the corporate setting, user control over their own data/privacy is just a complete non-consideration. So, not surprising it isn't baked in at the RA21 policy level given its genesis. Maybe that's ok if higher ed is just another business now?"

Lisa Janicke Hinchliffe said...

Hinchliffe

David. said...

Apologies that my fingers substituted the surname of a college friend!

David. said...

It is two years later and the Association of Research Libraries appears to have just figured out the threat that RA21 poses, with their ARL Comments on RA21 Proposal for Access to Licensed Information Resources:

"In sum, we believe that more work on this vision and implementation is required, as is consultation with the research library community. As drafted, these recommendations present a new system of access to research resources that envisions a limited role for research libraries with little, if any, interaction with their clientele. An adjustment in the scope and scale of these recommendations could alleviate some concerns. We believe that the recommendations would be more productive and better received by research libraries if they were limited to the technical details of how to improve Shibboleth. If they did not aspire to a systemic redesign of access management, and a wholesale replacement of IP-based authentication, they would probably not trigger as wide a range of concerns and complexities."

Where was ARL two years ago when the points above were obvious?