Trust in digital records: An increasingly cloudy legal area

“…A record is properly understood as "a document created (i.e., made or received and set aside for further action or reference) by a physical or juridical person in the course of a practical activity as an instrument or by-product of such activity" ( [7], citing [10]). This is no mere technical statement: the record is distinguished from all other data by its ability to serve as evidence of facts and acts:…”

“…-T. Eastwood [9] Duranti and Rogers ( [7], p. 524) examine in detail the necessary elements of a record: "(1) an identifiable context; (2) three identifiable persons concurring in its creation; (3) an action, in which the record participates or which the record supports either procedurally or as part of the decision-making process; (4) explicit linkages to other records within or outside the digital system, through a classification code or other unique identifier; (5) a fixed form; and (6) a stable content." Thus, there exist many records in electronic systems, although the conception of "fixed form" and "stable content" necessarily differs as compared to physical records: "A digital record has a fixed form if its binary content is stored so that the message it conveys can be rendered with the same documentary presentation it had on the screen when first saved, even if its digital presentation has been changed, for example, from .doc to .pdf.…”

“…Even in the absence of malice, cloud-based recordkeeping poses a number of unanswered questions. The challenges identified by Duranti and Rogers [7]-including managing trans-jurisdictional data flows, attributing liability for and resolving data breaches, and establishing the chain of custody when a cloud service provider goes dark-remain unresolved. Given the potential risks, why individuals and organizations continue to store records in cloud environments?…”

“…Given the potential risks, why individuals and organizations continue to store records in cloud environments? Is it because of a "blind trust" that the commercial providers will do right by us [7]? Is it hope that they will do so?…”

“…Instead, technological tools must be supported by legal, social, and business structures that set the bar for minimum expectations for CSPs, ensuring that cloud recordkeeping will not endanger the preservation of our recorded memory and the continual functioning of society. While some organizations might indeed scrutinize the "reputation, performance, competence, and confidence" [7] of CSPs to verify their trustworthiness, research and experience show that many continue to be quite liberal with the choice of whom they entrust with their records. In such cases-where society is relying upon a service without assurances of its quality-the law often steps in to provide the certainty and trust that users cannot obtain on their own (see, e.g., [8]).…”

Trust in the Balance: Data Protection Laws as Tools for Privacy and Security in the Cloud

“…A record is properly understood as "a document created (i.e., made or received and set aside for further action or reference) by a physical or juridical person in the course of a practical activity as an instrument or by-product of such activity" ( [7], citing [10]). This is no mere technical statement: the record is distinguished from all other data by its ability to serve as evidence of facts and acts:…”

“…-T. Eastwood [9] Duranti and Rogers ( [7], p. 524) examine in detail the necessary elements of a record: "(1) an identifiable context; (2) three identifiable persons concurring in its creation; (3) an action, in which the record participates or which the record supports either procedurally or as part of the decision-making process; (4) explicit linkages to other records within or outside the digital system, through a classification code or other unique identifier; (5) a fixed form; and (6) a stable content." Thus, there exist many records in electronic systems, although the conception of "fixed form" and "stable content" necessarily differs as compared to physical records: "A digital record has a fixed form if its binary content is stored so that the message it conveys can be rendered with the same documentary presentation it had on the screen when first saved, even if its digital presentation has been changed, for example, from .doc to .pdf.…”

“…Even in the absence of malice, cloud-based recordkeeping poses a number of unanswered questions. The challenges identified by Duranti and Rogers [7]-including managing trans-jurisdictional data flows, attributing liability for and resolving data breaches, and establishing the chain of custody when a cloud service provider goes dark-remain unresolved. Given the potential risks, why individuals and organizations continue to store records in cloud environments?…”

“…Given the potential risks, why individuals and organizations continue to store records in cloud environments? Is it because of a "blind trust" that the commercial providers will do right by us [7]? Is it hope that they will do so?…”

“…Instead, technological tools must be supported by legal, social, and business structures that set the bar for minimum expectations for CSPs, ensuring that cloud recordkeeping will not endanger the preservation of our recorded memory and the continual functioning of society. While some organizations might indeed scrutinize the "reputation, performance, competence, and confidence" [7] of CSPs to verify their trustworthiness, research and experience show that many continue to be quite liberal with the choice of whom they entrust with their records. In such cases-where society is relying upon a service without assurances of its quality-the law often steps in to provide the certainty and trust that users cannot obtain on their own (see, e.g., [8]).…”

Trust in the Balance: Data Protection Laws as Tools for Privacy and Security in the Cloud

Private Cloud Storage Forensics: Seafile as a Case Study

Documentary Heritage in the Cloud