Category Archives: oa.security

Research Security, Collaboration, and the Changing Map of Global R&D

Posted on by
Reply

“The open research system, with its expanding rates of investment and interconnectedness, has delivered tremendous benefits to many nations, but it has also created new challenges to research integrity and security. Our data shows significant variations across countries in how much, and in what ways, they rely on their collaborative links to the global research network. A more nuanced understanding of those differences is critical for assessing the unique cost/benefit calculations behind decisions to limit open engagement to address security concerns….

But with a number of countries eschewing the post-World War II norms of that global research system, [the open research system] is also being manipulated through means such as foreign interference, theft of intellectual property, and breaches of research integrity….”

Security, Safety, SeamlessAccess – The Scholarly Kitchen

Posted on by

“Last year SeamlessAccess™, a joint initiative run by GÉANT, Internet2, NISO and STM, went into beta-mode. In light of the pandemic, that turned out to be very timely – as testified by implementers of the service seeing increases of 150% to 300% for this type of off-campus use. SeamlessAccess is based on federated identity management (FIM) and uses SAML as the underlying technology (Security Assertion Mark-up Language, an open standard designed for secure single sign-on). It offers a modern alternative to long-standing but less flexible and somewhat outmoded IP-based access solutions through a privacy-protecting, secure single sign-on service. Previous posts in The Scholarly Kitchen already gave an inside view on the benefits of federated access, shared data on huge growth in federated authentication at the start of the pandemic, and shone a light on the strategic benefits of identity management and federated authentication for scholarly publishers.

Recently, questions have been posed whether FIM and SAML are, in fact, as secure and privacy-safe as often claimed. In response, the project team behind SeamlessAccess explains why the answer is simply “Yes”….”

genomeRxiv: a microbial whole-genome database for classification, identification, and data sharing

Posted on by

“genomeRxiv is a newly-funded US-UK collaboration to provide a public, web-accessible database of public genome sequences, accurately catalogued and classified by whole-genome similarity independent of their taxonomic affiliation. Our goal is to supply the basic and applied research community with rapid, precise and accurate identification of unknown isolates based on genome sequence alone, and with molecular tools for environmental analysis….”

The Public Should Have Access to the Surveillance Court’s Opinions

Posted on by

“For decades, a special court—the Foreign Intelligence Surveillance Court, or “FISC”—has issued secret legal opinions authorizing the U.S. government to conduct sweeping programs of electronic surveillance. These opinions have had a profound impact on Americans’ rights to privacy, free expression, and free association. But many of them are entirely hidden from public view….”

Is SeamlessAccess Secure Enough? – The Geyser — Hot Takes & Deep Thinking on the Info Economy

Posted on by

“SeamlessAccess — the main result of the work around RA21 — is currently in beta. The goal of SeamlessAccess is to allow people to log in to content purchased by their employer or institution no matter where they are, using a technology stack that achieves “an optimal balance between security and usability.” A big part of this is a reliance on the Security Assertion Markup Language (SAML)….”

Do Right By Your (Research) Data: 2021 Intellectual Property Speaker Series – MIT Events

Posted on by

“Congratulations—you’ve got research data! This session will walk you through the dos and don’ts associated with research data and artifacts, the associated bits of information necessary to understand research data. These can include structured data, images, unstructured data, metadata, analysis scripts, analysis environment, and much more. 

Amy Nurnberger, Program Head for Data Management Services at MIT Libraries, will cover the tools and resources available to you for making decisions about your research data (and associated bits) with regard to use agreements, security requirements, and copyright and licensing. We’ll also explore some case studies and do a practical applications exercise.”

45 million medical scans from hospitals all over the world left exposed online for anyone to view – some servers were laced with malware • The Register

Posted on by

“Two thousand servers containing 45 million images of X-rays and other medical scans were left online during the course of the past twelve months, freely accessible by anyone, with no security protections at all.

Or so says research by CybelAngel, which sells a Digital Risk Protection Platform. Not only was the sensitive personal information unsecured, but malicious folk had also accessed those servers and poisoned them with apparent malware, the company added….”

Cyber AI firm helps Vatican digitize its library archives – Axios

Posted on by

“A cybersecurity firm is working with the Vatican to defend its priceless collection of digitized writings from hacking efforts.

Why it matters: Digitizing library archives can provide an invaluable backup should the originals be lost or destroyed, but they’re also vulnerable to cyberattacks. Without stout defenses, digital libraries can be looted or even vandalized….”

User Behavior Access Controls at a Library Proxy Server are Okay | Disruptive Library Technology Jester

Posted on by

“The webinar where Cory presented was the first mention I’d seen of a new group called the Scholarly Networks Security Initiative (SNSI). SNSI is the latest in a series of publisher-driven initiatives to reduce the paywall’s friction for paying users or library patrons coming from licensing institutions. GetFTR (my thoughts) and Seamless Access (my thoughts). (Disclosure: I’m serving on two working groups for Seamless Access that are focused on making it possible for libraries to sensibly and sanely integrate the goals of Seamless Access into campus technology and licensing contracts.)…”

WHOIS behind SNSI & GetFTR? | Motley Marginalia

Posted on by

“I question whether such rich personally identifiably information (PII) is required to prevent illicit account access. If it is collected at all, there are more than enough data points here (obviously excluding username and account information) to deanonymize individuals and reveal exactly what they looked at and when so it should not be kept on hand too long for later analysis.

Another related, though separate endeavor is GetFTR which aims to bypass proxies (and thereby potential library oversight of use) entirely. There is soo much which could be written about both these efforts and this post only scratches the surface of some of the complex issues and relationships affect by them.

The first thing I was curious about was, who is bankrolling these efforts? They list the backers on their websites but I always find it interesting as to who is willing to fund the coders and infrastructure. I looked up both GetFTR and SNSI in the IRS Tax Exempt database as well as the EU Find a Company portal and did not find any results. So I decided to do a little more digging matching WHOIS data in the hopes that something might pop out, nothing interesting came of this so I put it at the very bottom….

It should come as no surprise that Elsevier, Springer Nature, ACS, and Wiley – which previous research has shown are the publishers producing the most research downloaded in the USA from Sci-Hub – are supporting both efforts. Taylor & Francis presumably feels sufficiently threatened such that they are along for the ride….”

Academics band together with publishers because access to research is a cybercrime | chorasimilarity

Posted on by

“This is the world we live in. That is what I understand from reading about the Scholarly Networks Security Initiative. and it’s now famous webinar, via Bjorn Brembs october post.

I just found this, after the post I wrote yesterday. I had no idea about this collaboration between publishers and academics to put spyware on academic networks for the benefit of publishers.

What I find worrying is not that publishers, like Elsevier, Springer Nature or Cambridge University Press, want to protect their business against the Sci-hub threat. This is natural behaviour from a commercial point of view. These businesses (not sure about CUP) see their activity atacked, so they fight back to keep their profit up.

The problem is with the academics. Why do they help the publishers? For whose benefit?…”

Scientific publishers propose installing spyware in university libraries to protect copyrights – Coda Story

Posted on by

“A recent proposal recommending the deployment of surveillance software in order to monitor those accessing academic material has drawn fire from digital rights advocates and scientists.

The plan was outlined on October 22 during a virtual webinar hosted by a consortium of the world’s leading publishers of scientific journals, featuring security experts discussing the threats posed by cyber-criminals and digital piracy to academic research. 

One speaker proposed a novel tactic publishers could take to protect their intellectual property rights against data theft: introducing spyware into the proxy servers academic libraries use to allow access to their online services, such as publishers’ databases. …”

Cybersecurity Landscape – Protecting the Scholarly Infrastructure

Posted on by

“Institutions and publishers have always collaborated on ways to ensure researchers, students and faculty have access to critical research information in efficient and secure ways.

 

The proliferation of online resources for learning, research and basic operations has also meant a proliferation in cyber-attacks targeting institutions, publishers and other service providers. Fighting cyber-attacks is not a task any one entity can do alone.

The purpose of this virtual security summit is to discuss security threats to the research ecosystem with the aim to engender closer collaboration between publishers
and academics in dealing with these threats….”

To Prevent Free, Frictionless Access To Human Knowledge, Publishers Want Librarians To Be Afraid, Very Afraid | Techdirt

Posted on by

“After many years of fierce resistance to open access, academic publishers have largely embraced — and extended — the idea, ensuring that their 35-40% profit margins live on. In the light of this subversion of the original hopes for open access, people have come up with other ways to provide free and frictionless access to knowledge — most of which is paid for by taxpayers around the world. One is preprints, which are increasingly used by researchers to disseminate their results widely, without needing to worry about payment or gatekeepers. The other is through sites that have taken it upon themselves to offer immediate access to large numbers of academic papers — so-called “shadow libraries”. The most famous of these sites is Sci-Hub, created by Alexandra Elbakyan. At the time of writing, Sci-Hub claims to hold 79 million papers.

Even academics with access to publications through their institutional subscriptions often prefer to use Sci-Hub, because it is so much simpler and quicker. In this respect, Sci-Hub stands as a constant reproach to academic publishers, emphasizing that their products aren’t very good in terms of serving libraries, which are paying expensive subscriptions for access. Not surprisingly, then, Sci-Hub has become Enemy No. 1 for academic publishers in general, and the leading company Elsevier in particular. The German site Netzpolitik has spotted the latest approach being taken by publishers to tackle this inconvenient and hugely successful rival, and other shadow libraries. At its heart lies the Scholarly Networks Security Initiative (SNSI), which was founded by Elsevier and other large publishers earlier this year. Netzpolitik explains that the idea is to track and analyze every access to libraries, because “security” ….”