8 minute read
Records in the Cloud
The term cloud in our mind relates to a virtual place. The idea comes from a refusal to accept the physical extension of digital information in computer terminals and other machines: Digital material is physical, because it resides in servers, while at the same time being ubiquitous, due to its redundancy.
The servers in fact contain several instances of the same document; such redundancy is both uncomfortable and desirable, because on one hand it is impossible to guarantee privacy and the right to be forgotten, and on the other it might enable us to preserve indefinitely our data/documents/ archives.
Or, does it?
The following discussion very briefly reports some of the key finding of the research project
InterPARES Trust (2012-2019), whose goal was “to generate theoretical and methodological frameworks to develop local, national, and international policies, procedures, regulations, standards, and legislation, to ensure public trust grounded on evidence of good governance, a strong digital economy, and a persistent digital memory.”1
The Cloud is a model of services requiring a connecting network and delivered ubiquitously to multiple users, regardless of the location of the user and the provider’s facilities, provisioned on demand and paid proportionally to usage (like electricity and water, and other critical infrastructures). The many issues related to storing records in the cloud have been reduced to a question of trust, both technological and social, based on a shared fiduciary relationship that relies on a provider’s reputation, performance, and competence.2 Trust is confidence of one party in another, based on an alignment of value systems with respect
1 This was the 4th phase of the InterPARES project, which began in 1998, with the goal of ensuring the continuing trustworthiness of digital records across technologies. This project is now in its 5th phase and is exploring the use of Artificial Intelligence tools to carry out records and archives functions (see www.interparestrustai.org ). All the products of InterPARES Trust, the phase dedicated to the cloud, are listed here: http://interparestrust.org/trust/research_ dissemination. Among them, there are 5 books, of which the first is relevant to all juridical and cultural environments: Luciana Duranti and Corinne Rogers, eds., Trusting Records in the Cloud (London, UK and Chicago, USA: Facet Publishers and the Society of American Archivists, 2019). The other 4 books regard the use of the cloud in: 1. International Organizations: Jens Boel and Eng Sengsavang eds., Recordkeeping in International Organizations Archives in Transition in Digital, Networked Environments (London, UK: Routledge, Taylor and Francis, 2021);
2. Europe: Hrvoje Stancic ed., Trust and Records in an Open Digital Environment to specific actions or benefits, and involving a relationship of voluntary vulnerability, dependence, and reliance.
The greatest concern in storing records in the cloud, regarding data sovereignty (involving data protection) and the certainty of people’s rights (including privacy— an aspect of liberty in North America, of dignity in Europe), is location independence, a defining feature of the cloud because it allows for highest security and economy. But there are also concerns about climate. The data centres account for 3 per cent of global electricity supply and consume more power per capita than any given country. Data centres also contribute 2 per cent of global total greenhouse gas emissions, and a by-product of data centres’ refreshing activities is electronic waste (E-Waste).3
When talking about keeping records in a cloud environment we must consider that, in the digital environment, a record’s
(London, UK: Routledge, Taylor and Francis, 2020); 3. Latin America: Alicia Barnard ed., InterPARES en Latinoamérica y el Caribe 2005-2019 (Alcaldía Coyoacán CD MX: Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales, 2020); and 4. Africa: Mpho Ngoepe ed. Managing Digital Records in Africa (London, UK: Routledge, Taylor and Francis, 2022). A direct link to the books is on the home page of www.interparestrust.org The products of the previous phases of InterPARES are here: www.interpares.org content, structure, and form are not inextricably linked. The record as a stored entity is distinct from its manifestation on a computer screen, and its digital components have to be taken into consideration together with its documentary form. When we save a record, we take it apart in its digital components. When we retrieve it, we create a copy; there are no originals in the digital environment. Hence, it is not possible to maintain and preserve digital records; we can only preserve the ability to re-produce them, maintain authentic copies, and keep them accessible during and across different generations of technology over time, irrespective of where they are stored.4 to a cloud provider. They relate to data ownership, availability, access, and to the reliability of the systems hosting the data, records retention and disposition, storage and maintenance, security, location and transfer, end of service, preservation, and trustworthiness.5
2 See for example Christopher S. Yoo and Jean-François Blanchette, eds., Regulating the Cloud. Policy for Computer Infrastructure (Cambridge, MA: The MIT Press, 2015). See also Erik A.M. Borglund, What About Trust in the Cloud? Archivists’ Views on Trust” The CanadianJournal of Information and Library Science 39 (2) (June 2015) 39(2): 114-127.
3 See: https://www.epa.gov/international-cooperation/cleaning-electronic-waste-e-waste.
Considering the above, one has to look at the possible reasons an organization would entrust its records to a cloud provider. InterPARES Trust found that most records creators and preservers do so to achieve the following.
When a user entrusts its records to a provider and uses the latter’s platform and application to generate additional data, the provider will create data related to actions about data processing, management, etc. While the content created and/or stored in the cloud by the user is owned by such user, the metadata created by the provider are not, and, as the user needs them to demonstrate the integrity of the records, that is not a minor problem.
Records availability is a fact, while access is a right, but the latter cannot be satisfied without the former. In a cloud environment, availability of the stored records for example a FOIA process, and the owner of the data, being liable for providing access to them, may be sanctioned. No cloud provider guarantees constant availability. Neither do they guarantee the reliability of the system, which is the characteristic of behaving consistently with expectations, meaning that access to the same records by multiple users must be consistent and accurate.
As it regards the retention and disposition of records, compliance with the creator’s schedule is difficult to verify. Furthermore, transfer from a system to another for retention (e.g., from a recordkeeping system to a records preservation system) might involve loss of authenticity. Destruction of the records that are not transferred to a preservation system might involve a breach of confidentiality or privacy, persistence of some of the copies and related metadata, and of the metadata generated by the provider about the user’s records.
Clearly, the overwhelming reason for choosing to keep records in the cloud is economic, as increasing storage also is related to reducing costs. Very few organizations consider the issues that are linked to entrusting records involves the availability of the infrastructure (i.e., the amount of time a system is expected to be in service equals 100 per cent). Availability facilitates retrieval and readability of the data, while technical difficulties might slow
4 Luciana Duranti and Kenneth Thibodeau, “The Concept of Record in Interactive, Experiential and Dynamic environments: the View of InterPARES,” Archival Science 6, 1 (2006): 13-68 (Online at http://www.interpares.org/ip2/display_file. cfm?doc=ip2_book_appendix_02.pdf ).
Storage and maintenance impact the quality of the records and their ability to serve as legal evidence, especially in legal jurisdictions where the authenticity of the record is an inference made from the integrity of the system where the data reside, (e.g., Canada).6 Contractual agreements do not generally specify how records are maintained across changing technologies and data formats, and they generally say users are responsible for backing up their data. All maintenance procedures, including proper storage, care, custody, and data control, are referred to by providers as “backup procedures.”7
6 Canadian General Standards Board, National Standards of Canada CAN/CGSB72.34-2017 Electronic Records as Documentary Evidence. Amended October 2018. Reaffirmed March 2022.
Records security is protection of the system/records from unauthorized access, use, alteration, or destruction. In a context like the Canadian one, where integrity of a system is an inference made from its security, and where the integrity of the record is an inference made from the integrity of the system, security is the new authenticity. Individuals enforce security with something they know (e.g., password), they own (e.g., tokens), or they are, (e.g., fingerprints). A cloud provider enforces it through encryption, should produce audit trails and access and capture logs, and should maintain and make available metadata associated with access, retrieval, use and management of the records, in addition to those linked to the records themselves. All those procedures add to the cost of cloud services, however, thus the primary reason for using them becomes weaker.
The security issue links directly to the matter of data location and cross-border data flow. Records can be in data centres anywhere in the world and they move constantly as space becomes available. The location of the records is a criterion in determining the law that applies in case of litigation. National strategies used to require that records reside within the boundaries of the country where they were created, which would be very expensive for data centres in Europe or North America; thus the international strategy no longer requires it, underscoring instead the importance of multilateral agreements among countries for collaboration in security.
As it regards ends of service or contract termination, if the provider ceases to exist or terminates one or more of its services for breach, inactivity, or convenience, the records will be deleted or inaccessible. Free services do not have an established duration and may close accounts unilaterally, requiring users to delete software and applications, and preventing them from accessing the data left with the provider. When the data are given back to the user, it is not certain they will be in a usable and interoperable format. as long as the records must be preserved, or that the technologies replacing them will be compatible with the previous ones. Standards give information about preservation formats but there is no way of controlling compliance. There is no way of verifying records authenticity.
Regardless of all the above, most records creators and preservers prefer the cloud to an inhouse system, because it increases collaboration and organizational performance; there is no owning of hardware/software—which can be better than the one an organization can afford; the energy costs are lower; the IT personnel is reduced in number; and mostly because they can get whatever is needed and only pay for what they use, a use that can be tracked and measured.
If the contract is terminated by the user, the restitution of the records may be expensive and they may not be in accessible formats. Also, the user may not have the right to access for its recordkeeping or legal purposes the metadata related to records maintenance, preservation, and access generated by the provider in the period it had had control of the records, and may have no guarantee that the provider will destroy every copy of the records held in the data centres and/or of the related metadata.
Finally, preserving records in the cloud is a black box process. Providers may not know where the records are, can and do subcontract some of their services to other providers who may maintain servers or be registered as providers in different countries. One cannot expect the same hardware and software will remain in service for
In conclusion, the cloud is here to stay. Though a private cloud presents fewer problems than a commercial cloud because of the absence of a multitenant system, (i.e., sharing the same servers with unknown organizations), it is essential that its users obtain a contract with their chosen provider that keeps into account all the issues identified in this short overview.8 ▲
Dr. Luciana Duranti, graduate of Sapienza University of Rome, Italy, is a Professor of archival theory, diplomatics, and digital records in the Master’s and Doctoral archival programs of the School of Information of the University of British Columbia (UBC), Vancouver, Canada. Since 1998, she is the Principal Investigator of the SSHRC funded InterPARES research project and since 2015, Chair of the Canadian Government Standards Board Committee for Electronic Records as Documentary Evidence.
