PPT - IFLA

advertisement

Authentication of the Federal Register

Charley Barth

Director, Office of the Federal Register

United States Government

Background/History of the OFR

Federal Register Act approved in 1935

Make executive legislation accessible to citizens

Publish a gazette containing the orders of the Executive Branch

Began statutory partnership between Office of the Federal

Register (OFR) and Government Printing Office (GPO)

OFR placed under the National Archives and Records

Administration (NARA)

Provided for public inspection of all documents filed with the OFR.

Currently have 12 publications

Administer the Electoral College process

Administer the Constitutional Amendment ratification process

2

Background/History of the

Federal Register (FR)

First Register was published on March 14, 1936

First volume was 16 pages

• Published every working day, “Official Gazette of the

United States Government”

Provides legal notice of administrative rules, notices and presidential documents

Average Daily Federal Register = 150 pages

‒ Total pages in 2013 = 80,462

Final rules published in the FR become part of the Code of Federal Regulations (CFR). Over 180,000 pages

Available on-line since 1994, Web 2.0 version since

2010

Authentication of the digital FR began in 2009

3

GPO, Affiliated Archives &

OFR partner

GPO is as an Affiliated Archive of NARA and therefore the Official Federal Register resides on their platform (paper and electronic)

Affiliated Archives receives physical custody of the records, while NARA retains legal custody and, along with it, ultimate responsibility for them.

For this privilege, the affiliate, through a formal agreement with NARA, agrees to house, maintain, service and authenticate the (digital) records

4

Basic Components of

GPO Digital Authentication

By Law, the OFR partners with GPO; OFR publishes the content, GPO prints and distributes the content to include online, digital format and authentication.

GPO implements four measures to assure integrity and authenticity of FR content.

1. Digital Signatures on PDF files

2. Cryptographic Hash Values on Metadata

3. Evidence of the Trusted Digital Repository through the FDsys archive

4. Demonstration of Chain of Custody

5

Digital Signatures on PDF Files

Digital signature technology is used to add a visible Seal of Authenticity to authenticated and certified PDF documents

Digital signature and certification assures users that the PDF file has not been altered since being digitally signed and made available by GPO

6

Cryptographic Hash Values

Upon submission to GPO, a number is generated for each content file that is unique to the data inside the file

The SHA-256 hash value (Algorithm) recorded in metadata is used to detect changes to content files

Any change that occurs results in a new hash value

Users can search for content on FDsys and use hash values, with publicly available tools, to check that content

7

Cryptographic Hash Values

8

Trusted Digital Repository

GPO uses best practices for establishing authenticity of content and maintaining integrity within FDsys

GPO is working towards certification as a Trusted

Repository

GPO utilized the Trustworthy Repositories Audit and

Certification: Criteria and Checklist (TRAC)

Security controls are in place that may allow authorized users to submit new content and change descriptive metadata, but it is not possible to open a file in the repository and make changes to content

9

Chain of Custody

GPO provides a chain of custody

Each significant event in the lifecycle of content is recorded in PREMIS metadata

Records contain the content source, changes that have occurred since the content was created or acquired, and who has custody of the content

10

Chain of Custody –

Events Recorded in GPO PREMIS

Software Activities

Message Digest Calculation

Crypto Digest Calculation

Ingestion

Fixity Check

Rendition Creation

ACP Creation

Digital Signature

Assignment

Parsing

Human Agent Activities

Rendition Upload

Rendition Deletion

Submission

Public Access Restriction

Replacement

AIP Nominated for Deletion

AIP Approved for Deletion

11

Pros and Cons of using

Digital Signatures

Pros:

GPO is able to utilize the widely used and trusted document standard (PDF)

Use of Digital Signatures in conjunction with

Cryptographic Hash increases level of assurance

Provides quick visible confidence to end-users

– It’s fast, secure, authentic, less risky & less costly in the long run!

Cons:

Upfront costs of Digital Signatures may be cost prohibitive for some organizations

If majority of your customer base prefers paper version

(traditional customers will doubt the integrity of online)

Some providers have limited storage options and use proprietary software

12

Biggest challenges to preserving the

Federal Register?

Paper version well preserved since 1936 (thru 1985)

Paper is well cared for in compliant, archival centers

(NARA standard 36 CFR Part 1228, Subpart K)

Theft and Fire are biggest challenge

From 1985 to 1994, we used microfiche

Silver Halide process can last 500 years

Virtually impossible to mutilate

From 1995 to current, the electronic version on FDsys is the official record copy

Storage (expense and trusted providers/cloud)

Compromised content (via internal/external hacking)

Best formats 25, 50, 100 years from now? (risk of migrating data from format to format)

13

Authentication/Preservation of our other legal publications

All digital materials published by the OFR and available on GPO’s FDsys utilize the same authentication

For more information, go to:

Authenticity of Electronic Federal Government

Publications, http://www.gpo.gov/pdfs/authentication/authenticationwhit epaper2011.pdf

– Overview of GPO’s Authentication Program, http://www.gpo.gov/pdfs/authentication/authenticationover view.pdf

NARA Record storage standard:

– http://www.gpo.gov/fdsys/pkg/CFR-2000-title36vol3/xml/CFR-2000-title36-vol3-part1228-subpartK.xml

14

Questions ?

Thank you for your time!

15

Download