April 23, 2014

avatar

If Reddit Really Regrets “Not Taking Stronger Action Sooner”, What Will It Do in the Future?

[Editors note: The New York Times weighed in with "When the Web’s Chaos Takes an Ugly Turn", which includes several quotes from Tufekci.]

Reddit may be the most important Internet forum that you have never heard of. It has more than a billion page-views a month, originates many Internet memes, brilliantly exposes hoaxes, hosts commentary on everything ranging from the trivial to the most serious–and it is the forum that President Barack Obama chose for his “ask me anything” session. Part of Reddit’s success has been due to it’s “live and let live” ethos in sub-forums, called “subreddits.” These sub-forums are created and moderated by volunteers with little or no interference from Reddit, whose parent company is the publishing conglomerate Condé Nast. This delegation approach facilitates Reddit’s business model, allowing it to operate with a comparatively small paid staff. However, the sub-forums that have flourished under this model are at times predatory and disturbing. For instance, “jailbait” was dedicated to sexually suggestive pictures of minors, and “creepshots” specialized in nonconsensual revealing photos of of women in public places–including infamous “upskirt” photos.

The brewing controversy came to a turning point last week after the infamous moderator of sub-forums “jailbait”, “creepshots”, “rape”, “incest”, and “PicsOfDeadKids” was outed by Gawker. The moderator, “Violentacrez”, was revealed to be 49-year-old computer programmer Michael Brutsch. Outing a person’s name, or “doxxing”, is one of the few things that Reddit bans outright. Thus, Reddit chose to ban all links to Gawker from the site, but later rescinded the decision. The issue has been taken up in high-profile Reddit forums like “politics” an “TIL” (“Today I Learned”). Michael Brutsch, meanwhile, lost his job.
[Read more...]

avatar

Contract hacking and community organizing

I discussed community discontent with copyright terms of some scholarly publishers, and I proposed an economic analysis. Now let’s consider two other approaches.

Contract hacking

I have published quite a few scholarly papers, and with each one I am invited to sign a copyright form. This is a contract between author and publisher, which which I hand over certain rights and the give me $0 (plus they publish my paper). These contracts (and my signature) is in dead-tree form, on real paper (though in recent years it follows the print/sign/fax or print/sign/scan/e-mail model).

[Read more...]

avatar

Modest Proposals for Academic Authors

In the scuffles over copyright policies on scholarly articles, what is the academic author to do? First, inform yourself. Find and read the copyright policy of the journals (or refereed conferences) to which you submit the articles describing research results. Find out the subscription price (dead-tree-edition or online) that the publisher charges individuals and institutions, and compare with the norms in your fields and others. Decide for yourself whether your publisher is unduly limiting the spread of ideas, or charging such prices that the effect is the same.

Remember what Thomas Jefferson wrote in 1813:

That ideas should freely spread from one to another over the globe, for the moral and mutual instruction of man, and improvement of his condition, seems to have been peculiarly and benevolently designed by nature, when she made them, like fire, expansible over all space, without lessening their density in any point, and like the air in which we breathe, move, and have our physical being, incapable of confinement or exclusive appropriation. Inventions then cannot, in nature, be a subject of property.

[Read more...]

avatar

Copyright in Scholarly Publishing, 2012 Edition

I’ve heard a lot recently about copyright policies of scholarly journals. Over 9000 researchers signed a pledge to boycott Elsevier, on three grounds: (1) high prices for journal subscriptions, (2) bundling practices for institutional subscriptions; (3) lobbying regarding SOPA, PIPA, and the Research Works Act.

Meanwhile, other organizations such as the ACM (scholarly/professional society for computer science and the computing industry) and IEEE (scholarly/professional society for electrical engineering and computing) once were leaders in open-access; they had relatively low journal prices and relatively liberal policies permitting authors to display preprints on the authors’ web pages. Now the ACM’s and IEEE’s policies have not changed, but they are no longer at the forefront: while ACM and IEEE require an assignment of copyright and leave the author with a few rights, organizations such as Usenix (another professional society in computing) take only a nonexclusive license to reprint a scholarly article.

[Read more...]

avatar

IEEE blows it on the Security & Privacy copyright agreement

Last June, I wrote about the decision at the business meeting of IEEE Security & Privacy to adopt the USENIX copyright policy, wherein authors grant a right for the conference to publish the paper and warrant that they actually wrote it, but otherwise the work in question is unquestionably the property of the authors. As I recall, there were only two dissenting votes in a room that was otherwise unanimously in favor of the motion.

Fast forward to the present. The IEEE Security & Privacy program committee, on which I served, has notified the authors of which papers have been accepted or rejected. Final camera-ready copies will be due soon, but we’ve got a twist. They’ve published the new license that authors will be expected to sign. Go read it.

The IEEE’s new “experimental delayed-open-access” licensing agreement for IEEE Security & Privacy goes very much against the vote last year of the S&P business meeting, bearing only a superficial resemblance to the USENIX policy we voted to adopt. While both policies give a period of exclusive distribution rights to the conference (12 months for USENIX, 18 months for IEEE), the devil is in the details.

[Read more...]

avatar

ACM opens another hole in the paywall

Last month I wrote about Princeton University’s new open-access policy. In fact, Princeton’s policy just recognizes where many disciplines and many scholarly publishers were going already. Most of the important publication venues in Computer Science already have an open-access policy–that is, their standard author copyright contract permits an author to make copies of his or her own paper available on the author’s personal web site or institutional repository. These publishers include the Association for Computing Machinery (ACM), the Institute for Electrical and Electronics Engineers (IEEE), Springer Verlag (for their LNCS series of conference proceedings), Cambridge University Press, MIT Press, and others.

For example, the ACM’s policy states,

Under the ACM copyright transfer agreement, the original copyright holder retains … the right to post author-prepared versions of the work covered by ACM copyright in a personal collection on their own Home Page and on a publicly accessible server of their employer, and in a repository legally mandated by the agency funding the research on which the Work is based. Such posting is limited to noncommercial access and personal use by others, and must include this notice both embedded within the full text file and in the accompanying citation display as well:

“© ACM, YYYY. This is the author’s version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in PUBLICATION, {VOL#, ISS#, (DATE)} http://doi.acm.org/10.1145/nnnnnn.nnnnnn”

But now the ACM is trying something new; a mass mailing from ACM’s Director of Publications explains,

ACM has just launched a new referrer-linking service. It is called the ACM Author-Izer Service. In essence, ACM Author-Izer enables you to provide a free access to the definitive versions of your ACM articles permanently maintained by ACM in its Digital Library by embedding the links generated by this service in your personally maintained home-page bibliographies.

With widespread usage of this service, the need to post your author-prepared versions should be alleviated; automatic indexers will point to the article in the DL rather than alternative versions hosted elsewhere without the promise of being permanently maintained.

The ACM has not removed the author’s right to self-post copies of the articles, but clearly the publisher wants to discourage that, and to be the only source for content. Furthermore, authors can use this only if they buy in to the ACM’s “Author Profile” page, a feature that ACM has been pushing but that I suspect most authors don’t bother with. It’s an interesting strategy to capture links, or to reduce the number of copies floating around outside the control of the ACM archive. Whether it works may depend, in part, on how difficult it is for authors to use. I suspect most authors won’t bother, but if you want to see some Author-Ized links in action, click here and then click on “A Theory of Indirection via Approximation.” (I can’t link directly from this article, because the ACM permits this service from only one Web address.)

Unlike some newspapers, which are suffering badly in the Internet age, major nonprofit scholarly publishers such as the ACM are in good financial health, with a diverse array of activities and revenue sources: membership dues, conferences, refereed journals, magazines, paid job-advertisement web sites, and so on. Still, there is a lot of experimentation about how to survive as a publisher in the 21st century, and this appears to be the latest experiment.

avatar

Open Access to Scholarly Publications at Princeton

In its September 2011 meeting, the Faculty of Princeton University voted unanimously for a policy of open access to scholarly publications:

“The members of the Faculty of Princeton University strive to make their publications openly accessible to the public. To that end, each Faculty member hereby grants to The Trustees of Princeton University a nonexclusive, irrevocable, worldwide license to exercise any and all copyrights in his or her scholarly articles published in any medium, whether now known or later invented, provided the articles are not sold by the University for a profit, and to authorize others to do the same. This grant applies to all scholarly articles that any person authors or co-authors while appointed as a member of the Faculty, except for any such articles authored or co-authored before the adoption of this policy or subject to a conflicting agreement formed before the adoption of this policy. Upon the express direction of a Faculty member, the Provost or the Provost’s designate will waive or suspend application of this license for a particular article authored or co-authored by that Faculty member.

“The University hereby authorizes each member of the faculty to exercise any and all copyrights in his or her scholarly articles that are subject to the terms and conditions of the grant set forth above. This authorization is irrevocable, non-assignable, and may be amended by written agreement in the interest of further protecting and promoting the spirit of open access.”

Basically, this means that when professors publish their academic work in the form of articles in journals or conferences, they should not sign a publication contract that prevents the authors from also putting a copy of their paper on their own web page or in their university’s public-access repository.

Most publishers in Computer Science (ACM, IEEE, Springer, Cambridge, Usenix, etc.) already have standard contracts that are compatible with open access. Open access doesn’t prevent these publishers from having a pay wall, it allows other means of finding the same information. Many publishers in the natural sciences and the social sciences also have policies compatible with open access.

But some publishers in the sciences, in engineering, and in the humanities have more restrictive policies. Action like this by Princeton’s faculty (and by the faculties at more than a dozen other universities in 2009-10) will help push those publishers into the 21st century.

The complete report of the Committee on Open Access is available here.

avatar

Tinkering with the IEEE and ACM copyright policies

It’s historically been the case that papers published in an IEEE or ACM conference or journal must have their copyrights assigned to the IEEE or ACM, respectively. Most of us were happy with this sort of arrangement, but the new IEEE policy seems to apply more restrictions on this process. Matt Blaze blogged about this issue in particular detail.

The IEEE policy and the comparable ACM policy appear to be focused on creating revenue opportunities for these professional societies. Hypothetically, that income should result in cost savings elsewhere (e.g., lower conference registration fees) or in higher quality member services (e.g., paying the expenses of conference program committee members to attend meetings). In practice, neither of these are true. Regardless, our professional societies work hard to keep a paywall between our papers and their readership. Is this sort of behavior in our best interests? Not really.

What benefits the author of an academic paper? In a word, impact. Papers that are more widely read are more widely influential. Furthermore, widely read papers are more widely cited; citation counts are explicitly considered in hiring, promotion, and tenure cases. Anything that gets in the way of a paper’s impact is something that damages our careers and it’s something we need to fix.

There are three common solutions. First, we ignore the rules and post copies of our work on our personal, laboratory, and/or departmental web pages. Virtually any paper written in the past ten years can be found online, without cost, and conveniently cataloged by sites like Google Scholar. Second, some authors I’ve spoken to will significantly edit the copyright assignment forms before submitting them. Nobody apparently ever notices this. Third, some professional societies, notably the USENIX Association, have changed their rules. The USENIX policy completely inverts the relationship between author and publisher. Authors grant USENIX certain limited and reasonable rights, while the authors retain copyright over their work. USENIX then posts all the papers on its web site, free of charge; authors are free to do the same on their own web sites.

(USENIX ensures that every conference proceedings has a proper ISBN number. Every USENIX paper is just as “published” as a paper in any other conference, even though printed proceedings are long gone.)

Somehow, the sky hasn’t fallen. So far as I know, the USENIX Association’s finances still work just fine. Perhaps it’s marginally more expensive to attend a USENIX conference, but then the service level is also much higher. The USENIX professional staff do things that are normally handled by volunteer labor at other conferences.

This brings me to the vote we had last week at the IEEE Symposium on Security and Privacy (the “Oakland” conference) during the business meeting. We had an unusually high attendance (perhaps 150 out of 400 attendees) as there were a variety of important topics under discussion. We spent maybe 15 minutes talking about the IEEE’s copyright policy and the resolution before the room was should we reject the IEEE copyright policy and adopt the USENIX policy? Ultimately, there were two “no” votes and everybody else voted “yes.” That’s an overwhelming statement.

The question is what happens next. I’m planning to attend ACM CCS this October in Chicago and I expect we can have a similar vote there. I hope similar votes can happen at other IEEE and ACM conferences. Get it on the agenda of your business meetings. Vote early and vote often! I certainly hope the IEEE and ACM agree to follow the will of their membership. If the leadership don’t follow the membership, then we’ve got some more interesting problems that we’ll need to solve.

Sidebar: ACM and IEEE make money by reselling our work, particularly with institutional subscriptions to university libraries and large companies. As an ACM or IEEE member, you also get access to some, but not all, of the online library contents. If you make everything free (as in free beer), removing that revenue source, then you’ve got a budget hole to fill. While I’m no budget wizard, it would make sense for our conference registration fees to support the archival online storage of our papers. Add in some online advertising (example: startup companies, hungry to hire engineers with specialized talents, would pay serious fees for advertisements adjacent to research papers in the relevant areas), and I’ll bet everything would work out just fine.

avatar

Federating the "big four" computer security conferences

Last year, I wrote a report about rebooting the CS publication process (Tinker post, full tech report; an abbreviated version has been accepted to appear as a Communications of the ACM viewpoint article). I talked about how we might handle four different classes of research papers (“top papers” which get in without incident, “bubble papers” which could well have been published if only there was capacity, “second tier” papers which are only of interest to limited communities, and “noncompetitive” papers that have no chance) and I suggested that we need to redesign how we handle our publication process, primarily by adopting something akin to arXiv.org on a massive scale. My essay goes into detail on the benefits and challenges of making this happen.

Of all the related ideas out there, the one I find most attractive is what the database community has done with Proceedings of the VLDB Endowment (see also, their FAQ). In short, if you want to publish a paper in VLDB, one of the top conferences in databases, you must submit your manuscript to the PVLDB. Submissions then go through a journal-like two-round reviewing process. You can submit a paper at any time and you’re promised a response within two months. Accepted papers are published immediately online and are also presented at the next VLDB conference.

I would love to extend the PVLDB idea to the field of computer security scholarship, but this is troublesome when our “big four” security conferences — ISOC NDSS, IEEE Security & Privacy (the “Oakland” conference), USENIX Security, and ACM CCS — are governed by four separate professional societies. Back in the old days (ten years ago?), NDSS and USENIX Security were the places you sent “systems” security work, while Oakland and CCS were where you sent “theoretical” security work. Today, that dichotomy doesn’t really exist any more. You pretty much just send your paper to the conference with next deadline. Pretty much the same community of people serves on each program committee and the same sorts of papers appear at every one of these conferences. (Although USENIX Security and NDSS may well still have a preference for “systems” work, the “theory” bias at Oakland and CCS is gone.)

My new idea: Imagine that we set up the “Federated Proceedings of Computer Security” (representing a federation of the four professional societies in question). It’s a virtual conference, publishing exclusively online, so it has no effective limits on the number of papers it might publish. Manuscripts could be submitted to FPCS with rolling deadlines (let’s say one every three months, just like we have now) and conference-like program committees would be assembled for each deadline. (PVLDB has continuous submissions and publications. We could do that just as well.) Operating like a conference PC, top papers would be accepted rapidly and be “published” with the speed of a normal conference PC process. The “bubble” papers that would otherwise have been rejected by our traditional conference process would now have a chance to be edited and go through a second round of review with the same reviewers. Noncompetitive papers would continue to be rejected, as always.

How would we connect FPCS back to the big four security conferences? Simple: once a paper is accepted for FPCS publication, it would appear at the next of the “big four” conferences. Initially, FPCS would operate concurrently with the regular conference submission process, but it could quickly replace it as well, just as PVLDB quickly became the exclusive mechanism for submitting a paper to VLDB.

One more idea: there’s no reason that FPCS submissions need to be guaranteed a slot in one of the big four security conferences. It’s entirely reasonable that we could increase the acceptance rate at FPCS, and have a second round of winnowing for which papers are presented at our conferences. This could either be designed as a “pull” process, where separate conference program committees pick and choose from the FPCS accepted papers, or it could be designed as a “push” process, where conferences give a number of slots to FPCS, which then decides which papers to “award” with a conference presentation. Either way, any paper that’s not immediately given a conference slot is still published, and any such paper that turns out to be a big hit can always be awarded with a conference presentation, even years after the fact.

This sort of two-tier structure has some nice benefits. Good-but-not-stellar papers get properly published, better papers get recognized as such, the whole process operates with lower latency than our current system. Furthermore, we get many fewer papers going around the submit/reject/revise/resubmit treadmill, thus lowering the workload on successive program committees. It’s full of win.

Of course, there are many complications that would get in the way of making this happen:

  • We need a critical mass to get this off the ground. We could initially roll it out with a subset of the big four, and/or with more widely spaced deadlines, but it would be great if the whole big four bought into the idea all at once.
  • We would need to harmonize things like page length and other formatting requirements, as well as have a unified policy on single vs. double-blind submissions.
  • We would need a suitable copyright policy, perhaps adopting something like the Usenix model where authors retain their copyright while agreeing to allow FPCS (and its constituent conferences) the right to republish their work. ACM and IEEE would require arm-twisting to go along with this.
  • We would need a governance structure for FPCS. That would include a steering committee for selecting the editor/program chairs, but who watches the watchers?
  • What do we do with our journals? FPCS changes our conference process around, but doesn’t touch our journals at all. Of course, the journals could also reinvent themselves, but that’s a separate topic.

In summary, my proposed Federated Proceedings of Computer Security adapts many of the good ideas developed by the database community with their PVLDB. We could adopt it incrementally for only one of the big four conferences or we could go whole hog and try to change all four at once.

Thoughts?

avatar

Rebooting the CS Publication Process

The job of an academic is to conduct research, and that means publishing manuscripts for the world to read. Computer science is somewhat unusual, among the other disciplines in science and engineering, in that our primary research output goes to highly competitive conferences rather than journals. Acceptance rates at the “top” conferences are often 15% or lower, and the process of accepting those papers and rejecting the rest is famously problematic, particularly for the papers on the bubble.

Consequently, a number of computer scientists have been writing about making changes to the way we do what we do. Some changes may be fairly modest, like increasing acceptance rates by fiat, and eliminating printed paper proceedings to save costs. Other changes would be more invasive and require more coordination.

If we wanted to make a concerted effort to really overhaul the process, what would we do? If we can legitimately concern ourselves with “clean slate” redesign of the Internet as an academic discipline, why not look at our own processes in the same light? I raised this during the rump session of the last HotOS Workshop and it seemed to really get the room talking. The discipline of computer science is clearly ready to have this discussion.

Over the past few months, I’ve been working on and off to flesh out how a clean-slate publishing process might work, taking advantage of our ability to build sophisticated tools to manage the process, and including a story for how we might get from here to there. I’ve written this up as a manuscript and I’d like to invite our blog readers, academic or otherwise, to read it over and offer their feedback. At some point, I’ll probably compress this down to fit the tight word limit of a CACM article, but first things first.

Have a look. Post your feedback here on Freedom to Tinker or send me an email and I’ll followup, no doubt with a newer draft of my manuscript.