From Google’s English: “However, instead of offering transparent open access contracts on fair terms, Elsevier has adopted a different strategy in the fight against shadow libraries like Sci-Hub. These must be fought as “cybercrime”, if necessary also with technological means. Within the framework of The Scholarly Networks Security Initiative (SNSI) , founded in conjunction with other major publishers, Elsevier is campaigning for libraries to upgrade with security technology. In a SNSI webinar titled” Cybersecurity Landscape – Protecting the Scholarly Infrastructure “Hosted by two senior executives at Elsevier, one speaker recommended that publishers develop their own proxy or proxy plug-in for libraries to access more (usage) data (“develop or subsidize a low-cost proxy or proxy plug-in). existing proxies ”). With the help of an “analysis engine”, not only could the location of access be better delineated, but biometric data (eg typing speed) or striking usage patterns (eg a student pharmacy suddenly interested in astrophysics). Any doubt that this software could also be used – if not primarily – against shadow libraries like SCI-HUB was dispelled by the next speaker.”
Category Archives: oa.security
Is the SNSI the new PRISM?
“This past week, these public relations efforts were dialed up a notch or ten to a whole new level. At an SNSI webinar entitled „Cybersecurity Landscape – Protecting the Scholarly Infrastructure“, hosted by two Elsevier employees, one of the presenters suggested „develop or subsidize a low cost proxy or a plug-in to existing proxies“ in order to collect user data. That user data, it was explained, could be analyzed with an “Analysis Engine” to track biometric data (e.g., typing speed) or suspicious behavior (e.g., a pharmacology student being suspiciously interested in astrophysics). The angle towards Sci-Hub was confirmed by the next speaker, an Ex-FBI agent and security analyst.
Considering the track record of academic publishers, this reeks strongly of PR attempts to ‘soften the target’, i.e., to make installing publisher spyware on university servers sound less outrageous than it actually is. After the PRISM debacle, the publishers now seem to have learned from their PR mistakes. This time, there is no ‘pitbull’ around. This time, there is only a strange article in a major newspaper, a shady institute where it appears hard to find out who founded it, who is running it and who funds it.
SNSI is an apparent PR project aimed at compromising, not strengthening, network security at research institutions. However, unlike with PRISM, this time the PR effort may pay off.”
Scholarly Networks Security Initiative | Combat Cybercrime
“SNSI brings together publishers and institutions to solve cyber-challenges threatening the integrity of the scientific record, scholarly systems and the safety of personal data….
Members include large and small publishers, learned societies and university presses and others involved in scholarly communications….”
Enhanced Access to Publicly Funded Data for Science, Technology and Innovation | en | OECD
“In increasingly knowledge-based societies and economies, data are a key resource. Enhanced access to publicly funded data enables research and innovation, and has far-reaching effects on resource efficiency, productivity and competitiveness, creating benefits for society at large. Yet these benefits must also be balanced against associated risks to privacy, intellectual property, national security and the public interest. This report presents current policy practice to promote access to publicly funded data for science, technology and innovation, as well as policy challenges for the future. It examines national policies and international initiatives, and identifies seven issues that require policy attention….”
Universities ignore growing concern over Sci-Hub cyber risk
“According to The Washington Post, Elbakyan, nicknamed the Robin Hood of science, is currently under investigation by the U.S. Department of Justice for suspected criminal acts and espionage.
Elbakyan denies any wrongdoing, but scholarly publishers such as Elsevier have used news of her investigation to call on academic institutions to block access to Sci-Hub — not because the site is illegal, but because it poses a security threat. Several large publishers, including Elsevier, have successfully sued Sci-Hub for mass copyright infringement in recent years. The Sci-Hub repository contains more than 80 million research articles, including a large proportion of Elsevier’s catalog….
PSI, a company based in Britain that offers tools and services to protect scholarly copyright, maintains a list of web addresses associated with Sci-Hub, which institutions can download and use to block access to the site on campus.
Andrew Pitts, CEO and co-founder of PSI, said that so far, few U.S. institutions have downloaded the block list. Pitts, who has been writing about Sci-Hub’s links to Russian military intelligence for several years, said he struggled to understand why universities are not taking more immediate steps to protect their networks. “This is a matter of urgency,” he said….”
Universities ignore growing concern over Sci-Hub cyber risk
“According to The Washington Post, Elbakyan, nicknamed the Robin Hood of science, is currently under investigation by the U.S. Department of Justice for suspected criminal acts and espionage.
Elbakyan denies any wrongdoing, but scholarly publishers such as Elsevier have used news of her investigation to call on academic institutions to block access to Sci-Hub — not because the site is illegal, but because it poses a security threat. Several large publishers, including Elsevier, have successfully sued Sci-Hub for mass copyright infringement in recent years. The Sci-Hub repository contains more than 80 million research articles, including a large proportion of Elsevier’s catalog….
PSI, a company based in Britain that offers tools and services to protect scholarly copyright, maintains a list of web addresses associated with Sci-Hub, which institutions can download and use to block access to the site on campus.
Andrew Pitts, CEO and co-founder of PSI, said that so far, few U.S. institutions have downloaded the block list. Pitts, who has been writing about Sci-Hub’s links to Russian military intelligence for several years, said he struggled to understand why universities are not taking more immediate steps to protect their networks. “This is a matter of urgency,” he said….”
NSF releases JASON report on research security | NSF – National Science Foundation
“As part of its ongoing effort to keep international research collaboration both open and secure, the National Science Foundation (NSF) today released a report by the independent science advisory group JASON titled “Fundamental Research Security.”
NSF commissioned the report to enhance the agency’s understanding of the threats to basic research posed by foreign governments that have taken actions that violate the principles of scientific ethics and research integrity. With the official receipt of the report, NSF will now begin the process of analyzing its findings and recommendations….
“We expect that a reinvigorated commitment to U.S. standards of research integrity and the tradition of open science by all stakeholders will drive continued preeminence of the U.S. in science, engineering, and technology by attracting and retaining the world’s best talent,” the report says.”
NSF releases JASON report on research security | NSF – National Science Foundation
“As part of its ongoing effort to keep international research collaboration both open and secure, the National Science Foundation (NSF) today released a report by the independent science advisory group JASON titled “Fundamental Research Security.”
NSF commissioned the report to enhance the agency’s understanding of the threats to basic research posed by foreign governments that have taken actions that violate the principles of scientific ethics and research integrity. With the official receipt of the report, NSF will now begin the process of analyzing its findings and recommendations….
“We expect that a reinvigorated commitment to U.S. standards of research integrity and the tradition of open science by all stakeholders will drive continued preeminence of the U.S. in science, engineering, and technology by attracting and retaining the world’s best talent,” the report says.”
Congress votes to make open government data the default in the United States | E Pluribus Unum
“On December 21, 2018, the United States House of Representatives voted to enact H.R. 4174, the Foundations for Evidence-Based Policymaking Act of 2017, in a historic win for open government in the United States of America.
The Open, Public, Electronic, and Necessary Government Data Act (AKA the OPEN Government Data Act) is about to become law as a result. This codifies two canonical principles for democracy in the 21st century:
- public information should be open by default to the public in a machine-readable format, where such publication doesn’t harm privacy or security
- federal agencies should use evidence when they make public policy….”
Academic Paywalls Harm National Security – Defense One
“If Harvard University cannot afford access, then it is certainly too pricy for defense consultants, businesses (especially small ones), and think tanks. A previous employer of mine, a consultancy that supports senior national security leaders, gave up its academic journal subscriptions in the wake of price hikes. Some military research centers simply make do with minimal access. The high cost of academic articles has even dissuaded defense companies, from time to time, from turning concepts into reality.
But perhaps you doubt that scholarly journals offer extensive benefits to national security. To illustrate these benefits, I will focus on three: informing policy, skill and capability building, and technological insight….”
China is restricting the export of science
“From Yojana Sharma in University World News (July 20, 2018): ‘China’s new regulations restricting the ‘export’ of scientific data collected within the country and asserting that any research for publication in international journals must first be approved by a new, yet to be set up authority, are causing uncertainty and concern for many researchers who are working in collaboration with China.’ …
But before Americans pile on, as if this kind of blunder could never occur in a country with a constitutional right to freedom of the press, recall a similar move by the George W. Bush administration during the height of paranoia after the 9/11 attacks….”
An open data law for climate resilience and disaster risk reduction | PreventionWeb.net
“This document aims to clarify the key elements of open data and to serve as a proposal to institute and strictly implement a policy for climate change and disaster risk reduction-related data and information based on its articulated and internationally accepted definition in the Philippines. The document describes the different considerations for the Philippines in its decision to fully adopt, support and promote a policy for open data for DRR. Defining the standards in an open data law will mandate compliance to the key elements of open data, which include: availability in digital format of data, downloadable via the internet in bulk for ease of use; amenability to intermixing with other datasets through an interoperable format structure and machine-readability of digital files; freedom to use, reuse and redistribute, even on commercial basis; and a ‘no conditions’ rule on the use of open data, except for appropriate citation for due credit.”
Unlock public access to research on software safety through DMCA and CFAA reform | We the People: Your Voice in Our Government
“Software now runs consumer products and critical systems that we trust with our safety and security. For example, cars, medical devices, voting machines, power grids, weapons systems, and stock markets all rely on code. While responsible companies cooperate with the technical community and the public to improve the safety of code, others do not. They instead try to prevent researchers and others from sharing safety research, threatening criminal and civil actions under the Digital Millennium Copyright Act and the Computer Fraud and Abuse Act. Chilling research puts us all at risk. Protect the public from unsafe code and help us to protect ourselves. Reform the DMCA and CFAA to unlock and encourage research about potentially dangerous safety and security weaknesses in software….”
The importance of open data and software: Is energy research lagging behind? – ScienceDirect
Abstract: Energy policy often builds on insights gained from quantitative energy models and their underlying data. As climate change mitigation and economic concerns drive a sustained transformation of the energy sector, transparent and well-founded analyses are more important than ever. We assert that models and their associated data must be openly available to facilitate higher quality science, greater productivity through less duplicated effort, and a more effective science-policy boundary. There are also valid reasons why data and code are not open: ethical and security concerns, unwanted exposure, additional workload, and institutional or personal inertia. Overall, energy policy research ostensibly lags behind other fields in promoting more open and reproducible science. We take stock of the status quo and propose actionable steps forward for the energy research community to ensure that it can better engage with decision-makers and continues to deliver robust policy advice in a transparent and reproducible way.
‘The badge of the outsider’: open access and closed boundaries – discontents
“I mentioned that ASIO [Australian Security Intelligence Organisation] files go through an process known as ‘access examination’ before they’re released to the public. This is the case for all records more than twenty years old, not just the super secret ones. The vast majority of files are simply opened without restriction. Some, including most of the ASIO files, are opened ‘with exceptions’ — pages can be withheld, and text redacted. A few are withheld from the public completely. They have entries in RecordSearch, but you can’t see them — their access status is officially ‘closed’.
But because the metadata about access decisions is available online, we can start to build a picture of what we’re not allowed to see….”