Authentic and Trustworthy Electronic Records
July 12, 2005
Dr. Charles Dollar
Fifth in the Missouri Electronic Records Education and Training Initiative (MERETI) workshop series
Note: Click on the to watch the instructor discuss key points. The number refers to the corresponding slide in the accompanying PowerPoint presentation and handout.
Workshop five focused on the long-term access to authentic and trustworthy digital information. Instructor Charles Dollar discussed several topics including the challenge of managing electronic records, the capture of electronic records, differences between various encryption technologies, and the transmission and storage of electronic records.
The Challenge of Electronic Records
Dr. Dollar looked at the vulnerability of internet communications, and how it was possible to modify electronic records without visible evidence by manipulating 1s and 0s. 6 He provided some examples of how slight alterations can completely change the meaning or authenticity of a record.
Electronic Records Terminology
Several terms were defined to provide a common definition for subjects Dr. Dollar discussed throughout the presentation. 8 In particular, he pointed out the difference between an original and copy and how this can be significant in proving the trustworthiness of the electronic records. 11 He discussed authentication 13, authenticity, and integrity of records, the basis for legal admissibility of records in court, and archiving and the information lifecycle.
Capture of Electronic Records
Dr. Dollar discussed some of the issues that need to be addressed when capturing electronic information to increase the authentic and trustworthiness of the records. His first point was that it should be done as part of an organization’s ordinary course of business. He recommended capturing as much information as possible at or near the time of the event to increase the accuracy of the information available about the records. He stressed the need to make sure the metadata captured was sufficient to provide that an organization’s records were what they purported to be.
Transmission of Electronic Records
The majority of the Workshop was spent on discussion of the transmission of authentic and trustworthy electronic records. Dr. Dollar began his discussion by defining and providing examples of some of the transmission technology in use today. He offered an in-depth discussion of two of the more popular encryption technologies - Secure Socket Layer (SSL) and Public Key Infrastructure (PKI). He ended this section of the presentation discussing some records management guidance for using encryption during the regular course of business.
The definition for cryptography Dr. Dollar used was - the science of using mathematics to store/send sensitive information so that only the intended recipient can read it. He presented a brief history of how cryptography had evolved. He offered several visual representations and tables of symmetric, asymmetric, and hash digest encryption, when he discussed some of the different encryption algorithms standards that were used in business and by government. 34 35 38 43 48 51 52
Dr. Dollar defined digital signatures. He explained their significance and presented examples of how digital signature certificates were generated and used. He looked at the various trust levels of a digital signature. The trust levels were based on the number of individuals or organizations that had a hand in delivering the encrypted message.
Secure Socket Layers and Public Key Infrastructure
The discussion then shifted to two different types of encryption methods – Secure Socket Layers (SSL) 74 and Public Key Infrastructure (PKI) 67-68. SSL was described as a method for securing a point-to-point connection so that no outside party could read the message while it was being transmitted. PKI was described as a method of authenticating the sender of a message, using a third party, that would not protect confidentiality. 83 87 Dr. Dollar offered numerous examples of how each worked and discussed some of the important components of each method. He included charts on the assurance levels of PKI transmissions, and discussed the PKI standard X.509. 85 The section concluded with several points about managing encrypted files as a records manager. 103 105 108
Storage of Electronic Records
During the next section of the Workshop, Dr. Dollar focused on the storage and retrieval of documents that were encrypted and/or contain digital signatures. He stressed that both encryption and digital signatures posed a significant problems for long-term storage. Without the encryption keys, information might as well be destroyed because it can not be accessed. 109 111 Digital signatures expire at a certain point in time, and the signature can not be certified as authentic after that time. 114 121
He looked at file formats and media types and how viable they would be for long-term storage. 130 132 Then he briefly discussed conversion issues that need to be addressed to sustain the accessibility to electronic records in the future. 134
In his conclusion, Dr. Dollar offered several suggestions to the attendees. He challenged the attendees to rethink how they manage electronic records. 138a 138b 138c 138d 103b He explained his thoughts on why electronic records management should be an important priority for government. He offered suggestions for what the different groups such as records managers, archivist, IT, legal, and the users, could bring to the table when discussing these issues.