Authentication of the Federal Register
Charley Barth
Director, Office of the Federal Register
United States Government
Background/History of the OFR
• Federal Register Act approved in 1935
• Make executive legislation accessible to citizens
Office of the
– Publish a gazette containing the orders of the Executive Branch
• Began statutory partnership between Office of the Federal
Register (OFR) and Government Printing Office (GPO)
• OFR placed under the National Archives and Records
Administration (NARA)
• Provided for public inspection of all documents filed with
the OFR.
• Currently have 12 publications
– Administer the Electoral College process
– Administer the Constitutional Amendment ratification process
Background/History of the
Federal Register (FR)
• First Register was published on March 14, 1936
• First volume was 16 pages
• Published every working day, “Official Gazette of the
United States Government”
• Provides legal notice of administrative rules, notices and
presidential documents
• Average Daily Federal Register = 150 pages
Office of the
‒ Total pages in 2013 = 80,462
• Final rules published in the FR become part of the Code
of Federal Regulations (CFR). Over 180,000 pages
• Available on-line since 1994, Web 2.0 version since
• Authentication of the digital FR began in 2009
Office of the
GPO, Affiliated Archives &
OFR partner
• GPO is as an Affiliated Archive of NARA and
therefore the Official Federal Register resides on
their platform (paper and electronic)
• Affiliated Archives receives physical custody of
the records, while NARA retains legal
custody and, along with it, ultimate responsibility
for them.
• For this privilege, the affiliate, through a formal
agreement with NARA, agrees to house,
maintain, service and authenticate the (digital)
Basic Components of
GPO Digital Authentication
Office of the
• By Law, the OFR partners with GPO; OFR
publishes the content, GPO prints and
distributes the content to include online, digital
format and authentication.
• GPO implements four measures to assure
integrity and authenticity of FR content.
1. Digital Signatures on PDF files
2. Cryptographic Hash Values on Metadata
3. Evidence of the Trusted Digital Repository through
the FDsys archive
4. Demonstration of Chain of Custody
Digital Signatures on PDF Files
Digital signature technology is used to add a
visible Seal of Authenticity to authenticated and
certified PDF documents
Office of the
Digital signature and certification
assures users that the PDF file has not
been altered since being digitally
signed and made available by GPO
Cryptographic Hash Values
• Upon submission to GPO, a number is generated for each
content file that is unique to the data inside the file
• The SHA-256 hash value (Algorithm) recorded in metadata is
used to detect changes to content files
• Any change that occurs results in a new hash value
Office of the
• Users can search for content on FDsys and use hash values,
with publicly available tools, to check that content
Office of the
Cryptographic Hash Values
Trusted Digital Repository
Office of the
• GPO uses best practices for establishing
authenticity of content and maintaining integrity
within FDsys
• GPO is working towards certification as a Trusted
– GPO utilized the Trustworthy Repositories Audit and
Certification: Criteria and Checklist (TRAC)
– Security controls are in place that may allow
authorized users to submit new content and change
descriptive metadata, but it is not possible to open a
file in the repository and make changes to content
Office of the
Chain of Custody
• GPO provides a chain of custody
• Each significant event in the lifecycle of
content is recorded in PREMIS metadata
• Records contain the content source, changes
that have occurred since the content was
created or acquired, and who has custody of
the content
Office of the
Chain of Custody –
Events Recorded in GPO PREMIS
Software Activities
• Message Digest Calculation
• Crypto Digest Calculation
• Ingestion
• Fixity Check
• Rendition Creation
• ACP Creation
• Digital Signature
• Parsing
Human Agent Activities
• Rendition Upload
• Rendition Deletion
• Submission
• Public Access Restriction
• Replacement
• AIP Nominated for Deletion
• AIP Approved for Deletion
Pros and Cons of using
Digital Signatures
• Pros:
Office of the
– GPO is able to utilize the widely used and trusted
document standard (PDF)
– Use of Digital Signatures in conjunction with
Cryptographic Hash increases level of assurance
– Provides quick visible confidence to end-users
– It’s fast, secure, authentic, less risky & less costly in the
long run!
• Cons:
– Upfront costs of Digital Signatures may be cost prohibitive
for some organizations
– If majority of your customer base prefers paper version
(traditional customers will doubt the integrity of online)
– Some providers have limited storage options and use
proprietary software
Biggest challenges to preserving the
Federal Register?
• Paper version well preserved since 1936 (thru 1985)
– Paper is well cared for in compliant, archival centers
(NARA standard 36 CFR Part 1228, Subpart K)
– Theft and Fire are biggest challenge
• From 1985 to 1994, we used microfiche
Office of the
– Silver Halide process can last 500 years
– Virtually impossible to mutilate
• From 1995 to current, the electronic version on FDsys
is the official record copy
– Storage (expense and trusted providers/cloud)
– Compromised content (via internal/external hacking)
– Best formats 25, 50, 100 years from now? (risk of
migrating data from format to format)
Authentication/Preservation of our
other legal publications
Office of the
• All digital materials published by the OFR and
available on GPO’s FDsys utilize the same
• For more information, go to:
– Authenticity of Electronic Federal Government
– Overview of GPO’s Authentication Program,
• NARA Record storage standard:
– http://www.gpo.gov/fdsys/pkg/CFR-2000-title36vol3/xml/CFR-2000-title36-vol3-part1228-subpartK.xml
Questions ?
Office of the
Thank you for your time!

similar documents