given at the Joint American Research Librarians/Association of American University Presses Conference, "Gateways, Gatekeepers, and Roles in the Information Omniverse," November, 1993
The title listed in the program is "Security, Authoritative Versions, Privacy," a title imprecise enough to give me a lot of leeway, leeway I intend to take. The array of concerns slowing down publishers are as interconnected as a hypertext web, and I want to address them in the best way I know how.
The networked environment's strength is the interconnectivity between people, ideas, and resources. It encourages curiosity and communication and holds the potential to create the ultimate educational environment: a resource limited only by users' creativity and curiosity. The unidirectional character of broadcast media, on the other hand, encourages passivity, receptivity, and inaction. The mass media of radio, television, newspapers, magazines are primarily enticements to bring receptive consumers to the advertisers.
There are signs that the online world could be molded in the image of the mass media as just another means of broadcasting have been. On the other hand, it may be that the intrinsic structure of interconnectedness is so fundamentally different from broadcast that such a development would prove impossible. I hope so. But when I see where the big money is going now that the major commercial corporations have cast their acquisitive gaze on networked interactivity such as entertainment, role-playing games, online shopping, infotainment, I worry. The huge consortia are building systems not to enrich people's minds, but to enrich themselves by connecting to consumers. They do not aim to reach citizens, nor students, not even users, but consumers.
I have four children. What I want for them is what I use as my touchstone in developing structures for the University of Nebraska Press's eventual online publishing endeavor. I do not want my children to spend their time in a hyper-Nintendo environment. I do not want a medium that distracts them, that teaches them how to be better passive recipients or how to become better consumers. Instead, I want an environment that encourages active investigation, directs learning in an engaged pursuit of education, makes better students and better citizens.
The network, with the rich variety of material that is currently "owned" by the non-profit sectors, could create such an environment, and in so doing it could promote a nation of knowledge-seekers who actively graze to learn more about whatever piques their curiosity. I am to talk about security, authentication, authoritative versions, and the fears surrounding intellectual property, and oddly enough, I am. Possibly, many of you were expecting, even hoping, that I would put your minds at rest and say that there's an answer to that biggest problem for publishers on the net: securing our property. It is not quite that easy. There is a variety of solutions, some in process, some available now. Many of the systems will be put in place by the non-profit sector. But they are nearly all flawed.
Let me emphasize that copyright matters. Intellectual property matters. And we must, absolutely must, be able to sell intellectual content on the network if we want high-quality, interconnected, deeply enriched intellectual content to be available to everyone. However, the nature of our own special societal role provides the non-profit community with a mandate to re-conceptualize an approach to intellectual property, at least when it comes to its dissemination. The question of property protection as it is currently being addressed -- the notion of protecting every bit of it and possibly being able to generate revenue from every word of it -- is founded on an old premise made invalid by technology.
High-intensity security may be a moot point. To clarify, let me outline a few of the security systems that are currently being developed to provide a sense of them. On-the-fly public-key encryption/decryption, for example, is being tinkered with. The sending machine encrypts data in a specific manner so that only the appropriately enabled recipient can decrypt it and read it. That minimizes some of the dangers of information "leaks," but once in a user's machine or screen, the document is unencrypted and no longer secure. There are also client-server structures that gauge use, count "printings," and limit access according to what the client (the user's machine) has been told. Another sort of control, header-based security, embodies identifiers and encryption in the first string of characters, reasonably untouchable, which identify the data as being intellectual property.
Among my personal favorites, still in the development phase, is an "Internet billing server," a central Internet site logged onto by the user. It keeps track of what for-pay network resources have been paid for and what for-free resources are available, and it allows access to them by the user. Rental structures, outright ownership, subscription systems, and the like are all recorded on the billing server; payments are made to the billing server, and access is made through the billing server. The operator of the server retains some small sum of all transactions in exchange for performing the protection tasks and the financial transaction tasks. Thus a user could "own" information on twenty separate sites, subscribe to databases at twenty others, and rent time on a few others on occasion, and only have to hook up to a single system to access them all. In theory, the server could handle the decryption, encryption, password and other security systems, allowing a simple one-stop service for the user.
A great deal of energy and investment is being made in addressing these questions because so many businesses are dependent on information ownership. The Clipper Chip, for example, is an encryption/decryption standard with Presidential approval. It has a built-in back door for the National Security Agency and the FBI. The ethical and political concerns do not matter. The chip's existence is merely another signal that security systems are coming about.
The commercial sector will resolve some of these problems for some of their products and even for some of our academic products. Most of the work that I am familiar with attempts to design complete-protection schemes, which, while useful for banking, video-on-demand rental, or digital music sales, are not necessarily the optimal scheme for the non-profit sector. So far, there are drawbacks and holes in every approach for securing digital content units, whether movies, pictures, books, or sound recordings. Intellectual property can be utterly secure, if one is willing to use security structures that are expensive (such as the Clipper Chip, special software, and special hardware), limiting (only those with the right client, right software, and right equipment), or difficult (multiple keys, multiple decryption systems, etc.). The larger the hassle or the larger the expense, the better the protection. But I ask you: do we want to make it a big hassle for our customers to reach us and our information? Do we really want to suggest that educational information is a commodity to be consumed and jealously protected by its owners?
Nonprofit publishers, nonprofit organizations, libraries, schools, and the like are fundamentally different from commercial publishers and vendors. As we develop our approach, we must address that difference into the choices we make about authentication, intellectual property security, and publishing in general. I am far from sure that I want to encourage the view that all knowledge be property, that permissions must be acquired or and large sums of money paid before readers may enter the hallowed bit havens of the libraries, universities, and schools.
Imagine that someone invents a magic box that costs fifty dollars. It allows the user to drop in a book and in five minutes to obtain an digital copy of that book. Perhaps it uses a combination of lasers, x-rays, and microwaves to interpret the refraction at different depths to read each page individually, front and back. The technology doesn't matter, since this is merely used as an example. It's the ultimate Xerox machine.
What would publishers' reaction be? To try to encrypt our texts? To print all our books in red ink or deep-brown paper to fool the boxes? To try to enact laws to preclude the manufacture of the box? To force libraries to search patrons? To require the manufacturers of the box to have a microwave transmitter that sends a fingerprint, Visa number, and other records to the ISBN holder of any book copied?
These are analogs to the approaches being used in digital security schemes, and I do not believe university presses would be willing to do very many of these. I hope we would instead try to rethink the process of publishing, rethink the context of our products and services, and remodel our acquisition and transmission processes, so that we could continue to serve our readers, while we continue to survive.
One of the fundamental flaws in the design of most of the digital security systems is that they are based on an old structure: the unit. A book is a unit. A CD-ROM is a unit. Publishing's entire structural underpinning is based on the sale of units. As publishers, we assume that a book is intact, isolated, and transportable, to be sold once to a reader, or to a library to loan to readers. We gamble on the number of copies to print, knowing that the more we print, the cheaper the unit costs, and the cheaper the final product.
Though we are nonprofit publishers, we do think as businesses. Few of us completely like this reality, because not many of us are in it primarily for the money. If we were, we'd all be working in copyright law right now. In order to do our jobs and survive, however, we do think in business terms, and our business has been units. Units, however, are not the strength of a networked environment. Of course I can send a picture over the Web, but so what? I can get Moby Dick from the Gutenberg Project, too. Or the "I Have a Dream" speech from any number of sources.
The model that most electronic publishing plans, security schemes, and authentication systems are operating under is a replication of the unit-based model, in spite of the nature of the new medium. The model we are quickly approaching, however, is one of interconnected resources; one where context is the value being published. Some of the things possible only in a networked environment, such as cross-textual searches, hyperlinks between documents, and pathway authoring, run counter to the unitary framework. Context is as much a value as content is. Moby Dick is more interesting and valuable if critical apparatus is available from people who have deeply studied the novel. "I Have a Dream" is more interesting and valuable if contextualizing historical material (photographs, news blips, analysis, and sound) is also available, especially for the young.
Intellectual property is less valuable in isolation. To some extent, hypertextual resources, collections of related documents, are their own security. A page is less valuable than a chapter, a chapter less valuable than a book, a book less valuable than a book with notes and pictures, a complete book less valuable than a book in its intellectual, hypertextually linked context. Instead of securing the unit, it might be possible to use context as its security, making it more likely that users will be directed to a resource (if it is affordable). It is in the reader's interest to have access to the document and all the links and context. Integrated resources and interwoven collections of units are their own best protection. Inexpensive access to those resources seals the matter. Nobody is going to steal a swimming pool, and why steal a gallon of chlorinated water? The value is in the resource, with its diving board, its showers, its lockers, its lifeguard.
I was recently invited to participate in a two-day meeting to help the Institute of Electrical and Electronics Engineers (IEEE) develop an electronic publishing strategy. The IEEE is a $92 million organization, of which $65 million the publications budget. The IEEE produces, distributes, or coordinates about 40% of the primary journals in the fields they represent. How they make the best use of the opportunities of the online information environment is a big question for them. How do they keep from jeopardizing the $65 million system? Many of the presentations at the meeting challenged the old ways of doing things. Clifford Lynch, from the University of California, phrased the issues succinctly. What is our role? Is it to make money, or to serve our constituents? It's not that simple, of course. We must earn revenue to serve our constituents. But he addressed that by stating that the question shouldn't be "How can we make money to survive?" but "How can we serve our constituents and survive?"
During my talk, I described a possibility that is relatively unique to the IEEE. Because the organization is scientific and technical in nature, their information (journals, proceedings, texts) is time-sensitive. The highest value resides in the text during the first year or so of publication. After that, it becomes more or less archival and possibly referenced more than read. By acknowledging this time-sensitive characteristic of IEEE publications, the organization can put differential pricing structures into place. Two-year-old publications could be provided as an online resource allowing broad-based, full-text searching, interconnections, and what I call "pathway authoring," meaning that teachers, scholars, and scientists could author pathways through selected texts. Topics such as applications of electromagnetism, comparisons of experimental method, and interdisciplinary overviews could be available, all with a variety of age-appropriate explanations.
That is the sort of resource I want my children to have access to. My son plans to open "Thor Jensen's Hardware Store and Invention Lab" when he grows up. Instead of asking for a story at bedtime, he asks questions about the way things work. I want this child to have access to many information resources and would be thrilled to pay for a Junior IEEE membership so that he could follow his nose and follow other people's noses. Such access would dramatically improve the chances that he could become a remarkable engineer, or scientist when he grows up.
In an airport recently, I overheard someone say "The question now is not getting content, but figuring out all the ways the same content can be repackaged." The IEEE, in the above model, would be repackaging older, less "valuable" information -- that is, less valuable for their primary market -- in a way that can make it very important to a new audience. The need for heavy-duty protection isn't as prominent there because there would be very little value in any individual paper, essay, speech, or research report. The value is in being able to do cross- and inter-textual searches, follow hyperlinks and pathways, and display related but not textually included graphics. A simple login name and password would be enough protection for this sort of resource. Whole-scale theft isn't a worry since to resell this information one would have to advertise, and a thief doesn't advertise his theft.
Finally, this approach provides authoritative versions of all these documents, which is the ultimate security. By providing a resource to which dependable reference can be made, the IEEE decreases the likelihood of corrupt versions floating about the net, as long as the access cost is reasonable.
Toward the end of the meeting, an engineer stood up and said, "I was doing some back-of-the-envelope figuring here. We have over 300,000 members in the IEEE. We have a publishing budget of sixty-some million dollars. We sell journals to libraries, to non-members. With those kinds of numbers, we could provide quarterly CD-ROMs of every single publication we generate to our members for well under $200 a year. That would certainly be a service to our readers." Certainly such a capability would be a service to their readers. Indeed, it would be a service to the nation, if not the world, in making accessible a vast array of high-quality information available at a low cost. And it would allow the IEEE to continue doing what they do while providing continued financial support.
Which brings us back to the question of what it is we are doing -- what our role is, and what that implies about how we should be rethinking the way we address ownership, intellectual property, security, and authorization. If we are a business first, and each unit is to be protected from any possibility of illicit copying, then we will continue to try to do the equivalent of printing in red ink to foil that ultimate Xerox. If our job is to maximize profit at every step of the way, we are commercializing knowledge in tremendously unpleasant ways, which will be very costly in the long term to the development of our society.
If, however, we acknowledge our work as a service, then our job is to provide the best information in the most integrated fashion possible to the most people at the lowest possible cost. From a service perspective, it is not part of our charter to make it really difficult to get at our information; high-tech and high-cost and high-hassle intellectual property protection is antithetical to our mission.
There is a battle going on that is very important. The battle is for control of the uses of the network. It is between encouraging passivity and intellectual sloth, and encouraging creativity and intellectual aerobics. It is between the broadcast mode of the mass media, and the interactive mode used by the best teachers. I hold that we are educators first and foremost. If we allow the Barry Dillers of the world to define the structure of the battle, we will lose. If we try to publish and protect our data in the old way, in the unitary framework, then we will end up losing to the Sega/Nintendo/online shopping networks. Some of us will continue to profit, but the opportunity to create a culture of lifelong learners will have been lost.
Nonprofit publishers, in coalition with libraries, universities, and schools, have a responsibility to work together to develop dissemination, cost-recovery and authentication systems that are combined with reasonable security systems. We must maintain the individual qualities, such as high-quality selection, editing, text-specific design, marketing, and cost-recovery mechanisms that publishers provide while also allowing rich full-text access to non-enriched data. By developing coordinated SGML and hypertextually encoded resource bases, by developing subscription and site-license structures, and by developing hypertextual authoring systems within that environment, we can create a high-quality arena where knowledge acquisition is fun.
No single nonprofit publisher's list, regardless of size, will be enough. I need my texts to be able to quickly, easily, and inexpensively hook into the University of California's, Oxford's, Utah's, and New Mexico's material. And the Library of Congress, the Oregon State Historical Society, and the archives at the University of Mississippi. What I am recommending is that the nonprofit sector begin serious discussions of fee structures, licensing models, and resource-access pricing models -- Not price controls, but models of for-fee interconnectivity within and between our resources. By working as a directed consortia, we can create a bastion of quality -- peer-reviewed, intellectually rich quality information that will be used by educators, schoolchildren, university students, scholars, and parents. We can craft cost-recovery systems, through a combination of multiple "repackagings" for different audiences, repackagings that benefit libraries, publishers, universities, scholarly communities, K-12 schools, the average reader, and the information-seekers of the world.
Many people are working on developing such a system, the University of Nebraska included, but we are all working somewhat piecemeal. Without a more concerted, consortial effort, we will look shabby compared to the profiteers. We do not need to concern ourselves about bandwidth. It will be there. Connectivity will be there. Access will be there. In fact, most of those things are here now, for a good part of our audience. High-resolution, low-power, low-cost flat screen displays will be there. Reasonable security, as I hope I have shown, is solvable structurally. Authorization is intrinsic to "official site" models. The real roadblock right now is structural: we don't have models for licensing and pricing resources in opposition to units; or models for pricing and licensing interconnections between resources. We must consciously develop new models as quickly as we can.
University presses, society publishers, libraries, museums, societies, and other educational organizations must communicate their mutual needs and desires. Such nonprofit institutions have to rethink their real role in publishing and to find mechanisms for cooperation. These ARL/AAUP meetings have been instrumental in making the connections between publishers and libraries more explicit. I want to see much, much more.
We have a responsibility to counter the commercialization of networked inter- connectivity and to counter the trend toward passive participation in education. By focusing on our primary goal of service to our community, we can restructure ourselves, and become a powerful, influential force in the lives of everyone.
Back to Michael Jensen's home page