Monday, December 3, 2012

"To submit your Computer Science research, please agree to submit no software"



For services where you can post content, Terms of Service often require you to censor yourself, and that can make sense. But if they call for self-censorship in research, then I, as a researcher, am concerned, and other researchers should be, too.

When research papers are submitted to conferences for review and publication, they are often managed through some automatic conference management system, which then researchers have to use to submit a paper. If I want to use those automatic systems, I need to accept these terms of services (which sounds already potentially controversial, but I have much more serious issues to discuss). One of these systems, EasyChair, recently introduced some terms of service. Since the EasyChair website explicitly asks for feedback, I started skimming them and found the following problematic clause:

"5.10 You agree not to post any Content that
[…]
  (c) contains invalid data, viruses, worms, or other software agents;
[…]
  (e) contains unsolicited or unauthorised advertising, promotional
  materials, junk mail, spam, chain letters, pyramid schemes, or any
  other form of solicitation;
  (f) contains files or programs designed to interrupt, destroy or
  limit the functionality of any computer software or hardware or
  telecommunications equipment;
[…]"

Notice in particular point (c), from which comes the title of this post. So wait, I'm not supposed to post "invalid data" and that's discussed together with "viruses" and other "software agents"? Any Computer Science paper might include programs - in particular, source code for programs which are discussed in the paper; there is even research about "software agents". Also, PostScript documents are clearly software, and I maybe PDF documents contain software agents as well; for instance, font faces are often software.

But OK, let's say that the point of these terms is just to forbid hackers from using the service, point (c) is really about malicious agents, and that they are just badly phrased. What would happen if I were a security researcher (which I am not)? Won't my research be possibly about viruses, and possibly contain actual viruses attached to the paper? I don't mean to harm the people accessing my content, but I'm still forbidden from attaching viruses even if that's relevant for my research and they're not harmful.

There was a couple clause I omitted, since I'm most confused about them:
"5.10 You agree not to post any Content that
  (a) may constitute or contribute to a crime or tort;
[…]
  (d) infringes any patent, trademark, trade secret, copyright or
  other proprietary rights of any party;"
This seems to make sense, but last time I checked some crimes required computers. And those computers work only thanks to the work of many researchers. Now, are those researchers contributing to crime? If this sounds too philosophical, what if I publish a paper which breaks a cryptographic algorithm or reveal some vulnerability? It's clear that this "may contribute to a crime" when the crime is stealing encrypted data.
I'm not sure about clause (d) on patents. It takes tons of money to check that my idea was not covered by some stupid patent with some strange phrasing, and I know no researcher who bothers doing that. Moreover, in Europe software patents are by law not valid, even all the ones approved by the patent office, so why should I bother? Just because I need that to make a company happy, who's not even publishing my research paper, just storing it for reviewers to see?

Disclaimer: I am not a lawyer, but as a researcher using this system I'm still supposed to read and accept these terms of service. If they're not a legal problem, how am I supposed to know? The company is supposed to make them as clear as possible so that I can accept them without problems.
I also don't fear realistically being sued, should I ever violate these terms.
On the other hand, I wouldn't be surprised if somebody attached a virus to his paper as "source material", some antivirus identified it and the author's account was terminated — by Murphy's law, right before a deadline.

Finally, I am additionally contacting the EasyChair authors for feedback, but I still thought that making my message public would help anybody else concerned.