The Scholarly Networks Security Initiative

Academic Libraries, Cybersecurity, Library Vendors

While reading this article about a library-user-surveillance idea discussed on a recent publisher webinar, I found out about the “Scholarly Networks Security Initiative” or SNSI. SNSI is an entity introduced in February 2020 by Nick Fowler, the chief academic officer at publisher Elsevier, and Steven Inchcoombe, the chief publishing officer at publisher Springer Nature. SNSI was described by Fowler and Inchcoombe as “an initiative to solve the cyber challenges facing the scholarly communications industry.” It has been met with some skepticism from academics and data professionals.

After discovering SNSI, I thought I would familiarize myself and our blog readers with this entity by conducting a deep dive of its website. In this post, I will peruse SNSI’s website and discuss any thoughts that arise.

The home page for SNSI states that SNSI is an initiative to work together to combat the threat of cybercrime. The home page alleges that cybercrime is a threat to the scholarly ecosystem. It mentions that researchers need confidence in the research they are using. The home page has a News tab, an FAQ, and a Contact page. It includes prominent tabs “For IT Security Experts” and “For Librarians.”

According to the home page, the purpose of SNSI is to bring “together publishers and institutions to solve cyber-challenges threatening the integrity of the scientific records, scholarly systems and the safety of personal data.” Members include publishers, university presses, and learned societies. The home page includes a section about “Working Together.” It notes that that librarians and publishers have a “good record” and resolving “pain points” experienced by users. I assume that this paragraph is contemplating the relatively frictionless use of a tool like Google Scholar, as compared with the hassle that is using a library website to find an article hosted by one of the databases that the library pays for.

This raises an interesting question for me. I think there is tension between a goal of frictionless access and the reality that more consolidation and more power in the publishing industry does not generate advantages for anyone but the owners of the publishers. The most frictionless access of all would be if one entity had the rights to every paper ever published. I see a (possibly unresolvable) tension between ease of access and between supporting and favoring smaller publishers and information presenters. Instead of always preferring convenience and frictionless use, it makes sense to me to prepare users for a little bit of friction and to accept (celebrate?) the fact that information professionals exist to help us access the disparate bits of information that get created everywhere and all the time.

The website goes on to state that librarians, publishers, and all stakeholders “need to work together to achieve our shared mission – the safety and security of personal data.” This statement is almost laughably ironic. Both Elsevier and Springer Nature have had data breaches of their users information in the past. Additionally, Elsevier’s privacy policy includes a broad list of instances in which Elsevier will deliberately share a user’s personal information, including with sponsors, partners, and other entities that want to send users marketing material. Elsevier will also share users’ personal information to “detect, investigate and help prevent security, fraud or technical issues” and to “protect the rights, property or safety of Elsevier, [its] users, employees, or others.” Also, as briefly discussed in this New York Times article, publishers like Thomson Reuters and LexisNexis (which is part of the same company that Elsevier is part of) share their users’ data in murky ways with enforcement arms of the US government, including Immigration and Customs Enforcement.

After looking at the home page, I clicked on the For Librarians tab. The Librarians page notes that librarians are known to protect patron privacy and to seek out high quality information for patron use. There are some interesting word choices and phrases on the Librarians page. For one, the text states that publishers and librarians “benefit from working together to share intelligence.” I also find this ironic, seeing as how contracts with publishers for information access are notorious for being confusing and opaque. The Librarians page also clarifies that SNSI is focused on protecting “legitimate” access to scholarly content. I take this to mean that SNSI will protect publishers and their ability to put their content behind a paywall. I don’t think a paywall is necessarily a bad thing. Content creators should be able to live off of their content creation. Also, it shouldn’t necessarily fall on taxpayers to fund research. Someone has to pay for it, and sometimes it makes sense for the user to make that payment. However, there should be avenues for everyone, regardless of ability to pay, to access scholarly content.

The Librarians page concludes with a graphic showing an SNSI gear in the middle of 5 “topics:” Educate, Support, Join, Follow, and Spread the Word. I’ll note some interesting things from that graphic. In the Educate section, the graphic encourages people to read up on the topic at The Scholarly Kitchen, which is a .org and is not behind a paywall. Seemingly, SNSI wants people to be able to access information for free, unless it is information that their member publishers hold the rights to. Also in the Educate section, the graphic mentions a partnership with OCLC to block “illegal” access to licensed content. The Support section seems to be about publishers supporting libraries’ good-faith efforts and vice versa. In the Spread the Word section, the graphic mentioned how cyber security is tied to user privacy and that library systems routinely store tremendous amounts of user data. This is an accurate statement, especially in the academic library realm. However, my first thought is that instead of organizing and paying for cyber security, why couldn’t a library store less data? Is the data being stored truly necessary? Is it worth the trouble? Is it being used for control? These questions can help administrators determine if keeping data makes sense in context. Looking at the graphic as a whole, almost a quarter of the talking points in the graphic specifically mention Sci-Hub and how to neutralize it, including treating Sci-Hub “as a persistent threat to your institutional network security.”

I didn’t have a chance to document every aspect of SNSI’s website in this blog post, but what I did see is not necessarily promising. It seems like an effort to fix symptoms of a problem that only really exists for publishers. Additionally, these “symptoms” might be inevitable consequences of an open access world.