Re: Has anyone looked at digital archiving?

["Parker, Ron" <Ron.Parker () BRAZOSPORT EDU>]

There was a presentation at the EDUCAUSE Southwest Regional Conference
in February that discussed the formation of the Texas Digital Library.
Although I don't remember them addressing your specific questions in
detail, I would think they would be good folks to contact to find out
about approaches to these problems. I remember them discussing the
challenges of storing large amounts of digital content. I can't get to
the EDUCAUSE web site (probably my problem, not theirs) right now so I
can't tell you the presenter's name but you can see the presentation in
the program on Wednesday's list of sessions. 
 
Mark McFarland is listed as technical director on the Texas Digital
Library website at www.lib.utsystem.edu. I think he may be the person
that presented at the conference but I can't confirm that at the moment.

 
--
Ron Parker, Director of Information Technology, Brazosport College

 


________________________________

        From: James H Moore [mailto:jhmfa () RIT EDU] 
        Sent: Wednesday, April 12, 2006 3:43 PM
        To: SECURITY () LISTSERV EDUCAUSE EDU
        Subject: [SECURITY] Has anyone looked at digital archiving?
        
        

        A very talented systems administrator with very good security
knowledge, named Chris asked me a question about digital archiving, and
after a conversation, we had more questions than answers.

         

        The situation:

        Different groups on campus are looking to the library to archive
campus publications (among other things).  Since these are in digital
format usually, they want to submit them electronically.  Disk is cheap.
No problem ... well some of them are kind of large.  

         

        Chris asks them how long are they going to be stored and when
they might be used when retrieved.  The answer "40 years" comes from
somewhere.  And they just figure that someone might want to do "40 years
ago" column, or some other historical research, etc.  Chris starts to
wonder about digital signatures to verify integrity.  This is where we
start to ask questions.  We realize that we are thinking about getting
the C I A right for the next few days or months, not 40 years.
Integrity and availability have a much different meaning 40 years out.
Digital signatures will tell if the image has been tampered with, but
what would be nice is something with ECC built-in so that the original
state could be recovered if corrupted.

         

        Then we talk about media.  The temptation is to put it on CDRs
or writable DVDs and store them well.  I ask about 8 inch floppies.
That technology isn't 40 years old, but I don't have anything to read
them with.  Will the same happen to CDs and DVDs in 40 years?  People
used to go through mag tape refreshes every few years. But as you sum up
the archiving disks that you might burn, year upon year, after a number
of years, just converting and retiring media could become a fulltime
job.

         

        Then we realize that we are talking about things like Word 2003
and Adobe 7.  What will Word 2046 look like?  Will it read Word 2003
documents?  Will Internet Explorer 23 still be patched with almost every
Microsoft patch cycle?  Oops, got off of the subject.  You get the
picture.  Word 2003 seems to go back to Word 95.  But even then you get
messages like "Formatting may be lost" when it wants to convert on
opening.  And it doesn't say anything about Word 6, the predecessor to
Word 95.  So where does integrity and availability go in archiving for
40 years?

         

        Has anyone looked at this type of issue from a practical
standpoint?  Any solutions?

        - - - -
        Jim Moore, CISSP, IAM
        Information Security Officer
        Rochester Institute of Technology
        13 Lomb Memorial Drive
        Rochester, NY 14623-5603
        (585) 475-5406 (office)
        (585) 475-4122 (lab)
        (585) 475-7950 (fax)

        "We will have a chance when we are as efficient at communicating
information security best practices, as hackers and criminals are at
sharing attack information"  - Peter Presidio