DRM to TPM

I have a pretty general idea of Digital Rights Management, and after learning about TPM (Technological Protection Measures) I have learned that TPM is just one aspect that fits under the DRM umbrella. One of the biggest things we talked about in class was the difference between authentication and authorization, two major components of TPM. The two are different, but work together to provide access. Authentication answers the question of "who" and authorization answers the question of "what may the authorized person do?"

The authentication process works with IP addresses - libraries and publishers keep a list of "ok" IP addresses (those that are approved to access the database). When a person logs in to say, UW Libraries and their databases, the username and password matches up with a list of approved users and then they are assigned an IP address. The user information that matches up with the preapproved list of users is called an LDAP server (or lightweight directory access protocol). For a place like UW-Madison, thousands of students are added to and taken off this list each year, in addition to thousands of "guest access" passes that can be easily created.

The authorization process gets down to specifics. David Millman's article "Authentication and Authorization" addresses this process well: "The authorization decision is, in other words, given someone's identity, what may they do? What information may they see; what may they create or destroy; what may they change?" We've already started to see tighter authorization requirements on our own campus, and they're predicted to be further restricted in coming years. Currently, there are a handful of databases where the user must be in a specific library to gain access, and certain departments already have additional login information required beyond the regular UW-Net ID and password. A question was raised regarding the Wisconsin Institutes for Discovery in which a relationship between the public and private sector is formed to perform biomedical research - what kind of authorization will be required for these researchers? Especially with the private sector researchers? This will not only be an interesting challenge with authorization, but in licensing as well.

Below are my messy reading notes on a few of the readings:

“Every Library’s Nightmare?”

- “TPM are configurations of hardware and software used to control access to, or use of, a digital work by restricting particular uses such as saving or printing.

- Hard restrictions: secure – container TPM where there is a physical limitation built into the hardware.

- ISSUES: user dissatisfaction, generate interoperability issues; block archival activities; increased staffing to handle these issues.

- Soft restrictions: discourage use, but not impossible to get around. Now almost accepted as part of e-resources (just the way things are). These change our expectations from vendors.

- Occurs in resources that are 1. Digital and 2. Licensed.

- These restrictions would be impossible on paper copies

- Soft restriction types: 1. Extent of use 2. Restriction by Frustration (often done with awkward chunking) 3. Obfuscation (poorly designed interfaces that do not properly show the capabilities) 4. Interface Omission (tasks only possible through browser or computer commands, left out of the interface) 5. Restriction by Decomposition (breaks down into files, makes it hard to save or e-mail) 6. Restriction by Warning (proclaims limitations and “misuse may result in...” language.

- Hard restriction types: 1. No copying or pasting of text 2. Secure container TPM (ex: only posting low resolution images)

“Technologies Employed to Control Access to or Use of Digital Cultural Collections”

- Digitized works are often harder to control and restrict access to, so that’s where TPM comes in (sits under the umbrella of DRM – “a broader set of concerns and practices associated with managing rights from both a licensor and a licensee perspective.”

- Usage controls manipulate the resource itself (same as a hard restriction?)

- Libraries are more likely than archives/museums to employ a system that restricts or controls access/use.

- Common systems are: authentication and authorization; IP range restrictions; network based ID systems

“Authentication and Authorization”

- Authentication: validating an assertion of identity (identity code and password)

- Other examples include:

1. 1. Shared secrets (like a shared password) 2. Public key encryption 3. Smart cards (not sure if I’ve ever seen this before, or if this method is even used anymore) 4. Biometric (personal physical characteristics) 5. Digital Signatures

- Authorization: access control or access management, or permitted to perform some kind of operation on a computer system.

- Divided into three categories: 1. “whether a subject may retrieve an object” 2. “whether a subject may create, change, or destroy an object; 3. The extent that the person can change the authorization rules.

ERM article

A good friend of mine from undergraduate (who now works in student development at a community college in Tacoma, WA) carefully follows library news. I've tried to convince him to apply for library school, and I feel like I'm getting closer. He occasionally sends me articles about libraries, and this is the most recent from the "Chronicle of Higher Education." This article, titled "Library Inc" nicely sums up the pricing issues and commercial interests of vendors for someone who may not know much about it. The author of the article seems to give a hopeless prediction for the future of libraries (which I don't agree with), but nevertheless a good find. The comments that follow the article are perhaps the most amusing and point out the controversy that exists among librarians when it comes to ERM.

TEACH

Technology, Educations and Copyright Harmonization Act of 2002 - It turns out the TEACH Act is finally a refreshing point in the ongoing copyright mess. Thomas Lipinski from the School of Information Studies at UW-Milwaukee came and spoke to us and provided us with some useful tools. Portions of the TEACH Act are somewhat hard to understand so it was helpful to have an expert there to wade through the material with the class.

Perhaps the two most important points that I immediately picked up on were that the TEACH Act is only for accredited, non-profit higher education institutes (which makes the Act apply to a very specific area of education). Additionally, the TEACH Act treats different categories of works differently, which means that you don't always have to default to fair use. The language withing these different categories is somewhat vague, but either way, it provides some clarification in areas that would otherwise default to fair use. It also seems that it was written in such a way that the Act complies with the DMCA - there are pieces of copyright law, especially the DMCA that contradict or clash with another piece of the law, so it's nice to have something that works in accordance with the DMCA.

TEACH doesn't completely cover fair use and copyright and always work in an institution's favor - it excludes all material the University may have already known was being used illegally, and faculty still need to work with materials they know they will actually use (if they then have to resort to fair use, it's much easier to).

Let's get down to business...

I'm not exactly sure why, but this week's unit on pricing models with our guest speakers from WiLS made e-resource management seem so real. Some of it probably has to do with money, and that may be what I needed to solidify the tricky and complicated task of working with e-resources in the library setting. We started out the class with a few basics, like pricing models (here is my quick and dirty list):

1. Carnegie Classification (tiered) - this is also what WiLS uses most

2. FTE - relevant for large, research universities

3. Usage based stats: less predictable for the budget, publisher is also in charge of

documenting usage

4. Pay-per-use: see 'tokens' below

5. Simultaneous user limit: can be used in combination with other pricing, but it limits how

many people can access the database at one time (I think of the databases at the Business School Library)

6. Paying for an article: if it is immediate, they will buy it, otherwise it’s best to resort to

ILL (I tell people that at UW-Madison, you should never have to buy an article)

7. Consortial pricing: not every university will pay the same amount in one consortium –

may depend on how many full time students they have

8. Token (under pay-per-use): provides access to a single article for 24 hours, universities

will get a certain # of “free” tokens per year – monitored by the librarians and can be

doled out to different departments (tokens are an add-on, could be a pricing model in and

of itself)

9. Backfiles: an accessory to either increase or decrease your price – they are a new way of

making money for the publisher

10. Out-right purchase: particularly for e-books – lives on the publisher’s server so you pay a

maintenance fee even after you’ve purchased it.

And, of course, there was my post on the Big Deal, so I'm not sure how much more I need to say about that. Ultimately, pricing comes down to what will work best for the university. No one pricing model is acts as a one-size-fits all option. Initially, the Big Deal may have seemed this way, but it's not for every library.

I really enjoyed our guest speakers from WiLS (Wisconsin Library Services) and how they described themselves as librarians for librarians. Before they came in, I know absolutely nothing about them (other than the fact that every few days, a WiLS runner comes into the music library to ask me for some obscure microfilm for ILL). It's run exactly like a business in that they have to make things happen (like set-up contracts between libraries and vendors) in order to get paid. WiLS basically takes the pain out of negotiating and pricing for libraries - they also typically get them a 15 - 20% discount on subscriptions.

I knew that WiLS and ILL were connected, but after listening to Eric (name?) I realized just how they were connected and how the university libraries fit into the ILL + WiLS equation. That, along with their work with cooperative purchasing/consortial licensing, and their constant work to streamline processes while making enough money, makes it all obvious to me that libraries are foolish to do it on their own. E-resource management, if the library decides to do everything by themselves, is a full-time job for multiple people.

Here are a few points on negotiating that cleared up some confusion about the process for me:

1. it's a merging of two worlds - the profit and non-profit organizations

2. Always answer two questions (at least): what will the market bear? and what is a fair price based on the needs of the library?

3. a group like WiLS lessens the work for the vendor as well by streamlining the process

4. WiLS is the billing agent (also handle renewals in subsequent years)

My favorite ILL tidbit (besides learning how they work with universities): 120,000 requests annually! I now understand why he said that ILL is in the top 3 services libraries offer.

Big Deal or Not to Big Deal?

Just a few thoughts before going into class tomorrow - I want to get the "facts" about the Big Deal laid out before I learn more about this e-reserve one-size-fits-all option:

Pros:

1. Overall, per article, per word, per whatever, buying in bulk is cheaper (which includes journals).

2. Price increases are predictable - it's capped, so the library isn't thrown any surprises when it comes time to renew.

3. Smaller institutions who may not have a lot to begin with, could benefit from a deal like this.

Cons: (buzz phrase for cons - wiggle room)

1. It takes over the library's budget - it may be very difficult if the library has other journal subscriptions they want to maintain that aren't part of the Big Deal.

2. Large universities and research institutions already have big collections, so would they really benefit from a predetermined package that may provide some overlap or journals that are substandard compared to what they already have?

3. The Big Deal takes away the library's say in their collection.

No cancellations, no selections, huge part of the budget = no wiggle room

I liked the article on the UC system and their protest against Nature. I wonder what happened with that? I guess I'll find out tomorrow. :)

Georgia State (according to the New York Times)

After reading the Georgia State material from last week, I was curious to see how it was portrayed in the media. Just like usual, I turned to the New York Times (even though I'm sure there are many other articles I could look into) and found their/Katie Hafner's take on the situation:

Click here for the article.

There are three things that stood out to me:

1. This quote sums up fair use/copyright issues so nicely...
"Indeed, as the printed word is put in digital form, holding onto rights seems to many like climbing up the slippery sides of a glass." (makes sense to me, which leads into my second point!)

2. She ends the article with a quote from a non-profit article repository:
"Sometimes a bit of slack can help us all discover a winning formula." I do think that Georgia State was probably a bit too relaxed with their e-reserves, like not having a password. But, I can't help but think that we make some of these issues complicated for ourselves and each other just by the way we approach them.

3. Hafner raises the profit vs. non-profit question - how much of our "publicly" run universities are tied into for-profit deals, especially when we work through so many corporations to make access to information/research possible?

Unit 5: Part 1 (Georgia and E-Reserves)

Before I jump into our class discussion on the Georgia case, I want to make sure I get down a couple of my own thoughts regarding this week's reading.

1. Fair Use is not clear cut - this is especially visible in the Linda Neyer chapter on Copyright and Fair Use where she explains the three sets of guidelines for e-reserves.

a. classroom guidelines (1976) - mostly deals with copying and one-time use

b. ALA recommendations (1982)

c. CONFU (1991) - the biggest problem here is that the determined CONFU guidelines never became official because CONFU was somewhat of a bust (ARL Bimonthly report we read stated: "Libraries and higher education associations rejected the draft CONFU electronic reserves guidelines because they were highly proscriptive and did not provide the necessary flexibility inherent in fair use.")

So now the question is, as a library, which set of guidelines do you follow? Or do you make-up your own? In class we talked about fitting somewhere on the liberal - conservative range in terms of how you approach e-reserves. There are certain ways you can push the boundaries a bit without getting in trouble. In Georgia's case, it's probably a good idea to have a password protected system even when taking a more liberal approach.

I want to address the four Fair Use points made in the ARL report. Even though they are a bit broad, I find that each point either provides a starting place, or a confusing point to question when looking at the use of a work.

1. "The character of use." Perhaps the most important thing here is that the work on e-reserve does not act as a supplement to a textbook. It should compliment what has already been purchased by the student.

2. "The nature of the work to be used." I'm not entirely sure about this one - it seems obvious that all types of materials should be used (fiction, non-fiction, music, film, art, etc.). However, copyright for music is treated differently than for books. Each type of material comes with its own set of complications.

3. "The Amount Used." In 1976 Congress supported the "Agreement on Guidelines for Classroom Copying..." in which they specifically defined the length that could be used through total percentage of a work and words used. While this may be one of the first quantifiable guidelines I've come across when dealing with Fair Use, it seems like wishful thinking to apply length restrictions. What about the use of creative works? How do you measure how much of a work of art to use? Applying an objective measure to a subjective work may not be the best solution.

4. "The effect of the use on the market for or value of the work." The ARL report states that this factor may be less important if the library sticks to the previous three factors. However, I think this entirely depends on the University and if they have a University Press. There may be several factors that contribute to #4 that relate only to the library.

One point someone brought up in class was to remember that "if you don't use it, you lose it" with fair use. I guess I hadn't thought of that until this class. There is a fine balance between knowing when to ask permission and knowing how/when to claim fair use.

More to come on the Carrie Kruse talk!