User:Faintl/Digital Archives Security

Introduction
The Society of American Archivists defines security as the “measures taken to protect materials from unauthorized access, change, destruction, or other threats .” When applied to digital archives in the frame of information security it is often described in three main components: confidentiality, integrity, and authority. Prior to digital archives, users needed to visit a physical repository and were limited by only viewing the records of interest in the archive’s reading room. Today, as more archives download records online, access to these records has increased dramatically, but so have the security concerns.

Confidentiality
Confidentiality indicates who is authorized to use the specified information. This encompasses physical location of the computer or network, password protection, and encryption of staff computers and back-up servers to prevent unauthorized access, as well as cybersecurity measures to detect and deter malware (e.g. viruses) and malicious interference. Copyright, intellectual property rights, and privacy concerns such as those relating to medical records (Health Insurance Portability and Accountability Act of 1996—HIPAA) and school records (Family Educational Rights and Privacy Act of 1974—FERPA) must also be considered and, are at greater risk to unauthorized access and use in a digital archive than they have traditionally been in analog form at the repository.

These concerns are even more amplified in the context of indigenous and cultural heritage materials. Copyright and intellectual property rights are generally Western constructs which are often contradictory to indigenous communities’ understanding of and desire to control their own records. An example of confidentiality being applied to indigenous communities according to their needs is the creation of a content management system called Murkurtu and the promotion of Traditional Knowledge (TK) licenses and labels. Murkurtu can help provide levels of access to users depending on their connection and position within the community. Through both of these programs indigenous communities regain control of their records while helping to provide context and determine appropriate access for others to their records. An example of this in application can be found in the Library of Congress Ancestral Voices Collection—https://www.loc.gov/collections/ancestral-voices/about-this-collection/

Integrity
Integrity implies that a record has not been altered and remains whole. For a traditional paper record this could include making sure there are no rips, tears, missing pages, erroneous marks, or fading to the document. In addition, integrity entails establishing and maintaining original order of the records at all times. In digital archives bit-rot, corruption of files, and malware concerns must be addressed. Whether items are born-digital (created in digital format) or digitized (scanned or otherwise modulated from analog to digital format), keeping the data from degradation or corruption is a never-ending struggle. Digital records, and especially those that are born-digital, are at greater risk for destabilization, loss, and incompatibility than their analog counterparts, warranting more robust and consistent monitoring and protection. As such, fixity and preservation become key components of securing integrity of a record.

Fixity indicates that files and other data are in a stable environment so as to prevent the loss of data through time, human error, or malicious intent. Preservation is the steps taken to protect fixity. The use of cryptographic devices such as checksums, time stamps, and digital signatures are the most used preservation techniques applied to born-digital and digitized material to check fixity and achieve integrity in a digital archive.

Accessibility
At first glance it may be assumed that authenticity and integrity are synonymous, however even though they are interrelated they are not interchangeable. While integrity addresses the wholeness of a record, authenticity verifies that the record is what it claims to be. To better understand their relationship think of “integrity [as] a relative term, authenticity is generally thought of as an established fact.” Maintaining original order helps establish integrity of a record. Authenticity helps establish provenance, or the record’s identity.

Since authenticity and integrity are so closely related, preservation is also a mainstay in safeguarding the authenticity of a digital record. As discussed in the integrity section, digital records typically require much more supervision and care than their paper or analog counterparts. This holds true for authenticity as well. Normally, authenticity is established upon accessioning and rarely needs to be addressed again. In digital archives, however, authenticity reviews must be conducted regularly, and are often done in conjunction with integrity reviews and by the same tools. For example, by knowing the checksum of an original file the integrity and authenticity can be verified for a migrated or refreshed file. If the two checksums are the same, integrity and authenticity have been maintained. If not, there has been corruption of the record and additional preservation will be needed to try and restore integrity and authenticity.