Documentary Heritage in the Cloud - PowerPoint PPT Presentation


PPT – Documentary Heritage in the Cloud PowerPoint presentation | free to download - id: 549d85-YzdkZ


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation

Documentary Heritage in the Cloud


Simply a Security Matter or an Oxymoron? Luciana Duranti The University of British Columbia International Conference on Cloud Security Management ICCSM 2013 – PowerPoint PPT presentation

Number of Views:55
Avg rating:3.0/5.0
Slides: 32
Provided by: Luciana51


Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Documentary Heritage in the Cloud

Documentary Heritage in the Cloud
  • Simply a Security Matter or an Oxymoron?
  • Luciana Duranti The University of British
  •  International Conference on Cloud Security
    Management ICCSM 2013
  • Seattle, WA 17-18 October 2013

The trustworthiness of records of unknown or
uncertain origin need to be assessed using
scientific methods. Diplomatics (1681), Dom Jean
Mabillon Trustworthiness based on the process of
formation of documents, and on their formal
characteristics, structure, and transmission
through time and space. The Bella Diplomatica
(judicial disputes based on diplomatic rules and
on the belief that documents are much better
than navy yards, much more efficacious than
munitions factories, as it is finer to win by
reason rather than by violence, by right than by
wrong gave origin to the Law of Evidence By mid
18th century all faculties of law in Europe
taught archival science and diplomatics as
forensic disciplines
Archival Diplomatics of Digital Records Dr.
Luciana Duranti The University of British
Archival Diplomatics The integration of archival
and diplomatic theory about the genesis, inner
constitution, and transmission of documents and
about their relationship with the facts
represented in them, and with other documents
produced in the course of the same function and
activities, and with their creators.
The Concept of Trustworthiness
Reliability The trustworthiness of a record as a
statement of fact. It exists when a record can
stand for the fact it is about.
The Concept of Record
Retrospective Use
Prospective Use
Accuracy The degree to which data, information,
documents or records are precise, correct,
truthful, free of error or distortion, or
pertinent to the matter.
Dynamic and Interactive Records Stable
Content Fixed Documentary Form Bounded
Digital Record Characteristics
  • Authenticity
  • identity
  • integrity
  • The trustworthiness of a record as a record
    i.e., the quality of a record that is what it
    purports to be and that is free from tampering or


On the face Of the Record
Formal Elements
Functions of Records Probative/Dispositive Support
ing/Narrative Instructive/Enabling
Genesis of the Digital Records Workflow actio et
Digital Components
Digital Signature
  • Categories of Records
  • Manifested
  • Stored

Deliberation Control
Metadata Identity Metadata Integrity Metadata
Form, Content, and Composition Data
Lifecycle of Digital Records Phase 1 Records of
the creator Phase 2 Authentic copies of the
records of the creator
  • As a Means of Authentication

Status of Transmission Draft Original Authenticate
d original Copy (e.g., authentic copy)
Application Research Projects UBC Project (1994
- 1997) InterPARES 1 (1999 - 2001) InterPARES 2
(2002 2006) InterPARES 3 (in application)
Authentication A means of declaring the
authenticity of a record at one particular
moment in time
Luciana Duranti Email
The Concept of Record
  • Record any document made or received by a
    physical or juridical person in the course of
    activity as an instrument and by-product of it,
    and kept for action or reference
  • Document recorded information (i.e., information
    affixed to a medium in an objectified and
    syntactic form)
  • Information intelligence given, or a message
    intended for communication across time and space
  • Data the smallest meaningful piece of information

Digital Record Components
  • Act an action in which the records participates
    or which the record supports
  • Persons Concurring to Its Creation author,
    writer, originator, addressee, and creator (human
    or juridical person accumulating the records made
    or received and kept in the course of activity
    and as by-product of it)
  • Archival Bond explicit linkages to other records
    inside or outside the system
  • Identifiable Contexts juridical-administrative,
    provenancial (creator), procedural, documentary,
  • Medium necessary part of the technological
    context, not of the record
  • Fixed Form and Stable Content

Fixed Form
  • An entity has fixed form if its binary content is
    stored so that the message it conveys can be
    rendered with the same documentary presentation
    it had on the screen when first saved (different
    digital presentation Word to .pdf)
  • An entity has fixed form also if the same content
    can be presented on the screen in several
    different ways in a limited series of
    possibilities we have a different documentary
    presentation of the same stored record having
    stable content and fixed form (e.g. statistical
    data viewed as a pie chart, a bar chart, or a

Stable Content
  • An entity has stable content if the data and the
    message it conveys are unchanged and
    unchangeable, meaning that data cannot be
    overwritten, altered, deleted or added to
  • Bounded Variability when changes to the
    documentary presentation of a determined stable
    content are limited and controlled by fixed
    rules, so that the same query or interaction
    always generates the same result, and we have
    different views of different subsets of content,
    due to the intention of the author or to
    different operating systems or applications

Archival Fonds and Archives
  • Archival Fonds All the records of one creator
    (human or juridical person individual or
  • All the records of a legitimate succession of
    creators exercising the same functions
  • Archival Fonds are acquired by the archival
    institution, unit or program responsible by
    mandate or mission for their permanent
    preservation as documentary heritage of a society

Archives in the Cloud
  • Archival institutions and units or programs of a
    variety of organizations consider storing records
    selected for permanent preservation in the Cloud
  • Many of the records they are mandated to preserve
    already exist in the Cloud
  • Access would be possible from any location to
    anyone who can use a browser
  • A trusted digital repository satisfying ISO
    standards as well as basic archival preservation
    requirements is not affordable
  • The knowledge to deal with records produced by
    complex technologies is not commonly available
    among archival professionals
  • Strong protection measures are often confused
    with preservation measures
  • But, to many, Archives in the Cloud is an

Archives as a Place
  • Justinian Code (534 A.D.)
  • an archives is locus publicus in quo instrumenta
    deponuntur (the public place where records are
    deposited), quatenus incorrupta maneant (so that
    they remain uncorrupted), fidem faciant (provide
    trustworthy evidence), and perpetua rei memoria
    sit (and be perpetual memory of facts)
  • Ahasver Fritsch (1664 A.D.)
  • Archives receive trustworthiness from the fact
    that 1) the place of storage belongs to a public
    sovereign authority, 2) the officer forwarding
    them to such a place is a public officer, 3) the
    records are placed both physically (i.e., by
    location) and intellectually (i.e., by
    description) among authentic records, and 4) this
    association is not meant to be broken.

The Archival Right
  • The right to keep a place capable of conferring
    archives trustworthiness, and therefore
    authority, was acquired by the bodies to whom
    sovereignty was delegated by the supreme secular
    and religious powers--cities and churches.
  • Corporations, including universities, deposited
    their records in the camera actorum of the
    municipality having jurisdiction over them or in
    the archives of ecclesiastical institutions
    before acquiring the right to keep archives.
  • By the French revolution decree of July 25, 1794,
    the records of defunct institutions and
    organizations were to be preserved by the state
    and made accessible to the people as its
    documentary heritage.
  • Archival principles Natalis de Wailly (1841),
    principle of respect des fonds Max Lehmann
    (1882), principle of provenance (i.e. original
    order) Hilary Jenkinson, unbroken chain of
    legitimate custody

Trusted Postcustodialism?
  • The concepts of place, jurisdiction, legitimate
    custody, and stability are embedded in the
    concept of archives, documentary heritage, and
    trusted historical memory, and are the condition
    of archival trustworthiness.
  • The primary justification for these concepts is
    historical accountability the people have a
    right to access the authentic documentary
    evidence of how they were governed. For this to
    happen, the records must be under the unbroken
    physical and intellectual control of a trusted
    third party ensuring that their
    interrelationships as well as those with their
    creator are stable.
  • If archives were to exist in the Cloud, where
    responsibility for legal custody and intellectual
    control ensuring stability would be left with the
    legitimate preserver, but physical custody and
    technological access provisions would be of the
    Cloud provider, could they be considered
    trustworthy? Can society entrust the Cloud with
    its memory?

What is Trust?
  • In business, trust involves confidence of one
    party in another, based on alignment of value
    systems with respect to specific benefits
  • In legal theory, trust is defined as a
    relationship of voluntary vulnerability,
    dependence and reliance, based on risk assessment
  • In everyday life, trust involves acting without
    the knowledge needed to act. It consists of
    substituting the information that one does not
    have with other information
  • Trust is also a matter of perception and it is
    often rooted in old mechanisms which may lead us
    to trust untrustworthy entities
  • On the Internet, the standard of trustworthiness
    is that of the ordinary marketplace, caveat
    emptor, or buyer beware
  • This is because there is no standard for a
    trustworthy trustee on the Internet

Trustworthy Trustees
  • Trustworthy trustees traditionally present the
    characteristics of
  • reputation, which results from an evaluation of
    the trustees past actions and conduct
  • good performance, which is the relationship
    between the trustees present actions and the
    conduct required to fulfill his or her current
    responsibilities as specified by the truster
  • inspiring confidence, which is an assurance of
    expectation of action and conduct the truster has
    in the trustee and
  • competence, which consists of having the
    knowledge, skills, talents, and traits required
    to be able to perform a task to any given
  • But not always we have this information and this
    creates blind trust

Parameters of Trust
  • In the digital environment, technologically-mediat
    ed trust cannot rely any longer on the four
    characteristics used in the past.
  • Different systems for the assessment of trust are
    required for different contexts government,
    business, personal, etc. The parameters of trust
    in one cultural context may be very different
    from those in another context.
  • Even within the restricted confines of the
    Western world, the very limited portion of a
    cultural context which is represented by the
    legal system is broken down in common law and
    civil law, and each has a different approach to
    trust in common law it is based on observation
    of action, and in civil law on its documentary

Balance of Trust
  • If we decide to entrust our historical
    documentary memory to the Cloud, we must
    establish a balance between trust and
    trustworthiness that is valid across
    jurisdictions, primarily because of the location
    independence which characterizes the Cloud.
  • The trustworthiness we should focus on is then
    not of the trustees but of the historical records
    that are entrusted to them, keeping in mind that
    historical records, a society documentary memory,
    always start their life as current records and
    their trustworthiness should be protected from
  • Protecting the trustworthiness of the documentary
    heritage of society goes well beyond security.

Records Trustworthiness
  • Authenticity
  • The trustworthiness of a record that is what it
    purports to be, untampered with and uncorrupted
  • based on
  • identity
  • integrity
  • reliability of the system containing it
  • Reliability
  • The trustworthiness of a record as a statement of
  • based on
  • the competence of its author
  • the controls on its creation
  • Accuracy
  • The correctness and precision of a records
  • based on
  • the competence of its author
  • the controls on content recording and transmission

Authenticity Identity
  • The whole of the attributes of a record that
    characterize it as unique, and that distinguish
    it from other records.
  • Identity metadata
  • names of the persons concurring in its creation
  • date(s) and time(s) of issuing, creation and
  • the matter or action in which it participates
  • the expression of its documentary relationships
  • documentary form
  • digital presentation
  • the indication of any attachment(s)
  • digital signature
  • name of the person handling the business matter

Authenticity Integrity
  • A record has integrity if the message it is meant
    to communicate in order to achieve its purpose
    is unaltered.
  • Integrity metadata
  • name(s) of persons handling the matter over time
  • name of person(s) responsible for keeping the
    record over time
  • indication of annotations made to the record
  • indication of technical changes
  • indication of presence or removal of digital
  • time of planned removal from the system
  • time of transfer to a the designated preserver
    or destruction
  • time of access to the public
  • existence and location of duplicates outside the

Metadata in the Cloud
  • how does metadata follow or trace records in the
    cloud from the creator to the preserver?
  • how is this metadata migrated as a preservation
    activity over time?
  • who owns the metadata created by the service
    providers related to their management of the
    records (integrity metadata)?
  • Is metadata intellectual property? Whose?
  • How can this metadata be accessed by the public
    and what are the responsibilities of the provider
    towards archival users?

Transparency, Stability, Permanence
  • An unbroken chain of legitimate custody from the
    creator to the preserver is not possible or
  • Records reliability cannot be inferred from known
  • Records authenticity cannot be inferred from
    their documentary context and from a known
    preservation process
  • Archives requires that each records context be
    defined and immutable, with all its relationships
    intact. Such stability is difficult to
    demonstrate in the dynamically provisioned
    environment of the Cloud.
  • What happens when hardware/software become
    obsolete? Is there a known migration plan?
  • Termination of contract how is records
    portability and continuity ensured?
  • Termination of provider how is records
    sustainability ensured?

Back to Custody
  • A fundamental issue with keeping archives in the
    Cloud remains the distinction between the entity
    responsible for their permanent preservation and
    accessibility and the entity storing them, and
    the possibility that the jurisdiction under which
    each exists is different from that in which the
    individual components of each archival fonds (all
    the records of the same body) exist.
  • Example Europe is approving a right to be
    forgotten legislation which will affect all
    European archives. That is exactly what? The
    archives under the legal control of a European
    archival institution? Those stored by a European
    Cloud provider? Those that happen to be at any
    given time in servers located in Europe?
  • Remember archives as a place. Remember the
    chain of legitimate uninterrupted custody. The
    moral defence of archives requires
    transparency, stability and permanence. Whose

Models to Consider
  • Maritime rules of shipping centered on the
    recognition of the authority of the port state,
    the flag state and the coastal state
  • Early international maritime agreements
    established that the nationality of the transport
    vessel (the flag state) would establish
    jurisdiction, and by extension, the laws that
    would be in effect
  • Following the abuse of such rule, the port state
    was given greater control to inspect vessels
    coming within its territorial waters by the Law
    of the Sea Convention in 1982
  • Similarly, coastal states through whose waters
    the flagged vessels transit, have authority over
    the safety and competency of the ship and its
    crews and are also allowed inspection and
    enforcement while the vessel is in the coastal
    states waters regardless of the flag of either
    the vessel (flag state) or its destination (port

Making an Analogy
  • A Canadian university could place its archives
    into the care of an American CSP which in turn
    maintains its data centers in Brazil. Following
    the maritime example then, the American company
    would be the flag state that would be moving
    the goods to their ultimate destination in the
    port state of Brazil.
  • This analogy becomes problematic not only because
    the Canadian University owning the archives would
    have no jurisdiction, but also with regards to
    the rights of the coastal state, in that the
    pipe used to move the records can transit
    through several countries (coastal states) as
    they are routed along the way.
  • Traditionally, coastal states have not been
    granted access to inspecting packets of records
    as they move along the internet. The rules of
    conduct then become very difficult, if not
    impossible, to enforce by any of the parties

  • The territoriality principle is not applicable
    because it is not possible to know the location
    of the records at any given time
  • The nationality principle is not applicable
    because nationality is an attribute of persons,
    not records, and the principle cannot be used to
    connect persons to records
  • The power of disposal principle, which connects
    any data to the person or persons that obtain
    sole or collaborative access and that hold the
    right to alter, delete, suppress or to render
    unusable as well as the right to exclude others
    from access and any usage whatsoever can be
  • By analogy, it could be possible to consider a
    power of preservation principle that identifies
    the institutions controlling the archives as the
    trusted custodian and the place guaranteeing
    authenticity, but jurisdiction without
    responsibility defeats its entire purpose, even
    in a community cloud

Records In the Cloud (RIC)
  • A 4-year collaboration , supported by a Social
    Sciences and Humanities Research Council of
    Canada, between
  • the University of British Columbia (UBC) School
    of Library, Archival and Information Studies,
  • the UBC Faculty of Law,
  • the UBC Sauder School of Business,
  • the University of Washington School of
  • the University of North Carolina at Chapel Hill
    School of Information and Library Science,
  • the Mid-Sweden University Department of
    Information Technology and Media,
  • the University of Applied Sciences of Western
    Switzerland School of Business Administration,
  • the Cloud Security Alliance

RIC Objectives
  • to identify and examine in depth the theoretical,
    methodological, management, operational, legal,
    and technical issues surrounding the storage and
    management of records/archives in the Cloud
  • to determine what policies and procedures a
    provider should have in place for fully
    implementing the records/archives management
    regime of the entity outsourcing the
    records/archives storage, for responding promptly
    to its needs, and for detecting, identifying,
    analyzing and responding to incidents and
  • to develop guidelines to assist institutions and
    organizations in assessing the risks and benefits
    of outsourcing records/archives storage and
    processing to a cloud provider, for writing
    contractual agreements, certifications and
    attestations, and for the integration of
    outsourcing with the organization's records
    management and information governance programs
  • Today you will hear about initial findings of the
    research project.

InterPARES Trust (ITrust)
  • A 6-year multidisciplinary collaboration among 30
    countries in 6 continents, comprising about 250
  • The project aims at producing the frameworks that
    will support the development of integrated and
    consistent local, national and international
    networks of policies, procedures, regulations,
    standards and legislation concerning digital
    records entrusted to the Internet, to ensure
    public trust grounded on evidence of good
    governance, and a persistent digital memory.

ITrust studies
  • To support solutions to the archival issues
    raised today, ITrust has initiated research on,
    among other matters,
  • Metadata, to investigate to what degree the
    human and machine readable assertions about
    records existing in the cloud contribute to
    maintaining and assessing the authenticity of
    those records (Tennis)
  • Authenticity, to find a method for calculating,
    associating with records, and presenting trust
    parameters and the provenance of those parameters
  • Trust relationships, from the perspective of
    creators, preservers and users of
    records/archives (Foscarini)
  • Model contractual provisions dealing with
    technological change inter-jurisdictional and
    government regulation accessibility
    intellectual ownership protection of
    confidentiality and privacy agreed remedies in
    the event of breach of contract privity of
    contract and subcontracting, to identify just a
    few of the contentious areas (Sheppard)

  • We need to work towards resolution of issues as
    they present themselves, with the aim of
    developing solutions framed as a balance of
  • To establish a balance of trust requires
    enabling the development of trustworthy
    procedures and contractual conditions, in
    addition to secure technologies. We need to do so
  • identifying the changes required in our paradigms
    of trust in records/archives and
    preservation systems, and
  • developing an internationally shared trust
    framework that both providers and users can
    live by, because the current framework within
    which the Cloud operates and security concerns
    are addressed is inconsistent within and across
    jurisdictional and disciplinary boundaries.
  • Only then we can require and expect stability,
    transparency, accountability, and permanence in
    addition to security and economy, develop a Trust
    in the Cloud founded on the Trustworthiness of
    the material it stores, and conclude that
    documentary heritage in the Cloud is not an