Charley Barth
Director, Office of the Federal Register
United States Government
•
Federal Register Act approved in 1935
•
Make executive legislation accessible to citizens
–
Publish a gazette containing the orders of the Executive Branch
•
Began statutory partnership between Office of the Federal
Register (OFR) and Government Printing Office (GPO)
•
OFR placed under the National Archives and Records
Administration (NARA)
•
Provided for public inspection of all documents filed with the OFR.
•
Currently have 12 publications
–
Administer the Electoral College process
–
Administer the Constitutional Amendment ratification process
2
•
First Register was published on March 14, 1936
•
First volume was 16 pages
• Published every working day, “Official Gazette of the
United States Government”
•
Provides legal notice of administrative rules, notices and presidential documents
•
Average Daily Federal Register = 150 pages
‒ Total pages in 2013 = 80,462
•
Final rules published in the FR become part of the Code of Federal Regulations (CFR). Over 180,000 pages
•
Available on-line since 1994, Web 2.0 version since
2010
•
Authentication of the digital FR began in 2009
3
•
GPO is as an Affiliated Archive of NARA and therefore the Official Federal Register resides on their platform (paper and electronic)
•
Affiliated Archives receives physical custody of the records, while NARA retains legal custody and, along with it, ultimate responsibility for them.
•
For this privilege, the affiliate, through a formal agreement with NARA, agrees to house, maintain, service and authenticate the (digital) records
4
•
By Law, the OFR partners with GPO; OFR publishes the content, GPO prints and distributes the content to include online, digital format and authentication.
•
GPO implements four measures to assure integrity and authenticity of FR content.
1. Digital Signatures on PDF files
2. Cryptographic Hash Values on Metadata
3. Evidence of the Trusted Digital Repository through the FDsys archive
4. Demonstration of Chain of Custody
5
Digital signature technology is used to add a visible Seal of Authenticity to authenticated and certified PDF documents
Digital signature and certification assures users that the PDF file has not been altered since being digitally signed and made available by GPO
6
•
Upon submission to GPO, a number is generated for each content file that is unique to the data inside the file
•
The SHA-256 hash value (Algorithm) recorded in metadata is used to detect changes to content files
•
Any change that occurs results in a new hash value
•
Users can search for content on FDsys and use hash values, with publicly available tools, to check that content
7
8
•
GPO uses best practices for establishing authenticity of content and maintaining integrity within FDsys
•
GPO is working towards certification as a Trusted
Repository
–
GPO utilized the Trustworthy Repositories Audit and
Certification: Criteria and Checklist (TRAC)
–
Security controls are in place that may allow authorized users to submit new content and change descriptive metadata, but it is not possible to open a file in the repository and make changes to content
9
•
GPO provides a chain of custody
•
Each significant event in the lifecycle of content is recorded in PREMIS metadata
•
Records contain the content source, changes that have occurred since the content was created or acquired, and who has custody of the content
10
Software Activities
•
Message Digest Calculation
•
Crypto Digest Calculation
•
Ingestion
•
Fixity Check
•
Rendition Creation
•
ACP Creation
•
Digital Signature
Assignment
•
Parsing
Human Agent Activities
•
Rendition Upload
•
Rendition Deletion
•
Submission
•
Public Access Restriction
•
Replacement
•
AIP Nominated for Deletion
•
AIP Approved for Deletion
11
•
Pros:
–
GPO is able to utilize the widely used and trusted document standard (PDF)
–
Use of Digital Signatures in conjunction with
Cryptographic Hash increases level of assurance
–
Provides quick visible confidence to end-users
– It’s fast, secure, authentic, less risky & less costly in the long run!
•
Cons:
–
Upfront costs of Digital Signatures may be cost prohibitive for some organizations
–
If majority of your customer base prefers paper version
(traditional customers will doubt the integrity of online)
–
Some providers have limited storage options and use proprietary software
12
•
Paper version well preserved since 1936 (thru 1985)
–
Paper is well cared for in compliant, archival centers
(NARA standard 36 CFR Part 1228, Subpart K)
–
Theft and Fire are biggest challenge
•
From 1985 to 1994, we used microfiche
–
Silver Halide process can last 500 years
–
Virtually impossible to mutilate
•
From 1995 to current, the electronic version on FDsys is the official record copy
–
Storage (expense and trusted providers/cloud)
–
Compromised content (via internal/external hacking)
–
Best formats 25, 50, 100 years from now? (risk of migrating data from format to format)
13
•
All digital materials published by the OFR and available on GPO’s FDsys utilize the same authentication
•
For more information, go to:
–
Authenticity of Electronic Federal Government
Publications, http://www.gpo.gov/pdfs/authentication/authenticationwhit epaper2011.pdf
– Overview of GPO’s Authentication Program, http://www.gpo.gov/pdfs/authentication/authenticationover view.pdf
•
NARA Record storage standard:
– http://www.gpo.gov/fdsys/pkg/CFR-2000-title36vol3/xml/CFR-2000-title36-vol3-part1228-subpartK.xml
14
15