Protecting intellectual property and controlling document use.
Academic data theft is on the rise with IP piracy a major concern. Here we discuss document protection measures you can implement and how DRM can help to control access to and use of sensitive and confidential information.
Academic data theft: intellectual property protection and document security
Across the United States, the National Institutes of Health (NIH) has warned academic research labs and shadow labs of data breaches that could hit their college or university.
The University of Texas, for example, has disabled USB ports on all computers. It has also done away with the use of flash drives. This step has been taken to prevent data theft and document breaches of research files.
More and more universities are employing data security solutions or dismissing the use of specific technologies or hardware in order to enforce data security. With rising numbers of investigations taking place across universities and institutions across the country, researchers are worried that intellectual property and grant information could be compromised through the use of sophisticated hacking in the coming months.
Data security – protection against data breaches
Until recently institutions would overlook data security. But with warnings from US, Canadian and EU regulators, security bodies and the government, leaderships across institutions are dynamically, proactively and collectively working with law enforcement agencies and within departments to mitigate the risk of data security compromises. So how can institutions safeguard their data? And just how immense is the data security threat?
According to a report, more than 10,000 institutions that receive NIH grants are at risk from data security breaches. The report identifies three primary areas of concern that could compromise the integrity of US biomedical research. These are:
- Nondisclosure of significant resources from foreign governments and private bodies that could distort decisions about the appropriate use of funds.
- Diversion of Intellectual Property (IP) produced by NIH supported biomedical research to other entities, especially to foreign countries.
- Intentional or unintentional sharing of sensitive data and confidential information by peer review(s) that may influence funding decisions.
Protecting confidential information and preventing IP theft
Protecting confidential and grant-related information and disclosing potential conflicts of interests is sacred to every institution. Not doing so can significantly affect the integrity of the institution and future funding decisions. A recent well-publicized incident revealed the severity of the situation. A Duke University researcher had developed an ‘invisibility camouflage’ that could make specific objects invisible to microwave signals. Millions of dollars from the US military were invested in this research. However, a Chinese postdoc who worked with the Duke researcher also built a similar invisibility camouflage by allegedly stealing and using the IP.
Although these charges are tricky to bring to court, and Duke University asserts that there was no evidence of intellectual property being stolen, federal officials say otherwise.
In other incidents, peer reviews have been known to breach confidentiality contracts. It is imperative to preserve the authenticity of IP and leadership within American institutions, which is why government leaders and academia management are taking the threats seriously. Numerous materials are now being produced to ensure that IP is secured, while the FBI and the Human Rights Watch work in tandem on the issues. According to federal security officials, recommended steps for academic institutions to improve their data security include:
- Measuring the strengths and weaknesses of the institution by working on policies and procedures to develop security strategies for future activities.
- Adding teeth to new policies and developing a rapport with law enforcement and federal security officials to recognize challenging foreign collaborations, relationships and interests.
- Constantly communicating with faculty members regarding federal and university disclosure and export control compliance requirements.
- Scrutinizing faculty travel plans and monitoring employee travel, especially concerning travelling to high-risk areas.
Controlling access to data
While several institutions have disabled USB ports, at the same time some institutions are now enabling access only by encrypted memory sticks to protect data stored on the devices. There is an urgent need for academic colleges to institute a culture of data and knowledge security among faculty members and researchers. Specific protocols must be established to oversee data and track whether unusually large quantities of data are leaving their networks. This may seem to oppose the traditional openness of the academe to sharing information and may require cultural change to implement emerging security requirements. Controlled sharing of data could be the rule going forwards.
Having cloud-based software screening tools can also be a massive bonus to data security. Some institutions also provide their staff members with data-free computers that only have software to communicate and work, especially when they are travelling to foreign locations. All of the data is stored in protected cloud locations.
And although all these solutions can help in mitigating the risk of data breaches, having digital rights management (DRM) in place can often be the simplest answer to preventing data theft.
DRM – controlling document access and use to stop data theft
This potent data security measure can protect intellectual property in addition to providing tighter controls to safeguard data from misuse. Acquiring information through dishonest means can be effectively curtailed through DRM solutions across universities and institutions.
DRM is a proven way of protecting intellectual property that limits the copying and use of copyrighted works and proprietary data. As a researcher, DRM can control what a reader or user can do with their works and IP, where they can access it from, and how long they can use it for.
- For instance, implementing DRM in a university can prevent outsiders from accessing research material or using specific assets, thus preventing the institution from experiencing data loss or avoiding legal issues that could arise from unauthorized use of licensed work.
- Locking document use to within a university building so that documents cannot be accessed from potentially insecure locations for example is just one-way DRM can be used to control information leakage.
- In the event of peer to peer file exchanges, DRM technology makes it impossible to share content without authorization.
- And for the protection of training courses, DRM can ensure revenue generating content does not end up in the wrong hands (unpaid for) or is viewed past its useable date.
DRM enables universities to protect their IPR and revenue streams by:
- Stopping unauthorized sharing
- Controlling which users can access what documents
- Controlling what authorized users can do with documents:
- Stopping access to documents even after they have been distributed – access can be instantly revoked regardless of where documents are located
- Controlling how long documents can be used for – documents can be made to automatically expire on a fixed date, after a number of days use, or after a number of views or prints
- Locking use to specific authorized devices. For example, a university computer.
- Locking use to locations (i.e. a university). This is useful in controlling BYOD use and use of USB/flash devices since documents cannot be viewed outside of a locked location.
- Track and log document use – see when documents are viewed and/or printed
- Apply dynamic watermarks to identify users
DRM can therefore be a useful data security tool to control document use both within and outside University campuses, ensuring full control is retained over how they are accessed and used even after they have been distributed. It can also prove to be an essential part of the information security toolkit for managing the information sharing relationship(s) between academic, healthcare and corporate (sponsored) entities.
DRM controls can be implemented by each entity publishing information to a closed group of participants, effectively imposing ‘Chinese walls’ between and among participants whilst making sure that for any entity an information protection policy consistent with their own unique requirements (by project if necessary) can be enforced. This is not inconsistent with the need to share information and the need, at the same time, to protect that information, restricting access to those authorized.