With digital information rapidly increasing in amount and availability, the information management community finds itself facing a wide-reaching and complex set of challenges. One of the primary challenges is how to manage access to information that is sensitive, proprietary, or protected by copyright. Addressing this question requires the attention of
- policy makers concerned with questions of privacy and protection of data,
- legal experts who draft contracts and licenses whose terms must be implemented through automated systems for authenticating users and authorizing access,
- technologists who design software for controlling electronic use and misuse, and
- publishers and librarians, who, as major providers of information, play a central role in striking a balance between protecting copyright and enabling access to the record of knowledge.
The workshop described in this report focused on the management of access to published information resources through research libraries. Topics discussed include privacy, protection of rights, authorization, and authentication. These are, in fact, important issues of concern to all citizens whenever access to information they seek is controlled automatically.
Among the groups seeking to meet the challenge of access management are the Digital Library Federation (DLF), which consists of major research libraries and archives in the United States, the Center for Research on Information Access (CRIA) at Columbia University, and the Information and Intelligent Systems Division of the Computers, Information Sciences and Engineering Directorate of the National Science Foundation (NSF). On April 6, 1998, they brought together expert practitioners and researchers from several disciplines at a workshop, held at the Brookings Institution in Washington, D.C., to explore some of the more pressing questions for research libraries, including:
How can members of a university that has subscribed to an electronic journal prove that they are authorized to access an article? How is a system to confirm that the staff member, professor, or student is not someone else? Are there ways to screen out impostors?
How finely can information providers discriminate among potential users when making their materials available? What criteria should universities and public libraries, among other organizations, use to determine who should have access to a database of published information, such as the online version of The New York Times? What options do public libraries have to be able to authorize the use of licensed materials to the general citizenry that they serve?
How can authors and other creators of information resources be protected from digital thievery? Is Garrison Keillor correct in predicting that authors on the information superhighway will become “the deer in the headlights” of a vast traffic they cannot control?1 What means do custodians have to ensure that the cultural record is accessible but that the proprietary rights of authors and creators are protected against widespread copying and redistribution?
Should digital data be fitted with a digital lock that can be opened only by users with matching keys? How does such a mechanism accord with constitutional and legislative mandates requiring that a balance be struck between the rights of authors and creators and citizens’ accessibility to the cultural record?
Such questions and the discussions they stimulated led participants to identify five key properties for the design and adoption of systems that enable access for users while respecting the rights and interests of authors and publishers.
- Simplicity. The less complex a system of access management, the more readily it can be adopted technologically and organizationally, and the more acceptable it is to all involved in its implementation.
- Privacy. Systems that manage access to the cultural record must protect the privacy of users from detailed tracking and disclosure of use. User privacy must not be compromised.
- Good faith. Agreements on access to scholarly information rely on trust among the parties involved. Users and providers would each prefer to depend, in an access management system that implements these agreements, on reasonable barriers against abuse rather than complex restrictions that inhibit use.
- Trusted intermediaries. Intermediaries play an essential role in providing access to the cultural record as parties trusted by both users and providers and as efficient aggregators of distribution and usage. System design must take the role of intermediaries into account.
- Reasonable terms. Access management systems and license agreements must recognize the distinction between access and use. Overly tight control of access to a resource may impose inappropriate constraints on its use, especially in teaching and research contexts. The most useful system will not limit access to specific user groups known in advance to be interested in a resource, but will be reasonably open to serving unlikely users whose curiosity and research interests may lead them in directions not predicted by those responsible for making the agreements or designing the systems.
Workshop participants also recommended research and project evaluation in two key areas: ,em>system usability and economic models. First, an effort must be made to understand the ways in which users interact with systems, their needs in relation to new information types, and the functionality of these types in the emerging digital environment. Second, new standards of measure must be found to assess the usage of digital resources and thereby to develop alternative pricing schemes and payment mechanisms. Although the conclusions reached at this workshop relate specifically to the problems of managing access to the cultural record in digital form for research and teaching purposes, they apply to other realms as well, including business, medicine, insurance, credit card transactions, and logfiles from Web browsers, all of which involve more sensitive information. Enabling appropriate access to digital information depends on the efforts and talents of many stakeholders: information specialists, librarians, publishers, computer scientists, lawyers, scientists, and policymakers, and the general citizenry.
On April 6, 1998, the Digital Library Federation (DLF) and the National Science Foundation (NSF) sponsored a one-day workshop on ways to improve systems of managing access to digital information. The workshop was an outgrowth of a two-day meeting sponsored by NSF in September 1996 exploring the technology of the terms and conditions for access.2 The consensus there was that input from a variety of user communities was required to develop formal mechanisms for implementing terms and conditions within digital libraries. This DLF-NSF workshop was convened to provide input from research libraries with a focus on requirements for access management systems that can be designed and deployed in today’s technical, legal, and economic environment.
Workshop conveners Judith Klavans, director of Columbia University’s Center for Research on Information Access, and Donald Waters, director of the Digital Library Federation, invited experts from the fields of computer science, library technology, publishing, information technology, and to exchange ideas on managing access law (see appendix A for workshop participants). Prior to the workshop, they gave the participants a list of suggested readings and asked them to consider two typical scenarios faced by research libraries (see appendix B for readings and figure 1 for scenarios). In the first scenario, libraries provide digital works to other academic institutions and the public; in the second, they license digital works from publishers or publishers’ agents. The conveners asked participants to discuss the scenarios from the perspective of both users and providers of information as a basis for developing requirements for access management systems.
The workshop’s objectives were
- to provide input to the development of the Coalition for Networked Information (CNI) White Paper on interorganizational access management,3
- to identify key research problems for programs such as the NSF’s Digital Libraries Initiative and Knowledge and Distributed Intelligence program, and
- to provide a springboard for implementation projects.
1 Garrison Keillor, remarks at a panel discussion, Session III, Conference on Intellectual Property Rights and the Arts: The Impact of New Technologies, sponsored by the New York International Festival of the Arts, December 13, 1994 (transcript on file with the Columbia Law Review).
2 James R. Davis and Judith L. Klavans, “Workshop Report: The Technology of Terms and Conditions,” D-Lib Magazine, June 1997. Available at http://www.dlib.org/dlib/june97/06davis.html.
3 Clifford Lynch (ed.), A White Paper on Authentication and Access Management Issues in Cross-Organizational Use of Networked Information Resources, Coalition for Networked Information, Spring 1998. Available at http://www.cni.org/projects/authentication/authentication-wp.html.