UBC Theses and Dissertations

UBC Theses Logo

UBC Theses and Dissertations

Technological features of preservation systems that support the authenticity of digital records Jansen, Adam 2019

Your browser doesn't seem to have a PDF viewer, please download the PDF to view this item.

Item Metadata

Download

Media
24-ubc_2019_november_jansen_adam.pdf [ 4.58MB ]
Metadata
JSON: 24-1.0384577.json
JSON-LD: 24-1.0384577-ld.json
RDF/XML (Pretty): 24-1.0384577-rdf.xml
RDF/JSON: 24-1.0384577-rdf.json
Turtle: 24-1.0384577-turtle.txt
N-Triples: 24-1.0384577-rdf-ntriples.txt
Original Record: 24-1.0384577-source.json
Full Text
24-1.0384577-fulltext.txt
Citation
24-1.0384577.ris

Full Text

  TECHNOLOGICAL FEATURES OF PRESERVATION SYSTEMS  THAT SUPPORT THE AUTHENTICITY OF DIGITAL RECORDS  by ADAM JANSEN MSc, Eastern Washington University, 2009   A DISSERTATION SUBMITTED IN PARTIAL FULFILLMENT OF  THE REQUIREMENTS FOR THE DEGREE OF  DOCTOR OF PHILOSOPHY  in  THE FACULTY OF GRADUATE AND POSTDOCTORAL STUDIES (Library, Archival, and Information Studies)   THE UNIVERSITY OF BRITISH COLUMBIA (Vancouver)    October 2019   © Adam Jansen, 2019  ii    The following individuals certify that they have read, and recommend to the Faculty of Graduate and Postdoctoral Studies for acceptance, the dissertation entitled: TECHNOLOGICAL FEATURES OF PRESERVATION SYSTEMS THAT SUPPORT THE AUTHENTICITY OF DIGITAL RECORDS  submitted by Adam Jansen  in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Library, Archival and Information Studies  Examining Committee: Prof. Luciana Duranti,  Library, Archival and Information Studies   Supervisor Prof. Victoria Lemieux,  Library, Archival and Information Studies   Supervisory Committee Member  Prof. Giovanni Michetti, Document Studies, Linguistics, Geography, Sapienza University of Rome Supervisory Committee Member Prof. Anthony Clarke, Curriculum Studies   Examination Chair Prof Konstantin Beznosov,  Electrical & Computer Engineering    University Examiner Prof. Ning Nan, Business Administration University Examiner Prof. Christopher (Cal) Lee, Library and Information Science, University of North Carolina at Chapel Hill External Examiner    iii   Abstract This study aims to address the gap between the theoretical understanding of the authenticity of records and the implementation in digital archival preservation systems of technological features that can support the maintenance of that authenticity as the records move across space and through time. Using the lens of the archival method, a case study methodology was employed to conduct a series of ethnographic interviews, analysis of software, and review of supporting documentation at three sites.  The sites chosen for the study represent three different geographic regions (Canada, Europe and United States), three different jurisdictional responsibilities (Metropolitan, Provincial and National), and three different software environments (one open source implementation, and two solutions using a mix of proprietary and open source tools in Linux and Microsoft Operating environments). The findings of this study suggest that the use of specific technological features can support the presumption of records authenticity throughout the process of moving records across space and through time.  On the basis of this understanding, the findings of the case studies analysis were grouped into three specific functions: Transfer, in the course of which preservation institutions gather the records and the required identity and integrity metadata from the submitter; Ingest, in the course of which the institutions process the records and create or extract additional documentation regarding the identity and integrity of the records; and Maintenance, in the course of which the institutions safeguard the underlying  iv   bits, protect the networks upon which the records reside and implement processes to stay ahead of technological obsolescence. On the basis of the findings, this study has developed a model of the technological features for digital records observed across the case studies that support authenticity.  This model, named by this study the TechSAR Model, is expressed in both UML Activity Models and detailed Use Cases.  The TechSAR Model is not intended to be a stand-alone model; rather it is meant to supplement other existing digital preservation models by providing in-depth technical descriptions of services that perform activities supporting the authenticity of digital records in preservation systems that can be integrated into these existing models.     v   Lay Summary This study analyzes the technology employed by three case studies of varying sized preservation systems (from metropolitan to national scale) built on different technology infrastructures (including open source and commercial-off-the-shelf products) in support of the authenticity of the digital records they preserve.  From these findings, a model – named by this study as the TechSAR Model, Technological features Supporting the Authenticity of digital Records Model –was derived that presents those technological features of preservation systems that support the authenticity of digital records from initial transfer through ongoing maintenance. The TechSAR Model is intended to supplement existing preservation models by providing an in-depth technical description of services that perform activities mentioned in these reference models, with illustrative examples drawn from real-world examples of what each of the model activity looks like.  vi   Preface This dissertation is based on independent, original research carried out by the author, Adam Jansen. Preliminary findings of this study were presented at the APA/C-DAC International Conference on Digital Preservation and Development of Trusted Digital Repositories in New Delhi, India in 2014. The concept of Object-Oriented Diplomatics presented in Chapters Four, Five and Eight was first published by the author as an article titled “Object-Oriented Diplomatics” in Records Management Journal, Volume 25, Number 1, in 2015, and presented at the 2015 Digital Heritage International Congress in Granada, Spain.  The interviews conducted as part of the case studies in Chapters 3, 4, and 5 were covered by The University of British Columbia Behavioural Research Ethics Board Certificate H12-02562.    vii   Table of Contents Abstract……… ........................................................................................................... iii Lay Summary ............................................................................................................. v Preface ......................................................................................................................vi Table of Contents…………………..………………………………………………………vii List of Tables ........................................................................................................... xiii List of Figures .......................................................................................................... xiv Acknowledgments .................................................................................................... xvi Dedication ................................................................................................................ xix Chapter One: Introduction .......................................................................................... 1 1.1    Overview ........................................................................................................................... 1 1.2    Identification of the Research Problem ............................................................................ 5 1.3    Theoretical Foundations ................................................................................................... 7 1.4    Hypothesis ...................................................................................................................... 11 1.4.1    Research Questions ............................................................................................ 12 1.5    Overview of Case Study Selection ................................................................................. 13 1.6    Structure of the Study ..................................................................................................... 13 Chapter Two: Literature Review............................................................................... 16 2.1    Introduction ..................................................................................................................... 16 2.2    Defining Authenticity ....................................................................................................... 18 2.3    Historical Roots of Authenticity ....................................................................................... 21 2.3.1   Rise of Diplomatics ............................................................................................... 25 2.3.2    Modern Diplomatics ............................................................................................. 27 2.4    Assessing Authenticity in the Digital World .................................................................... 29 2.4.1    Transitioning Authenticity to a Digital World ........................................................ 32 2.5    Digital Preservation Research Projects .......................................................................... 34 2.5.1    The Literary Warrant ............................................................................................ 35 2.5.2    Application of Archival Diplomatics ..................................................................... 37 2.5.3    Significant Properties ........................................................................................... 43 2.5.4    Technological Approach ...................................................................................... 51 2.6    Summary ........................................................................................................................ 57 Chapter 3: Research Design .................................................................................... 63 3.1    Research Overview ........................................................................................................ 64  viii   3.2    Research Goal ................................................................................................................ 67 3.3    Central Research Question ............................................................................................ 68 3.3.1    Theory Questions ................................................................................................ 68 3.4    Defining the Terms Used in This Study .......................................................................... 69 3.4.1    Defining a Record ................................................................................................ 70 3.4.2    Defining Authenticity ............................................................................................ 71 3.5    Research Design ............................................................................................................ 73 3.6    Through the Lens of the Archival Method ...................................................................... 75 3.7    Research Strategies ....................................................................................................... 76 3.7.1    Ethnography ........................................................................................................ 76 3.7.2    Case Study .......................................................................................................... 79 3.8    Research Methods ......................................................................................................... 82 3.8.1    Semi-structured Interviews .................................................................................. 82 3.8.2    Documentation as Data Sources ......................................................................... 85 3.9    Analysis of Data Collected.............................................................................................. 85 3.9.1    Transcriptions of interviews ................................................................................. 85 3.9.2    Coding of Data ..................................................................................................... 88 3.10    Limitations of the Study ................................................................................................ 90 3.10.1    Limited to English-speaking Countries .............................................................. 90 3.10.2    Limited Number of Case Study Sites ................................................................ 91 3.10.3    Qualitative data requires interpretation ............................................................. 91 3.11    Ethical Concerns and Resolutions ............................................................................... 92 3.11.1    Informed Consent and Do No Harm .................................................................. 93 3.11.2    Maintaining Anonymity ...................................................................................... 96 3.11.3    Bias Through Word Selection or Influencing Informant ..................................... 97 3.11.4    Bias from Participant-as-Observer Methodology .............................................. 98 3.11.5    Ethically Justifiable Research Involving Human Subjects ................................. 99 3.12    Summary .................................................................................................................... 100 Chapter Four: Case Study -- Metropolitan Implementation .................................... 102 4.1    Background .................................................................................................................. 102 4.2    Integrated Records Management Framework .............................................................. 104 4.3    Preservation System .................................................................................................... 108 4.4    Transfer ........................................................................................................................ 111 4.4.1    BagIt Specification for Transfer Packages ........................................................ 113 4.4.2    Unique Identification .......................................................................................... 117 4.4.3    Micro-services Approach ................................................................................... 120 4.4.4    Approval ............................................................................................................ 121  ix   4.4.5    File Format Validation ........................................................................................ 126 4.4.6    Technical Metadata Extraction .......................................................................... 128 4.5    Ingest Workflow ............................................................................................................ 130 4.5.1    PREMIS Events logging .................................................................................... 134 4.5.2    PREMIS Rights .................................................................................................. 137 4.5.3    Use of Object Models ........................................................................................ 138 4.6    Preservation Over the Long Term ................................................................................ 144 4.6.1    Dissemination Information Packages ................................................................ 146 4.6.2    AIPStore ............................................................................................................ 146 4.6.3    Reprocessing ..................................................................................................... 149 4.7    Summary ...................................................................................................................... 150 Chapter Five: Case Study – Provincial Implementation ......................................... 152 5.1    Background .................................................................................................................. 152 5.2    Transfer ........................................................................................................................ 154 5.2.1    Memorandum of Agreement .............................................................................. 155 5.2.2    SIP Creation ...................................................................................................... 156 5.2.3    Provenance Capture .......................................................................................... 159 5.2.4    Describing the Transfer ..................................................................................... 162 5.2.5    Transfer Comparison ......................................................................................... 170 5.2.6    HASH of Digital Objects .................................................................................... 171 5.2.7    Secure Transmission ......................................................................................... 172 5.3    Record Ingestion .......................................................................................................... 176 5.3.1    Merging Data Files ............................................................................................ 179 5.3.2    Group Ingestion ................................................................................................. 180 5.3.3    Record Ingestion ............................................................................................... 181 5.3.4    Derivatives Generation ...................................................................................... 182 5.3.5    Diplomatics Model Design ................................................................................. 187 5.4    Maintenance of Authenticity ......................................................................................... 189 5.4.1    SQL Injection ..................................................................................................... 191 5.4.2    Column Lists ...................................................................................................... 193 5.4.3    Database Locks ................................................................................................. 194 5.4.4    InformationRecordDatabaseHelper ................................................................... 197 5.4.5    Sharding ............................................................................................................ 198 5.4.6    Disaster Recovery ............................................................................................. 199 5.4.7    Creation of Deep Storage Copy ........................................................................ 209 5.5    Summary ...................................................................................................................... 212  x   Chapter Six: Case Study – National Implementation ............................................. 215 6.1    Background .................................................................................................................. 215 6.2    Records Transfer .......................................................................................................... 217 6.2.1    Interface ............................................................................................................. 217 6.2.2    Sending the transfer .......................................................................................... 219 6.2.3    Gateway............................................................................................................. 220 6.2.4    Verification of Transfer ...................................................................................... 221 6.3    Records Ingestion ......................................................................................................... 222 6.3.1    PLANETS Service Access ................................................................................. 224 6.3.2    PLANETS Service Registry ............................................................................... 225 6.3.3    Data Objects ...................................................................................................... 228 6.3.4    Digital Objects ................................................................................................... 232 6.3.5    PLANETS Data Registries................................................................................. 235 6.3.6    Workflows .......................................................................................................... 236 6.3.7    Ingestion Process .............................................................................................. 242 6.3.8    Format Comparison ........................................................................................... 243 6.3.9    Ingestion Workflow ............................................................................................ 244 6.4    Maintenance of Authenticity ......................................................................................... 248 6.4.1    Document Sealing Engine ................................................................................. 253 6.4.2    Storage Behavior ............................................................................................... 257 6.4.3    Continuous Storage Validation .......................................................................... 259 6.4.4    Storage Cluster Design ..................................................................................... 260 6.4.5    Storage Site Security ......................................................................................... 263 6.4.6    Auditing .............................................................................................................. 264 6.4.7    Quality Assurance ............................................................................................. 271 6.4.8    Image Corruption ............................................................................................... 272 6.4.9    Image Comparison ............................................................................................ 273 6.5    Summary ...................................................................................................................... 275 Chapter Seven: Technological Features Supporting the Authenticity of Digital Records ............................................................................................. 278 7.1    Introduction ................................................................................................................... 278 7.2    Model Design ................................................................................................................ 279 7.3    Core Functional Requirements ..................................................................................... 284 7.4    Transferring Records to the Archives ........................................................................... 286 7.5    Transfer Function Activity Diagram .............................................................................. 287 7.6    Transfer Function Activity Descriptions ........................................................................ 288 7.6.1    Directory Service of Known Users ..................................................................... 288  xi   7.6.2    Controlled Form for Submission of Records ..................................................... 289 7.6.3    Create Manifest for SIP ..................................................................................... 290 7.6.4    Create a Device Fingerprint of Submission ....................................................... 291 7.6.5    Calculate Message Digest ................................................................................. 293 7.6.6    Document Folder Structure Prior to Transfer .................................................... 294 7.6.7    Create SIP for Transfer ..................................................................................... 296 7.6.8    Transfer SIP usng Secure Protocols ................................................................. 297 7.6.9    Gateway Validatio of Incoming Packets ............................................................ 298 7.6.10   Scan for Malware .............................................................................................. 300 7.6.11   Check SIP Manifests ........................................................................................ 302 7.6.12   Compare Message Digests .............................................................................. 303 7.6.13   Validate Cbontents of SIP ................................................................................ 304 7.7    Ingest of Records into the Repository .......................................................................... 306 7.8    Ingest Function Activity Diagram .................................................................................. 307 7.9    Ingest Function Activity Descriptions ............................................................................ 308 7.9.1    Quarantine Records .......................................................................................... 308 7.9.2    Conditional Workflow Manager Determining Which Services in Which Order .. 309 7.9.3    Object Model Created for Records with Preservation System .......................... 312 7.9.4    Deconstruct SIP into Individual Records ........................................................... 313 7.9.5    Assign Unique Persistent ID to Each Record Preservation System ................. 316 7.9.6    Error Trapping for Anomalies in Ingest Processing ........................................... 317 7.9.7    Identify the File Format and Version of the Digital Object ................................. 318 7.9.8    Local Registry of File Format Types and Versions ........................................... 320 7.9.9    Validate the Digital Objects to Conformance with Format Specification ........... 322 7.9.10   Extract Technical Metadata Regarding Digital Objects .................................... 323 7.9.11   Convert Records into Other Digital Formats .................................................... 325 7.9.12   Produce Cryptographic Time-stamp for Every Digital Object in Record .......... 326 7.9.13   Create an Archival Information Package .......................................................... 328 7.10   Maintenance of Records in the Repository ................................................................. 331 7.11   Maintenance Function Activity Diagram ...................................................................... 332 7.12   Maintenance Activity Descriptions ............................................................................... 333 7.12.1    Loader Balancer to Distribute Requests between Multiple Servers ................ 333 7.12.2    Shard Database to Prevent Alteration ............................................................. 334 7.12.3    Storage Disk Redundancy ............................................................................... 337 7.12.4    Move AIP to the Dark Archives ....................................................................... 338 7.12.5    Unprocessed SIPs Copied .............................................................................. 340 7.12.6    Encapsulated, Self-Describing Record ............................................................ 341  xii   7.12.7    Backup Copy Sent Offsite ............................................................................... 342 7.12.8    Periodic Validation of Bits on Disk ................................................................... 344 7.12.9    Continuous Malware Scan .............................................................................. 345 7.12.10   No Trust Model Exists Between Storage Sites .............................................. 347 7.12.11   Active Monitoring for Suspicious Activity ........................................................ 348 Chapter 8: Conclusion ........................................................................................... 351 8.1    What does Authentic Digital Record Mean?................................................................. 352 8.2    Findings on What Technological Features Support Authenticity of Records ............... 354 8.3    Transfer ........................................................................................................................ 355 8.4    Ingest ............................................................................................................................ 357 8.5    Maintenance ................................................................................................................. 361 8.6    Recommendations for Further Study ........................................................................... 364 8.7    Summary ...................................................................................................................... 368 References  ........................................................................................................... 370 Appendix A: Interview Protocol .............................................................................. 407 Appendix B: Diplomatic Analysis Template ............................................................ 412 Appendix C:  Transcription Template ..................................................................... 419 Appendix D: Consent Form .................................................................................... 420 Appendix E:  Letter of Invitation ............................................................................. 422 Appendix F: Requirements for Assessing and Maintaining the Authenticity of Electronic Records ............................................................................. 423 Appendix G: Technological Features Observed in Case Studies by Function ....... 436 Appendix H: Deep Storage Example ..................................................................... 448     xiii   List of Tables Table 1: Identity and Integrity Metadata (Partial List) ............................................... 73 Table 2: Example of Format Policy Registry .......................................................... 134 Table 3: Events Table from Database .................................................................... 137 Table 4: RightsStatement Table Fields .................................................................. 138 Table 5: Table Structure for Transfers ................................................................... 142 Table 6: Table Structure for SIPs ........................................................................... 143 Table 7: Table Structure for Files ........................................................................... 144 Table 8: Dublincore Table Fields ........................................................................... 145 Table 9: Example of PRONOM Entry for PDF/A 3u ............................................... 231    xiv   List of Figures Figure 1: CRQ-TQ-IQ/II Pyramid Model ................................................................... 66 Figure 2: Five Elements Every Record Must Possess ............................................. 71 Figure 3: Hierarchy of Research Design ................................................................ 101 Figure 4: Three Tier Design of the HP TRIM System ............................................. 104 Figure 5: Generate AIP UML Activity Diagram ....................................................... 110 Figure 6: Submission Dashboard ........................................................................... 113 Figure 7: BagIt Directory Structure ......................................................................... 114 Figure 8: UUID assignment by archivematicaAssignFileUUID.py .......................... 119 Figure 9: PRONOM Format Identification of PDF/A-3A and PDF/A-3B ................. 126 Figure 10: Sample of File Validation of a .jpg File Using JHOVE ........................... 128 Figure 11: Sample Technical Metadata for .jpg File Using JHOVE ........................ 130 Figure 12: Hash Digest generation within updateSizeandChecksum.py ................ 132 Figure 13: createEvent.py for PREMIS Format Identification ................................. 136 Figure 14: Construction of the Unit Object Model in unit.py ................................... 140 Figure 15: Extending the unit object model for SIPs with unitSIP.py...................... 141 Figure 16: Extending the unit Object Model for files from unitFile.py ..................... 141 Figure 17: Functional Overview of Preservation System ....................................... 154 Figure 18: Transfer Overview Diagram .................................................................. 158 Figure 19: Example of Device Fingerprint Created During Transfer ...................... 161 Figure 20: Field Validation Checks in Transfer Tool .............................................. 164 Figure 21: Title Information Tab ............................................................................. 165 Figure 22: Define Data File Tab ............................................................................. 166 Figure 23: Data Files Tab ...................................................................................... 167 Figure 24: Transfer Summary Tab ......................................................................... 168 Figure 25: View XML .............................................................................................. 169 Figure 26: Creating the FTP Package .................................................................... 174 Figure 27: Aegis Padlock by Apricorn .................................................................... 176 Figure 28: Data Files Transformation for Ingestion ................................................ 178 Figure 29: Derivative Digital Object Creation Grid Computing Architecture ........... 183 Figure 30: Representation of Record Common Table Structure ............................ 188 Figure 31: Representation of DMZ ......................................................................... 191 Figure 32: Examples of Open and Restricted Columns ......................................... 194 Figure 33: Record Locks Table Structure .............................................................. 196 Figure 34: Extract of Anonymized Firewall show running-config ............................ 202 Figure 35: Extract of Anonymized Ethernet Switch show running-config ............... 204 Figure 36: Extract of Show Configuration for Hardware Load Balancer ................. 205 Figure 37: Example of a Tape Library System ....................................................... 212 Figure 38: Example of the BagIt File Structure ...................................................... 219 Figure 39: ServiceDescription Builder Object ........................................................ 227 Figure 40: Example of Signature from PRONOM from RTF files ........................... 229 Figure 41: Class DigitalObject Example ................................................................. 233  xv   Figure 42: Retrieve Workflow Template Code ....................................................... 237 Figure 43: Bean maxSession ................................................................................. 239 Figure 44: Event Object Creation ........................................................................... 240 Figure 45: Extract from JHOVE.............................................................................. 245 Figure 46: DIDL Relationship Diagram .................................................................. 247 Figure 47: Cryptographic Time-stamp Document Seal .......................................... 255 Figure 48: Root Issuer Certificate Authority Information ........................................ 256 Figure 49: Storage Site Replication Workflow ........................................................ 258 Figure 50: Storage Cluster Design ......................................................................... 262 Figure 51: Aggregation Hash Tree ......................................................................... 267 Figure 52: Cryptographic Summary Information Chain .......................................... 268 Figure 53: Example of Corrupted Image ................................................................ 273 Figure 54: Comparing the Converted JPEG (Left) with .......................................... 274 Figure 55: Transfer Function Activity Diagram ....................................................... 287 Figure 56: Ingest Function Activity Diagram .......................................................... 307 Figure 57: Maintenance Function Activity Diagram ................................................ 332     xvi   Acknowledgments This dissertation would not have been possible without the support, input, guidance, and continued encouragement of a large number of people who gave their time, effort, and energy selflessly for my benefit.  As a professional archivist of twenty years, this journey has been a long one and owes much of its success to many others.  My gratitude to Tina Fu of the University of Wisconsin-Oshkosh Library for guiding a wayward undergraduate history student toward a career in archives administration. I am honored to have been in the last cohort for the Master’s Program in Archival Administration at Western Washington University selected by Dr. James “Bert” Rhodes, fifth Archivist of the United States. And while in the program, having had the opportunity to learn the profession under the gentle and masterful hand of Dr. Randall Jimerson -- who also arranged for my internship at the Microsoft Archives, which sparked my interest in digital preservation. My thanks must be voiced for my supervisors, Irene Henly and Rick Danielson, who shaped my early career in the field and gave me the opportunity to learn and grow; I owe the big break in my professional career to Steve Excell, Assistant Secretary of (Washington) State who hired me to lead the Digital Archives project for the Washington State Archives.  A big “Thank you” to him for not actually chaining me to the service tunnel! For his encouragement to go back to school and pursue an education in Computer Science, I owe him for my interdisciplinary Master of Science in Business Administration and Computer Science – for that I  am eternally grateful. I must thank my former team at the Washington State Digital Archives, who  xvii   never met a challenge I put before them that they could not overcome, with a special fondness for the most amazing network administrator I have I have ever had the pleasure of work with, Harold Stoehr, and one of the brightest programmers, Daniel Waterbly.  For my teaching style, I thank and acknowledge my two biggest inspirations, my mother Dr. Marilyn Hart, former professor of the year at the University of Wisconsin – Oshkosh and always the “World’s Best Teacher” in my mind, and Dr. Douglas Bickerstaff from my program at Eastern Washington University, who always seemed to squeeze the most potential out of his students. Working on the InterPARES project and interacting with the fantastic, worldwide team of archival professionals has been one of the greatest pleasures of my professional career.  I thank them all for the kindness and generosity they have shown me, and for putting up with my constant stream of questions. It is through the course of these research projects that I had the pleasure of working with, and learning from, Dr. Kenneth Thibodeau and Daryll Prescott (my brother from another mother) who inspired me throughout the conduct of this study.   A huge Mahalo Nui Loa (Thank You Very Much in Hawaiian) to Susan Shaner, former State Archivist of Hawai’i, for allowing me to be a consultant on their digital archives project. It allowed me to meet the love of my life, Miki. I could not have does this without Miki’s support, love, and patience every step of the way.  The day she said “I Do” is the happiest day of my life. With her encouragement, I was able to land my ‘Dream Job’ as State Archivist of Hawaiʻi; where I not only have the best job (for me) in the world, but also the best team that I could have hoped for supporting my crazy ideas.  My appreciation and admiration for their skills and dedication are beyond words. A special mahalo to Dr. Ronald C. Willaims Jr. for advancing my knowledge of ʻŌlelo Hawaiʻi (Hawaiian Language) and culture, Gina  xviii   Vergara-Bautista for holding down Records Management, and my twin pillars of support, Ju Sun Yi and Alice Tran.  My love to all my family, natural and hānai (Hawaiian for adopted), for putting up with me throughout this process.  A special place in my heart is reserved for Aric Mickelson and Marta Reinhold, my oldest and dearest friends whom I am proud to call family, who have always been so kind and generous when I needed a place to stay; and Bruce Wee, my brother nerd who is always up for learning something new. My doctoral studies have been partially supported over the years by the University Doctoral Fellowship, the Pacific Century Scholar Award, the R. Howard Webster Foundation Fellowship, and the Faculty of Arts Graduate Award, for which I am grateful.   I continue to be amazed by the faculty at the iSchool@UBC, who have molded me into the archivist that I am today.  Their dedication to their students and their research is humbling and awe-inspiring to behold.  I could not have survived the rigors of Ph.D. life without the administrative staff at the iSchool@UBC who looked after me and supported me during my studies, and my fellow students who were always there with a kind word and a friendly smile.  My appreciation to Elaine Goh, Donald Force, Elizabeth Shaffer, Corinne Rogers, Jessica Bushey, Sherry Xie, and Weimei Pan for their kindnesses, big and small.  Lastly, I must acknowledge the unbelievable support that I have received from my Dissertation Committee: Dr. Luciana Duranti, Dr. Victoria Lemieux, and Dr. Giovanni Michetti.  I am eternally grateful for their efforts on my behalf.  I, quite literally, could not have done this without them. Mahalo Nui Loa to you all (named and unnamed) for your support along my long and winding road to becoming a State Archivist and a Ph.D. graduate! I love you all for being in my life.  xix   Dedication  To the three women who made this possible:  My Mother, Dr. Marilyn Hart, the kindest, most generous heart I have ever met, for being a role model to me and for all of your support throughout this long process;   My Professor and Committee Chair, Dr. Luciana Duranti, the most innovative and hardest working person I know, for never giving up on me or letting me lose faith in myself; and,   My Wife, Miki Karukaya, a more understanding and loving partner than I deserve, for your patience with me and being my guiding light through the darkest of times.  YOU ARE MY LOVE, MY LIFE, MY EVERYTHING! 1   “In an environment characterized by pervasive deceit, it will be necessary to provide verifiable proof for claims related to authorship and integrity that would usually be taken at face value in the physical world ... authenticity and integrity, when held to this standard, are elusive properties.  It is much easier to devise abstract definitions than testable ones.  When we try to define integrity and authenticity with precision and rigor, the definitions recurse into a wilderness of mirrors, of questions about trust and identity in the networked information world.” -- Clifford Lynch  (2000), “Authenticity and Integrity in the Digital Environment: An Exploratory Analysis of the Central Role of Trust,” in Authenticity in the Digital Environment, p. 33.   Chapter One: Introduction  1.1 Overview Records are instruments or by-products of an activity. As such, they possess an innate capacity to serve as evidence of the activities in which they participate. Their process of creation in the course of an activity, along with the fact of their being set aside for further action or future reference, allows records to serve as faithful witnesses to the acts and facts in which they participated (Eastwood, 1994). When they have been maintained in custody according to regular procedures that can be attested to, these records are afforded the presumption of authenticity.  Traditionally, this evidentiary value based on the presumption of authenticity, however, can be challenged unless the record is demonstrably authentic; that is unless the record “is what it purports to be and that it is free from tampering or corruption”  (Centre for the International Study of Contemporary Records and Archives, 2015).  For this to happen, it is essential that both the content and the structure of the record do not change substantively since creation, and that the  2   technological features of the preservation system assess, document and maintain the authenticity of those records over the long term.  The latter is the focus of this study, The widespread use of digital technologies in the conduct of business has resulted in organizations generating more information annually than in any previous decade of human activity (Marr, 2018). As computer systems continue to be embraced due to the advances in process efficiencies they offer, the procedures necessary to maintain their output—the records—in a demonstrably authentic state have not kept pace.  A majority of the records created on these systems are  less reliable, retrievable, or accessible than ever before. Idiosyncratic software systems generate, manage, and store digital data using proprietary technologies and media that are not developed to segregate different types of information, to prevent manipulation or tampering, or to establish and maintain an intellectual order, and that are subject to the dynamism of the computer industry (Duranti, 2001, p. 271).   The nature of the systems making, receiving, or capturing digital records, the ease with which digital records can be modified and passed off as originals1, and the black-box nature of how records are created and rendered (Kenneally, 2001) have led to an increasing distrust of digital records. As distrust conflicts with the social need to create, use and maintain records as faithful witnesses of the activities in which they participate (Lynch, 1994), the past two decades have seen an increased                                                  1 See the Reuters photo by Adnan Hajj (BBC News, 2006) that was doctored to make the smoke from the burning buildings look more voluminous, and the Mubarak photograph  (BBC News, 2010) that was doctored to show the Egyptian president leading a peace delegation rather than the US president, and the altered video from a White House Press Briefing in 2019 that was edited and sped up to make it appear as though the reporter struck a White House intern  (Farhi, 2018).  3   focus on the question of what the concept of authenticity means as it applies to digital records and systems. Since ancient times, the authenticity of organizational records has been safeguarded through their transfer to and maintenance within a public archives.  This concept of public archives as a place of trust has deep legal roots tracing back to the Justinian Code (Duranti, 1996), in which archives were considered places of authority and responsibility for the care and preservation of records.  When records were deposited in the Tabularium (Roman Archives), they remained uncorrupted and isolated from potential contamination from outside influences, thus maintaining their ability to serve as a faithful witness to that which they recorded.  It is in this purpose, so well stated by Thibodeau (1991), of guaranteeing the continuing authenticity of the material in its custody that the raison d’etre of all archives, including private business and community archives, can be found.  This protection – afforded under the care and custody of trained, disinterested third parties – allowed the records to retain their authenticity as stable and immutable objects within their own context, beyond the reach of external interests, politics, events and trends of any kind throughout time, places and events.   With the large scale shift from transferring analogue records that no longer needed for the conduct business to the archives on a regular basis into an environment where the records tend to remain longer in the custody of the records creators – or, more accurately, within the computer systems under the control of a creator’s IT department or third-party Cloud Service Providers – this ability to isolate and protect records from loss, alteration, deterioration, deletion or technological  4   obsolescence has been greatly compromised.  That is not to say that such records are not, or can never be, authentic.  Rather, the requirements for achieving the same threshold for demonstrating their authenticity have increased in response to the frequency of technological changes to systems and file formats.   With these changes come new responsibilities and corresponding processes for maintaining digital records safeguarding the presumption of their authenticity.  Given that, maintaining digital records over the long term will likely require preserving them across multiple, often radical, technological changes to the systems and/or formats used. Therefore, migration and/or conversion of the digital records are highly likely.2  To understand the impact of failing to plan for technological changes, one needs to look no further than the 1.2 million magnetic tapes NASA had accumulated over three decades of space flight that could either not be found or read (Cook, 1995), the 1960 US Census where the raw data tapes become obsolete and unreadable by the late 1970s (Day, 1997), and the Canada Land Inventory that had to be recovered at great taxpayer expense (Lauriault, Craig, Taylor, & Pulsifer, 2007).  Therein lies the challenge of preserving digital records over the long term: to remain authentic the records must not change substantively from that which the creator used in the course of business, yet the inevitable advances in technology will force changes to the underlying systems and to the binary bits of the records in                                                  2 Some digital preservation research projects researched for this study have presented persuasive arguments that emulation is the best method of preserving digital records across multiple technological changes. While the underlying concepts show promise, the emulation for preservation approach has not been demonstrated effective on any large scale. An overview of these projects can be found in the Literature Review contained in Chapter Two.  5   order to ensure the ability to view the records in the future and to use them the same way they have been used in the past.  1.2 Identification of the Research Problem Managing vast amounts of digital records, as well as the systems in which they are created and stored, is placing pressure on the archival community to develop new and effective methods, along with comprehensive guidelines, for supporting and preserving authenticity. The rapid evolution and forking of technology are producing a wide variety of records creation and keeping systems, in terms of the server hardware, application software, storage media, and their underlying operating systems.  A United States National Archives and Records Administration [NARA] audit by the General Accounting Office (2003), carried out in preparation for the Electronic Records Archives [ERA], found over eight hundred different self-identified IT systems in four federal agencies.  The daunting task of gaining control over this large number of independent systems is further impacted by the general ennui amongst records custodians about preserving the authenticity of these records.  This attitude was evidenced in a survey of twenty-two digital repositories, “the majority of which felt that ensuring authenticity and integrity represented a low priority compared to increasing access and preserving content” (Bradley, 2005, p. 165).  As Lynch (1994, p. 738) has observed, this de-emphasis on the authenticity of records in digital repositories has a negative effect on their value as records:  We are somewhat vague about what we expect, and we do not always understand what a given system can actually do.  Our lack of clarity produces both overly optimistic (trusting) and overly pessimistic perceptions.  In the world of digital information, the tools and mechanisms of ensuring integrity are complex and exotic, and our unfamiliarity with these tools leads us to distrust their efficacy.  Thus  6   we regard the digital information environment as basically lacking integrity.  The courts, however, have held for a long time a very different point of view as to the importance of protecting the authenticity of records, and are increasingly holding records custodians to higher standards of conduct (Armstrong v. Executive Office of the President, 1996; Cabinetware Inc., 1991; Lombardo v. Broadway Stores, Inc, 2002; Public Citizen v. Carlin, 1997).3  This increasing understanding amongst the courts that paper and digital versions of records are not equivalent reinforces the fact that digital records are compound documents consisting of digital objects, that is, “discrete aggregation[s] of one or more bitstreams and the metadata about the properties of the object and, if applicable, methods of performing operations on the object“ (InterPARES, Terminology Database).  These objects, with their reliance upon technological intermediaries needed to render them viewable to humans, are more easily altered and corrupted than analogue materials, and alterations are more difficult to detect when they do occur.  Given the complexity of the interrelated parts that comprise a digital record, creators and preservers often find it challenging to establish a record’s identity and integrity, the two characteristics by which authenticity is determined (Authenticity Task Force, 2002).  This difficulty in establishing their authenticity negatively affects the value of records, as Ross (2002a, p. 7) states: “digital objects that lack authenticity… have limited value as evidence or as an information resource.”   Thus, records custodians face many challenges to maintaining the authenticity of records in their repositories, and their                                                  3 These examples illustrate that there is an obligation on the record preserver’s part to preserve and maintain their digital records regardless of the presence of paper printouts of the same.  7   value as assets.  While the need to maintain the authenticity of digital records across space and through time remains unquestioned, the methods by which this can be accomplished has yet to be determined.   The chosen implementation of technology with an environment has a significant influence over the authenticity of the digital records maintained within the preservation system.  As computing capabilities grow faster4, leading to more robust and user-centric software applications, the ability to create, modify, and distribute digital records through intranets, disparate networks and instantaneous messaging has also increased.  This challenges archivists to acquire the knowledge and the infrastructure to maintain digital records in an authentic state over the long term.  This study analyzes the ways in which selected digital archives have implemented technology within their own preservation workflows and repositories, and from this analysis develops a model of the technological features that support the authenticity of digital records from their accession into an archives through long-term preservation and use. 1.3 Theoretical Foundations For definitional and evaluative purposes, this study will employ the archival diplomatics’ concept of authenticity, which encompasses not only the attributes of the records themselves (those directly related to the record’s identity and integrity), but also the whole of the juridical-administrative, provenancial, procedural,                                                  4 In computer science terms, the rate of change is quantified by Moore’s Law (G. E. Moore, 1965) which states that processing power doubles every two year. Kryder’s Law is named after Mark Kryder who observed that disk density – the amount of data that can be stored on a single drive – over the previous 50 years was increasing 1,000 fold every decade and a half (Chip Walter, 2005).  This equates to disk drives doubling in capacity approximately every thirteen months. Rosenthal (2014) points out that this rate is slowing to around 20%/annum over the last decade and the cost per GB is not decreasing anywhere near the rate Kryder predicted.  8   documentary and technological contexts5 in which the records were made or received, maintained, and preserved from the moment of their creation and throughout their entire existence (Duranti & Thibodeau, 2006; Duranti & Preston, 2008; MacNeil, 2000a; MacNeil, 2002; Miller, 2001).  Identity is derived from the whole of the attributes of the record that together uniquely characterize and distinguish it from other records.  The attributes of identity allow the examiner to differentiate one record from another, to determine the who, what, where, when, and why of the record.  Integrity concerns the record’s wholeness – that it possesses all of its necessary parts existing at creation — and its soundness – that its condition is unimpaired (Hirtle, 2000; MacNeil, 2000a).  For a record to be a faithful witness of actions taken and decisions made it is essential that the record be authentic and that such authenticity be verifiable; that is, the record must be proven to be 1) what it purports to be and 2) free from manipulation, substitution, or falsification (Duranti, 1995).   The context that supports the presumption of authenticity afforded to records is heavily influenced by the facts concerning the:   creation of the records (as records are granted the presumption of authenticity if it can be shown that they were made or received in the course of institutional business to serve the practical needs that originated them) (Authenticity Task Force, 2002; Authenticity Task Force, 2013; InterPARES Authenticity Task Force, 2000);   recordkeeping (as expressed through the processes of capture, maintenance and use concerning any alterations to the original record); and,                                                   5 Juridical-administrative context refers to the legal and organizational system in which the creating body belongs; provenancial context refers to the creating body, its mandate, structure, and functions; procedural context refers to the business process in the course of which the record is created;  documentary context refers to the archival fonds to which a record belongs, and its internal structure; and technological context refers to the characteristics of the technical components of an electronic computing system in which records are created. (Authenticity Task Force, 2000).  9    custody of the records (through an unbroken line of legitimate custodians—or chain of custody) (Duranti, 1997; Eastwood, 1994).     The presumption of authenticity afforded to records created according to regular and controlled procedures must be actively maintained by creators and legitimate successors for, once lost or compromised, authenticity has to be asserted for each record through testimony, comparison with copies, or scientific means of analysis.  The record may still have value as a document of historical interest, but its value as a faithful witness to the fact and act in which it participated is suspect when compared to records that were maintained continuously in an authentic state (Eastwood, 1994; Ross, 2002b).  It falls upon the responsible custodian at any given time in their lifecycle to protect the authenticity of records by ensuring that they are not manipulated, substituted, or falsified, either in transmission or through their chain of custody, and continue to be as they were created, free from the taint of other interests and capable of conveying the message originally intended.  As authenticity can be inferred from the processes used to capture and manage the record, the clearer the chain of custody, the more consistent the procedures and the stronger the attestation, the greater the presumption of authenticity (MacNeil, 2002).  In the digital age, how technology is implemented within recordkeeping and record preservation systems has a strong influence on the ability to determine a record’s authenticity.  While record-keeping systems may have the ability to capture and maintain authentic digital records, many have difficulty just maintaining records: “electronic systems are often being designed to manage data rather than records” (Groven, 2010, p. 31) .  The issues of obsolescence and incompatibility notwithstanding,  10   requirements can be mandated for computer applications to embed records with a minimum required set of identity and integrity metadata6 from their point of creation.  That is, these recordkeeping systems can, theoretically, create digital records possessing the qualities necessary to be presumed and verified authentic over time if they are correctly implemented and executed.  Records produced in such a defined and formulaic way would be able to serve as faithful witnesses of facts while holding their creators accountable.  This accountability, in turn, would increase trust through the transparency of organizational operation thereby “open[ing] the door to more sophisticated methods of control” (Bekkers, 1998, p. 342).  The extent to which preservation systems support or hinder the presumption or verification of the authenticity of records depends on the way in which the underlying technology has been implemented and on the quality of the procedures in place governing the creation, handling, and maintenance of records within the system.  The greater the level of systematic controls over the records, the greater the ability to support their authentication.  When those systems lack sufficient operational instructions to establish the identity and protect the integrity of the records or to verify the completeness of a record prior to committing it to a trustworthy digital repository7, the authenticity of the record suffers.  While the theoretical concept of authenticity in digital systems has been studied extensively over the past decade, the extent to which the implementation of technology within                                                  6 Metadata in this study refers to the InterPARES definition of “Information that characterizes another information resource, especially for purposes of documenting, describing, preserving or managing that resource.” (InterPARES, 2016d). 7 A Trustworthy Digital Repository is one who has a “mission to provide reliable, long-term access to managed digital resources to its Designated Community, now and into the future” (The Consultative Committee for Space Data Systems, 2011, p. 2-1).  11   trusted repositories supports this conceptual view of authenticity bears further study.  Significant research effort has been spent over the past two decades attempting to expand the concept of authenticity to digital records (Delozier, 2013; Donaldson, 2015; Duff, 1996; Duranti, 1995; Gladney, 2009; Hedstrom, Lee, Olson, & Lampe, 2006; Katuu, 2001; Lynch, 2000; MacNeil & Mak, 2007; Rogers, 2015b; Ross, 2002a; Seadle, 2012; Smith, 2000), however few have presented a standard set of attributes or metrics to measure against  (Rogers, 2015a).  Fewer still have looked at the ways in which specific technologies are being employed by records managers, archival, and information technology professionals to support the authenticity of digital records within their custody.   1.4 Hypothesis This study seeks to address the gap between the theoretical concept of authenticity in archival science and its implementation within the various technological features of digital archival preservation systems.  The central hypothesis of this study is that, despite the rapid advancement of technology and the many factors challenging the assessment, documentation and maintenance of the authenticity of digital records, by analyzing how traditional archival concepts are implemented within an information technology framework, it is possible to articulate the technological features of a preservation system that are capable of capturing and producing evidence that supports the authenticity of digital records over the long term.    12   1.4.1 Research Questions Derived from the central hypothesis, the core research question of this study is: What are the technological features of preservation systems that influence the assessment, documentation, and maintenance of the authenticity of digital records as they move across space and through time? The sub-questions for this study address four thematic areas: one dealing with the conceptual view of authenticity of records in digital systems and three focusing on what Bearman (2006) refers to as the ‘moments of risk’ -- two of which deal with the  transfer of digital records across space (the transmission of records from the system of the creator to the archives and the process of accepting these records into the archives’ preservation system) and one dealing with carrying the records forward through time (i.e. long-term preservation). These sub-questions are: 1. What does ‘authentic digital records’ mean? 2. What technological features support the assessment of the authenticity of records as they are transferred to a preservation system? 3. What technological features support the documentation of the authenticity of records ingested8 into a preservation system?                                                  8 Ingest, for purposes of this study, shall follow the Open Archival Information Systems Reference Model terminology and mean the functions necessary to accept and validate the transfer of records from the creator(s),  13   4.  What technological features of a preservation system support the maintenance of the authenticity of records over the long term? 1.5 Overview of Case Study Selection The sites used as case studies for this research were selected on the basis of the following criteria:   the archival institutions have publicly mandated responsibilities for the operation of preservation systems;  the preservation system offers the core functionalities outlined in the ISO 14721: Open Archival Information Systems Reference Model (International Organization for Standardization, 2012c);   the preservation systems contain materials that are defined as ‘records’; the sum of the case studies represents archives operating at the city, provincial and national levels; and,   the preservation systems employ different foundational technological infrastructures drawing from both proprietary, off-the-shelf products, and open-source applications. 1.6 Structure of the Study Chapter One presents the problem of technology advancing faster than archivists’ ability to fully understand the impact it has on the ability to support the authenticity of digital records. It outlines the hypothesis at the core of this study and the research questions and the criteria for the choice of the case studies that are used to address such questions. Chapter Two investigates existing literature regarding the authenticity of records and how the concept has evolved with the introduction of digital technology in records creation, recordkeeping, and records preservation.  The literature review                                                  create any needed Descriptive Information, and prepare the records for storage in the preservation system (International Organization for Standardization, 2012c).  14   starts with an examination of the historical roots of authenticity in archival science, and the rise of rigorous examination methodologies with diplomatics, and then discusses how various research projects over the past two decades have applied both the traditional archival and diplomatics’ concepts to broaden our understanding of what authenticity means in the digital age.  Chapter Three details the research design that was employed for this study; starting with the theoretical foundations that informed this research, the methodological approaches that were used, the reasons why those methodologies are appropriate for this study, the techniques used to gather the data, and how the data gathered were analyzed. Chapters Four, Five, and Six each present one of the three digital archives that were chosen as case studies for this research.  Each case study presents an overview of the institution, its technological environment of operation, the workflow processes used to acquire, process and maintain digital records that are relevant to this study, and a discussion of how the technological features of the preservation systems employed at the institution constitute the support the authenticity of the records. Chapter Seven presents a model for the technological features for preservation systems across the three case studies that support the authenticity of digital records.  Finally, Chapter Eight discusses the findings of this study and suggests areas where further research could be conducted.  15   The appendices include the instrument used in the conduct of the interviews for the case studies and other related material.  16   “Records, the fundamental instrument of business transactions, are mutating from a concrete, static structured document to formless, dynamic data that resides in a computer’s memory or on a disk.” -- Wendy Duff, (1996, p. 29) “Ensuring the Preservation of Reliable Evidence: A Research Project Funded by NHPRC,” Archivaria 42.  Chapter Two: Literature Review  2.1 Introduction Whereas paper records are static in their construction and can be read by humans hundreds of years after their creation, digital records are far more reliant upon computer intermediaries (i.e., hardware and software) to be viewed and understood.  Furthermore, technological advances heavily influence and change the forms in which these records are created, communicated, and stored (Blouin, 1996; Cook, 2007), but “establishing and guaranteeing authenticity [of these digital records] are still discussed as urgent problems yet to be solved” (Rogers, 2015a, p. 110).  These technological changes place a much stronger need on digital records to provide evidence that supports their presumption of authenticity, that is, that the record has not been modified or corrupted and remains what it purports to be (Authenticity Task Force, 2000).  Many of the most commonly used definitions of what it means to be ‘authentic’ can be difficult to translate with precision into requirements, particularly with regards to digital records, which reside within computer systems built upon binary operations.  It is this difficulty in applying traditional definitions of authenticity to digital records (which have often been removed from their systems of creation) that provides, as Bantin (1998, p. 18)  17   states, “the impetus for a fuller and more urgent discussion of the issues.” Mak (2012) notes that these “protracted debates about authenticity of digitized and ‘born-digital’ materials indicate that there may be no simple solution to these recurring questions of reliability and trust.”  The concept of authenticity lies at the heart of archival theory (Duranti, 1996). From a theoretical perspective, few terms are held more dearly or in higher regard within the archival profession when used in reference to records. The raison d’etre of the archival profession, according to Thibodeau (1991), is to ensure the continuing authenticity of records against willful or accidental alterations. Jenkinson (1965, p. 12-13) stated that one of the guiding principles of archival theory is that records sent to an archives “were preserved in official custody…and free from the suspicion of having been tampered with” and that it is the primary duty of the archivist to retain the impartial and authentic qualities of the records entrusted to their care.  It is because of these qualities that “archives are inherently truthful, mak[ing] them the most reliable source for both law and history, whose purposes are to rule and explain the conduct of society by establishing the truth” (Duranti, 1994, p. 334).  Trust in the authenticity of the records depends on those records having adequate conditions of custody and being secured by the twin notions of ‘trusted custodian’ supported by a ‘trusted repository’ (Sexton, Shepherd, Duke-Williams, & Eveleigh, 2017). . To gain a firm understanding of what authenticity means as it applies to digital records, this study conducted a broad survey of literature from both a theoretical and a technical perspective.  Starting with the historical roots of the concept of  18   authenticity and then continuing through to the evolution of theory and research was necessary to extrapolate the types of evidence that can be captured and produced within computer-based systems in order to provide support to the presumption of authenticity afforded to digital records. What follows is an overview of the current definitions of authenticity found within the field of archival science, a brief overview of the concept of authenticity as it was applied to records from ancient times through modern theory, and then a discussion of select research projects that delved into the nature of authentic digital records.   2.2 Defining Authenticity  Historically, the authenticity of a record was tied to its place of custody.  As record-keeping practices matured, the concept evolved into an inference that was derived from the record’s circumstances of creation, manner, and place of custody.  Given the importance of maintaining authentic records to archival theory, attempts have been made to frame this concept into measurable terms.  The Oxford English Dictionary defines authentic as “Legally Valid”, “real, actual, ‘genuine’”, “Really proceeding from its reputed source”, “Of undisputed origin”, and “Entitled to acceptance or belief, in accordance with fact, or as stating a fact; reliable; trustworthy, of established credit” (Oxford English Dictionary, 1989). Black’s Law Dictionary (Garner & Black, 2014) expands upon that definition to include “duly vested with all necessary formalities and legally attested; competent, credible, and reliable as evidence.”   Looking to more domain-specific definitions, the International Standard on Records Management, published by the International Organization for  19   Standardization (2016) as ISO 15489, provides the definition for an authentic record as "one that can be proven to a) be what it purports to be, b) have been created or sent by the agent purported to have created or sent it, and c) have been created or sent when purported." Also, "[r]ecords should be created at the time of the transaction or the incident to which they relate, or soon afterwards": rather broad terms which Kastenhofer (2015) considers too vague to be of much use. The open-ended time period (‘soon afterwards’) requires the evaluator to ascribe a more critical interpretation and assign a corresponding level of evidence required to prove such.  The Society of American Archivists provides more granularity in its definition, in which states that authenticity refers to “[t]he quality of being genuine, not a counterfeit, and free from tampering, and is typically inferred from internal and external evidence, including its physical characteristics, structure, content, and context” (Pearce-Moses, 2005). The Open Archival Information Systems Reference Model (OAIS) (Consultative Committee for Space Data Systems, 2012, p. 1-9) -- a widely referenced standard for digital preservation -- defines authenticity as “the degree to which a person (or system) regards an object as what it is purported to be” and concludes with “Authenticity is judged on the basis of evidence.”   Narrowing the scope to the views of archival practitioners, a survey of National Archives shows a widely varying notion of authenticity ranging from oblique to specific.  The National Archives and Records Service of South Africa (2006, p.24) presents a somewhat recursive use of the term in defining itself: “Authenticity refers to the degree of confidence that a user can have that the record that he has access to, is the original authentic record” before going on to define an authentic record as:  20   …one that can be proven:  a) to be what it purports to be;  b) to have been created or sent by the person purported to have   created or sent it; and, c) to have been created or sent at the time purported.  The National Archives and Records Administration (2010, p. A-2) of the United States defines authenticity as -- “The property of a record that it is what it purports to be and has not been corrupted” – within the framework of significant properties of the record.  The National Archives of the United Kingdom considers records authentic if “they are what they say they are” (Ministry of Justice & The National Archives, 2009, p. 13). The National Archives of Australia (2011), among the first to explore digital preservation on a large scale, recognizes the need to provide some qualifying evidence by defining an authentic record as possessing “enabling proof that it is what it purports to be and that its purported creators did indeed create it,” and considers authenticity an essential characteristic of a “full and accurate record.”   Records are the natural by-product of transactions – fiscal, legal, societal – that are created and maintained as evidence of those transactions (Belton, 1996; Eastwood, 1994; Library and Archives Canada, 2015; Schellenberg, 1956).  They are considered authentic when they are: created or relied upon by those who needed to act through them; maintained for future action and informational purposes; and “definitely set aside for preservation, tacitly adjudged worthy of being kept…in official custody" (Jenkinson, 1965, p. 8-9).   The courts bestow a high degree of trust in the authenticity of records that are "kept in the regular course of business activity ... as shown by the testimony of the custodian or other qualified witness" (United States, 2015).  Their value, as stated by Duff (2001, p. 230), as  21   “instruments of accountability and evidence depends upon their authenticity, integrity, accessibility, and trustworthiness.” A record’s value as evidence is influenced by its custodian’s ability to prove that these qualities remain intact across space and through time.   From these formal definitions, in order to be authentic, a record must be ‘what it purports to be,’ and uncorrupted with respect to the message it was intended to convey.  This understanding, while widely accepted, is “elegant in its simplicity if challenging to apply” (Rogers, 2015a, p. 99).  It is further complicated when assessing the extent to which any technological migration, reformatting, or upgrades has affected the nature of the digital record so that it can be considered ‘unaltered.’  To develop a robust operational view of authenticity for use in this study, it becomes necessary to understand the evolution of the concept of authenticity and how traditionally held views of archives can be applied to the digital realm. 2.3 Historical Roots of Authenticity The use of archives to store, organize, and protect records as evidence of facts and acts is as old as writing itself.  Along with it came the understanding that the contents of records maintained by these appointed guardians were ascribed a degree of trust.  Posner (1972) credits the first organized archives to the Sumerians, dating to the middle of the fourth millennium B.C.E. While little can be gleaned from the archeological remains as to how their archives functioned administratively, it is believed that the “documents placed in an archive were specifically selected for their retension” (Brosius, 2003, p. 6).  Based on the contents of the records that have been found in the archives of the Hittites, Assyrians, and Mesopotamians, it appears  22   that they were likewise set aside in a centralized repository to provide evidence of religious, administrative, commercial and genealogical activities (Cunningham, 2005).  By the second millennium B.C.E, Egypt had developed an organized system of archives in order to document and safeguard significant transactions and events that supported administrative, legal, and military activities9.  Inferring the authenticity of the records based upon their custody within such archives, the Persians would incorporate the contents of conquered nations’ archives into their own in order to facilitate control over and distribution of the conquered lands10.  By the Hellenistic period, the idea that records were of great value and needed to be protected from theft, loss, and alteration was well established.  Records were considered to be of sufficiently high value that they were stored within religious temples in an attempt to seek divine protection from such tragedies (Tschan, 2015).  It is through this gradual acceptance of the public archives’ role in the security and protection of the records that the explicit granting of authenticity to the records stored within the custody of a public archives can be found.  This concept was so firmly held by the Greeks that legislation was introduced in 330 B.C.E that pronounced a sentence of death unto anyone who altered a record that was in the custody of the Metroon (Athens’s public archives).  Such a stiff penalty illustrates that …the place of preservation had already come to be associated with the perceived authenticity of the record.  That is, a false record                                                  9 The authority of the records contained in these archives were of sufficient power to be seen by the peasants as a symbol of political oppression and were the focus of a revolt in 2200 B.C.E. – resulting in the mob burning the property records contained within (Posner, 1972). 10 These records were of sufficient value in the administration of subjugated nations that, when records maintained by chief of chancery were destroyed in a tent fire, Alexander the Great ordered his staff to reconstruct the missing files from those located at provincial sources (Bradsher, 1989).  23   produced from the Metroon was more likely to be believed than [a true] one produced privately – its evidential value as a record had been increased (Tschan, 2015, p. 35).  As a result, public archives increasingly became the trustworthy depository for not only records of public activities, but also for private records of business and property transactions in order to ensure their preservation and authenticity.  The concept of authenticity within modern archival theory can be traced to Roman law, which regarded archives as a place of great power and responsibility for the care and preservation of records.  This power was formalized within the Codex Justinianus (Code of Justinian), written in 529-565 C.E11, wherein:  the presumption of authenticity was ascribed to documents based upon their deposit within the archives of a public authority; the archives was legally acknowledged as the public place where deeds were deposited for protection from corruption in order to remain capable of providing trustworthy evidence of the actions they recorded (Duranti, 1996), and an official in each province was “appointed as custodian thereof, so that they (records) may be kept from destruction and may be found readily by those who have need of them” (Blume, 2009, Novel 15, p. 4).  By conferring authenticity to the records in their custody, the public archives served a larger role within society to “preserve continuing, and therefore uncorrupted, memory of the actions, and to guarantee the public faith (ut fidem faciant) or truthfulness of the documents themselves” (Duranti, 1994, p. 331).12 The simple act of placing the record within the                                                  11 Upon ascension to the throne, Emperor Justinian appointed a ten-man commission to form a simpler, comprehensive codex of the laws of the land by searching through the public archives for ordinances that were issued by previous rulers and to weed out contradictory or obsolete material (Encyclopedia Britannica, 2016).   12 An illustration of the great importance Roman society placed on depositing a record within an archives can be found in Plutarch’s Life of Cato the Younger.  Within the story, Cato is reluctant to surrender to the archives a decree that was claimed to have been authorized by the Senate until the Consuls swore an oath as to its validity;  24   archives “…is not merely a movement from one place to another; it is an action that allows the record to function as evidence and continuing memory of action” (Tschan, 2015, p. 36). This concept continues today with legal documents, where placing these documents into an authorized record-keeping system of the relevant administrative body “is considered proof of the facts self-indicated and is presumed reliable and accurate based on the source, and authentic based on being supplied to the court with proper form and seals intact” (Cohen, 2015, p. 25). As Europe slipped into the dark ages, records (along with the evidential value they contained) diminished in value and memory as oral testimony came to be trusted over the written word (MacNeil, 2006).  This trend reversed itself after the first millennium of the Common Era as the growth of administration and the increase in literacy created a renewed reliance on records to serve as evidence.  “By the twelfth century,” MacNeil (2006, p. 316) noted, “written proof had become widespread, even in agreements between ordinary people and by the late thirteenth century, written forms of proof had become a requirement for certain claims.”  As this practice of documenting transactions continued to evolve, new methods of ensuring the authenticity of the records were needed.  The development of a notary system added credibility to the legal proof of the claims of the documents by requiring a more formal practice of specific forms and attestation (Iacovino, 2006; MacNeil, 2000c).  Even this was insufficient to guarantee the authenticity of the documents, as forgeries became more sophisticated in order to keep pace with these new practices.                                                  for Plutarch knew that once that decree was deposited in the archives, its authenticity would be beyond reproach (Plutarch, 1919).    25   2.3.1 Rise of Diplomatics  In the period between the fifteenth and the seventeenth century, significant, concerted attempts were made to develop scientifically based methods to test the authenticity of specific forms of records.  Through a detailed critique of the content of a document, Lorenzo Valla developed a technique of textual criticism that unmasked the Donation of Constantine as a forgery in 1440 (Boyle, 1992).  Jean Bodin  advanced the study of the historical method with his work Methodus ad Facilem Historiarum Cognitionem (1566) that detailed methods to assess the reliability of historical sources; while the French jurist François Baudouin’s works from 1542-1569 contributed to the “elaboration of methods for evaluating the authenticity of an historical source” (MacNeil, 2000c, p. 24).  Daniel van Papenbrock, a Jesuit Bollandist, edited several eighteen volumes of the Acta Santorum. In the Propylaeum antiquarium circa veri ac falsi discrimen in vetustis membranis that introduces the second volume of April 1675, he provided a general outline of methods for determining the authenticity of medieval records.  Through applying these methods, Van Papenbrock determined that a diploma issued by the Frankish King Dagobert I was a forgery, and in the process called into question the authenticity of other charters granted by the Merovingian kings (Herde, 2016; Poulimenou, Asonits, & Poulos, 2009; Powell, 1976).   Van Papenbrock’s findings were considered a direct challenge to the patrimonial rights of the rival Benedictines, who responded to Van Papenbrock’s questionable methodology with a treatise of their own. To refute Van Papenbrock’s implications, the French Benedictine monk Dom Jean Mabillon published De re diplomatica libri sex (1709) after a careful comparison of “the material support, seals,  26   ink, script, punctuation, abbreviations, formulas, discourse, types of subscriptions, etc.” from over 200 medieval charters (Duranti, 2007, p. 3).  Mabillon’s work, utilizing a “negative type of critique aimed at revealing falsifications” (Guyotjeannin, 1996, p. 416), is widely considered to be the first effective scientific method for establishing the provenance and authenticity of records of questionable origin.  The methodology proposed by Mabillon formed the basis of the science of diplomatics, or the study of “the genesis, forms, and transmission of archival documents and their relationship with the facts represented in them and with their creator, in order to identify, evaluate and communicate their true nature" (Bellardo & Bellardo, 1992, p. 11).  One of the primary benefits of diplomatics is that the analysis of records is conducted through a uniform methodology and lexicon that can “standardize the information which is collected to appraise, arrange, and describe series and collections” along with the ability to consistently identify copies from originals (Storch, 1998, p. 366).   De re diplomatica continued to serve as the standard text for diplomatics through the 19th century, eventually being replaced by a series of works that incorporated a broader view of the object of diplomatic criticism; including Harry Bresslau’s Handbuch der Urkundenlehre für Deutschland und Italien (1889), Arthur Giry’s Manuel de diplomatique: Diplomes et chartes Chronologie technique: Elements critiques et parties constitutives de la teneur des chartes Les chancelleries; Les actes privés first published in 1893 (1964), and Cesare Paoli’s Programma scolastico di paleografia latina e di diplomatica (1898).  By the early 20th century, archival science began to develop as a distinct branch from diplomatics’ understanding of record components, their relationships, forms and transmissions,  27   and began to lay the foundation for what was to become the essential archival functions of records management, appraisal, arrangement and description (Horsman, Ketelaar, & Thomassen, 2003; Ketelaar, 1996), culminating in the first systematic treatise by Muller, Feith, and Fruin Handleiding voor het ordenen en beschrijven van archieven (1898).  While once taught widely in the Schools of Law in Europe, by the 20th Century, diplomatics was largely relegated to determining the authenticity of medieval charters as trustworthy historical sources until it underwent a renewed interest as a potential method for addressing the growing alarm over the proliferation of digital records.   2.3.2 Modern Diplomatics Recognizing that current archival practices were insufficient to provide a firm understanding of the authenticity of digital records, archival theorists recommended utilizing medieval techniques on the products of modern technologies.  Hugh Taylor wrote in 1988 that “[t]he study of form and phraseology in medieval administrative instruments under the term ‘diplomatics’ can provide a valuable precedent and starting point for a ‘modern diplomatics’" (Taylor, 1988, p. 457).  The Second European Conference on Archives (International Council on Archives, 1989, p. 112) took a similar view when recommending “that the development of the discipline of modern diplomatics be promoted through research in the typology of contemporary records and in the records-creating procedures of contemporary institutions.”  Bearman (2008, p. 38) suggested that if archivists are “to rely on technological intervention to safeguard electronic records of long-term value, they will need to use diplomatics-like principles to identify new forms of records.”  Duranti  (1989a, p. 16)  28   espouses the benefits of the use of diplomatics in that it “studies the facts and will that originated the document, relating them to the purpose and consequences of the act and the document, the genesis of the document, and the character of its physical and intellectual form.”   The proliferation of copies through technological means and the increased formalism of transactional documentation “necessitate a precise understanding of the generation, form, and function of single, particular documents in specific administration… Diplomatics, the study of the ‘elemental archival unit,’ seems to hold promise as a methodology for gaining this microcosmic perspective” (Turner, 1990, p. 91). Diplomatics’ effectivity in assessing a document’s authenticity is a result of its methodological approach that “identifies certain key elements in documentary form which must be present in order for a document to be authentic and enforceable,” as well as determining if the “necessary elements are present [that] could provide a means of authentication for these documents” (Storch, 1998, p. 382).  Duranti provided the foundation for the creation of such a contemporary application of diplomatics with a series of six articles in Archivaria (Duranti, 1989a; 1989b; 1990a; 1990b; 1991; and 1992), later collected in a book (1998), and expanded upon this work through several research projects (to be discussed in greater detail later in this chapter). This contemporary diplomatics draws upon concepts and principles based on jurisprudence, administrative history, and theory, and the nature of modern records management practice “underpinned by a similar belief in the existence of an empirical reality – the world of records and record systems – that is governed by general principles, if not general laws, that are  29   susceptible to discovery through observation and comparison” (MacNeil, 2004, p. 208). Where traditional diplomatics dealt with records of a juridical nature on an individual basis, archival diplomatics draws focus to the larger aggregations of records created in the course of normal business activities.  Archival diplomatics, while showing great promise as a method for determining the authenticity of digital records, is still in its formative stages and evolving with additional research to adapt the ‘old science’ of diplomatics to new uses as technology continues to evolve.  This evolution is particularly true in adapting the traditional diplomatic elements to digital records:   Traditional diplomatic elements such as the physical or juridical persons involved in the formation of the record are less explicitly expressed in electronic than in paper records, and are frequently implicit, inferred, or inherited from the context of the system or some other aspect of the system (Gilliland-Swetland, 2002, p. 206).  The nature of the electronic systems creating and storing the records has a profound effect on the applicability of diplomatics’ concepts.  While in systems containing records that behave similarly to traditional records, the concepts have been shown to be effective, in systems where digital objects are fluid, the utility of diplomatics concepts appears to be limited (MacNeil, 2002).  2.4 Assessing Authenticity in the Digital World Despite the need to maintain authentic, unaltered records, “few are able to identify exactly what is required to ensure, assess and guarantee it” (Rogers, 2015a, p. 99), or more to the point, what evidence is deemed capable of supporting the claim – particularly with regards to digital records.  While the type of content of the  30   records has changed very little over the past century, the physical media and methods used to store and access the digital content have changed dramatically from the paper realm – this change necessitates a corresponding shift in the methods used to determine the authenticity of digital records. For, if the definitions of authenticity quoted previously are to be used as the criteria – i.e. ‘not copied’, ‘genuine’, ‘real’, ‘of undisputed origin’ – on whether a record is authentic or not, then digital records could rarely, if ever, be considered ‘authentic’. In the digital realm, records only occur as a series of binary signs, and their display is rendered as a view controlled by the software’s functionality (Dollar, 1992).  It is this requirement for translation that makes the assessment of the authenticity of digital records a far more complex undertaking than that of their analogue counterpart, as “(m)ost files contain information that is meaningful solely to the software that created them” (Rothenberg, 1995, p. 44).   As such, it has been argued that one cannot preserve the ‘original’ digital record (Bearman, 1992; Duranti, 2005; Lusenet, 2002; Preservation Task Force, 2002).  For Strictly speaking, it is not possible to preserve an electronic record. It is only possible to preserve the ability to reproduce an electronic record. It is always necessary to retrieve from storage the binary digits that make up the record and process them through some software for delivery or presentation (Thibodeau, 2000). Even the ability to reproduce a digital record becomes questionable over time, as the relentless march of technological advances requires constant migration of the file formats (Becker & Nogues, 2012; Duff, 2001; Lee & Tibbo, 2011). “There are no originals (only copies—lots and lots of them),” stated Levy (2000, p. 25), “and no enduring objects (at least not yet).”  Thibodeau (2012) points out that an inherent  31   tension exists in the need to maintain records in a ‘digital’ format – which by nature is fluid, polymorphous, and unstable – and attempts to preserve them – which means to introduce as little change as possible.  If the ‘original’ cannot be preserved, or even understood by its human reader in its natively stored format, how is a representation of digital bits to be assessed as ‘genuine,’ ‘not copied’ or ‘real’ and therefore authentic?   It is the very nature of digital records, with their inseparable reliance upon scales of layered systems, hardware and software intermediaries needed to interpret binary data into a human-readable form (Hurley, 2016), which threatens the very attributes that provide evidence of authenticity: As long as the information created in the course of work in an electronic environment remains in the software and hardware system in which it was created, it loses none of the contextual information which is critical to its meaning, but the transition, or "migration" of data to a new environment threatens to change the way the information looks, feels or operates, and hence what it means (Bearman, 1993, p. 168). This view is supported by Duff (1996, p. 29), who has noted: “As records migrate from a stable paper reality to an intangible electronic existence, their physical attributes, vital for establishing the authenticity and reliability of the evidence they contain, are threatened.”   The widespread use of digital technologies in the conduct of business has resulted in organizations generating more information than in any previous decade of human activity.  According to a 2013 study conducted by SINTEF, nine times more data had been produced in the past two years than all of the previously recorded history (Stiftelsen for Industriell og Teknisk Forskning, 2013). This volume of records, however, comes at a price; as Duranti (1995, p. 9) states:  32   the easiness of electronic records creation and the level of autonomy that it has provided to records creators, coupled with an exhilarating sense of freedom from the chains of bureaucratic structures, procedures, and forms, have produced the sloppiest records creation ever in the history of record making.  This large scale adoption of digital systems to assist in the production, management and storage of digital records has added a greater need to articulate authenticity in the digital age (Duranti & MacNeil, 1996; Lynch, 1994; Rogers, 2015b; Rothenberg, 1999;Trant, 1998). The fact that a digital record is in the custody of an archives is no longer sufficient to assert unquestioned authenticity. The unreliable nature of digital records and the systems that create them (Duranti, 2001), the ease with which digital records can be modified and passed off as originals (such as the doctored press photos noted in Chapter One), and what Kenneally (2001, p.4) refers to as proprietary software’s ‘black box nature,’ where “one can only conjecture as to what happens between the data input and data output stages,“ has led to a general level of distrust in the authenticity of digital records. As this distrust conflicts with the inherent need of archives to appraise and maintain the authenticity of records, the past decade has seen a marked increase in research focused on the concept of authenticity as it applies to digital records.   2.4.1 Transitioning Authenticity to a Digital World From a records-system perspective, much of the technical archival research on authenticity has centered on the use of asynchronous cryptographic hashes, Digital Signatures and Public Key Infrastructure and Digital Signatures (Boudrez, 2007; Gladney, 2009; Jantz & Giarlo, 2005; Lynch, 1998; Wallace, Pordesch, & Brandner, 2007) with a growing interest in the use of forensic tools and techniques  33   (Duranti, 2009b; Duranti & Jansen, 2011; Lee, Kirschenbaum, Chassanoff, Olsen, & Woods, 2012; Majore, Yoo, & Shon, 2014), blockchain (Collins, 2016; Lemieux, 2016; Yermack, 2015) and cloud-based storage (Delozier, 2013; Duranti & Jansen, 2013; Goh, 2014; Hurley, 2016).  While such technologies and authentication techniques can assist in the protection or assessment of authenticity, authentication does not equate authenticity in the long term (Cullen, 2000; Duranti, 2009a; Hirtle, 2000; Roeder, Eppard, Lauriault, & Underwood, 2008).   Authentication technologies can support authenticity across space at a given time, but are, on their own, insufficient to maintain or attest to authenticity across time, due to the limitations of the technological infrastructure driving digital signatures (Gilliland-Swetland, 2002).  Hashing techniques demonstrate that an object has not changed at the bit level since the hash was created (Kil, Sezer, Azab, Ning, & Zhang, 2009; Lynch, 1994; Stern, Adelt, Krummel, & Ackermann, 2008; Zeng, K., 2008); yet most long-term preservation strategies require migration and thus a change of the underlying bits of the record that negates that original hash value.   There exists an unfortunate paucity of literature within the archival domain concerning the technological features of preservation systems implementation -- such as architecture design, storage subsystems, and software coding practices -- and how they support the authenticity of the digital records created and stored within them.  This scarcity may be due, in large part, to a general lack of cross-domain expertise in the technical aspects concerning computer science within the archival community. Regardless, given this shortage, areas of prior research that have provided this study valuable insight into the authenticity of digital records include  34   digital preservation projects, as well as industry standards and specifications drawn from information science, computer science, and information assurance.   2.5 Digital Preservation Research Projects A significant amount of research within the archival field over the past two decades has centered on providing more structure to the understanding of authenticity by delving into the nature of the digital records themselves.  For the purposes of this study, discussion of these research efforts is organized into four broad categories: the use of the literary warrant, the application of archival diplomatics, the preservation of the significant properties of the record, and technological approaches.   In a study concerning the authenticity of digital records, it is particularly ironic to note that several of the archival research projects’ websites frequently cited in journal articles authored by members of that project team are no longer accessible (among them CEDARS, CAMiLEON, and the Pittsburgh Project13); thus illustrating the difficulty of maintaining access to authentic records in the digital age.  What follows is a discussion of three broad categories of archival research projects and their articulation of the components of authenticity as it applies to a digital record.                                                  13 The Pittsburgh Project’s website in particular provides a strong case study on the importance of, as well as the many difficulties and relationships involved in, digital preservation. As mentioned, the project website, containing a great deal of the material created by the project and continually referenced in articles regarding the project, was lost during a server upgrade (The Pittsburgh Project Group, 2010); clearly pointing to the importance of a sound and tested backup policy for the preservation of authentic digital records.  Efforts to retrieve remnants that were recorded on the Internet Archive’s Way Back Machine proved partially successful: “This site was recovered in 2002 (using the Wayback Machine) following its disappearance from the Web site of the University of Pittsburgh. Unfortunately, not all pages were retrievable.“  (http://www.archimuse.com/papers/nhprc/BACartic.html).   35   2.5.1 The Literary Warrant Starting in 1992, the Functional Requirements for Evidence in Record Keeping project out of the University of Pittsburgh (The Pittsburgh Project) used an inductive approach based on the examination of record keeping practices in order to decompose record keeping systems as a method of categorizing the very nature of records themselves into captured, maintained and then useable records (Bearman, 1995; Duff, 1997; Hirtle, 2000; Park, 2001).  Originally planning to study professional culture, the project team decided that the goal was overly ambitious in scope and decided instead to focus on the concept of a literary warrant.14 This shifted focus, according to Duff (1996, p. 37), intended to use “society's requirements for record-keeping, such as the law, regulations, case law, auditing standards, the IS0 9000 suite of standards, and information technology standards” to provide the foundation of a suite of functional requirements for the development and acquisition of records systems.   Although authenticity was not explicitly listed amongst the twenty functional requirements developed for the project, the requirements articulate attributes that infer authenticity, such as the need for: comprehensive, complete (accurate,                                                  14 The use of the term "literary warrant" was an attempt to leverage an older concept first introduced in the literature of Library and Information Science by E. Wyndham Hulme (1911, p. 447) in a novel way that branched from the more traditional definition.  Hulme used the term to refer to the fact that vocabulary used in the Library of Congress classification schema was empirically based on the warrant derived from the contents of library’s holdings rather than external warrants, such as classification theory or researcher needs.  The National Information Standards Organization (1994) contemporaneously with the Pittsburgh Project also released a definition of literary warrant that defined it as: "words and phrases drawn from the literature of the field should determine the formulation of descriptors. When two or more variants have literary warrant… most frequently used term should be selected as the descriptor." The term ‘Literary Warrant’ was chosen, according to Cox  (1997, p. 36), in order to stress the concept that “records are created because of legal, regulatory, professional best practices, and other reasons generally external to the organisation.”  This concept would become the central tenet of the Pittsburgh Project: “We did not anticipate the value of the literary warrant and, in the hindsight now available to us, the concept of the warrant may turn out to be the most important outcome of the project” (Cox, 1997, p. 35).  36   understandable, meaningful) and preserved (inviolate, coherent, auditable) records – qualities that Dollar (2000) viewed as necessary authenticity attributes to document and maintain when preserving authentic digital records.  Any descriptive metadata ascribed to these records were required to be independent of any system in such a way that it could not be “separated from [the records] or changed after the record has been created,” and this metadata “must be captured by the overall system through which business is conducted, which includes personnel, policy, hardware and software” (Bearman & Sochats, 1996).   This data resides through the multiple ‘layers’ of the information creation and usage processes15, requiring the preserver to have access to the various layers on the creator, user(s) and custodian(s) records-systems in order to capture the needed metadata through space and across time. In the end, few testbeds implemented the literary warrant, and as a result, the impact of the concept on record-keeping systems remains mostly unknown. That is not to say that the entire concept is no longer relevant – the need to identify the various layers that impact a record from creation through delivery is still an important factor in supporting a record’s authenticity, as is the need for “metadata [to] be linked inextricably to each record… [so that] the metadata ‘describes’ the content and context of the records, while ensuring the preservation of information essential to future decoding of the records' structure” (Bearman & Duff, 1996, p. 278) independently of any system of creation or storage.  Rather, more recent research projects have shown to have a more significant impact in assessing the authenticity                                                  15 The six layers as described by Duff (Duff, Wendy M., 1996) are: the handle layer (declaration of the digital object to be a record), terms and conditions (control, use and access information), structural layer (necessary structural information to maintain value as evidence), contextual layer (provenance), content (actual data of the transaction), and, the use history layer (actions taken after creation e.g. indexing, redactions, destruction).  37   of digital records, and several standards were issued that allow for the more effective interchange of evidence that supports authenticity through uniformity in payload construction (e.g., METS, MIX, and PREMIS from the Library of Congress16). 2.5.2 Application of Archival Diplomatics While the creation, use, and storage of records may have noticeably evolved over the centuries, the application of diplomatics’ concepts to the digital realm is still useful to assessing a record’s authenticity (Blouin, 1996). The process of analysis that diplomatics uses to decompose a record into its constituent extrinsic (which can be physically seen) and intrinsic (which determine the intellectual construction of the content) elements for comparison to other records is as relevant to 21st century digital records as it was to 17th century charters (Jansen, 2015). To address these changes in the context of digital records, a series of research projects out of the University of British Columbia (beginning with the UBC-MAS project, 1994-1997, and continuing with the four phases of the InterPARES project, 1998 - current) integrated modern record contexts with traditional diplomatics to develop archival diplomatics (MacNeil, 2004). This discipline combines modern archival theory with traditional diplomatics “based on jurisprudence, the history and theory of administration, and an extensive and centuries-old body of written reflection and experience about the nature of records and record-keeping practices in bureaucratic organizations”                                                  16 METS stands for Metadata Encoding and Transmission Standard, “a standard for encoding descriptive, administrative, and structural metadata regarding objects within a digital library” (Library of Congress, 2018a); MIX stands for Metadata For Images in XML, a “set of technical data elements required to manage digital image collections” (Library of Congress, 2015a); PREMIS stands for Preservation Metadata: Implementation Strategies, “the international standard for metadata to support the preservation of digital objects and ensure their long-term usability” (Library of Congress, 2015b).  38   (MacNeil, 2004, p. 205).  What follows is a discussion of those archival research projects that use an archival diplomatics based approach for the assessment of the authenticity of digital records. 2.5.2.1 Preservation of the Integrity of Electronic Records – The UBC-MAS Project (1994-1997) Started in 1994, The Protection of the Integrity of Electronic Records research project (termed the UBC-MAS Project) was the first research project to use a methodology that integrated the individual record centric approach of diplomatics with the modern archival science focus on record aggregations thereby creating archival diplomatics (Duranti, Eastwood, & MacNeil, 2002).  The project focused on identifying those conceptual requirements that express the necessary and sufficient components of a reliable, authentic and complete digital record in order to ensure the long-term integrity of authentic digital records created, used or maintained in electronic systems (Duranti, Macneil, & Underwood, 1996).  From a deductive application of diplomatics’ concepts17 to digital records, the UBC-MAS Project distilled a set of requirements -- articulated as a set of templates as well as a model -- that could be used to evaluate those elements of records that constitute the conceptual basis for establishing, firstly, whether a given electronic system contains records and, secondly, whether these records can be considered reliable and authentic (Duranti & MacNeil, 1996, p. 47).                                                   17 The UBC-MAS project was contemporaneous with The Pittsburgh Project and in many ways was considered its rival due to the two projects noticeably different methodological and theoretical approaches to the assessment of the authenticity of digital records.  Where the Pittsburgh Project was inductive, the UBC-MAS Project used a deductive approach; where the Pittsburgh Project focused on the records systems and societal mandate, the UBC-MAS Project focused on records as witnesses to activities and the diplomatics-based attributes they contained.  39    Where the eight templates developed by the project presented the conceptual elements capable of identifying complete, reliable and authentic digital records (Duranti & MacNeil, 1996, p. 218-233), the model translated those conceptual elements into an activity and entity model that illustrated “the relationships of their components from well-identified viewpoints and for determined purposes.” This model proved “useful for the purposes of analyzing and graphically representing the diplomatic and archival concepts, and making their meaning comprehensible and relevant to system designers” (Duranti & MacNeil, 1996, p. 48) by providing the inputs, outputs, mechanisms and constraints for each activity in a hierarchical relationship.  The work of the UBC-MAS project was used by the US Department of Defense’s Records Management Task Force as a foundation for the development of the Department of Defense 5015.2 Records Management Standard (Thibodeau & Prescott, 1996; United States Department of Defense, 2007).  2.5.2.2 InterPARES (1998 - 2018) The International Research on Permanent Authentic Records in Electronic Systems (InterPARES) project built upon the foundation laid by the UBC-MAS Project in an attempt to identify those elements that are common to all digital records selected for permanent preservation that exist in administrative or legal systems; and then once identified, to develop the methodology to verify the digital records’ authenticity over time (InterPARES, 2016c).  Employing a theoretical-deductive approach (to identify the key elements), as well as an empirical-inductive one (to collect and analyze data from case studies), the project added to the findings of the  40   UBC-MAS Project by expanding upon the core elements considered necessary and sufficient for the authenticity of digital records.   The first phase of the project (1998-2001) developed a pair of templates whose purpose was to “prescribe the components that electronic records ought to possess rather than to identify the nature and purpose of the components electronic records actually do possess” (MacNeil, 2004, p. 225). The Template for Analysis detailed to what extent the individual elements of a record are instrumental in determining a record’s authenticity by defining each of the necessary elements the record should possess through a broader focus on its administrative and documentary contexts.  This new analysis method resulted in an expanded view of the ‘ideal form’ of a digital record (MacNeil, 2004).  The Requirements for Assessing and Maintaining the Authenticity of Electronic Records template was developed to specify the conditions necessary to allow preservers to assess the authenticity of electronic records in their custody (Authenticity Task Force, 2002).  By observing that the conditions stipulated by the benchmark requirements were satisfied by the creator, the custodian could infer the authenticity of records being preserved on the “basis of the manner in which the records have been created, handled, and maintained by the creator” (Authenticity Task Force, 2002, p. 4).18  The second phase of the project (2002-2007) found that the central postulate of diplomatics -- that “regardless of differences in nature, provenance or date, from a                                                  18 The project also identified several perspectives that could be used to form a typology of records supporting the assessment of authenticity, but none proved capable of being effective across the myriad of different record and system types.  Based on the findings, it recommended that such a typology would need to focus on the creators themselves, as well as the acts, procedures and functions that they perform (Authenticity Task Force, 2001) – laying the foundation for the relationship between a record’s authenticity and the process and chain of custody of the record.  41   formal point of view all records are similar enough to make it possible to conceive of one typical, ideal documentary form containing al