Tag Archives: Higher Education

#dammitJANET – Distributed Denial of Service (DDoS) explained

Simon Barron (@SimonXIX) explains what DDoS is, how it is used and debunks some myths about it.

On 7 December 2015, the academic network provider, Janet, suffered a DDoS attack which partially brought the service down (Martin, 2015). Workers in Higher Education institutions across the UK (and organisations that have their internet access provided by server farms in HEIs) suddenly found their internet connections weren’t working probably while Jisc engineers scrambled to fend off the attack and restore service.

A DDoS (Distributed Denial of Service) attack is a means of bringing down a server (or a cluster of servers) by flooding it with requests. In normal communication on the web, a local computer (i.e. a Windows desktop PC) sends a request to a server (i.e. by pointing Firefox to e.g. http://theinformed.org.uk/) to serve up a webpage; the server then responds by sending the data (i.e. HTML and CSS files) that makes up the webpage. A DDoS attack sends thousands of requests to a server continually from multiple IP addresses such that the server cannot respond: either from using up all the server’s CPU processing power at once or by filling up the short-term RAM memory of the server causing it to crash.

DDoS (sans the word ‘attack’) can be a valid method of testing the integrity of a server. A developer setting up a web service can perform load testing by incrementally increasing the number of requests sent to a page until it falls down: this gives you the total number of users that should use the service at any one time. A tool like Bees with Machine Guns (https://github.com/newsapps/beeswithmachineguns) uses the power of the Amazon Web Service to perform stress testing.

However DDoS is more effectively lodged in the public consciousness as a weapon of hackers. DDoSing without the express consent of the owner of the server is illegal. DDoSers in the USA have been prosecuted under the Computer Fraud and Abuse Act (CFAA) (Coleman, 2014). This weaponised version of DDoS is usually done through botnets. “A botnet is essentially just a collection of computers connected to the Internet, allowing a single entity extra processing power or network connections toward the performance of various tasks including (but not limited to) DDoSing and spam bombing… Participants whose computers are tapped for membership in a botnet usually have no idea that their computer is being used for these purposes. Have you ever wondered why your computer worked so slowly, or strangely? Well, you might have unwittingly participated in a DDoS.” (Coleman, 2014) A computer can become part of a botnet by being infected with a piece of malware.

Another method is a more voluntary form of DDoS using the program Low Orbit Ion Cannon (LOIC), an open-source load testing tool (http://sourceforge.net/projects/loic/). Like its science-fiction namesake, LOIC is simply pointed at a target and then fired: the user enters the IP address of a server and then clicks the large button labelled “IMMA CHARGIN MAH LAZER”. When co-ordinated, a mass group use of LOIC can send thousands of requests at once. However the use of LOIC is not secure: assurances – from the Anonymous #command channel and journalists from sites like Gizmodo – that IP addresses of LOIC-attack participants can not be logged on a targeted server are wrong: “The DDoS’ed site can still monitor its traffic, culling and keeping IP addresses, which can be subsequently used to identify participants.” (Coleman, 2014)

A DDoS attack is fairly simple hacking: it does nothing more than disrupt a service in a way easy to recover from and temporarily take down a public face of a company.

(Monroe, 2011: image licensed as CC BY-NC 2.5)

The real issue is what hacking can be done under the cover of a DDoS attack. While server defences are weakened by devoting processing power to dealing with requests and while sysadmins are distracted fending off the attack, a hacker can covertly perform more malicious hacks like accessing data in a server’s database or changing passwords or planting code or simply ‘rm -rf /’-ing the whole server.

The impetus for this kind of malicious DDoS attack can be political or simply, in the words of hackers, “for the lulz” (Coleman, 2014). DDoS as a tactic for political activism has become associated with the trickster hacker collective, Anonymous, who have used it to take down the websites and servers of various companies or groups. Since DDoS can be used to crash a server, it has been used to take down websites from the Church of Scientology’s site to Sony’s Playstation Network to PayPal (Coleman, 2014).

The use of DDoS as a tool for political activism is hotly debated among hackers. Groups like the Pirate Party and AnonOps (operational planners of Anonymous) disagree about the ethics and efficacy of using DDoS (Coleman, 2014). On one hand are those who argue that DDoSing is nothing more than another “large-scale, rowdy, disruptive [tactic] to draw attention and demand change.” (Coleman, 2014): no different fundamentally from a sit-in protest, a direct action blockade, or an occupation of a physical space. The only differences are squatting on digital space rather than physical space and the increased numbers of participants that can be involved in a protest via DDoS. Anonymous also argue that the visibility of the action and its ability to get the mainstream media’s attention justifies its use to highlight political and social justice issues. In 2013, Anonymous posted a petition on whitehouse.gov asking that DDoS be recognised as a legal form of protesting, the same in kind as the Occupy protests (whitehouse.gov, 2013).

On the other hand, other hackers invoke principles of free speech and freedom of information to decry the use of DDoS. With an absolutist view of free speech, taking a website offline is depriving the company or group that owns the website from expressing their views (via the medium of webpages) and also depriving the public of information. Oxblood Ruffin of the Cult of the Dead Cow hacker collective reasons that “Anonymous is fighting for free speech on the Internet, but it’s hard to support that when you’re DoS-ing and not allowing people to talk. How is that consistent?” (Mills, 2012) When using a botnet, there are also ethical concerns in harnessing someone’s computer without their consent to participate in illegal activity.

On the other other hand, a “more dynamic view of free speech could take power relations into account. By enabling the underdog—the protester or infringed group—to speak as loudly as its more resourceful opponents (in this case, powerful corporations), we might understand a tactic like DDoS as a leveler: a free speech win.” (Coleman, 2014)

In a sample of a chat log from anIRC chatroom, #antiactaplanning (quoted in Coleman, 2014), Anonymous members debated the use of DDoS on a US Government website:

<golum>: Whatever, listen. I’ve heard all the arguments for NOT ddosing. But the truth is we need to wake them up.

[…]

<golum>: I understand that ddosing could potentially harm our cause.

<golum>: But I think the risk is worth it.

<fatalbert>: well i as for myself disagree therefore im not helping with ddos

<golum>: We need attention

<+void>: OMG ITS THE ANONYMOUS, THE ONLY THING THEY DO IS DDOS, OMGOMGOMOGMOMG LETS MAKE ACTA PASS ON POSITIVE

<golum>: No.

<golum>: matty—how did contacting the politicians go?

<BamBam>: Yeah I’ve always kinda hated ddos

<golum>: Look. i’ve heard the arguments I just wanted to say, we should do this.

It’s unclear why Janet, the network enabling internet access for UK HEIs, came under attack this week. At the same time, the Jisc website received a direct DDoS attack as well (Jisc, 2015). It’s worth noting that although internet access through Janet in the UK was disrupted, users were still able to access the wider web by routing their traffic outside of the UK network either through a VPN like Bitmask (https://bitmask.net/) or through the Tor Project’s Tor Browser (https://www.torproject.org/). Such tools are often mistakenly perceived as being used exclusively by hackers, those accessing the ‘Dark Web’, criminals, or terrorists. Following the November 2015 Paris attacks by Daesh, the French Government have openly discussed banning the use of Tor Browser in the same way as Iran or China (Griffin, 2015). In reality, online privacy tools have legitimate and valid uses for defense in computer security: whether against DDoSers or governments and corporations conducting mass digital surveillance.

Whether morally legitimate or not, DDoSing is an effective tactic for hackers and other political activist groups. The core strength of DDoS is that it exploits a weakness in the fundamental principle of the internet: computers using telecommunications networks to request data from one another.

 

References:

Coleman, G., 2014. Hacker, hoaxer, whistleblower, spy: the many faces of Anonymous. London: Verso.

Griffin, A., 2015. ‘France could ban public Wi-Fi and Tor anonymous browsing following Paris attacks’ in The Independent, 2015-12-07 http://www.independent.co.uk/news/world/europe/france-could-ban-public-wi-fi-and-tor-anonymous-browsing-after-paris-attacks-a6763001.html

Jisc, 2015. ‘DDoS attack disrupting Janet network’ on Jisc website, 2015-12-08 https://www.jisc.ac.uk/news/ddos-attack-disrupting-janet-network-08-dec-2015

Martin, A. J., 2015. ‘UK research network Janet under ongoing and persistent DDoS attack’ on The Register, 2015-12-07 http://www.theregister.co.uk/2015/12/07/janet_under_persistent_ddos_attack/

Mills, E., 2012. ‘Old-time hacktivists: Anonymous, you’ve crossed the line’ on CNET, 2012-03-30 http://www.cnet.com/news/old-time-hacktivists-anonymous-youve-crossed-the-line/

Monroe, R., 2011. ‘CIA’ on xkcd, 2011-08-01 https://xkcd.com/932/

whitehouse.gov, 2013. ‘Make, distributed denial-of-service (DDoS), a legal form of protesting.’ on petitions.whitehouse.gov, 2013-01-07 https://petitions.whitehouse.gov/petition/make-distributed-denial-service-ddos-legal-form-protesting

The problem with LIS education

Library and Information Studies (LIS) is a paradox: a vocational academic subject. People who study it plan to work as practitioners, but those who teach it need to be academics.

Studying librarianship as an academic discipline provides aspirant professionals with a reflective overview of the topic and a good understanding of principles that can be applied across varied situations. It should give graduates the ability to apply critical and analytical thinking to their daily work and make considered decisions as they increasingly take on responsibility. Highly practical skills tend to date quickly and are far better taught on the job than in an academic environment, so it is important that LIS courses provide a reflective and intellectual overview of issues in the profession. Moreover, academic research is a vital contributor to the health of the profession, telling us what is not immediately apparent about our information sources, workplaces and users and what we might expect from them in the future.

And yet it is also immensely important that LIS academics have a sound, practical understanding of the information workplace. How can someone teach the next generation of practitioners, when they have not themselves worked in a practitioner role for five years or more? How can they provide students with the preparation they need for their careers if it is not a career they themselves have undertaken?

This post is not intended to criticise LIS academics. I am a practitioner who worked for her PhD part-time while working full-time and who also teaches as a sessional lecturer on an accredited LIS course. I have nothing but respect for those many full-time academics that combine academic teaching and research with deep involvement in the working community, who find the time to speak at conferences and write articles and books which will have little or no impact on their record as an academic. My criticism is for a system which does not support the development in both directions.

I recently made an unsuccessful application for a full-time lecturer position. I met all the essential criteria, but not all that were desirable. Of course there might be many reasons for my not being shortlisted, not least the impressive pool of early career LIS academics whom I have met in my travels. The criteria I did not meet were around things like applying for grant funding and involvement with wider faculty activities, which is very difficult experience to acquire as a full-time practitioner. I can attest that academic achievement while working full time is extremely difficult. While I have been prepared to put time into writing and submitting articles for peer-review, I have not – as a full-time researcher might have – co-written articles with senior academics for high-impact journals. This is not to suggest that, as an academic, carrying out difficult research whilst in the middle of one’s PhD in order to be third-listed in the article credits is an easy option. But it is an almost essential step to academic achievement for an early careers researcher.

I do not blame selection committees for the decisions they make. LIS Department Heads rightly want to be recognised for their academic prestige in the Faculties of Arts, Social Sciences, Technology or Management in which they reside. The Deans of these Faculties need to demonstrate a high level of achievement at the Research Excellence Framework (REF) in research outputs and impacts. Of course they will assess candidates who demonstrate best how they will meet the not inconsiderable challenges facing UK Universities. And practitioner experience does not do this. Anecdotally, I have heard of department heads who have argued for the selection of practitioners with excellent professional records, and who had published in the information trade press, but have been unsuccessful because the candidates had not published sufficiently in high-impact academic journals.

Increasingly stringent demands are made on academics, not just to teach well and carry out research, but to raise funds, recruit students and undertake administrative work. Some have spoken out against what they see as a change in culture and, in particular, an attack on the humanities and social sciences (for example, Marina Warner in the LRB). This affects Library and Information Studies departments and there is evidence that information schools and courses are suffering under these changes. But I think they face further problems. There is no part of the measurement and reward system that compensates harried LIS academics for time and effort spent engaging with the profession. Combining an academic and a practitioner career is not just difficult, but is often perceived negatively by both employers and universities. And making the kind of mid-career move from practice to academia which characterised many of the great Information Studies teachers and researchers of the last fifty years is far, far harder than it once was.

The people who lose out in this situation are, I believe, the students. LIS students are unusual in that their career choice almost guarantees that they will never be high earners and yet they must get into considerable debt in order to acquire their qualification. It is a tribute to their commitment that so many of them are still prepared to undertake post-graduate study under the circumstances. Understandably, many complain about the quality of teaching and support and LIS academics themselves have demonstrated their concern that students are properly equipped for the workplace. My feeling is that if we ask students to acquire £9000 of debt to obtain a LIS MA or MSc, we should guarantee that they will be taught by those with a good understanding of the contemporary workplace. Although academics need to have excellent academic brains and to continue the valuable research the profession needs, a vocational degree requires up-to-date knowledge of the workplace. At present, students only receive this because of the unstinting commitment of certain academics to straddle the worlds of the academic and the practitioner. I don’t know how sustainable this is in the changing world of UK Universities. And that can only be bad for the standards of LIS courses and the students who take them.

Katharine Schopflin

MOOCs – a revolution in education?

Are MOOCs really opening up education to all? (Image c/o Md saad andalib on Flickr.)

The following post was contributed by Informed team members Jennie Findlay and Ian Clark.

There has been much coverage of the emergence of MOOCs (Multiple Open Online Courses) in recent months, sparking multiple discussions about their usefulness as a new learning experience for a wide variety of users.  Their popularity has continued to rise since the first MOOC was launched to the public in 2007, so much so that even high street retailers such as Marks & Spencer have joined in, using the MOOC platform in conjunction with an academic partner in order to deliver a course on “commercial innovation” (a growing trend as MOOC providers begin to focus on providing job-related training). Some MOOC providers are also now beginning to focus on providing “nanodegrees”, designed to focus on training individuals to get very specific jobs. Within a few short years, online searches for learning providers with a physical location have been outstripped by those for online courses.

Of course MOOCs can be excellent learning tools, but as with any other method of delivering information and education, they also have their limitations. Most (free) MOOCs have excellent signup rates, but also an incredibly small course completion rate (averaging only 4% in one study).Those people who are successfully participating in MOOCs are also those people who are most likely to already have an advanced level of education. But are current MOOC offerings just an academic toy for those who are already well educated, and are they bypassing those who are actually most in need of access to expert training and life-enhancing skills? What’s stopping those who could most benefit from gaining skills and education via a MOOC from embracing the opportunity of self education?

Access barriers to MOOC use

There are multiple reasons why those who would most benefit from being able to access the university level training provided by MOOCs are unable to do so.

Access to a reliable internet connection

Access to an internet connection is an essential requirement for involvement in a MOOC, which are, by definition, delivered entirely online. But for many of those people who would most benefit from such a course, those with lower skill and education levels for example, securing access to a reliable internet connection, at an appropriate time, can present a significant barrier to engagement. According to the Office for National Statistics’ Internet Access statistical bulletin, 16% of households in the UK do not have an internet connection. Of those households without internet access, 12% say they do not have access because the equipment is too expensive and 11% say the access costs are too high. Furthermore, in households where the income is below £12,500, only 58% use the internet (lower than middle income households in 2005). It is clear, therefore, that for lower income households, MOOCs do little to broaden access to education and break down existing barriers.

Ownership of a computer/laptop with which to undertake a MOOC

A core requirement of an interactive course is that you have access to the equipment which will enable you to interact with fellow students and your tutor. However, the cost of owning a computer to enable you to undertake the course can be prohibitive for many, which means that their only option to access the course is via their local public library, and the computers available there.

Accessibility of public libraries

To use a public computer for a course of study requires that there be reliable access to that computer for the user. With reduced opening hours in many public libraries, not to mention library closures, being able to find a library open during the times when a MOOC student can visit presents a further significant barrier.

Availability of public computers

Undertaking a course of study, particularly while also working or undertaking other full time duties, requires the ability to set aside specific times for studying which fit around the student’s schedule. A lack of reliable availability of a computer will have an impact on this essential requirement to plan times of study. Many public libraries have restrictions on the availability of their computers, including limiting user sessions to one or two hours at a time, restricting the daily amount of hours a user can have on a computer and, in some cases, charging users for access to the internet. This can make it impossible for MOOC students who rely on access to these computers to schedule their studying time properly.

Reliability and speed of library networks

If a user has managed to both to access a public library and secure a public computer, they may still encounter difficulties engaging with a MOOC. Ageing technology and limited bandwidth availability on library networks means that those that rely on publicly accessible computers may experience greater difficulties than those who do not.

Course online interaction requirements

Many MOOCs encourage or require scheduled interaction sessions with either other participants, or the tutor. These are often in Google Hangouts, or MOOC-based chat rooms. This requirement to be able to be online, and access certain tools, can be difficult to comply with, particularly if the student has problems guaranteeing their ability to be online at a specific time. Many of the internationally based MOOC providers schedule these events in the evenings or weekends, which are particularly difficult times for some students (eg those with families) to get online.

Amount of time needed to commit to completion

There is a need to dedicate substantial time to many of the courses available online. Most Coursera courses, for example, have an estimated workload of 5-15hrs per week. Regardless of the course’s flexibility in terms of deadlines, for some the amount of time required to complete the course is too much. For those on low incomes, the combination of balancing requirements of family and personal development means that the latter will always lose out to the former. In addition, missing one class of 3 hours in one week due to other responsibilities will mean that 6 hours are needed the following week in order to catch up. This becomes an increasingly difficult task if internet and computer access are not guaranteed.

Cost issues

Cost of undertaking some of the commercial MOOCs

The most useful MOOCs are those which provide accredited training, and which will therefore be accepted and respected by potential employers. Although many MOOCs are currently being run free of charge to participants, it does not mean that they will be provided in this way in perpetuity. Currently, the substantial costs of creating and hosting MOOCs are being absorbed by the providers or course creators, but it is unclear to what extent this is sustainable in the long term. Most MOOC providing bodies are commercial entities, and inevitably they will eventually want to create a return on their investment.

Increasing introduction of costs to use public library networks (first hour free or sliding scale of charges for use of equipment)

As mentioned above, certain libraries have begun introducing charges for the use of their computers, usually after an initial free session time. Manchester City Libraries allow free use of library computers for an hour, and after that hour, users are charged a fee of £1.50 per hour. Having to pay for the use of a public computer can be a significant barrier for lower income MOOC students. And this is before we consider the cost of printing out documents, which comes at a price in public libraries. Many MOOC students will need to print out a substantial volume of the course materials in order to consult them when offline, this could significantly increase the financial burden.

The MOOC effect…

Beyond costs and barriers, MOOCs do not seem to be the giant step forward for the open, broad-based education revolution its advocates claim. For example, 70% of those who embark on such a course already have a degree, they are not attracting a huge swathe of people beyond the usual groups who engage with higher education. Even then, it’s questionable whether MOOCs are working for the majority with completion rates usually below 10%.

There are also concerns about the quality of the education provided via MOOCs. As one leading digital innovator in academia, Professor Dan Cohen (who led the development of Zotero) argues:

“We’re trying to do much more than reproducing lectures and quizzes online; we are trying to use the medium to enable new kinds of interpretation and scholarly interaction. So MOOCs seem like a huge step backward.”

Cohen has also claimed that he and other innovators are concerned about what he calls the “lowest-common denominator/old-style learning by repetition aspect to them”. Cohen argues, essentially, that MOOCs take a rather old-fashioned approach to education and that instead of promoting MOOCs as an alternative we should develop digital projects that help students to explore and encourage them to build their own digital projects.

There is also the danger, of course, of a narrowing down of course providers. As is inevitable, providers will merge, take-over competitors or disappear (particularly as some struggle to generate a return on their investment). In such an environment, there is a very real danger of the range of providers declining and the quality of the courses suffering as a result. A move towards one leading player in the market could create serious problems from an educational perspective, particularly if that player has other commercial interests and sees MOOCs as a way to cross-promote. Equally, there is a danger of developing very narrow skills that will either benefit the provider itself or its partners, rather than a well-rounded education that encourages the kind of critical thinking skills that are not considered desirable or profitable within the workplace.

Cohen also points out that most of the successful MOOCs have been maths/computer based and primarily vocational. It may well be that MOOCs are a beneficial education tool, but it may not be across all subjects. Some may lend themselves to the learning styles that MOOCs demand whilst others may be less so. After all, everyone learns in a different way. Some prefer face-to-face tuition, some prefer textual learning, some are happy with videos. For those who perform best when receiving face-to-face interaction (whether that be with peers or teachers), MOOCs will not be a suitable alternative to traditional methods of learning. A mixed approach for such students, however, may be more suitable.  San Jose State University, for example, found that a combination of online lectures and face-to-face class time significantly improved the pass rate for engineers.

Conclusion

MOOCs have certainly got a lot of people talking excitedly about their potential to revolutionise education – again, something to support this might be helpful. However, it is not clear yet whether they offer any significant advantages over formal routes of education or that they are quite the revolution that its advocates suggest. There are still a number of barriers that need to be overcome before many can embark on a MOOC, in this respect they differ little from the more traditional method of learning. Higher education has long seen to be the preserve of the few, particularly the elite institutions. There’s little to suggest that MOOCs are any different in this regard.

Indeed, it appears that they erect the same barriers as their traditional counterpart. Cost is a big factor in preventing engagement, as is time. Neither are in abundance for those at the bottom of the economic scale. For those with limited resources (both financial and time), MOOCs may appear as distant as a top university. They are not, as yet at least, proving to be the big game-changer for further education that the advocates may have suggested.

Not only are MOOCs failing to open the doors of education to all, but they are also failing to be revolutionary in how they teach. Rather than taking full advantage of the technology that such a programme should allow, they take a rather conservative approach. As Cohen points out, many universities are already providing more sophisticated methods for engaging students digitally. MOOCs, at present at least, seem to be somewhat behind the curve when it comes to engaging with students in new and innovative ways.

MOOCs certainly appear to be here to stay, but are they really the big step-forward that we have been led to believe? There are still barriers to their use as with more traditional routes of education. They are not accessible for those without the means to engage with them, either financially or in terms of the time they can commit. They seem to offer nothing new in terms of digital learning, in fact they seem some way behind traditional universities in terms of innovation. MOOCs are certainly an interesting development in terms of the delivery of education. It remains to be seen whether they herald a revolution in terms of opening up education and with respect to fully exploiting new technologies in the learning environment. In short, the jury is still out.

The cost of subscription publishing

The following article was submitted by Stuart Lawson.

The high cost of subscription journals has been discussed endlessly among librarians and those advocating for open access. While it is common knowledge that the prices paid by libraries are higher than most can really afford, there is still surprisingly little data in the public domain about what the exact costs are. Partly this is just down to the fact that libraries haven’t traditionally published detailed breakdowns of their acquisitions expenditure, so there is no cultural norm of doing so.

Partly it is due to the contracts that libraries sign with publishers to gain access to their journals. Some of these contracts contain non-disclosure agreements which prevent librarians from publicly disclosing the prices or pricing calculations. However, while this practice does exist, it is less widespread than is sometimes assumed. In the UK the only publisher whose contract includes a non-disclosure agreement which it claims prevents signatories from releasing some data even when subject to freedom of information (FOI) requests is Elsevier. The legal position of Elsevier’s non-disclosure clause has not been tested in court and if there are any brave librarians out there who wish to pursue that route, it could be worth getting a legal opinion about whether it can be done.

Subscription costs for all other publishers can be gained by any member of the public by sending FOI requests to UK universities, either as an individual or through the website whatdotheyknow.com. So that’s what we’ve done. The subscription costs paid by around 100 institutions to six major publishers are now openly available on figshare. We will be sending carefully-worded FOI requests separately for Elsevier data to obtain as much as is legally possible at the moment.

Transparency in subscription data is particularly important right now because we are seeing increased transparency in the price of APCs, and if this is seen without the context of the costs of subscriptions it could be used to claim that open access is needlessly expensive (thanks to Ernesto Priego for pointing this out).

Huge thanks to Ben Meghreblian for doing most of the manual labour or sending out all the FOI requests and collating the responses. Not every UK higher education institution is included in this dataset, particularly some of those institutions which have merged in the last few years, but the majority are. The notable exception is the majority of the research-intensive Russell Group universities, which were excluded because I know that someone else sent similar requests earlier this year but have not published the results yet. Even though those Russell Group universities would tend to have much higher subscription expenditure, I think it is important to see how bearing the burden of the costs of academic publishing is not limited to the more wealthy institutions.

A few caveats about the data so far:

  • The requests asked for data in calendar years, and some institutions responded with data in academic financial years. In those cases the data has been put in the column for the latter year. For example, if a figure is given for 2012/13, it is placed in the 2013 column. The money may actually have been transferred during 2012, but it will be for subscriptions for 2013.
  • Some institutions have not included expenditure through subscription agents or other intermediaries, including big deals. Others have included these costs. This makes directly comparing institutions’ expenditure more tricky.
    We are still waiting for responses from some institutions. These figures will be added to the spreadsheet as they become available.

For further details of individual requests please follow the links given in the tabs in the spreadsheet.

UPDATE: Further data has been added to the dataset, which now includes expenditure on  Elsevier journals for some universities.

Should UK universities block access to parts of the web?

The following post was submitted by Daniel Payne.

Image c/o Gerardofegan on Flickr.

Either a subset of the internet – or no internet – is ever accessible to any individual. We are never using the Internet, if that even exists. This is due to a variety of positive and negative mechanisms which include the state, the law, the self, whether you actually have internet access at all, internet service providers, friends, teachers, financial situation, cultural reasons, and your mum.

It might come as a surprise to learn that universities and other higher education institutions throughout the UK choose to block categories of the internet beyond what is required of them by law, from sex and abortion, to naturism, online greeting cards, and marijuana. This is often referred to as “content-filtering” by the companies who perform the blocking, since this sounds less bad.

As information professionals working in the libraries of these institutions, should we care that we are working in an environment which automatically excludes whole categories of the internet? Why does a university pay money to do this, and who decides which categories to block and why?

There are of course parts of the internet which are blocked before the university steps in. The Internet Watch Foundation (IWF) maintains a constantly changing list called the Child Abuse Image Content list (CAIC). Companies which give us access to the internet subscribe to this list and block these parts of web. There are also websites blocked by order of a court. These are usually file sharing sites where major infringement of intellectual property occurs. Try accessing: http://www.thepiratebay.se.

In addition to that which is legally required, many universities license third-party content filtering software such as BrightCloud, Websense, Smoothwall, Bloxx, and Fortiguard [1]. In response to a request for a webpage, the software will either allow or block access depending on which categories the university has selected (and as is the case in some universities, the profile of the individual requesting it).

So what categories are universities choosing to block? Under the Freedom of Information Act, I contacted universities to find out whether any blocking on  their networks occurred, and if so, what categories they blocked. Where universities claimed an exemption to disclose a list of URLs due to perceived security implications, subsequent requests were made to ascertain the “categories” by which websites were blocked (i.e. pornography).

Here is the good news: of the 119 higher education institutions I received a response from, 63% confirmed they did not carry out internet blocking [2]. Indeed, some institutions such as Imperial College, pointed out that blocking parts of the internet would be against the principles of academic freedom.

Here is (some) of the bad news. A  full list of responses is available on figshare [3]:

  • 10% refused to confirm or deny that they did or didn’t block parts of the internet.
  • Trinity Laban Conservatoire of Music and Dance blocks the category “abortion” for junior users.
  • In addition to “adult”, Queen’s University Belfast also blocks “naturism”.
  • University of Aberdeen and Nottingham Trent University block “marijuana”.
  • There are a whole host of vague categories such as “questionable”, “tasteless”, “extreme politics”, “violence”, “unethical”, and “intolerance”.

Universities who carry out the category-based blocking described above are keen to point out that they have mechanisms in place where an individual can request that a block is lifted. However, this can often involve seeking permission from the head of department, or submitting an evidence form which justifies your need to access that material;  processes which will never be immediate and could be humiliating. Should an adult have to get permission to access porn? Are the number of adult individuals in UK universities getting off on porn on library computers in full view of everyone else endemic enough to warrant this?  What about a 15 year old looking up abortion?

The 10% which refused to provide any information at all generally did so by claiming an exemption under section 31(1)(a) of the Act, which permits public bodies to withhold information in the interests of the prevention and detection of crime. My only comment on this would be how surprising it is that 63% of universities didn’t think this.

Universities and these content-filtering companies cannot or will not release very detailed information on these categories, since doing so would provide  information for the individuals or organisations behind those URLs to attempt to circumvent their designated classification. We therefore don’t really know much about how companies decide which webpages are “unethical”, or “questionable”.

Universities and their libraries are about creating, disseminating, questioning, and archiving information. The biggest possible subset of the Internet out there in the wild should not be reduced any further by universities according to an arbitrary, “undesirable” set of categories, but offered alongside digital literacy skills which empower students to judge information for themselves, not make judgements on there behalf.

 

[1] Some universities freely volunteered the name of their content filtering software. Some, when requested, disclosed this information. Others specifically refused due to “commercial” interest reasons. The list of content-filtering companies here have all been mentioned by at least one university.

[2] Where a university responded by stating that it only blocked malware/spam sites, this was counted as a “no blocking” response.

[3]Payne, Daniel (2014): Categories of websites blocked by UK universities. figshare.
http://dx.doi.org/10.6084/m9.figshare.1106875 Retrieved 17:12, Jul 23, 2014 (GMT)

 

This post represents the opinions and thoughts of the author alone. Any information obtained is believed to be accurate. If you believe there are errors, please get in touch.

HEFCE’s new open-access policy for post-2014 outputs

The following post was published yesterday by Mike Taylor on his blog. It is reproduced here in full, courtesy of the CC BY license.

This morning sees the publication of the new Policy for open access in the post-2014 Research Excellence Framework from HEFCE, the Higher Education Funding Council for England. It sets out in details HEFCE’s requirement that papers must be open-access to be eligible for the next (post-2014) Research Excellence Framework (REF).

Here is the core of it, quoted direct from the Executive Summary:

The policy states that, to be eligible for submission to the post-2014 REF, authors’ final peer-reviewed manuscripts must have been deposited in an institutional or subject repository on acceptance for publication. Deposited material should be discoverable, and free to read and download, for anyone with an internet connection […]  The policy applies to research outputs accepted for publication after 1 April 2016, but we would strongly urge institutions to implement it now.

There are lots of ifs, buts and maybes, but overall this is excellent news, and solid confirmation that the UK really is committed to an open-access transition. Before we go into those caveats, let’s take a moment to applaud the real, significant progress that this policy represents. For the first time ever, universities’ funding levels, and so individual academics’ careers, will be directly tied to the openness of their output. Congratulations to HEFCE!

Also commendable: the actual policy document is very carefully written, and includes details such as “Outputs whose text is encoded only as a scanned image do not meet the requirement that the text be searchable electronically.” It’s evident that a lot of careful thought has gone into this.

Now for those caveats:

The policy will not apply to monographs, book chapters, other long-form publications, working papers, creative or practice-based research outputs, or data.

This is a shame, but understandable, especially in the case of books. I would have hoped that chapters within edited volumes would have been included. Butthe main document notes that “Where a higher education institution (HEI) can demonstrate that it has taken steps towards enabling open access for outputs outside the scope of this definition, credit will be given in the research environment component of the post-2014 REF.”

Next disappointment:

The policy allows repositories to respect embargo periods set by publications. Where a publication specifies an embargo period, authors can comply with the policy by making a ‘closed’ deposit on acceptance. Closed deposits must be discoverable to anyone with an Internet connection before the full text becomes available for read and download (which will occur after the embargo period has elapsed). Closed deposits will be admissible to the REF.

I would of course have wanted all embargo periods to be eliminated, or at the very least capped at six months as in the old, pre-watering-down, RCUK policy. But that was too much to hope for in the political environment that publishers have somehow managed to create.

More positively, it’s a good sop that deposit must be made on acceptance — not when the embargo expires, or even on publication, but on acceptance. These “closed deposits” are like a formal promise of openness, with an automated implementation. We don’t have good experimental data on this, but it seems likely that this approach will result in much better compliance rates than just telling authors “you have to come back six to 24 months after publication and make a deposit”.

Third disappointment:

There are a number of exceptions to the various requirements that will be automatically allowed by the policy. These exceptions cover circumstances where deposit was not possible, or where open access to deposited material could not be achieved within the policy requirements. These exceptions will allow institutions to achieve near-total compliance, but the post-2014 REF will also include a mechanism for considering any other exceptional cases where an output could not otherwise meet the requirements.

The exceptions encourage weasel-wordage, of course, and some of the specific exceptions listed in Appendix C are particularly weak: “Author was unable to secure the use of a repository”, “Publication is print-only (no electronic version)”, and the lamentable “Publication does not offer a compliant green or gold option”, which really means “HEFCE authors should not be using this publication”.

But when you read into the details, this approach with specific exceptions is actually rather better than the alternative that had been on the table: a percentage-based target, where some specific proportion of REF submissions would need to be open access. Instead of saying “80% of submissions must be open access” (or some other percentage), HEFCE is saying that it wants them all to be open access except where a specific excuse is given. I’d like them to be much less accommodating with what excuses they’ll accept, but the important thing here is that they have set the default to open.

Now for the most regrettable part of the policy:

While we do  not request that outputs are made available under any particular licence, we advise that outputs licensed under a Creative Commons Attribution Non-Commercial Non-Derivative (CC BY-NC-ND) licence would meet this requirement.

I won’t rehearse again all the reasons that Non-Commercial and No-Derivatives clauses are poison, I’ll just note that works published under this licence are not open access according to the original definition of that term, which allows us to “use [OA works] for any other lawful purpose, without financial, legal, or technical barriers”.

Yet even here, the general tenor of the policy is positive. While it accepts NC-ND, the policy adds that “where an HEI can demonstrate that outputs are presented in a form that allows re-use of the work, including via text-mining, credit will be given in the research environment component of the post-2014 REF”.

One last observation: HEFCE should be commended on having provided an excellent, detailed explanation of feedback they received to their consultations. As always, reading such documents can be frustrating because they necessarily contain some views very different from mine; but it’s useful to see the range of opinions laid out so explicitly.

No open-access policy document I’ve ever seen has been perfect, and this one is no exception. But overall, the HEFCE open-access policy is a significant and welcome step forward, and carries the promise of further positive moves in the future.

Librarianship courses in 2013: falling student numbers and fewer courses available

Graduation ceremony at Aberystwyth. Will there be fewer librarians graduating in the coming years?
(Image c/o ijclark on Flickr.)

Libraries and universities are two services that have taken a battering during the Coalition years. Both have been haunted by the spectres of budget cuts, marketisation and outsourcing. While public libraries have often been unwilling victims in the Conservatives’ ravenous small-statist maw, the higher education sector has often been a ready and willing partner in the embrace of market structures in the provision of university education. Compare and contrast, for example, the fate of Lincolnshire Libraries and the recent repression of protest by the University of London.

In the library sector, public libraries aren’t the only game in town, with university libraries making up one of several different sectors employing information professionals. A necessary step for any budding librarian in the UK is to undertake a CILIP-accredited qualification, at undergraduate or postgraduate level, and/or CILIP Chartership. As a recent graduate of London Metropolitan University’s now-defunct MA Information Management, I was interested to see how many other UK universities have shut down their librarianship courses, and how that has intersected with policy introduced by the current government.

Aside from London Metropolitan University’s librarianship course, the University of Brighton has also frozen its information management courses, subject to a review of postgraduate teaching. These aren’t the only recent casualties though; a quick trawl of archived CILIP webpages in the Internet Archive revealed a drop from 17 to 13 in the number of UK Universities offering CILIP accredited courses (note: CILIP’s current qualifications page hasn’t been updated to include the withdrawal of the University of Brighton’s courses).

The other institutions to have withdrawn their librarianship courses since 2009 are the University of Central England, Edinburgh Napier University and Leeds Metropolitan University. In the meantime, two new UK course providers, Glyndŵr University and the University of Ulster, have been added to CILIP’s offer, along with one overseas provider, the Cologne University of Applied Sciences .

Even with the inclusion of Glyndŵr University and Ulster, the drop in CILIP accredited course providers in the UK still stands at 24% in just a little over three years. The start of the drop coincides almost exactly with the election of the coalition government in 2010.

The number of students undertaking information management courses is also on a downward course, with a 14% drop in numbers between 2007/2008 and 2011/2012 (source: HESA). There are no figures available for 2012/2013, but a drop from a high of 4560 students in the 2007/2008 academic year to 3920 in 2011/2012 represents a significant shrinkage of the student population studying on librarianship degree courses.

 

 

It seems that since then, librarianship courses have become less attractive to both students and to the university sector that provides them. From the available figures, applications for librarianship courses have recovered slightly from a 14% drop between 2009/2010 and 2010/2011, but on the whole student numbers for information management courses are decreasing at a greater rate than the current average for postgraduate (-3%) and undergraduate courses (+1%) in the UK.

The fall in student numbers can of course be partly attributed to a drop in the amount of equivalent course places, but it is unlikely that the withdrawal of three course providers would account for the 640 fewer students studying librarianship in 2011/2012 compared to four years previously.

Universities saw a £940 million pound cut to their government funding in 2011, compounding the impact of a £449 million pound cut under the previous Labour government. At the same time, post-Browne review undergraduate students began paying up to £9000 a year in tuition fees and postgraduates experienced an average 24% hike in prices.

In this context, it is easy to see how the pressure to concentrate on financially viable courses on the university’s side, and the pressure on students to apply for courses with a high level of post-degree employability and pay, has led to relatively niche courses like information management being dropped.

Put simply, universities are less keen to commit resources to running them, and students are apparently less likely to commit to an increasingly uncertain career in librarianship. Public libraries, a key sector of employment for new librarians, have been decimated by the coalition’s commitment to shrinking expenditure on local government, with another 70 public library closures and a 4.4% fall in library budgets recorded in 2013.

We’ve arrived, in the five post-recession years since 2008, at a situation where libraries across all sectors are threatened, where students are seemingly less keen on a career in librarianship, and where universities are less likely to facilitate that career through providing courses. By the next election in 2015, who knows which other aspects of the library sector will be plummeting off the graph?

Andrew Day

@doombrarian / http://doombrarian.wordpress.com/

Appendices

PG  and UG students on information management courses 2007-2012 (source).

PG and UG applications for information management courses 2009-2012 (source).

 

Number of UK course providers with CILIP accredited courses 2005-2013 (source).

The politics of open access

Could opening up publicly funded research result in free R&D for private companies?
(Image c/o Julian Fraser on Flickr.)

Open access to research literature has grown rapidly over the last few years. We are now at a stage where a significant proportion of published research – 50% of journal articles published in 2011 according to one study (Archambault et al. 2013) – is available free to view online. This week is Open Access Week and hundreds of events are taking place around the world. Those of us who have been championing the cause of open access feel like great progress is being made. Perhaps not as fast as we’d like, but we do seem to be moving towards a world where open access is the default. The potential benefits of a culture in which the entire world’s knowledge is available to anyone on the planet with the means to access the internet1 are many, varied, and hard to calculate. But the ideal is one which I, for one, certainly think is worth striving for.

However, there is something that’s been concerning me. Many research funders are beginning to mandate open access for research that they fund (e.g. RCUK (Research Councils UK) [pdf], HEFCE (Higher Education Funding Council for England), and the Wellcome Trust). In other words, if you want to get money from of these bodies in order to fund your research, then the results of the research must be published open access. This is great from an open access advocate’s perspective because it will lead to a much higher percentage of research output being freely available. The current UK government, notably Minister for Universities and Science David Willetts, has been a driving force behind these open access mandates in the UK. The working group whose report (Finch Group 2012) contained recommendations which informed the RCUK and HEFCE policies was convened by the government.

This is what causes me concern. This is the same government that has allowed public library funding to be cut drastically, raised tuition fees to absurd levels, and instigated many other policies which shift away from the idea of an inclusive participatory society and towards one in which private capital is the only driving force. So when this government’s agenda aligns perfectly with that of open access advocates, it feels somewhat jarring. I don’t have an answer to assuage this concern but I would like to take this opportunity to begin the search for an answer.

Here is a quote from David Willetts on the recommendations of the Finch Report:

“Removing paywalls that surround taxpayer funded research will have real economic and social benefits. It will allow academics and businesses to develop and commercialise their research more easily and herald a new era of academic discovery.

“This development will provide exciting new opportunities and keep the UK at the forefront of global research to drive innovation and growth.”

(Department for Business, Innovation & Skills 2012)

At first glance this doesn’t appear to be saying anything contrary to standard arguments for open access, but it does have a curious focus on business and profit generation. The academics who are in favour of open access mostly support it because they see access to research as a public good, and also for more self-interested reasons – if everyone can see your work, it can do wonders for your reputation (Swan 2010). If open access has an economic benefit as well then so much the better. To take the government’s stance at face value, it seems to have picked up on this economic aspect and decided to promote open access in order to encourage more rapid innovation and therefore potential more profit made off the back of it, while the social benefits of enhanced access to knowledge remain intact.

It is rarely sensible to take the government’s words only at face value. My knowledge of politics is not sophisticated enough to provide a detailed analysis here, but suffice to say political stances often have an unstated agenda behind them. For example, the rhetoric surrounding changes in the NHS at the moment may talk about benefits for patients, but there is clearly a neoliberal agenda of privatisation which is dominating decision-making. This makes it hard to stop at a shallow reading of comments such as the one from David Willetts quoted above. Could there be a neoliberal agenda behind support for open access which intends to exploit it for purposes antithetical to the ideals of open access supporters?

Could the government be trying to make publicly funded research open, in order for private companies to take this research and commercialise it and generate patents? In other words, state funded research becoming a free R&D department for corporations.

You may think, So what? If the goal of academics is to create an open environment to share the world’s knowledge, what’s the harm in some of this leading to profits for others? By their very nature, the open licenses such as the Creative Commons Attribution License which are recommended for open access publications allow for this possibility. Something to bear in mind here is the way that commercialism and profit generation have been becoming ingrained in higher education in the UK. If universities are required to generate more income from commercialising research results, to make up for reduced funding from central government, then they will be expected to compete with private companies in doing so.

This is where the neoliberal mind might see the advantage of open access. For example, if medical research undertaken at a publicly-funded institution must be published open access, whereas research undertaken by a pharmaceutical company does not, then private corporations are at a distinct advantage when it comes to generating money and patents.

None of this is meant to be interpreted to be a criticism of open access, I just think that it is important to understand the motivations behind the people and institutions that are driving it. I’m not suggesting that I have any answers, but I would like to see other supporters of open access to take a more critical stance when it comes to these issues. We need to keep being positive and highlighting the success stories of open access but not allow ourselves to be blind to political interests that may be at work.

Open access is a global issue and in this article I have been focusing on the situation in the UK. Perhaps an answer to my questions can be found by taking a more international perspective and examining government mandates and policies from countries with differing political environments. I’d be interested to hear from people with knowledge about this.

By Stuart Lawson

Thanks to Martin Eve for a conversation which helped me crystallise some of these ideas.

Notes

1. Of course, there is still a digital divide, and much research literature is only available in one language (often English). Making publications free to access is only a step towards a more equal arena for participation in the generation of knowledge.

References

Archambault et al. 2013. Proportion of Open Access Peer-Reviewed Papers at the European and World Levels—2004-2011. Available at: http://www.science-metrix.com/pdf/SM_EC_OA_Availability_2004-2011.pdf [Accessed: 17 October 2013].

Department for Business, Innovation & Skills. 2012. Government to open up publicly funded research. Available at: https://www.gov.uk/government/news/government-to-open-up-publicly-funded-research [Accessed: 17 October 2013].

Finch Group. 2012. Accessibility, sustainability, excellence: how to expand access to research publications. Report of the Working Group on Expanding Access to Published Research Findings. Available at: http://www.researchinfonet.org/wp-content/uploads/2012/06/Finch-Group-report-FINAL-VERSION.pdf [Accessed: 11 May 2013].

Swan, Alma. 2010. The open access citation advantage: studies and results to date. Available at: http://eprints.soton.ac.uk/268516/2/Citation_advantage_paper.pdf [Accessed: 17 October 2013].