Preserving ‘reliable electronic documents’ in the context

Download Report

Transcript Preserving ‘reliable electronic documents’ in the context

Preserving ‘reliable electronic documents’ in the context of the Electronic Transaction Act: challenges facing records management in the digital environment

John A Aarons

University Archivist The University of the West Indies Presented at the Summit by CITO on Knowledge Management 20 – 21 May 2009

Focus of Presentation

• This Presentation looks at documents and records in electronic formats and the challenges of preserving them & to ensure that they fulfill the characteristics of a record which are that they are • Authentic • Reliable • Integrity • Usable .

Focus of Presentation

• In context of Electronic Transaction Act which speaks of • “ a reliable electronic document” • promoting “ public confidence in the integrity and reliability of electronic documents” • “the authentication and integrity of electronic documents

Electronic Documents

• The Act defines an

electronic document

as “

information that is created, generated, communicated, stored, displayed or processed by electronic means

” • • Record – “

information created, received, and maintained as evidence and information by an organization or person, in pursuance of legal obligations or in the transaction of business” ISO 15489-1 Information & Documentation – records management

, 2001

Definitions

• Examples of digital data include anything that has been created or stored on a computer, or is made available by way of the internet, including CDs, DVDs, MP3s and digital broadcast radio.

• The term electronic may be considered to be a generative term, which encompasses all forms of data, whether in analogue or digital form

Value of Records

• Records provide evidence of transactions and the purpose of keeping them is to ensure that they remain accessible over time in such a way that they can be considered authentic and reliable evidence. Not only must records be accessible, but their intrinsic value must also be retained.

Attributes of Records

• • • Records have three important attributes: content, context and structure

Content

is what the record says.

Structure

relates to both the appearance and arrangement of the content •

Context

is the background information that helps explain the meaning of the • document e.g. title, author and date

Traditional Paper Records

• For traditional manual records and paper-based collections, including textual and audiovisual records created before the advent of computer technologies the principal obstacle to preservation is the physical decay of the materials themselves. Paper records can become damaged through excessive handling and as a result of deterioration caused by the acids in the paper fibers, leaving documents brittle and discoloured over time.

A record 340 years old

• Diagram of grant of 127 acres of land in St Catherine to an early settler, 1668 • ( From the series of – Plat Books, Jamaica Archives)

Patent of land to Nanny, 22 Dec 1740

Jamaica Archives

Deterioration of Paper Records

• the principal obstacle to preservation is the physical decay of the materials • themselves. Paper records can become damaged through excessive handling and as a result of deterioration caused by the acids in the paper fibers, leaving documents brittle and discoloured over time.

Creation of Electronic Records

• Today, most of the information we create is being done in electronic formats such as  word processed documents  E-mails  Spreadsheets  Computer generated graphics and maps  Databases  Web based information

Electronic Records

• An electronic record is • • written on magnetic or optical medium, such as magnetic tapes, CD-ROMs, DVDs, hard disks, USBs (universal serial buses) and other digital storage devices • recorded in binary code • • accessed using computer software and hardware • easily manipulated, updated, deleted and altered

Electronic Records

• The principles of the management of electronic records are no different to those of the paper record. Records must be created, captured and maintained in a manner that ensures their ongoing integrity and retrievability for as long as they are required to meet the business and accountability requirements of the Institution. • Electronic records must remain available, accessible, retrievable and useable for as long as a business need exists or as long as legislative, policy and archival requirements exist.

Challenges in preserving electronic records

• The physical carrier of the record becomes obsolete e.g. 8 “ & 51/4 “ floppy discs • The hardware needed to access the record becomes obsolete • The software needed to access the record becomes obsolete – both the software needed to read & write the record & operating system

Preservation of electronic records

The question is how do we ensure these records remain secure, authentic, and accessible throughout their entire lifespan ?

• Preservation of electronic records requires the expertise of both records professionals and technology specialists. If preservation actions do not begin early, it might not be possible to preserve the electronic record, or restore it and use it, five years from now, never mind a century from now.

Electronic Transaction Act

• This Act came into effect April 2, 2007.

• The objects of the Act are set out in Section 3 are to: • (a) facilitate electronic transactions by means of reliable • electronic documents; • (b) promote the development of the legal and business • infrastructure necessary to implement secure electronic • commerce; • (c) eliminate barriers to electronic commerce resulting from uncertainties over writing and signature requirements;

Electronic Transaction Act

• d) promote public confidence in the integrity and reliability of electronic documents and electronic transactions, in particular through the use of encrypted signatures to ensure the authenticity and integrity of electronic documents; • (e) establish uniformity of legal rules and standards regarding the authentication and integrity of electronic documents; • (f) [AND, VERY IMPORTANTLY, TO] facilitate electronic filing of information with Government agencies and statutory bodies and to promote efficient delivery of Government services by means of reliable electronic documents

Authenticity of an electronic record

• An electronic record can be considered authentic if it retains all the significant properties upon which its authenticity depends, including reliability, integrity and usability, • and if the actions taken to preserve the record over time can be demonstrated.

• •

Characteristics of Trustworthy Electronic Records

Reliable

– one’s whose content can be trusted as a full and accurate representation of the transactions, activities, or facts to which it attests and can be depended upon in the course of subsequent transactions or activities

Authentic

- records proven to be what they purport to be and were sent or created by the person who purports to have created and sent them

Characteristics of Trustworthy Electronic Records

• •

Integrity

- refers to the complete and unaltered characteristic of a record. Another aspect of integrity is structural integrity. The structure of a record, that is its physical and logical format and the relationships between the data elements comprising the record, should remain physically and logically intact. Failure to do so may hinder the records' reliability and authenticity.

Usability

- a record which can be located, retrieved, presented and interpreted

ELECTRONIC RECORDS

• How can electronic records be considered reliable and authentic ?

 they must capture and describe the transactions they represent  once created, they must not be capable of change without creating a new record  should preserve context as well as content

Authenticity in a Digital Environment

this is complicated by the fact that the preservation of electronic records always entails some form of transformation. Digital preservation requires the management of objects over time, and the techniques used may result in frequent and profound changes to the technical representation of that record

Challenges of Digital Preservation

• The time span of any given computer technology is, typically very short: • perhaps five to ten years at most. This rapid rate of obsolescence applies to file formats, software, operating systems and hardware. The challenge of digital preservation, therefore, lies in • maintaining a way to access digital objects in the face of rapid technological obsolescence

Development of Policies

• Along with policies there needs to be procedures built on standards and best practices & documentation that shows that they have been followed.

Evidence Act

• Evidence Act – amended in 1995 to include electronic records, provided that the court is satisfied that procedures were put in place to safe guard the integrity of the information.

Evidence Act cont

• The 1995 amendment made provision for the admissibility of documents “produced by a computer” in any proceedings as evidence provided that, among other things, • The computer was operating properly & not “subject to any malfunction” • There was no reasonable cause to believe that the validity of the document was affected by any “improper process or procedure or by inadequate safeguards in the use of the computer”

Section 31G

Developing a Preservation Policy

• A preservation policy is an essential foundation for any sustainable digital preservation programme. Preservation decisions should aim to minimise the risk that electronic records will become inaccessible over a defined period. A risk assessment analyses the dangers • that electronic records may become unusable and the impact or consequence of losing • the record, such as the risks faced by the organization or the public if the evidence is not available

Monitoring Technological Change

• It is important to monitor technological change to identify potential risks to specific • records.

• It is also important to assess the current and future record-keeping needs of the • organisation and to identify vulnerable and valuable documentary evidence that needs to be preserved

Assessment

• Once the risk assessment and records assessment have been completed, and any • urgent technology concerns have been identified, it is possible to establish priorities • for action. For example, some records may have great evidential value and so need to • be protected as a priority

Digital Storage

• A digital storage system ideally consists of the hard disc drive with tape backup, • repository management software to manage data and metadata, and hierarchical • storage management (HSM) software.

• Data on hard disc must also be duplicated on data tape

Storage of digital data

• No computer storage medium is adequate for long-term, archival preservation of records because of its limited life expectancy. The most generous estimate of physical obsolescence is within 30 years. Technological obsolescence, though, will probably come within 5 to 10 years. As a result, you should assume the need to migrate all your files within a short amount of time to a new storage medium

Managing Storage Media

• The media on which the records and metadata are stored must be managed and refreshed as required. Part of storage management is concerned with the physical storage of the collection and, in particular, the media on which it is recorded

Refreshing

• The periodic need to refresh electronic records onto new media is inevitable given the • continuous changes in computer storage media. However, selecting the best media • available can reduce the frequency for refreshing data, since high-quality and stable • storage media should remain usable for a longer period.

MIGRATION

• One method of active preservation is known as ‘migration.’ Migration is the process • of translating data or digital objects from one computer format to another format in • order to ensure users can access the data or digital objects using new or changed • computing technologies.

Migration at Obsolescence

• this approach advocates that objects be • migrated only as and when dictated by technological obsolescence: that is, when they • are about to become inaccessible. Records can be migrated to new file formats or to • current versions of old formats or they can be migrated to open-source formats • through normalization

Migration

• Migration-based preservation strategies are similar to refreshment, in that both • approaches involve converting the digital object, rather than the technology used to • create it, to a form that can be accessed in a contemporary environment

Normalization

• Normalization is sometimes referred to as ‘migration on ingest.’ (The process of transferring records to a digital storage repository is referred to as ‘ingest.’) • Normalization involves migrating a digital object from the original software into an open source, standards-based format so that it can be used without having to rely on the original, possibly proprietary, software system used to create it.

• Normalizing seeks to • minimise the frequency and complexity of future migration cycles by going straight to • an open source format that, ideally, will always be available and accessible. Research has been underway for some time to create software solutions that will • facilitate the process of normalizing records e.g.

XENA, PDF/A.

PDF/A

• • PDF/A is a file format for the long-term archiving of electronic documents.

• It is based on the PDF Reference Version1.4 from Adobe Systems & is defined by ISO 19005-1:2005

Document Management – electronic document file format for long-term preservation – Part 1

XEMA “ XML Electronic Normalising for Archives”

• It is a free and open source software developed by the National Library of Australia to aid in the long term preservation of digital records. • Written in Java, it performs 2 important tasks a)

detects the file formats of digital objects b) converts digital objects into open formats for preservation

.

http://xema.sourceforge.net/

Emulation

• the process of using one computer device or software program to imitate • the behaviours of another device or program, thereby obtaining the same results when • accessing or using digital objects. Emulation strategies use software or hardware – • called the emulator – to recreate the functionality of obsolete technical environments • on modern computer platforms

Establishing Security and Access Controls

• • • The

physical infrastructure

required to store and manage electronic records must be protected from accidental or deliberate damage

Information technology (computer) systems

should be protected from intrusions by external hackers and other unauthorized users

Access and permissions

must also be controlled.

Managing Metadata

• Metadata needs to be maintained not just from the time the record was created but • also to record any active or passive preservation processes; any physical or logical changes to a digital object; or any other changes to the nature and content of the record.

Back up of Information

• It is essential that the storage system be backed up and that multiple copies of all data are stored in order to provide a safeguard: different types of storage media should be used for back up copies. For example, one copy might be stored on hard drives and the others on CD disks or tape drives

• Clearly articulated policies are also required for the creation and management of system backups so that all actions taken to preserve electronic records are methodical and well managed.

Planning for Emergencies

• The digital storage system must be protected against both natural and human caused disasters. This protection comes from establishing a business continuity plan, which identifies how an operational service will be restored in the event of a major disruption.

Case of authentification of digital documents

• • In 2005 American Express took a person to court for not paying credit card debts & seeking to recover the money. The judge determined that the company failed to authenticate certain records in digital format. Stephen Mason

PROOF OF THE AUTHENTICITY OF A DOCUMENT IN ELECTRONIC FORMAT INTRODUCED AS EVIDENCE, October, 2006, www.armaedfoundation.org

Judge’s comments

• “The focus is not on the circumstances of the creation of the record, but rather on the circumstances of the preservation of the record during the time it is in the file so as to assure that the document being proffered is the same as the document that originally was created” • Stephen Mason,

Authentic digital records: laying the foundation for evidence

: Information Management Journal Sep/Oct 2007

Safeguarding digital data

• Matters to be taken into account - Identification of the computer equipment & programmes • Entity’s policies & procedures for the use of the equipment • How access to the database is controlled?

• How changes to the database are logged?

• Structure & implementation of back up data

Conclusion

• In order to prove that that records submitted as evidence are reliable, usable and have integrity, one should ensure that there are policies and procedures in place based on standards and best practices and that they are documented & followed, • demonstrate that the appropriate controls are in place to prevent unauthorized access

THANK YOU

John A Aarons University Archivist Office of Administration The University of the West Indies, Mona, Kingston 7 [email protected]