There is at least one University using Electronic Signatures
and that is Plymouth!
The structure is based on:-
a secure server running the ILL programme (restricted access - 15
people, most of whom (12) act as ILL operators at some point
during
their working day and therefore require read/write access to
the programme from their workstations. At present only 4 of
those 15 have sign-in privileges to the server. 1 for programme
maintenance routines [back-ups and compact & repairs] and the
others for computing/server maintenance)
In addition, although the ILL software can be downloaded by
anyone prepared to look for it, it can only be accessed and run
by someone with Administrator Privileges who is also registered
in a
specific workgroup - controlled by a single administrator.
a server that records access (by whom and date/time - SQL logging)
an ILL system that stores request details with requestor details and
had a suitable field for recording a signature
a requesting system that has a strong log-in procedure (ours requires
a user barcode (university assigned), user surname, and a PIN
number
(currently 5-8 digits, due to increase with next software
upgrade)
that is solely set by the user - because...
a system that hides the PIN from library staff in staff clients (no
member of
staff can see the PIN. They only see ***** regardless of the
length
of the PIN, and can only reset the PIN to the default 11111 -
which
will not allow any requests (or other activity like self-issue)
to be
made until it is changed via the Library's OPAC)
a copyright declaration has been added to all Request Forms (we have 3 -
loan; article; and book chapter/conference article). Even
though it
is not required for the loan form it helps reinforce the process
and makes it consistent. There is also a hyperlink to our
Copyright
Community pages on our Intranet for further information
the 'signature' itself, because of the strong log-in, consists of the
user
typing Yes as an acceptance of the Declaration. This field is a
required field and the request cannot be submitted without its
completion.
We opted for a physical action that could be recorded (yes is
stored
in our ILL system and archived with request details and
requestor details)
rather than a radio-button selection which would have been more
difficult
to record
the resulting request is sent as an email, generated by our LMS server
via the
University's system to the ILL address box. This means that the
request
is subject to all the protection offered by University systems,
and means
that a safe and secure request can be generated from anywhere in
the
world
our ILL operators perform 3 checks on each request received - 1)
Declaration
accepted [if they are not clear with the response, the request
is failed];
2) a check to see if the article has already been requested; and
3) a
check of our holdings
for copies our default delivery method is SED. Currently these are
printed out
in the ILL office. From the start of the summer term we will be
delivering
to the desktop (with no option to receive as paper). Charges
are added
to library accounts when the item is received by ILL.
So for us the electronic signature consists of strong log-in and the
action of
acceptance (typing yes), coupled with a form that doesn't travel outside
the
University firewall and a means of securely storing the request.
Electronic signatures are acceptable (and have been for several years)
IF you can
meet the definition of an advanced electronic signature as defined in
the
appropriate statutory instrument. What has vexed us greatly has been
security
or integrity (as I believe it is sometimes described). As most LMS
systems now
have a means of generating requests that never leave internal systems,
if you
can solve the riddle of "believing the person is who they say they are"
and how
to secure the recording/storage of requests - then go for it.
Almost be accident, we discovered that our newly purchased LMS, and its
sister
product for ILL, gave us the capability to resolve these issues. In the
end all we
had to do was devise a means by which to restrict access to the ILL
server.
Because we can be as confident as we are ever going to be that the
person making
the request is who they say they are, and we have asked them to perform
a
physical action to accept Copyright, and that action is dated
(automatically - in
common with all ILL systems 'Date of Request') and that all this is
recorded
securely for as long as we wish (and at least for the minimum period
required)
for us, electronic signatures are here to stay!
Graham Titley
Document Delivery and Copyright Librarian
University of Plymouth
Drake Circus
Plymouth
PL4 8AA
Tel: 01752 233776 or 232303
Email: [log in to unmask]
-----Original Message-----
From: For interlibrary-loan and document supply services.
[mailto:[log in to unmask]] On Behalf Of J.C.Bramley
Sent: 09 March 2006 09:52
To: [log in to unmask]
Subject: Electronic signatures
Dear All,
I am sorry I know this is a subject that has been
discussed
before but I could do with some help! An academic librarian in our
Library
is convinced that it is possible for requests for photocopies of journal
articles be made electronically without the need of a written signature.
I
have tried to explain that for copyright purposes a written signature is
needed but he informs me that he has located a University that is
accepting
electronic signatures. Basically they sign up for the ILL service and
are
given a user name and password, then they use these to make requests, on
each request they have to tick a box that states the requests complys
with
copyright laws and at no stage is a written signature required. I think
he must be mistaken as I am unsure that this would be acceptable for
copyright purposes. I would appreciate any replies that would help me
make
my case that written signatures are still a necessity in the ILL process
and
the electronic signature has not been "cracked" yet.
Regards
Jane Bramley
Inter-library loans
Loughborough University
|