Building Communities of “Trust”

Micah Altman, Institute for Quantitative Social Science, Harvard University

Prepared for Private LOCKSS Networks: Community-based Approaches to Distributed Digital Preservation

EducopiaOctober 2010

Collaborators*

Building Communities of “Trust”2

Margaret Adams, George Alter, Ed Bachman, Adam Buchbinder, Ken Bollen, Bryan Beecher, Steve Burling, Darrell Donakowski, Gary King, Patrick King, Bill Lefurgy, Jared Lyle, Marc Maynard, Amy Pienta, Lois Timms-Ferrarra.

Research SupportThanks to the Library of Congress (PA#NDP03-1), the

National Science Foundation (DMS-0835500, SES 0112072), IMLS (LG-05-09-0041-09), the Harvard University Library, the Institute for Quantitative Social Science, the Harvard-MIT Data Center, and the Murray Research Archive.

* And co-conspirators

Related Work

Building Communities of “Trust”3

Reprints available from: http://maltman.hmdc.harvard.edu

Altman, M., Beecher, B., and Crabtree, J.; with L. Andreev, E. Bachman, A. Buchbinder, S. Burling, P. King, M. Maynard.. (2009). "A Prototype Platform for Policy-Based Archival Replication." Against the Grain. 21(2): 44-47.

Altman, M., Adams, M., Crabtree, J., Donakowski, D., Maynard, M., Pienta, A., & Young, C. (2009). "Digital preservation through archival collaboration: The Data Preservation Alliance for the Social Sciences." The American Archivist. 72(1): 169-182

Myron Gutmann, Abrahamson, M, Adams, M.O., Altman, M, Arms, C., Bollen, K., Carlson, M., Crabtree, J., Donakowski, D., King, G., Lyle, J., Maynard, M., Pienta, A., Rockwell, R, Timms-Ferrara L., Young, C., 2009. "From Preserving the Past to Preserving the Future: The Data-PASS Project and the challenges of preserving digital social science data", Library Trends 57(3):315-33

Micah Altman, 2009. "Transformative Effects of NDIIPP, the case of the Henry A. Murray Archive", Library Trends 57(3): 338-35

Structuring Collaboration for Preservation Risks.

How can virtual organizations reduce preservation risks?

Trust. What trust relationships should virtual

organizations establish among members? Evaluation.

How should the virtual organization and relationships be evaluated?

Building Communities of “Trust”4

Conjectures

Organizations reduce preservation risk by: Providing systematic redundancy across diverse …

Technical approaches: software, hardware, formats Institutional environments: funding models, legal regime Institutional control: curation, deaccessioning

Enhancing preservation readiness: Awareness of risks and risk management approaches Awareness & use of best practices Active exercise of cataloging information, licensing

terms, API’s Trust and evaluation should be based on:

Linking policy objectives to explicitly-defined roles, actions, and expected outcomes

Continuous evaluation and monitoring based on organizational incentives, capacity, & commitments

Building Communities of “Trust”5

One tool… SAFE-ArchivePolicy-Based Replication & Auditing

Facilitating collaborative replication and preservation with technology…

Collaborators declare explicit non-uniform resource commitments

Policy records commitments, storage network properties

Storage layer provides replication, integrity, freshness, versioning

SAFE-Archive software provides monitoring, auditing, and provisioning

Content is harvested through HTTP (LOCKSS) or OAI-PMH

Integration of LOCKSS, The Dataverse Network, TRAC

Building Communities of “Trust”6

Storage Layers Other than LOCKSSSystem Risks Advantages

LOCKSS -Single implementation-Small installed base-Small development community-Scalability

-Designed for preservation-Fault-tolerant-Minimal trust model-Harvesting functions

IRODS -Single implementation-Small installed base-Small development community-Complexity of rules system-No integrity built in (use ACE?)

-Flexible rules-Scaleable

GnuNet, Freenet, Tahoe-LAFS

-Complexity of integration-No support for versioning

-Fault tolerant-Moderate installed base-Multiple implementations

CrashPlanSpiderOakMozy

-Closed source-Difficult to integrate with-Licensing fees

-Multiple implementations-Extensive target storage support-Extensive reporting-Commercial support

Building Communities of “Trust”7

Why this tool?

To facilitate institutions in making commitments aligned with their policies and incentives, and

Automatically execute and monitor those commitments and policies

Support Data-PASS partnership agreements and transfer protocols

This tool provides a thin slice of functionality through the entire policy stack…

Building Communities of “Trust”8

Another Why…

Building Communities of “Trust”9

R.I.P.

Organizational Support

Building Communities of “Trust”10

NSDA

PLN

EDUCOPIA

DATA-PASS

SAFE

Risk Management Risk Identification Vulnerability Analysis Process, Systems,

Institutional Controls Detection Verification Diversification Replication Insurance

Building Communities of “Trust”11

Economic models Advocacy Outreach Mission Strategic planning Strategic

collaboration Transparency

Note on “distributed”:

- “Distributed” -> multiple autonomous systems + communication channels,- distributed systems often associated with heterogeneous communication costs- “Distributed” ≠ {Replicated, Fault tolerant, Diversified}

Sustainability

Building Communities of “Trust”12

THREAT MODELS

Category Source

Technical

Media failure natural, human error, malice

Media obsolescence

natural

Format obsolescence

natural

Software infrastructure

human error, malice

Network infrastructure

natural, human error, malice

External Institution

Third party attacks human error, malice

Loss of funding natural, human error, malice

Change of legal regime

natural

Internal InstitutionCuratorial modification

human error, malice

Loss of institutional knowledge

natural, human error, malice

Mission change human errorIngest incomplete human error, maliceAcquisition failure natural, human error,

malice

When Describing Mitigation Strategies

Describe threat category and source

Describe domain over which mitigation is applied

Describe what is being monitored or verified

Trust is an Overloaded Term

Individual character - Mensch-like behavior “Trusted systems” Provenance of content Fault tolerant systems Cryptographic privacy/integrity guarantees Good inter-institutional relationships Good institutional reputation Statistical reliability

Building Communities of “Trust”13

Evaluation Levels Do documented policies & procedures exist?

SAS 70 Type I: point-in-time; controls in operation; documented/presented; suitable for control objective

Are operations consistent with policies and procedures?SAS 70 Type II: tests of control effectiveness over time

Do policies and procedures reflect appropriate/good/best practices in place to obtain objectives?FISMA Certification: evaluates objectives, threats, vulnerabilities, recommends controls

Are objectives, goals, mission, values consistent? Examples: CRL, charity navigator

Does institution have the fitness to honor commitments?Examples: CRL, Standard & Poor’s, Moody’s

Building Communities of “Trust”14

System Analysis

Threat Modeling

Vulnerability Identification

Analysis- likelihood- impact- mitigating controls

InstituteSelected

Controls

Testing and Auditing

Information Security Control Selection Process

What can we Learn from Open Source Dev

Most OSS projects have limited success, at best Most fail/expire Most have single/small group of developers

If you build it, users may come Developers may come if people who use your tool also

develop it Incentives

Ego Reputation Linked to job incentives

Structure Have a leader (or small cabal) at any point in time Transparency Governance is linked to participation

Building Communities of “Trust”15

Knowledge Goods

Building Communities of “Trust”16

Software

Best Practic

e

Preserved

Digital Content

Storage Provisioni

ng

Funding

(Thin Market

)Acquisiti

onPool

Clients

More Questions• Policy and evaluation.

What policies should members adopt to the use of collaboratives in their preservation strategy?

How should members document the ways in which collaboratives support their preservation strategy?

When a preservation strategy relies on a collaborative, how should evaluators approach assessment of the collaborative?

Examination of risks Which preservation risks are collaboratives/virtual organizations  in the best position to

mitigate? What additional risks do virtual organizations and collaboratives create? How do characteristics of a collaborative, such as geographical diversity affect its ability

to reduce preservation risks for its members? How do we define “Trust” in ……. preservation partners preservation technologies and components preservation collaborations

Who is trusting whom to do what? And what happens if they don’t?

Trust but Verify How can collaborations balance trust and risk? What evidence is required to substantiate trust?

Audit Reports? MOU’s? Contracts?

Building Communities of “Trust”17

Contact Us

Building Communities of “Trust”18

Micah Altman

maltman.hmdc.harvard.edu

Jonathan Crabtree

www.irss.unc.edu/odum/jsp/content_node.jsp?nodeid=522

Nancy McGovernwww.icpsr.org/icpsrweb/ICPSR/staff/mcgovern.jsp