Add language that specifically addresses the issue of encryption

From wiki.dpconline.org
Revision as of 22:18, 4 April 2016 by Shirapeltzman (talk | contribs) (Added text from AMIA/DLF HackDay OAIS Edit-A-Thon)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

“Obtain sufficient control of the information provided to the level needed to ensure Long Term Preservation” is the second of six Mandatory Responsibilities that an organization must discharge in order to operate an OAIS Archive (3.1). Although “sufficient control” is a term that is vague by design, the following section of the standard (3.2 EXAMPLE MECHANISMS FOR DISCHARGING RESPONSIBILITIES) cites several examples of how this concept could be brought to bear on an archive in a preservation context, including: 1) intellectual property and other legal restrictions on use (3.2.2), 2) authority to modify Representation Information (3.2.2), and 3) agreements with external organizations (3.2.2). A fourth example--”sufficient control of the bits”--is noted later on in ANNEX F - SECURITY CONSIDERATIONS.

Recent technological innovations have made it simpler than ever before to encrypt digital files, and doing so has become extremely common among moving image content creators for whom concerns about piracy are paramount. In countries that have legal deposit laws this is a moot point because content creators submitting material to archives there are bound to deposit unencrypted digital files. However, in countries that have no such laws (most notably the USA), digital files sometimes arrive at archives with encryption in place. This poses a huge problem for preservationists, since without the keys required to decrypt a digital file (ie, without sufficient control of the bits), encryption will render its content wholly inaccessible.

Although the language in the current OAIS standard implies that encrypted content cannot be adequately preserved, it would be extremely helpful if the standard contained language that explicitly acknowledged the barrier to preservation posed by encryption. This could be done in one of three ways: 1) by adding encryption to the list of examples in section 3.2.2, 2) by explicitly stating (rather than implying) in ANNEX F that encryption fundamentally violates the need for “sufficient control of the bits”, or 3) by adding a new section somewhere in the standard that specifically addresses the need to obtain, store, and maintain information related to encryption as a fundamental criterion of an OAIS.

Retrieved from ‘http://wiki.dpconline.org/index.php?title=Add_language_that_specifically_addresses_the_issue_of_encryption&oldid=3349