First, we need to remember that privacy is a legal requirement for libraries for which, in the US at least, all 50 states and the District of Columbia have in place, thus it isn't something that can simply be lessened. It is not the right of the publisher to know the identity of the users, but it is the right of the user to be anonymous and their discovery and access be private. And it is the legal requirement of the library to ensure this.
Secondly, the onus is on the publisher to provide evidence of breach or misuse so that the IdP can properly address it and take action. I do not miss the days of managing an EZProxy server which was shut down by a publisher without notice and would only find out after contacting the publisher myself. Fortunately, Identity Management teams are actively looking for compromised accounts so they usually find it before the publishers see any conspicuous. I get this varies widely based on the institutional size and staffing.
Tim
Tim McGeary
Associate University Librarian for Digital Strategies and Technology
Duke University Libraries
919-660-5802
tim.mcgeary@duke.edumailto:tim.mcgeary@duke.edu
Google/Skype/Twitter: timmcgeary
The Duke University Libraries value diversity of thought, perspective, experience, and background and are actively committed to a culture of inclusion and respect.
________________________________ From: FIM4L fim4l-bounces@lists.daasi.de on behalf of Peter Schober peter.schober@univie.ac.at Sent: Monday, April 6, 2020 5:47 AM To: fim4l@lists.daasi.de fim4l@lists.daasi.de Subject: Re: [Fim4l] update on FIM4L
* Jos Westerbeke jos.westerbeke@eur.nl [2020-04-06 10:33]:
If publishers block an entire institution in case of misconduct when a library has chosen for 4.A, how should libraries respond? Should we recommend a pseudonymous identifier? Or is there a way to urge publishers not to block an institution? What are your thoughts on that?
I suppose the same thing would happen that happens today with IP-based access and the institutional proxy or VPN server would run risk of being blocked. I don't know whether such wholesale shutting down of institutions' access happens systematically in practice and in what cases.
Sure, stopping misuse from selected few (mostly from hacked/phished accounts) is important. Whether it is sufficiently important to preemptively lessen the privacy of all subjects and expose them to (the possibility of) detailed behavioural tracking is an open question to me.
(To the extent that whole institutions/libraroes are systematically and regularly blocked wholesale it's of course desirable for those institutions/libraries to prevent such blocking. Therefore they may be susceptible to "blackmail" from publishers to deploy trackable identifiers for all their subjects, to achieve some "business continuity" in the face of publishers otherwise shutting down whole institutions/libraries to stop misuse from individual accounts from those institutions/libraries.)
-peter _______________________________________________ FIM4L mailing list FIM4L@lists.daasi.de https://urldefense.com/v3/__http://lists.daasi.de/listinfo/fim4l__;!!OToaGQ!...