CNI takes a broad view of security, integrity, privacy and access management issues as they relate to the management of licensed resources and the stewardship and preservation of digital content. New technological capabilities (notably the ability for users to amass and maintain massive personal digital libraries which include large amounts of copyrighted material drawn from licensed databases or large collections of digital books on proprietary reading platforms) continue to raise complex questions with both technological and policy dimensions. CNI believes that we must continue to explore new behaviors and practices such as the building of workgroup or personal collections combining public and private materials, or large scale text or data mining that spans published literature and databases and unreleased research results, or the emerging commerce in information about reader behaviors in various contexts.
In March 2015 CNI convened a one-day workshop that focused on a high-level re-assessment of technology to support privacy for users of networked information services, and also of technology that can help to make the evolving networked information infrastructure more robust and secure. Several clear groups of issues came out of the workshop and subsequent conversations throughout the broader community. One stems from the principle that users should have a reasonable expectation of privacy in their use of networked information resources, and should expect to be informed in situations where this expectation of privacy does not hold. We are pursuing this on many levels, ranging from technical (such as encouraging Web resources to migrate connections from HTTP to HTTPS) to contractual best practices in licensing resources. We expect to continue to pursue these issues in the coming program year.
We also conducted an Executive Roundtable at the spring 2015 meeting that explored privacy in an age of analytics. A specific area in which we continue to focus on is so-called “reading analytics,” including their interactions with learning analytics in e-textbooks.
Authentication and authorization are now established as essential infrastructure components for network-based services and have become a particularly critical need as institutions increasingly rely on site license agreements with information providers, implement online and distance education initiatives, and form consortia for resource sharing or educational initiatives. They are an essential underpinning for data sharing and data reuse. The Coalition has been supporting partners such as Internet2, EDUCAUSE, and InCommon in pursuing a program to define technology approaches, standards, best practices, and policy and business issues for such inter-organizational authentication and authorization infrastructures. Our March 2015 workshop highlighted the need for further work in extending these technologies so that they are easily used in systems deployed by researchers as well as institutional systems. In addition, it has become clear that actual information about the current state of access management for licensed resources is very fragmented and anecdotal, and we will seek to gather some systematic data here.