Week 12 Security and Economics

ARMS, chapter 7

This chapter looks at two related topics:

1.  Methods for controlling who has access to materials in digital libraries.

2.  Techniques of security in networked computing.

Access Management: The control of access to digital libraries. Some refer to "terms and conditions." In publishing, where the emphasis is usually on generating revenue, expression "rights management". Each phrase is synonymous.

Framework of access management:

• Information managers create policies for access. Access is expressed in terms of permitted operations.
• Policies relate users to digital material. Policies that the information managers establish must take into account relevant laws, and agreements made with others, such as licenses from copyright holders.
• Authorization specifies access. Users need to be authenticated and their role in accessing materials established. Digital material in the collections must be identified and its authenticity established.  Users request access to the collections, request passes through an access management process. Users are authenticated; authorization procedures grant / refuse them permission to carry out operation(s)

Authentication

• Authentication which establishes the identify of the individual user.
• The second is to determine what a user is authorized to do.
• Variety of techniques are used to authenticate users; some are simple but easy to circumvent, while others are more secure but complex.

Chapter looks at basic methods of security:

• Encryption is the name given to a group of techniques that are used to store and transmit private information, encoding it in a way that the information appears completely random until the procedure is reversed.
• Private key encryption is a family of methods in which the key used to encrypt the data and the key used to decrypt the data are the same, and must be kept secret. Private key encryption is also known as single key or secret key encryption
• Dual key encryption permits all information to be transmitted over a network, including the public keys, which can be transmitted completely openly. For this reason, it has the alternate name of public key encryption.
• Digital signatures are used to check that a computer file has not been altered. Digital signatures are based on the concept of a hash function. A hash is a mathematical function that can be applied to the bytes of a computer file to generate a fixed-length number.

Delay of public key encryption:

• Patents are part of the difficulty.
• Agencies such as the CIA claim that encryption technology is a vital military secret and that exporting it would jeopardize the security of the United States. Police forces claim that public safety depends upon their ability to intercept and read any messages on the networks, when authorized by an appropriate warrant. 

William Arms, “Implementing Policies for Access Management”, D-Lib     Magazine,1998. http://www.dlib.org/dlib/february98/arms/02arms.html. 

LESK, chapter 10 “economics” (available in CourseWeb)

ARMS, chapter 6, economics http://www.cs.cornell.edu/wya/DigLib/new/Chapter6.html

Laws and technical solutions must both provide help with d-library economic and legal issues and frameworks. Chapter discusses alot of the framework for these legal and ecomomic issues, but reserves aspecial area of concentration on copyright:

In US law, copyright applies to almost all literary works, including textual materials, photographs, computer programs, musical scores, videos and audio tapes. Major exception: materials created by government employees. Initially, the creator of a work or the employer of the creator owns the copyright. In general, this is considered to be intellectual property that can be bought and sold like any other property.

In France, the creator has personal rights ("moral rights") which can not be transferred. Historically, copyright has had a finite life, but Congress has regularly extended that period. The owner of the copyright has an exclusive right to make copies, to prepare derivative works, and to distribute the copies by selling them or in other ways. It also allows publishers to develop products without fear that their market will be destroyed by copies from other sources. 

2 important concepts in United States law are:

• First sale applies to a physical object, such as a book. The copyright owner can control the sale of a new book, and set the price, but once a customer buys a copy of the book, the customer has full ownership of that copy and can sell the copy or dispose of it in any way without needing permission.
• Fair use is a legal right in the United States law that allows certain uses of copyright information without permission of the copyright owner. Under fair use, reviewers or scholars have the right to quote short passages, and photocopies can be made of an article of part of a book for private study. 4 basic factors that are considered:

 

                  -the purpose and character of the use, including whether such use is of a                                       commercial nature or is for nonprofit educational purposes;

                        -the nature of the copyrighted work;

                        -the amount and substantiality of the portion used in relation to the copyrighted                              work as a whole.

                      -the effect of the use upon the potential market for or value of the copyrighted                                work.

The first sale doctrine and fair use do not transfer easily to digital libraries. While the first sale doctrine can be applied to physical media that store electronic materials, such as CD-ROMs, there is no parallel for information that is delivered over networks. This uncertainty was one of the reasons that led to a series of attempts to rewrite copyright law, both in the United States and internationally. Until 1998, the results were a stalemate, which was probably good. Existing legislation was adequate to permit the first phase of electronic publishing and digital libraries. The fundamental difficulty was to understand the underlying issues.