Published on Free Government Information (FGI) (http://freegovinfo.info)

Home > Issues

By sjyeo
Created 2004-11-29 20:50

Issues

There are many issues surrounding the future of government information. FGI has identified the three core and overlapping issues of access to, preservation of, and privacy for users of government information. See the pages below for more information on each of these issues.

Bookmark/Search this post with:
  • Delicious [1]
  • Digg [2]
  • StumbleUpon [3]
  • Reddit [4]
  • Furl [5]
  • Facebook [6]
  • Twitter [7]
  • Google [8]
  • Yahoo [9]
  • LinkedIn [10]
  • Technorati [11]
Average: 2.2 (24 votes)

Access

*Update October 21,2005: James R. Jacobs, Shinjoung Yeo, and Danial Cornwall were invited to speak at the Nevada Library Association Annual Conference. Here's Shinjoung's panel presentation about access and government information [12].

What do we mean when we say we want access to government information? What is government information? What is access? These are serious questions that can affect the debate on full public access to government information.

What we call "government information" is produced by many sources and in many formats; but in our view any information activity that is taxpayer funded is government information. That is, if government paid for the information to be collected and produced, it should be considered government information. This includes reports, journals, databases and other products a government has funded. People like to say that "It's the people's money." We say that "It's the people's information." Aside from very narrow exceptions for personal privacy and honest national security concerns, we believe the public is entitled to what it has paid for.

Having loosely defined "government information", let us turn to "access." Access can be defined as connecting a citizen with information produced by her government. This could mean the citizen finds a government publication or requests a public record.

In the old days before the Internet, access was easy to define. You had access to a publication if either it was deposited in a library, or if the issuing agency provided you with a copy of their publication. This was after you learned that the publication existed, either by consulting a library or seeing a publication announcement in local media. On the down side, relatively few people could actually use government information because only person could access a given item at a given library. On the plus side, government agencies found it next to impossible to alter or destroy every single copy of a publication it no longer wished to be public. Also, a disaster in one city or even in Washington DC itself wouldn't affect the country's access to the publication. There would likely be at least one library that still had the item.

The Internet changed everything for both good and bad. The good news was that now millions of people could access the same government document simultaneously. Also, people didn't have to wait for publications to be shipped out of Washington, DC. With some exceptions, people pretty much had equal access to the information.

The bad news is that in many cases we are left with one, or perhaps two, digital copies of documents under Federal control. This leaves government information with the following vulnerabilities:

  • A natural disaster or terror attack that eliminated Washington DC would remove electronic federal information from the public domain.
  • A future cash-strapped government might decide to charge for access to taxpayer funded information.
  • The government can, and already has limited simultaneous access to some government resources to one or two people at a time per library (i.e. StatUSA).
  • Government agencies may choose to remove public information from the Internet without public process. This has already happened [13]
  • Government agencies or hackers could alter or corrupt copies of taxpayer funded reports and data.

There is more that can be said about access. Check this space for updates to this article.



For further exploration try...

Web resources

If you would like to locate one of the items below in a library, just click on the title of the book or journal. If the item is not held by a library near you, ask your local library [17] to borrow it through Interlibrary Loan.

Articles

  • Feinberg, Lotte E. FOIA, federal information policy, and information availability in a post-9/11 world.
    Government Information Quarterly [18], 2004, Vol. 21 Issue 4, p439, 22p.
  • Kennedy, Shirley Duglin On the Net, Off the Net. Information Today [19], Nov2004, Vol. 21 Issue 10, p17, 2p;
  • Hartman, Cathy Nelson. Storage of Electronic Files of Federal Agencies That Have Ceased Operation: A Partnership for Permanent Access. Government Information Quarterly [18], 2000, Vol. 17 Issue 3, p299, 9p

Books

Please post suggestions for this bibliography in the comments section.

Bookmark/Search this post with:
  • Delicious [23]
  • Digg [24]
  • StumbleUpon [25]
  • Reddit [26]
  • Furl [27]
  • Facebook [28]
  • Twitter [29]
  • Google [30]
  • Yahoo [31]
  • LinkedIn [32]
  • Technorati [33]
Average: 4 (4 votes)

Authenticity

Who do you Trust? The Authentication Problem

How do we know when a digital document is "authentic"? While many in the library and academic communities hope that there will be a technological solution, the reality is that technology alone cannot solve the problem of authenticity. A report this week of research at a Chinese university illuminates one reason for this: technical tools are subject to failure, compromise, forgery, and hacking.

The article reports a flaw in an official federal standard that was originally devised by the National Security Agency and is widely used to create and verify digital signatures in e-mail and on the Web. In fact, it is embedded in every modern Web browser and operating system. The CNET article notes that, while the flaw that Chinese scientists discovered in the "Secure Hash Algorithm" is "theoretical," it will eventually make it easier to forge electronic signatures.

But authenticity requires more than secure software. Even if we had a tool that could never be hacked and that would last forever, we would still only have part of a solution: the technical part. The other part of the solution is social: it is the issue of Trust.

Software provides the technical part of the solution

The technology of authentication provides a way to verify that a document is what it purports to be and determine if it has been altered or not. Document-creators can use software to create special files (called "hashes" or "signatures" or "keys") based on the original document. These special files are typically stored with a "trusted third party" -- neither the document creator nor the recipient. Document-users can then use software to check the authenticity of the document in hand against that "hash." The software is able to determine only if the document in hand is identical to the original. Even the smallest change (e.g., the insertion or removal of a blank space) will result in a report that the documents are not identical.

Trust is the social part of the solution

But this technological check does not solve the authentication problem by itself. The check against the hash is only as reliable as the trusted third party. The software just gives us a technical means of shifting who we trust -- instead of trusting the party that delivered the document to us, for example, we trust a third party that tells us that the hash is correct and authentic. If the hash isn't authentic and unchanged, the check against the hash is worthless.

This concept of a trusted third party is, therefore, an essential component of the authentication chain. That should lead us to an important question: who will we choose as our trusted third parties? This is important because the tools only work if we can trust the third party to do its job. In the case of government information essential to our democracy, this trust has to last forever.

Who do you trust?

Ask yourself who in society is the most trusted third party in delivering information? The government? The press? Publishers? Technology companies like Microsoft and Verizon?

What about libraries?

Now ask yourself what we will do if we think that technological-verification is all we need to ensure authentication and we find one day that the tools have failed as described in the CNET article.

A Social Solution built on Trusted Institutions and Legal Deposit

Trust is a social phenomenon, not a technical one. What if, instead of putting all our faith in potential technological "solution" for ensuring authenticity of government documents, we instead relied on the existing infrastructure of depository libraries to ensure authenticity through their collective possession of multiple copies of digital government publications, distributed by GPO at the time of their publication under the legal-mandate of 44 USC?

This solution promises to be a sound, sustainable one because it relies on libraries as the trusted repository of information. Libraries have a long, well-established social role of providing information; people trust libraries because of it. Libraries have a vested interest in ensuring that the information they provide is authentic and people trust them to do so because it is their primary mission -- not a byproduct of publishing or making money or the various missions of government agencies.

The trust people place in libraries in general can be increased in the digital environment by relying, not on one or two libraries, but on many libraries with different funding streams and missions. Any unforeseen compromise in one institution becomes a single error in a large system of information-provision. (See Article outlines bottom-up standards for digital preservation systems [35].) Even in the paper and ink world, forgeries are possible -- though more difficult than in the digital world -- and one important way we determine authenticity is by comparing multiple copies.

A different approach

This approach is subtly different from the approach of hoping for a technological solution to authenticity. It recognizes that the social issue of trust (along with the existence of multiple copies controlled by different parties) is paramount and the role of technology is secondary. The role of technology is simply to provide tools to help implement that trust. Indeed, if we used this social-trust legal-digital-deposit approach, libraries would still use technical tools (e.g., LOCKSS, PKI, state of the art hash technologies) to validate the integrity of digital files. Combine these tools with trusted institutions, legal deposit, and multiple copies under multiple jurisdictions and you have fail-safe a recipe for ensuring authenticity.

Summary

The problem with hoping for a technological solution was clearly articulated back in 2000 by Abby Smith, Director of Programs at the Council on Library and Information Resources.

Interestingly, the scholar-participants suggested that technological solutions to the problem [of establishing the authenticity of a digital object] will probably emerge that would obviate the need for trusted third parties. Such solutions may include, for example, embedding texts, documents, images, and the like with various warrants (e.g., time stamps, encryption, digital signatures, and watermarks). The technologists replied with skepticism, saying that there is no technological solution that does not itself involve the transfer of trust to a third party. Encryption -- for example, public key infrastructure (PKI) -- and digital signatures are simply means of transferring risk to a trusted third party. Those technological solutions are as weak or as strong as the trusted third party. To devise technical solutions to what is, in their view, essentially a social challenge is to engender an "arms race" among hackers and their police.
-- Digital Authenticity in Perspective [36] in "Authenticity in a Digital Environment," Council on Library and Information Resources, Publication 92. (May 2000).

James A. Jacobs, November 3, 2005

Bookmark/Search this post with:
  • Delicious [37]
  • Digg [38]
  • StumbleUpon [39]
  • Reddit [40]
  • Furl [41]
  • Facebook [42]
  • Twitter [43]
  • Google [44]
  • Yahoo [45]
  • LinkedIn [46]
  • Technorati [47]
Average: 5 (1 vote)

Preservation

*Update October 21,2005: James R. Jacobs, Shinjoung Yeo, and Danial Cornwall were invited to speak at the Nevada Library Association Annual Conference. Here's Daniel's panel presentation about preservation and government information [48].

Preserving government information is key to our survival as a nation. If we don't remember what we've done and why we've done it, repeating history may be the least of our worries.

In the analog world, preservation is a relative simple matter of caring for a physical object. Millions of people can visit the Declaration of Independence, the Constitution and the Bill of Rights because the National Archives has taken care of the paper these documents are written on. Since the words of these important documents are human readable, no machinery is needed to make the words understandable. Given the proper conditions, citizens celebrating our nation's 500th anniversary in 2276 will be able to read these core documents of history.

By contrast, digital publications and data are fragile. The main enemies of the successful preservation of digital materials are the media and the file format the data is in.

Currently there are two types of media for storing digital data - magnetic and optical. Magnetic encompasses audio and video tapes, floppy drives, removable hard drives, flash drives and magnetic tape. Optical media includes the various flavors of CDs and DVDs. Magnetic media has a proven poor track record as a durable storage format. Most magnetic media may last from 10-20 years [49]. If material isn't copied onto new magnetic media, it can be lost [50]. Optical media fares better in terms of holding data without decay. The National Institute of Standards and Technology estimates that CD-R's and DVD-Rs may last several tens of years [51]. Some people estimate the lifetime of the highest quality of optical media to be close to a century. Still, this is only a fraction of the lifetime of quality paper or the estimated lifetime of microfilm [52].

However, length of media is really the least of our worries. A much greater problem is technological obsolescence. Have you tried to read a 5 1/4" disk or pull up a Wordstar document lately? There are many examples of lost data [53] because no equipment or software exists to read it. Data could be lost to technological obsolescence within ten years if it's not migrated into new formats.

So, how can we preserve digital information? Currently, no one knows how to best preserve digital information in a digital format, though there are some promising approaches [54]. So far the safest approach is the "analog backup"; otherwise known as making tangible copies.

There are several groups studying the preservation of digital government information, including the Government Printing Office, the National Archives, the ALA Government Documents Roundtable and the LOCKSS group [55] at Stanford University.



For further exploration try...

Web resources

Articles

  • Carlson, Scott. The Uncertain Fate of Scholarly Artifacts in a Digital Age. Chronicle of Higher Education, 1/30/2004, Vol. 50 Issue 21, pA25, 3p.
  • Hutt, Arwen. Protecting Your Library's Digital Resources: The Essential Guide to Planning and Preservation. Library Resources & Technical Services, Jan2005, Vol. 49 Issue 1, p58, 2p;
  • Jacobs, James A; Jacobs, James R. and Yeo, Shinjoung Government Information in the Digital Age: The Once and Future Federal Depository Library Program. Journal of Academic Librarianship. May 2005. Available on the Internet at http://ssdc.ucsd.edu/jj/fdlp/ [60].

Books

  • General Accounting Office. (2002). Information Management: Challenges in Managing and Preserving Electronic Records' . Washington DC: General Accounting Office.
  • Hunter, Gregory S. (2000) Preserving digital information:a how-to-do-it manual New York: Neal-Schuman Publishers.
  • Lazinger, Susan S.and Tibbo, Helen R. (2001) Digital preservation and metadata :history, theory, practice. Englewood, CO: Libraries Unlimited.

Please post suggestions for this bibliography in the comments section.

Bookmark/Search this post with:
  • Delicious [61]
  • Digg [62]
  • StumbleUpon [63]
  • Reddit [64]
  • Furl [65]
  • Facebook [66]
  • Twitter [67]
  • Google [68]
  • Yahoo [69]
  • LinkedIn [70]
  • Technorati [71]
Average: 5 (1 vote)

Privacy

*Update October 21,2005: James R. Jacobs, Shinjoung Yeo, and Danial Cornwall were invited to speak at the Nevada Library Association Annual Conference. Here's James' panel presentation about privacy and government information [72].

What you read about your government (or about anything) should be your business. But how well is your privacy protected? There is a great difference in privacy between the analog world of government publications and the Internet. In the analog world you decide the amount of privacy you have; in the digital world the servers of the information decide how much privacy they'll let you have.

Let's look at three examples: walking into a federal depository library [73]; viewing information on a library's web site [74]; and downloading a document from Federal Agency X's web site.

The Physical Depository Library - You can usually walk right into a Federal Depository Library. There are a few that may ask for identification, but even these libraries do not track your browsing. Once you walk in, you can browse all you like without being tracked. You can take books off the shelves and look through them and if you put them back on the shelves, no one will know what titles you looked through. If you decide to check some reports out of the depository, you'll be protected by the confidentiality statutes [75] of the state where the library is. Since October 2001, it's been possible for your reading records to be turned over to federal authorities [76], but most libraries erase the record of any books you've checked out once you turn them in.

Viewing information on a library web site - Most libraries have websites these days. Many have explicit privacy policies [77] that limit the information that the library collects. Some of the information they could collect [78] include:

  • The address (IP) of your computer or Internet provider.
  • The date and time you accessed their site.
  • The Internet address of the web site that referred you to their site.
  • Tracking information via cookies [79]. Most libraries won't put cookies on your computer.

States differ, but most of the time you can expect that your use of the library's web site to be protected by the same laws that safeguard your reading record. Also, if you follow a link off a library's web site, you are no longer covered by their privacy policy.

Downloading Files from the website of Federal Agency X - When you go to http://www.fedagencyx.gov; [80] the agency is able to collect the same kinds of information [78] that the library can. According to M-03-22, OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002 [81], federal sites may use cookies if there is a compelling need. According to the same memo, federal agencies must have a policy. We at Free Government Information are unaware of federal statutes protecting federal web browsing.

Does this mean we cannot have Internet access to government information without Uncle Sam looking over our shoulder? No. One solution would be to deposit electronic copies of government information with libraries and let the libraries serve the information on their own servers. That way, electronic government documents would be accessed from privacy minded librarians. Even if the government used its new powers under the PATRIOT act, it would have to make literally thousands of requests to find out who has handled a given document. This is unlike the current system, where the gov't can ask its own webmasters for as much data as they like without anyone knowing.



For further exploration try...

Web resources

Articles

  • Huff, James. Patron Confidentiality, Millennium Style. American Libraries, Jun/Jul99, Vol. 30 Issue 6, p86, 2p,
  • Martin, Shannon; Chamberlin, Bill F.; Dmitrieva, Irina. State Laws Requiring World Wide Web Dissemination of Information: A Review of State Government Mandates for Documents Online. Information & Communications Technology Law, Jun2001, Vol. 10 Issue 2, p167, 12p,
  • Murphy, Bernadette. Privacy and government information issues: Looking forward, looking back. College & Research Libraries News, Feb2005, Vol. 66 Issue 2, p132, 1p;

Books

  • General Accounting Office. (2000). Internet privacy: comparison of federal agency practices with FTC's fair information principles . Washington DC: General Accounting Office.
  • Hernon, Peter. (2002). United States government information : policies and sources. Westport, CT: Libraries Unlimited.
  • Podesta, John and Shane, Peter M. (2004). A little knowledge : privacy, security, and public information after September 11th. New York: Century Foundation Press.

Please post suggestions for this bibliography in the comments section.

Bookmark/Search this post with:
  • Delicious [85]
  • Digg [86]
  • StumbleUpon [87]
  • Reddit [88]
  • Furl [89]
  • Facebook [90]
  • Twitter [91]
  • Google [92]
  • Yahoo [93]
  • LinkedIn [94]
  • Technorati [95]
Average: 5 (2 votes)

Questions about FGI?
Find government information
find your nearest Federal Depository Library
Chat online with a government information librarian (Govt Information Online not affiliated w/ FGI)
Submit a reference question to Govt Information Online

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 License.

SOS! Support Open Source Software!
public.resource.org

Server space and more graciously provided by LIS Host

Add to Technorati Favorites

Source URL: http://freegovinfo.info/issues

Links:
[1] http://del.icio.us/post?url=http://freegovinfo.info/issues&title=Issues
[2] http://digg.com/submit?phase=2&url=http://freegovinfo.info/issues&title=Issues
[3] http://www.stumbleupon.com/submit?url=http://freegovinfo.info/issues&title=Issues
[4] http://reddit.com/submit?url=http://freegovinfo.info/issues&title=Issues
[5] http://www.furl.net/storeIt.jsp?u=http://freegovinfo.info/issues&t=Issues
[6] http://www.facebook.com/sharer.php?u=http://freegovinfo.info/issues&t=Issues
[7] http://twitter.com/home/?status=http://freegovinfo.info/issues -- Issues
[8] http://www.google.com/bookmarks/mark?op=add&bkmk=http://freegovinfo.info/issues&title=Issues
[9] http://bookmarks.yahoo.com/myresults/bookmarklet?u=http://freegovinfo.info/issues&t=Issues
[10] http://www.linkedin.com/shareArticle?mini=true&url=http://freegovinfo.info/issues&title=Issues&summary=There are many issues surrounding the future of government information. FGI has identified the three core and overlapping issues of access to, preservation of, and privacy for users of government information. See the pages below for more information on each of these issues.&source=Free Government Information (FGI)
[11] http://technorati.com/search/http://freegovinfo.info/issues
[12] http://freegovinfo.info/node/290
[13] http://slate.msn.com/id/2114963/
[14] http://www2.library.unr.edu/dept/bgic/Duncan/RAGI.html
[15] http://www.ombwatch.org/info
[16] http://www.openthegovernment.org/
[17] http://nces.ed.gov/globallocator/
[18] http://worldcatlibraries.org/wcpa/oclc/10024704
[19] http://worldcatlibraries.org/wcpa/oclc/10142299
[20] http://worldcatlibraries.org/wcpa/oclc/50124882
[21] http://worldcatlibraries.org/wcpa/oclc/18106331
[22] http://worldcatlibraries.org/wcpa/oclc/54461842
[23] http://del.icio.us/post?url=http://freegovinfo.info/issues/access&title=Access
[24] http://digg.com/submit?phase=2&url=http://freegovinfo.info/issues/access&title=Access
[25] http://www.stumbleupon.com/submit?url=http://freegovinfo.info/issues/access&title=Access
[26] http://reddit.com/submit?url=http://freegovinfo.info/issues/access&title=Access
[27] http://www.furl.net/storeIt.jsp?u=http://freegovinfo.info/issues/access&t=Access
[28] http://www.facebook.com/sharer.php?u=http://freegovinfo.info/issues/access&t=Access
[29] http://twitter.com/home/?status=http://freegovinfo.info/issues/access -- Access
[30] http://www.google.com/bookmarks/mark?op=add&bkmk=http://freegovinfo.info/issues/access&title=Access
[31] http://bookmarks.yahoo.com/myresults/bookmarklet?u=http://freegovinfo.info/issues/access&t=Access
[32] http://www.linkedin.com/shareArticle?mini=true&url=http://freegovinfo.info/issues/access&title=Access&summary=*Update October 21,2005: James R. Jacobs, Shinjoung Yeo, and Danial Cornwall were invited to speak at the Nevada Library Association Annual Conference. Here's Shinjoung's panel presentation about access and government information. What do we mean when we say we want access to government information? What is government information? What is access? These are serious questions that can affect the debate on full public access to government information. What we call "government information" is produced by many sources and in many formats; but in our view any information activity that is taxpayer funded is government information. That is, if government paid for the information to be collected and produced, it should be considered government information. This includes reports, journals, databases and other products a government has funded. People like to say that "It's the people's money." We say that "It's the people's information." Aside from very narrow exceptions for personal privacy and honest national security concerns, we believe the public is entitled to what it has paid for. Having loosely defined "government information", let us turn to "access." Access can be defined as connecting a citizen with information produced by her government. This could mean the citizen finds a government publication or requests a public record. In the old days before the Internet, access was easy to define. You had access to a publication if either it was deposited in a library, or if the issuing agency provided you with a copy of their publication. This was after you learned that the publication existed, either by consulting a library or seeing a publication announcement in local media. On the down side, relatively few people could actually use government information because only person could access a given item at a given library. On the plus side, government agencies found it next to impossible to alter or destroy every single copy of a publication it no longer wished to be public. Also, a disaster in one city or even in Washington DC itself wouldn't affect the country's access to the publication. There would likely be at least one library that still had the item. The Internet changed everything for both good and bad. The good news was that now millions of people could access the same government document simultaneously. Also, people didn't have to wait for publications to be shipped out of Washington, DC. With some exceptions, people pretty much had equal access to the information. The bad news is that in many cases we are left with one, or perhaps two, digital copies of documents under Federal control. This leaves government information with the following vulnerabilities: A natural disaster or terror attack that eliminated Washington DC would remove electronic federal information from the public domain. A future cash-strapped government might decide to charge for access to taxpayer funded information. The government can, and already has limited simultaneous access to some government resources to one or two people at a time per library (i.e. StatUSA). Government agencies may choose to remove public information from the Internet without public process. This has already happened Government agencies or hackers could alter or corrupt copies of taxpayer funded reports and data. There is more that can be said about access. Check this space for updates to this article. For further exploration try... Web resources ALA Task Force on Restrictions on Access to Government Information OMB Watch: Information and Access Open the Government If you would like to locate one of the items below in a library, just click on the title of the book or journal. If the item is not held by a library near you, ask your local library to borrow it through Interlibrary Loan. Articles Feinberg, Lotte E. FOIA, federal information policy, and information availability in a post-9/11 world. Government Information Quarterly, 2004, Vol. 21 Issue 4, p439, 22p. Kennedy, Shirley Duglin On the Net, Off the Net. Information Today, Nov2004, Vol. 21 Issue 10, p17, 2p; Hartman, Cathy Nelson. Storage of Electronic Files of Federal Agencies That Have Ceased Operation: A Partnership for Permanent Access. Government Information Quarterly, 2000, Vol. 17 Issue 3, p299, 9p Books Hernon, Peter. (2002). United States government information : policies and sources. Westport, CT: Libraries Unlimited. Hernon, Peter and McClure, Charles R. (1988). Public access to government information : issues, trends, and strategies . Norword, NJ: Ablex Pub. Corp Podesta, John and Shane, Peter M. (2004). A little knowledge : privacy, security, and public information after September 11th. New York: Century Foundation Press. Please post suggestions for this bibliography in the comments section. &source=Free Government Information (FGI)
[33] http://technorati.com/search/http://freegovinfo.info/issues/access
[34] http://news.zdnet.com/2100-1009_22-5924982.html
[35] http://freegovinfo.info/node/240
[36] http://www.clir.org/pubs/reports/pub92/smith.html
[37] http://del.icio.us/post?url=http://freegovinfo.info/authenticity&title=Authenticity
[38] http://digg.com/submit?phase=2&url=http://freegovinfo.info/authenticity&title=Authenticity
[39] http://www.stumbleupon.com/submit?url=http://freegovinfo.info/authenticity&title=Authenticity
[40] http://reddit.com/submit?url=http://freegovinfo.info/authenticity&title=Authenticity
[41] http://www.furl.net/storeIt.jsp?u=http://freegovinfo.info/authenticity&t=Authenticity
[42] http://www.facebook.com/sharer.php?u=http://freegovinfo.info/authenticity&t=Authenticity
[43] http://twitter.com/home/?status=http://freegovinfo.info/authenticity -- Authenticity
[44] http://www.google.com/bookmarks/mark?op=add&bkmk=http://freegovinfo.info/authenticity&title=Authenticity
[45] http://bookmarks.yahoo.com/myresults/bookmarklet?u=http://freegovinfo.info/authenticity&t=Authenticity
[46] http://www.linkedin.com/shareArticle?mini=true&url=http://freegovinfo.info/authenticity&title=Authenticity&summary=Who do you Trust? The Authentication Problem How do we know when a digital document is "authentic"? While many in the library and academic communities hope that there will be a technological solution, the reality is that technology alone cannot solve the problem of authenticity. A report this week of research at a Chinese university illuminates one reason for this: technical tools are subject to failure, compromise, forgery, and hacking. U.S. mulls new digital-signature standard, By Anne Broache, and Declan McCullagh, CNET News.com, November 1, 2005. The article reports a flaw in an official federal standard that was originally devised by the National Security Agency and is widely used to create and verify digital signatures in e-mail and on the Web. In fact, it is embedded in every modern Web browser and operating system. The CNET article notes that, while the flaw that Chinese scientists discovered in the "Secure Hash Algorithm" is "theoretical," it will eventually make it easier to forge electronic signatures. But authenticity requires more than secure software. Even if we had a tool that could never be hacked and that would last forever, we would still only have part of a solution: the technical part. The other part of the solution is social: it is the issue of Trust. Software provides the technical part of the solution The technology of authentication provides a way to verify that a document is what it purports to be and determine if it has been altered or not. Document-creators can use software to create special files (called "hashes" or "signatures" or "keys") based on the original document. These special files are typically stored with a "trusted third party" -- neither the document creator nor the recipient. Document-users can then use software to check the authenticity of the document in hand against that "hash." The software is able to determine only if the document in hand is identical to the original. Even the smallest change (e.g., the insertion or removal of a blank space) will result in a report that the documents are not identical. Trust is the social part of the solution But this technological check does not solve the authentication problem by itself. The check against the hash is only as reliable as the trusted third party. The software just gives us a technical means of shifting who we trust -- instead of trusting the party that delivered the document to us, for example, we trust a third party that tells us that the hash is correct and authentic. If the hash isn't authentic and unchanged, the check against the hash is worthless. This concept of a trusted third party is, therefore, an essential component of the authentication chain. That should lead us to an important question: who will we choose as our trusted third parties? This is important because the tools only work if we can trust the third party to do its job. In the case of government information essential to our democracy, this trust has to last forever. Who do you trust? Ask yourself who in society is the most trusted third party in delivering information? The government? The press? Publishers? Technology companies like Microsoft and Verizon? What about libraries? Now ask yourself what we will do if we think that technological-verification is all we need to ensure authentication and we find one day that the tools have failed as described in the CNET article. A Social Solution built on Trusted Institutions and Legal Deposit Trust is a social phenomenon, not a technical one. What if, instead of putting all our faith in potential technological "solution" for ensuring authenticity of government documents, we instead relied on the existing infrastructure of depository libraries to ensure authenticity through their collective possession of multiple copies of digital government publications, distributed by GPO at the time of their publication under the legal-mandate of 44 USC? This solution promises to be a sound, sustainable one because it relies on libraries as the trusted repository of information. Libraries have a long, well-established social role of providing information; people trust libraries because of it. Libraries have a vested interest in ensuring that the information they provide is authentic and people trust them to do so because it is their primary mission -- not a byproduct of publishing or making money or the various missions of government agencies. The trust people place in libraries in general can be increased in the digital environment by relying, not on one or two libraries, but on many libraries with different funding streams and missions. Any unforeseen compromise in one institution becomes a single error in a large system of information-provision. (See Article outlines bottom-up standards for digital preservation systems.) Even in the paper and ink world, forgeries are possible -- though more difficult than in the digital world -- and one important way we determine authenticity is by comparing multiple copies. A different approach This approach is subtly different from the approach of hoping for a technological solution to authenticity. It recognizes that the social issue of trust (along with the existence of multiple copies controlled by different parties) is paramount and the role of technology is secondary. The role of technology is simply to provide tools to help implement that trust. Indeed, if we used this social-trust legal-digital-deposit approach, libraries would still use technical tools (e.g., LOCKSS, PKI, state of the art hash technologies) to validate the integrity of digital files. Combine these tools with trusted institutions, legal deposit, and multiple copies under multiple jurisdictions and you have fail-safe a recipe for ensuring authenticity. Summary The problem with hoping for a technological solution was clearly articulated back in 2000 by Abby Smith, Director of Programs at the Council on Library and Information Resources. Interestingly, the scholar-participants suggested that technological solutions to the problem [of establishing the authenticity of a digital object] will probably emerge that would obviate the need for trusted third parties. Such solutions may include, for example, embedding texts, documents, images, and the like with various warrants (e.g., time stamps, encryption, digital signatures, and watermarks). The technologists replied with skepticism, saying that there is no technological solution that does not itself involve the transfer of trust to a third party. Encryption -- for example, public key infrastructure (PKI) -- and digital signatures are simply means of transferring risk to a trusted third party. Those technological solutions are as weak or as strong as the trusted third party. To devise technical solutions to what is, in their view, essentially a social challenge is to engender an "arms race" among hackers and their police. -- Digital Authenticity in Perspective in "Authenticity in a Digital Environment," Council on Library and Information Resources, Publication 92. (May 2000). James A. Jacobs, November 3, 2005 &source=Free Government Information (FGI)
[47] http://technorati.com/search/http://freegovinfo.info/authenticity
[48] http://freegovinfo.info/node/297
[49] http://palimpsest.stanford.edu/bytopic/electronic-records/electronic-storage-media/bogart.html
[50] http://www.deadmedia.org/notes/29/298.html
[51] http://www.itl.nist.gov/div895/gipwg/StabilityStudy.pdf
[52] http://www.gale.com/psm/customer_service/world.htm
[53] http://www.clir.org/pubs/film/future/discussion.html
[54] http://www.library.cornell.edu/iris/tutorial/dpm/terminology/strategies.html
[55] http://lockss.stanford.edu/related/related.htm
[56] http://www.library.cornell.edu/iris/tutorial/dpm/timeline/index.html
[57] http://www.nla.gov.au/padi/
[58] http://www.gpo.gov/ppa/
[59] http://tigger.uic.edu/~aquinn/access/publicaccessindex.html
[60] http://ssdc.ucsd.edu/jj/fdlp/
[61] http://del.icio.us/post?url=http://freegovinfo.info/issues/preservation&title=Preservation
[62] http://digg.com/submit?phase=2&url=http://freegovinfo.info/issues/preservation&title=Preservation
[63] http://www.stumbleupon.com/submit?url=http://freegovinfo.info/issues/preservation&title=Preservation
[64] http://reddit.com/submit?url=http://freegovinfo.info/issues/preservation&title=Preservation
[65] http://www.furl.net/storeIt.jsp?u=http://freegovinfo.info/issues/preservation&t=Preservation
[66] http://www.facebook.com/sharer.php?u=http://freegovinfo.info/issues/preservation&t=Preservation
[67] http://twitter.com/home/?status=http://freegovinfo.info/issues/preservation -- Preservation
[68] http://www.google.com/bookmarks/mark?op=add&bkmk=http://freegovinfo.info/issues/preservation&title=Preservation
[69] http://bookmarks.yahoo.com/myresults/bookmarklet?u=http://freegovinfo.info/issues/preservation&t=Preservation
[70] http://www.linkedin.com/shareArticle?mini=true&url=http://freegovinfo.info/issues/preservation&title=Preservation&summary=*Update October 21,2005: James R. Jacobs, Shinjoung Yeo, and Danial Cornwall were invited to speak at the Nevada Library Association Annual Conference. Here's Daniel's panel presentation about preservation and government information. Preserving government information is key to our survival as a nation. If we don't remember what we've done and why we've done it, repeating history may be the least of our worries. In the analog world, preservation is a relative simple matter of caring for a physical object. Millions of people can visit the Declaration of Independence, the Constitution and the Bill of Rights because the National Archives has taken care of the paper these documents are written on. Since the words of these important documents are human readable, no machinery is needed to make the words understandable. Given the proper conditions, citizens celebrating our nation's 500th anniversary in 2276 will be able to read these core documents of history. By contrast, digital publications and data are fragile. The main enemies of the successful preservation of digital materials are the media and the file format the data is in. Currently there are two types of media for storing digital data - magnetic and optical. Magnetic encompasses audio and video tapes, floppy drives, removable hard drives, flash drives and magnetic tape. Optical media includes the various flavors of CDs and DVDs. Magnetic media has a proven poor track record as a durable storage format. Most magnetic media may last from 10-20 years. If material isn't copied onto new magnetic media, it can be lost. Optical media fares better in terms of holding data without decay. The National Institute of Standards and Technology estimates that CD-R's and DVD-Rs may last several tens of years. Some people estimate the lifetime of the highest quality of optical media to be close to a century. Still, this is only a fraction of the lifetime of quality paper or the estimated lifetime of microfilm. However, length of media is really the least of our worries. A much greater problem is technological obsolescence. Have you tried to read a 5 1/4" disk or pull up a Wordstar document lately? There are many examples of lost data because no equipment or software exists to read it. Data could be lost to technological obsolescence within ten years if it's not migrated into new formats. So, how can we preserve digital information? Currently, no one knows how to best preserve digital information in a digital format, though there are some promising approaches. So far the safest approach is the "analog backup"; otherwise known as making tangible copies. There are several groups studying the preservation of digital government information, including the Government Printing Office, the National Archives, the ALA Government Documents Roundtable and the LOCKSS group at Stanford University. For further exploration try... Web resources&source=Free Government Information (FGI)
[71] http://technorati.com/search/http://freegovinfo.info/issues/preservation
[72] http://freegovinfo.info/node/291
[73] http://www.gpoaccess.gov/libraries.html
[74] http://www.plsinfo.org
[75] http://www.ala.org/Template.cfm?Section=State_IFC_in_Action&Template=/ContentManagement/ContentDisplay.cfm&ContentID=14773
[76] http://www.ala.org/ala/washoff/WOissues/civilliberties/theusapatriotact/Default2437.htm
[77] http://www.plsinfo.org/privacy_policy/index.htm
[78] http://www.elfqrin.com/binfo.shtml
[79] http://en.wikipedia.org/wiki/HTTP_cookie
[80] http://www.fedagencyx.gov;
[81] http://www.whitehouse.gov/omb/memoranda/m03-22.html
[82] http://www.whitehouse.gov/omb/inforeg/infopoltech.html
[83] http://www.eff.org/Privacy/
[84] http://www.epic.org/privacy/
[85] http://del.icio.us/post?url=http://freegovinfo.info/issues/privacy&title=Privacy
[86] http://digg.com/submit?phase=2&url=http://freegovinfo.info/issues/privacy&title=Privacy
[87] http://www.stumbleupon.com/submit?url=http://freegovinfo.info/issues/privacy&title=Privacy
[88] http://reddit.com/submit?url=http://freegovinfo.info/issues/privacy&title=Privacy
[89] http://www.furl.net/storeIt.jsp?u=http://freegovinfo.info/issues/privacy&t=Privacy
[90] http://www.facebook.com/sharer.php?u=http://freegovinfo.info/issues/privacy&t=Privacy
[91] http://twitter.com/home/?status=http://freegovinfo.info/issues/privacy -- Privacy
[92] http://www.google.com/bookmarks/mark?op=add&bkmk=http://freegovinfo.info/issues/privacy&title=Privacy
[93] http://bookmarks.yahoo.com/myresults/bookmarklet?u=http://freegovinfo.info/issues/privacy&t=Privacy
[94] http://www.linkedin.com/shareArticle?mini=true&url=http://freegovinfo.info/issues/privacy&title=Privacy&summary=*Update October 21,2005: James R. Jacobs, Shinjoung Yeo, and Danial Cornwall were invited to speak at the Nevada Library Association Annual Conference. Here's James' panel presentation about privacy and government information. What you read about your government (or about anything) should be your business. But how well is your privacy protected? There is a great difference in privacy between the analog world of government publications and the Internet. In the analog world you decide the amount of privacy you have; in the digital world the servers of the information decide how much privacy they'll let you have. Let's look at three examples: walking into a federal depository library; viewing information on a library's web site; and downloading a document from Federal Agency X's web site. The Physical Depository Library - You can usually walk right into a Federal Depository Library. There are a few that may ask for identification, but even these libraries do not track your browsing. Once you walk in, you can browse all you like without being tracked. You can take books off the shelves and look through them and if you put them back on the shelves, no one will know what titles you looked through. If you decide to check some reports out of the depository, you'll be protected by the confidentiality statutes of the state where the library is. Since October 2001, it's been possible for your reading records to be turned over to federal authorities, but most libraries erase the record of any books you've checked out once you turn them in. Viewing information on a library web site - Most libraries have websites these days. Many have explicit privacy policies that limit the information that the library collects. Some of the information they could collect include: The address (IP) of your computer or Internet provider. The date and time you accessed their site. The Internet address of the web site that referred you to their site. Tracking information via cookies. Most libraries won't put cookies on your computer. States differ, but most of the time you can expect that your use of the library's web site to be protected by the same laws that safeguard your reading record. Also, if you follow a link off a library's web site, you are no longer covered by their privacy policy. Downloading Files from the website of Federal Agency X - When you go to http://www.fedagencyx.gov; the agency is able to collect the same kinds of information that the library can. According to M-03-22, OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002, federal sites may use cookies if there is a compelling need. According to the same memo, federal agencies must have a policy. We at Free Government Information are unaware of federal statutes protecting federal web browsing. Does this mean we cannot have Internet access to government information without Uncle Sam looking over our shoulder? No. One solution would be to deposit electronic copies of government information with libraries and let the libraries serve the information on their own servers. That way, electronic government documents would be accessed from privacy minded librarians. Even if the government used its new powers under the PATRIOT act, it would have to make literally thousands of requests to find out who has handled a given document. This is unlike the current system, where the gov't can ask its own webmasters for as much data as they like without anyone knowing. For further exploration try... Web resources White House IT Policies Electronic Frontier Foundation Privacy Page Electronic Privacy Information Center Privacy Page Articles Huff, James. Patron Confidentiality, Millennium Style. American Libraries, Jun/Jul99, Vol. 30 Issue 6, p86, 2p, Martin, Shannon; Chamberlin, Bill F.; Dmitrieva, Irina. State Laws Requiring World Wide Web Dissemination of Information: A Review of State Government Mandates for Documents Online. Information & Communications Technology Law, Jun2001, Vol. 10 Issue 2, p167, 12p, Murphy, Bernadette. Privacy and government information issues: Looking forward, looking back. College & Research Libraries News, Feb2005, Vol. 66 Issue 2, p132, 1p; Books General Accounting Office. (2000). Internet privacy: comparison of federal agency practices with FTC's fair information principles . Washington DC: General Accounting Office. Hernon, Peter. (2002). United States government information : policies and sources. Westport, CT: Libraries Unlimited. Podesta, John and Shane, Peter M. (2004). A little knowledge : privacy, security, and public information after September 11th. New York: Century Foundation Press. Please post suggestions for this bibliography in the comments section. &source=Free Government Information (FGI)
[95] http://technorati.com/search/http://freegovinfo.info/issues/privacy