[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Requesting User Information and Policy Agreement Prior to Data Exports

To: <liblicense-l@lists.yale.edu>
Subject: RE: Requesting User Information and Policy Agreement Prior to Data Exports
From: "David Goodman" <David.Goodman@liu.edu>
Date: Thu, 11 Sep 2003 21:47:17 EDT
Reply-to: liblicense-l@lists.yale.edu
Sender: owner-liblicense-l@lists.yale.edu

The users of a library are entitled to complete anonymity in their use of
any source of information. In many cases this is a matter of state
law--both with respect to private and public institutions.

I personally have consistently refused to approve licenses that require
otherwise. Some of my colleagues have on very rare occasions for unique
sources of information been willing to acquire materials where the use
requires the user to state his identification. Even in those cases, this
requirement only incidentally occurs in the process of establishing a
connection. I have never seen it written in the contracts--if it were, I
find it difficult to imagine a university legal department that would
permit them.

I think those of my colleagues who have done so are categorically wrong.  
We as librarians are obliged to maintain our users' rights--if they
individually choose to waive them personally we can not stop them, but we
have no business in waiving them in advance on their behalf.

As an analogous situation, almost all university libraries now refuse to
handle government classified information, though they did in World War II
and for much of the Cold War. Indeed, most universities do not permit
classified research on campus. If such research is appropriate and
necessary, it must be conducted elsewhere, because such secrecy is not
compatible with academic freedom. Neither is the furnishing of user
information to outside commercial enterprises.

For what purpose do you require this information? If you wish to ensure
that the users are in fact members of the contracting institution, this
can be done in less obtrusive ways: the institution can maintain a secure
authentication server. (I note that for some public institutions this is
not possible, as in some jurisdictions all government-purchased
information must be available to all citizens who may wish to use the
library.)

So what will you do with the names and email addresses? All institutions
will provide for the necessary coooperation in investigating and halting
breaches of their contracts, and all standard contracts provide for this.
Those information services that attempt to gather personal identification
typically request information that can have no rational purpose except for
sales of the company's products; given that, I have little confidence in
promises of privacy.

I point out that it is no longer technically necessary for a user to
provide an email address for the export of data. If it cannot be
downloaded directly, it can be posted to a secure site, and retrieved with
a secure and anonymous password. The technology is widely used for such
purposes as document delivery.

Individual click-on licenses are acceptable, if you think they offer you
any particular protection (I cannot personally see what good they do, as
terms like those you suggest are basic to all databases). Naturally, you
must incorporate them in your own system; libraries have hundreds of
databases and it is generally impractical for them to incorporate these
provisions into their systems.  All libraries make a practice of
instructing patrons to respect intellectual property.

In these times, we all need to act together to increase user privacy for 
information systems, not compromise it further.

Dr. David Goodman
dgoodman@liu.edu

-----Original Message-----
From:	Patrick MacDougall [mailto:patrick_macdougall@yahoo.com]
Sent:	Wed 9/10/2003 6:37 PM
To:	liblicense-l@lists.yale.edu
Subject:  Requesting User Information and Policy Agreement Prior to Data 
Exports

Question regarding the request of user information and policy agreement
prior to data exports:

I work for a company that markets primarily to academic institutions. We
are developing a new online product and anticipate requiring users to
"accept" or "agree" to a clear statement whenever downloading or exporting
data from the database.  The institution will have agreed to some Terms of
Service when purchasing, of course, but we still want to communicate with
individual users that there are limits on what we want them to do with =
the data.

The question is: Does requiring users to enter names or affiliations in
order to download data present any kind of issues with privacy/freedom in
the academic or library environment?

We are thinking of including the following on at least the first version
of the data download screen:

- Asking users for name
- Asking them for affiliation
- Asking them for e-mail address (which they'll need to provide anyway 
  in order to export)
- Asking them to click "agree/accept" on some statement like "I agree 
  that these data are to be used for educational or personal use only, and 
  that these data cannot be resold or used for other commercial purposes, 
  posted on a subscription or free site, or forwarded beyond this initial 
  export."

Thank you in advance for your assistance.

Kind regards,
Patrick MacDougall

Prev by Date: Usage-based pricing, a view
Next by Date: Dave's version (RE: License problem with American GeophysicalUnion)
Previous by thread: Requesting User Information and Policy Agreement Prior to Data Exports
Next by thread: RE: Requesting User Information and Policy Agreement Prior to Data Exports
Index(es):
- Date
- Thread