Hi Jesse and list members,
First, my apologies in advance for a *very* long-winded message.
Jesse wrote: "What if the added attachments are present but the image of the
organisation's logo in the signature doesn't come through for some reason?
That's of course incomplete - but does that in and of itself render it
inauthentic and therefore not a record? I submit it does not."
What you say is, in a sense, correct, insofar as an incomplete record is not
ipso facto an inauthentic record. However, there is a nuanced, yet very
important, concept regarding the distinction between documents and records,
and the impact of that distinction on the concept of authenticity, that
needs to be understood in the scenario that you present. First of all,
aside from certain special situations--for example, where a creator
transmits internally a "copy in form of original" (i.e., a copy identical to
the original and having the same effects, but generated subsequently)--what
one receives is, technically speaking, a document not a record. The
document only becomes a record when the receiver *sets it aside* (i.e.,
declares it a record--which usually involves classifying and registering
it--and purposely retains it for future reference or use, usually in a
recordkeeping system). Thus, from a records creation and authenticity
perspective, it really does not matter what "condition" the e-mail and its
attachments are in when you receive them: what you receive is what you
receive and, if you set it aside, is what becomes *your* record of the
transaction. From an authenticity perspective, what matters is whether,
after "creating" the e-mail record (InterPARES defines a "created record" as
a document that is a made or received and is set aside for action or
reference, usually in a recordkeeping system) you are able to maintain it
with whatever documentary form and content (integrity) and identity it had
when you first declared it a record. In other words, to create a
record--that is, to make or receive a document and "set it aside"--is, by
default, to create an authentic record.
This fundamental distinction, whereby what a sender sends and what a
receiver receives is, in fact, a document (and is not a record unless and
until the receiver sets it aside), is where many people begin to have
trouble conceptualizing the relationship and distinction between documents
and records and, in turn, at what point in the document lifecyle (and from
what perspective) the issue of authenticity actually has any relevance.
When talking about either an "authentic record" or an "authentic copy"
(i.e., a copy certified by an official authorized to execute such a
function, so as to render it legally admissible in court), authenticity is
always viewed from the perspective of the records of the creator in relation
to that creator's handling of its records (or, more usually, the handling of
the records by an authorized agent of the creator, such as a trusted records
officer)--that is, in relation to how well the identity and integrity (form
and content) of the creator's made or received documents, once set aside,
are maintained over time. Authenticity, in this context, is *not* viewed
from the perspective of the records of the creator in relation to the
documents the creator receives from an external physical or juridical
person, nor in relation to the "corresponding" records held by the sender in
his/her own recordkeeping system. Furthermore, the fact that one has, and
can demonstrate that one has, an authentic record does not necessarily mean
that the record is a "good" record (that is, a reliable and a complete
record).
Thus, the record characteristic of authenticity actually is of no relevance
to the issue described in the scenario that you cite. Instead, what is of
relevance are the record characteristics of "reliability" and
"completeness." InterPARES defines "reliability" as "The trustworthiness of
a record as a statement of fact...[which] exists when a record can stand for
the fact it is about, and is established by examining the completeness of
the record's form and the amount of control exercised on the process of its
creation), and "completeness" as "The characteristic of a record that refers
to the presence within it of all the elements required by the creator and
the juridical system for it to be capable of generating consequences. With
primitiveness and effectiveness, a quality presented by an original record."
In short, a "bad" record (i.e., an unreliable and/or an incomplete record)
is not the same thing as an inauthentic record. Conversely, an authentic
record does not necessarily imply that the record is a "good" record; many,
many authentic records are, in fact, bad records.
Now, on a more practical level, if it is important that the logo render
properly on the document that you received, and that you subsequently set
aside as a record, for that record to be able to reach the consequences or
produce the effects for which it was intended, then, in the example you
cite, what you have is an *incomplete record* (and, perhaps, also an
unreliable record), but not an inauthentic record. Again, incomplete and/or
unreliable records are *not* the same things as inauthentic records: the
determination that a record is incomplete and/or unreliable is made in
relation to the formal execution phase of the administrative procedure in
which the record participates (or, more accurately, in which it was intended
to participate, but could not because it was found to be incomplete and/or
unreliable), which typically involves the process of the records creator
transmitting a document to external physical or juridical persons and making
a record copy of the sent document. In fact, from the perspective of the
creator, which, in this case, is the receiver who received the document and
set it aside as a record, the record is indeed authentic (for the reason
noted earlier) for as long as the creator maintains the identity and
integrity of the record as it existed at the moment that it was set aside as
a record. It is, however, incomplete, and may also be considered unreliable
in that the creator did not exercise the necessary control on the process of
its creation to ensure that all the necessary elements of form were present
when it was created.
Now, of course, the sender likely set aside a record copy of the document
that s/he sent to you, but that record copy is the sender's record, not your
record, and, accordingly, it resides in the sender's recordkeeping system,
not yours. In cases where it is necessary to ensure that the record that
you (the receiver) "created" is (sufficiently) identical to the sender's
record copy of the document that it transmitted to you, then it may be
necessary to compare the two records. Again, however, in the example that
you cite, the fact that your record does not exactly resemble the sender's
record copy in all of its content or in all of its elements of documentary
form does not (necessarily) mean that your record is inauthentic, only that
it is incomplete (and perhaps unreliable).
Of course, if the record that you created (by setting aside the received
e-mail and its attachment) is indeed incomplete and/or unreliable--in the
technical sense of these terms--because of the missing logo, then it will be
necessary for you to request that the sender send you another copy of the
document, in which case any resent copy of the document will constitute a
new record in your system (that is, once, after receiving it, you set it
aside). The first copy of the received document, the one with the missing
logo, would still be a record--albeit an incomplete and/or unreliable
one--which you may or may not need to keep.
Regarding Jesse's second concern: "Or what about organisations that either
haven't standardized or do not effectively enforce such standardization with
regards to use of logos? In other words, my email to you has it, someone
elses's email to you had it but it didn't come through, and someone else's
yet didn't have it at all."
Again, because authenticity only applies to how well you maintain the
identity and integrity of the records that you, as the receiver of documents
sent to you by an external physical or juridical person, create (by setting
aside the received documents), the concerns you list are irrelevant to the
issue of authenticity. Granted, they may impact the ability of some of the
records that you create to reach the consequences or produce the effects for
which they were intended because they are incomplete and/or unreliable (due
to missing critical elements, such as logos), but not because they are
inauthentic (because they are, in fact, authentic--or were created
authentic, anyway).
Regarding Jesse's other problematic examples: "What about some translation
routine that translates my PNG logos to GIFs? What about the one where I use
some type of animation in my signature that your security software strips
out? What about when your email system converts my rich-text email to ASCII?
Etc. In all of these cases the email you receive is demonstrably different
from the one I sent. Which one demonstrates more integrity and is therefore
more authentic?"
For the reasons that I have already discussed above with respect to the
distinction between documents and records and at which point in the
lifecycle of a document and from what perspective authenticity is relevant,
these concerns do not impact the authenticity of the records in question.
To recap, if you receive an e-mail document with a PNG attachment that your
system translates into a GIF, and then you set that e-mail and its
attachment aside as a record in your recordkeeping system, the e-mail with
the GIF attachment constitutes *your* record. Again, the sender likely
saved a record copy of the e-mail document and PNG attachment that s/he sent
you, but that record--i.e., the sent e-mail with the PNG attachment--is
their record. In other words, there are two different, albeit conceptually
related, records here: the received e-mail with the GIF attachment that you
set aside in your recordkeeping system and the copy of the sent e-mail with
the PNG attachment that the sender set aside in his/her recordkeeping
system. From your perspective as creator (i.e., receiver in this case) of
the record, the fact that your record does not correspond precisely with the
sender's record does not (necessarily) mean that *your* record is
inauthentic; only that it may be incomplete and/or unreliable (I say "may
be" because, in finding a discrepancy in the content and/or elements of
documentary form between the two records, the sender would need to
demonstrate that the document it transmitted to you, and the record copy
that s/he set aside, did in fact include the content or elements of
documentary form that are missing from the document that you received).
This scenario actually highlights another very important aspect of the
management of records in a digital context; and that is that in nearly all
cases, assessments of the authenticity of a record are based on assessments
of the reliability and integrity of the *systems* and of the *procedures*
used to create, maintain and keep them (and often in relation to how well a
creator's system(s) and procedures conform to the relevant standards that
inform the implementation and oversight of the operation of such systems and
procedures), rather than on an assessment of the individual record itself.
This distinction is set forth in most current legislation dealing with the
use of digital records in legal proceedings. Take, for example, the
following sections of Canada's Uniform Electronic Evidence Act:
This Act focuses on proving the reliability of systems instead of that of
individual records, and using evidence of a creator's adherence to standards
to demonstrate the reliability of the systems and procedures used by the
creator. In short, this Act makes the reliability of the *recordkeeping
system* relevant to proving the integrity of a particular record.
Thus, with regard to the "application of the best evidence rule," section 4
of the Act states:
"4. (1) [In any legal proceeding,] Subject to Subsection (2), where the best
evidence rule is applicable in respect of an electronic record, it is
satisfied on proof of the integrity of the electronic records system in or
by which the data was recorded or stored."
In other words, this section of the Act allows one to submit evidence of the
reliability of the system that produced the record as a way to demonstrate
the integrity of the record. It is based on the realization that,
especially in the digital realm, it will often be impossible (or
impractical) to provide direct evidence of the reliability and authenticity
of the individual record to be admitted, in which case system reliability
can be used as a substitute for establishing these characteristics of the
submitted record.
Regarding the "presumption of integrity," section 5 of the Act states:
"5. In the absence of evidence to the contrary, the integrity of the
electronic records system in which an electronic record is recorded or
stored is presumed [in any legal proceeding]
(a) by evidence that supports a finding that at all material times the
computer system or other similar device was operating properly or, if it was
not, the fact of its not operating properly did not affect the integrity of
the electronic record, and there are no other reasonable grounds to doubt
the integrity of the electronic records system;"
Finally, regarding "standards," section 6 of the Act states:
"6. For the purpose of determining under any rule of law whether an
electronic record is admissible, evidence may be presented [in any legal
proceeding] in respect of any standard, procedure, usage or practice on how
electronic records are to be recorded or stored, having regard to the type
of business or endeavour that used, recorded or stored the electronic record
and the nature and purpose of the electronic record."
In other words, this section of the Act makes relevant the court's
consideration of the adherence of the records creator's system and
procedures to recognized standards for the kind of record and the kind of
business in question.
Even from the more practical perspective of whether the receiver's record is
a true and faithful copy of the sender's record (i.e., effectively either an
"authentic copy" or a "copy in form of original"), the fact that the two
records do not have the same file format does not ipso facto mean that the
receiver's record is incapable of being considered, in effect, either an
authentic copy or a copy in form of original of the sender's record.
Remember, the impact of varying integrity on the authenticity of a record is
not absolute. As I noted in my very first message in this thread the other
day, a digital record's physical integrity, such as the proper number and
arrangement of bit strings, may be compromised and/or altered (such as
occurs when converting the attachment's file format from PNG to GIF),
provided that the articulation of the record's content and its required
elements of form remain the same (at least to the extent that any changes to
not compromise the requirements set by the creator and/or by the juridical
system for the record to reach the consequences or produce the effects for
which it was intended). An important thing to understand here is that, for
a record that is *meant to be read by humans* for it to be capable of
reaching the consequences or producing the effects for which it was
intended--that is, for a dispositive, instructive, narrative, probative or
supporting record--it is the *manifested* record (i.e., the record that is
reconstituted by the system from the stored digital components and rendered
in a human-understandable form to the user, either via a screen or some
other output device, with the proper content and in the proper documentary
form) that is what is used by the creator to reach the consequences or
produce the effects for which it was intended, not the format of the stored
digital component(s) of the record. Insofar as the manifested record is
capable of reaching the consequences or producing the effects for which it
was intended, the format in which it is stored digitally (usually) is
immaterial. What really matters is whether the system is capable of
retrieving and rendering the digital component(s) properly and manifesting
them to the user with the proper content and form, as originally intended by
the creator.
Incidentally, InterPARES 2 has identified a new class of records, called
"enabling records," which are meant to be read *by a machine* (rather than
by a human) for them to be capable of reaching the consequences or producing
the effects for which they are intended. Specifically, InterPARES defines
an "enabling record" as a prospective record encoded in machine language
that is actively involved in carrying out an action or process. As noted in
a 2006 article by Duranti and Thibodeau, "examples of 'enabling' records
include software patches that enable a musical instrument to interact with a
computer, software in online marketing sites that interprets data about a
visitor's actions on the site to determine what elements of content should
be presented next to that visitor, and software agents that enable
interacting business applications to execute transactions autonomously"
[Source: Luciana Duranti and Kenneth Thibodeau (2006), "The Concept of
Record in Interactive, Experiential and Dynamic Environments: the View of
InterPARES," Archival Science 6:59. A copy of this article is available as
Appendix 2 in the InterPARES 2 Project book at
http://www.interpares.org/ip2/book.cfm)]).
With respect to the issue of the relevance of referring to manifested
records versus the format in which their digital components are stored and
the impact of this distinction on authenticity, I offer the following
extended excerpt from Duranti and Thibodeau, who note that:
"One of the most important findings of InterPARES 1 was the recognition and
articulation of the difference between the form in which an electronic
document is manifested to a person and the form in which it is stored
digitally. This difference is fundamental in two respects. First, it
distinguishes a digital document from a traditional one, where the document
is exactly what is inscribed on a physical medium in the way it is
inscribed. Second, it makes necessary to describe the exact nature of a
document and to determine whether it continues to exist across changes in
the way it is inscribed on a digital medium. Without this fundamental
distinction, we would not be able to assert, for example, that a document
preserves its identity even when it is moved from a magnetic to an optical
disc, or when it is translated from a word processing format to HTML for
publication on a website.
The content, form, and wholeness of electronic documents are determined
conceptually and logically rather than physically. A person's conception of
a digital document depends on how it is manifested to him or her. It may be
manifested on a screen or on some other output device. This manifestation
is fundamentally different from the way the document is encoded and
inscribed on a durable digital medium. The digital encoding, which is
typically described by technologists in a logical model, enables a computer
to produce or reproduce the intended manifestation, but it does not have the
same form and in practically all cases will not have the same content as the
manifested document. For example, a manifested document may be a textual
narrative. It may be encoded either in character mode, such as in a word
processing format, or as a document image, but neither the numeric byte
values that correspond to printable characters nor the bits that are
projected as pixels in an image have the same extrinsic form as in the
manifested document. Such differences extend to other presentation
features, such as organization into paragraphs and page layout. The content
of the digitally encoded document will also vary from that of the manifested
document because it includes data that indicate how to manifest the
document. Simple examples are data that indicate presentation features such
as line spacing, page breaks, and italics. More complex examples are
specifications for extracting data from different tables in a large
database, combining them with invariant data and presenting them as a single
page form. There are many elements of the content of the digital components
of a document that are not manifested to a person. If the manifested
document is adequate to communicate the information intended by its author,
the invisible or imperceptible digital elements may be necessary to manifest
the document, but they cannot be said to be parts of the manifested document
itself" (Duranti and Thibodeau, Ibid., pp. 27-28).
Moreover, as Duranti and Thibodeau also state, "An important aspect of
digital preservation is that it is possible to preserve the ability to
reproduce an electronic record even when its digital components are altered.
A report consisting of five word processing files could be combined into one
file, and then converted from a word processing format into '.pdf.' So long
as a '.pdf ' reader faithfully renders the same document as would have been
displayed by the original word processing software to the original five
files, it would not matter that the encoding of the record in digital
components had changed from five files to one and from a word processing
format to '.pdf.'...[T]he InterPARES 1 team felt the need to point out that
the relation between a electronic record and a computer file can be
one-to-one, one-to-many, many-to-one, or many-to-many, thus we should never
use the terms record and file interchangeably; that the same presentation of
a record can be created by a variety of digital presentations and, vice
versa, from one digital presentation a variety of record presentations can
derive, thus fixed form does not imply that the bit streams must remain
intact over time; and that it is possible to change the way a record is
contained in a computer file without changing the record" (Duranti and
Thibodeau, Ibid., p. 20).
Of course, to continue to ensure the authenticity of the record, such a
process would (or should) require that the creator have in place procedures
that maintain the record's existing identity and integrity metadata, as well
as augment those data, as necessary; for example, as required by integrity
metadata element "d.", which I cited in an earlier message, the creator
would need to document the technical change(s) to the record and
inextricably attach or link this documentation to the record as an element
of integrity metadata.
And (finally!), with regard to Jesse's last statement: "My point here is
that electronic information objects can be so complex that I think we think
of them in such binary terms to our peril. There are degrees of integrity,
and to assume that only 100% integrity can = authenticity is I think
untenable...<snip>"
Unfortunately, whether we like it or not, unlike the maintenance and
preservation of paper records, the proper maintenance and preservation of
digital records *absolutely requires* us to think of them is such binary
terms, because, at the most fundamental level, it is the digital
component(s) comprising each record (together with their corresponding
metadata and composition data--i.e., the "rules" that tell the system what
form data and what content data belong to which document--which are
necessary to order, structure or manifest the record's content and form to
the user) that are what we must maintain/preserve for us to be able to
ensure that the system can, in fact, continue to render and manifest
authentic copies of the "original" record, as needed. As you note, the
complexity of digital records is continually increasing, which, I would
suggest, only makes the need to focus on the management of digital records
at the digital component level all the more crucial for the simple reason
that different components (e.g., text vs. image vs. audio, etc.) comprising
a single record likely will, in most cases, require different maintenance or
preservation actions to ensure that they remain "viable" over time. That
said, the gist of your point that, by focusing exclusively on the binary
minutia of digital records, we may loose sight of the forest for the trees,
as it were, is a point very well taken. I believe that we must always be
vigilant to guard against the erosion of sound records management theory and
practice in the face of evolving enabling technologies, lest we somehow
manage to convince ourselves (erroneously) that sound digital records
maintenance and preservation are merely, or primarily, technological
concerns for which only technology-based strategies are, therefore, the only
relevant or effective strategies with which we should be concerning
ourselves. The "needs" of the records (and the records creator) should
drive the enabling technology, not the other way around.
As for the notion that there are degrees of integrity and that it is
untenable to assume that only 100% integrity can = authenticity, I
definitely agree.
Regards,
Randy
--
Randy Preston
Project Coordinator, InterPARES Project
The University of British Columbia
Suite 470, 1961 East Mall
Vancouver, British Columbia V6T 1Z1 Canada
tel: +1(604)822-2694 fax: +1(604)822-6006
[log in to unmask]
www.interpares.org
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]
|
