Preserving ‘reliable electronic documents’ in the context

Report
Preserving ‘reliable electronic
documents’ in the context of
the Electronic Transaction Act:
challenges facing records
management in the digital
environment
John A Aarons
University Archivist
The University of the West Indies
Presented at the Summit by CITO
on Knowledge Management
20 – 21 May 2009
Focus of Presentation
• This Presentation looks at documents and records in
electronic formats and the challenges of preserving them
& to ensure that they fulfill the characteristics of a record
which are that they are
• Authentic
• Reliable
• Integrity
• Usable
.
Focus of Presentation
• In context of Electronic Transaction Act
which speaks of
• “ a reliable electronic document”
• promoting “ public confidence in the
integrity and reliability of electronic
documents”
• “the authentication and integrity of
electronic documents”
Electronic Documents
• The Act defines an electronic document
as “ information that is created, generated,
communicated, stored, displayed or
processed by electronic means”
• Record – “information created, received,
and maintained as evidence and
information by an organization or person,
in pursuance of legal obligations or in the
transaction of business”
• ISO 15489-1 Information & Documentation – records management,
2001
Definitions
• Examples of digital data include anything that has been
created or stored on a computer, or is made available by
way of the internet, including CDs, DVDs, MP3s and
digital broadcast radio.
• The term electronic may be considered to be a
generative term, which encompasses all
forms of data, whether in analogue or digital form
Value of Records
• Records provide evidence of transactions
and the purpose of keeping them is to
ensure that they remain accessible over
time in such a way that they can be
considered authentic and reliable
evidence. Not only must records be
accessible, but their intrinsic value must
also be retained.
Attributes of Records
• Records have three important attributes:
content, context and structure
• Content is what the record says.
• Structure relates to both the appearance
and arrangement of the content
• Context is the background information
that helps explain the meaning of the
• document e.g. title, author and date
Traditional Paper Records
• For traditional manual records and paper-based
collections, including textual and audiovisual
records created before the advent of computer
technologies the principal obstacle to
preservation is the physical decay of the
materials themselves. Paper records can
become damaged through excessive handling
and as a result of deterioration caused by the
acids in the paper fibers, leaving documents
brittle and discoloured over time.
A record 340 years old
• Diagram of grant of
127 acres of land
in St Catherine to
an early settler,
1668
• (From the series of
– Plat Books,
Jamaica Archives)
Patent of land to Nanny,
22 Dec 1740 Jamaica Archives
Deterioration of Paper Records
• the principal obstacle to preservation is the
physical decay of the materials
• themselves. Paper records can become
damaged through excessive handling and
as a result of deterioration caused by the
acids in the paper fibers, leaving
documents brittle and discoloured over
time.
Creation of Electronic Records
• Today, most of the information we create is
being done in electronic formats such as
 word processed documents
E-mails
Spreadsheets
Computer generated graphics and maps
Databases
Web based information
Electronic Records
• An electronic record is
• • written on magnetic or optical medium, such as
magnetic tapes, CD-ROMs, DVDs, hard disks,
USBs (universal serial buses) and other digital
storage devices • recorded in binary code
• • accessed using computer software and
hardware
• easily manipulated, updated, deleted and
altered
Electronic Records
• The principles of the management of electronic
records are no different to those of the paper
record. Records must be created, captured and
maintained in a manner that ensures their
ongoing integrity and retrievability for as long as
they are required to meet the business and
accountability requirements of the Institution.
• Electronic records must remain available,
accessible, retrievable and useable for as long
as a business need exists or as long as
legislative, policy and archival requirements
exist.
Challenges in preserving
electronic records
• The physical carrier of the record becomes
obsolete e.g. 8 “ & 51/4 “ floppy discs
• The hardware needed to access the
record becomes obsolete
• The software needed to access the record
becomes obsolete – both the software
needed to read & write the record &
operating system
Preservation of electronic records
The question is how do we ensure these records
remain secure, authentic, and accessible
throughout their entire lifespan ?
• Preservation of electronic records requires the
expertise of both records professionals and
technology specialists. If preservation actions do
not begin early, it might not be possible to
preserve the electronic record, or restore it and
use it, five years from now, never mind a century
from now.
Electronic Transaction Act
• This Act came into effect April 2, 2007.
• The objects of the Act are set out in Section 3 are to:
• (a) facilitate electronic transactions by means of reliable
• electronic documents;
• (b) promote the development of the legal and business
• infrastructure necessary to implement secure electronic
• commerce;
• (c) eliminate barriers to electronic commerce resulting
from uncertainties over writing and signature
requirements;
Electronic Transaction Act
• d) promote public confidence in the integrity and
reliability of electronic documents and electronic
transactions, in particular through the use of encrypted
signatures to ensure the authenticity and integrity of
electronic documents;
• (e) establish uniformity of legal rules and standards
regarding the authentication and integrity of electronic
documents;
• (f) [AND, VERY IMPORTANTLY, TO] facilitate electronic
filing of information with Government agencies and
statutory bodies and to promote efficient delivery of
Government services by means of reliable electronic
documents
Authenticity of an electronic record
• An electronic record can be considered
authentic if it retains all the significant
properties upon which its authenticity
depends, including reliability, integrity and
usability,
• and if the actions taken to preserve the
record over time can be demonstrated.
Characteristics of Trustworthy
Electronic Records
• Reliable – one’s whose content can be
trusted as a full and accurate
representation of the transactions, activities,
or facts to which it attests and can be
depended upon in the course of subsequent
transactions or activities
• Authentic - records proven to be what they
purport to be and were sent or created by the
person who purports to have created and
sent them
Characteristics of Trustworthy
Electronic Records
• Integrity - refers to the complete and unaltered
characteristic of a record. Another aspect of
integrity is structural integrity. The
structure of a record, that is its physical and
logical format and the relationships between the
data elements comprising the record, should
remain physically and logically intact. Failure
to do so may hinder the records' reliability and
authenticity.
• Usability - a record which can be located,
retrieved, presented and interpreted
ELECTRONIC RECORDS
• How can electronic records be considered
reliable and authentic ?
they must capture and describe the
transactions they represent
once created, they must not be capable of
change without creating a new record
should preserve context as well as content
Authenticity in a Digital
Environment
this is complicated by the fact that the
preservation of electronic records always
entails some form of transformation.
Digital preservation requires the
management of objects over time, and the
techniques used may result in frequent
and profound changes to the
technical representation of that record
Challenges of Digital Preservation
• The time span of any given computer technology
is, typically very short:
• perhaps five to ten years at most. This rapid rate
of obsolescence applies to file formats, software,
operating systems and hardware. The challenge
of digital preservation, therefore, lies in
• maintaining a way to access digital objects in the
face of rapid technological obsolescence
Development of Policies
• Along with policies there needs to be
procedures built on standards and best
practices & documentation that shows that
they have been followed.
Evidence Act
• Evidence Act – amended in 1995 to
include electronic records, provided that
the court is satisfied that procedures were
put in place to safe guard the integrity of
the information.
Evidence Act cont
• The 1995 amendment made provision for the
admissibility of documents “produced by a
computer” in any proceedings as evidence
provided that, among other things,
• The computer was operating properly & not
“subject to any malfunction”
• There was no reasonable cause to believe that
the validity of the document was affected by any
“improper process or procedure or by
inadequate safeguards in the use of the
computer”
Section 31G
Developing a Preservation Policy
• A preservation policy is an essential foundation
for any sustainable digital preservation
programme. Preservation decisions should aim
to minimise the risk that electronic records will
become inaccessible over a defined period. A
risk assessment analyses the dangers
• that electronic records may become unusable
and the impact or consequence of losing
• the record, such as the risks faced by the
organization or the public if the evidence is not
available
Monitoring Technological
Change
• It is important to monitor technological
change to identify potential risks to specific
• records.
• It is also important to assess the current
and future record-keeping needs of the
• organisation and to identify vulnerable and
valuable documentary evidence that
needs to be preserved
Assessment
• Once the risk assessment and records
assessment have been completed, and any
• urgent technology concerns have been
identified, it is possible to establish priorities
• for action. For example, some records may have
great evidential value and so need to
• be protected as a priority
Digital Storage
• A digital storage system ideally consists of
the hard disc drive with tape backup,
• repository management software to
manage data and metadata, and
hierarchical
• storage management (HSM) software.
• Data on hard disc must also be duplicated
on data tape
Storage of digital data
• No computer storage medium is adequate
for long-term, archival preservation of
records because of its limited life
expectancy. The most generous estimate
of physical obsolescence is within 30
years. Technological obsolescence,
though, will probably come within 5 to 10
years. As a result, you should assume the
need to migrate all your files within a short
amount of time to a new storage medium
Managing Storage Media
• The media on which the records and
metadata are stored must be managed
and refreshed as required. Part of storage
management is concerned with the
physical storage of the collection and, in
particular, the media on which it is
recorded
Refreshing
• The periodic need to refresh electronic records
onto new media is inevitable given the
• continuous changes in computer storage media.
However, selecting the best media
• available can reduce the frequency for
refreshing data, since high-quality and stable
• storage media should remain usable for a longer
period.
MIGRATION
• One method of active preservation is
known as ‘migration.’ Migration is the
process
• of translating data or digital objects from
one computer format to another format in
• order to ensure users can access the data
or digital objects using new or changed
• computing technologies.
Migration at Obsolescence
• this approach advocates that objects be
• migrated only as and when dictated by
technological obsolescence: that is, when they
• are about to become inaccessible. Records can
be migrated to new file formats or to
• current versions of old formats or they can be
migrated to open-source formats
• through normalization
Migration
• Migration-based preservation strategies
are similar to refreshment, in that both
• approaches involve converting the digital
object, rather than the technology used to
• create it, to a form that can be accessed in
a contemporary environment
Normalization
• Normalization is sometimes referred to as
‘migration on ingest.’ (The process of
transferring records to a digital storage
repository is referred to as ‘ingest.’)
• Normalization involves migrating a digital object
from the original software into an
open source, standards-based format so that it
can be used without having to rely on
the original, possibly proprietary, software
system used to create it.
• Normalizing seeks to
• minimise the frequency and complexity of future
migration cycles by going straight to
• an open source format that, ideally, will always
be available and accessible. Research has been
underway for some time to create software
solutions that will
• facilitate the process of normalizing records e.g.
XENA, PDF/A.
PDF/A
• PDF/A is a file format for the long-term
archiving of electronic documents.
• It is based on the PDF Reference
Version1.4 from Adobe Systems & is
defined by ISO 19005-1:2005
• Document Management – electronic
document file format for long-term
preservation – Part 1
XEMA “XML Electronic Normalising
for Archives”
• It is a free and open source software
developed by the National Library of
Australia to aid in the long term
preservation of digital records.
• Written in Java, it performs 2 important tasks
a) detects the file formats of digital objects
b) converts digital objects into open formats for
preservation.
–
http://xema.sourceforge.net/
Emulation
• the process of using one computer device or
software program to imitate
• the behaviours of another device or program,
thereby obtaining the same results when
• accessing or using digital objects. Emulation
strategies use software or hardware –
• called the emulator – to recreate the functionality
of obsolete technical environments
• on modern computer platforms
Establishing Security and
Access Controls
• The physical infrastructure required to store and
manage electronic records must be protected
from accidental or deliberate damage
• Information technology (computer) systems
should be protected from intrusions by external
hackers and other unauthorized users
• Access and permissions must also be controlled.
Managing Metadata
• Metadata needs to be maintained not just
from the time the record was created but
• also to record any active or passive
preservation processes; any physical or
logical changes to a digital object; or any
other changes to the nature and content of
the record.
Back up of Information
• It is essential that the storage system be
backed up and that multiple copies of all
data are stored in order to provide a
safeguard: different types of storage
media should be used for back up copies.
For example, one copy might be stored on
hard drives and the others on CD disks or
tape drives
• Clearly articulated policies are also
required for the creation and management
of system backups so that all actions
taken to preserve electronic records are
methodical and well managed.
Planning for Emergencies
• The digital storage system must be
protected against both natural and humancaused disasters. This protection comes
from establishing a business continuity
plan, which identifies how an operational
service will be restored in the event of a
major disruption.
Case of authentification of
digital documents
• In 2005 American Express took a person
to court for not paying credit card debts &
seeking to recover the money. The judge
determined that the company failed to
authenticate certain records in digital
format.
Stephen Mason PROOF OF THE AUTHENTICITY OF A
• DOCUMENT IN ELECTRONIC FORMAT INTRODUCED AS
EVIDENCE, October, 2006, www.armaedfoundation.org
Judge’s comments
• “The focus is not on the circumstances of
the creation of the record, but rather on
the circumstances of the preservation of
the record during the time it is in the file so
as to assure that the document being
proffered is the same as the document
that originally was created”
• Stephen Mason, Authentic digital records: laying the foundation for
evidence: Information Management Journal Sep/Oct 2007
Safeguarding digital data
• Matters to be taken into account -Identification of the computer equipment &
programmes
• Entity’s policies & procedures for the use
of the equipment
• How access to the database is controlled?
• How changes to the database are logged?
• Structure & implementation of back up
data
Conclusion
• In order to prove that that records
submitted as evidence are reliable, usable
and have integrity, one should ensure that
there are policies and procedures in place
based on standards and best practices
and that they are documented & followed,
• demonstrate that the appropriate controls
are in place to prevent unauthorized
access
THANK YOU
John A Aarons
University Archivist
Office of Administration
The University of the West Indies,
Mona, Kingston 7
[email protected]

similar documents