Duranti, Luciana. “Historical Documentary Memory in the Cloud: An Oxymoron or the Inescapable Future?” Revista D'arxius (2013), p. 19-60.
Existing Citations
archives : Archives are regarded as the trusted custodians of our historical documentary memory. For millennia the place where this memory is kept has been as important to its permanence and quality as the knowledge of the professionals responsible for it. In the Justinian Code, which is the summa of all Roman law and jurisprudence, an archives is defined as locus publicus in quo instrumenta deponuntur (i.e., the public place where deeds are deposited), quatenus incorrupta maneant (i.e., so that they remain uncorrupted), fidem faciant (i.e., provide trustworthy evidence), and perpetua rei memoria sit (i.e., and be continuing memory of that to which they attest). [Note omitted.] (†479)
archives : In the ancient world, the archives was a place of preservation under the jurisdiction of a public authority. This place, public as well, endowed the documents that passed its threshold with trustworthiness, thereby giving them the capacity of serving as evidence and continuing memory of facts and acts. (†480)
cloud : Control is what archives lose by putting their holdings on the Cloud. In a public Cloud, they would have no control over whom they share their Cloud with or to whom services are delegated by the primary provider. Also the terms of service or privacy policy may change after the contract has been signed; contract may be terminated and providers and sub-providers may also be terminated: this would determine lack of sustainability for archival functions and lack of portability and continuity for the holdings. As audit is not allowed in the Cloud, it is not possible to know whether back-up is regularly done, whether material is lost or has become inaccessible as a consequence of hardware/software obsolescence, and whether accruals of existing fonds are integrated with them. (†499)
cloud computing : There are four standard deployment models for Cloud architecture that broadly characterize the management and disposition of computational resources for service delivery . . . [public, private, community, and hybrid].
¶ Clouds conform to one of three service models . . . [software as a service, platform as a service, infrastructure as a service]. (†481)
cloud provider : Cloud providers offer two choices among things that most archives would consider all non-renounceable. The first choice is between Transparency and Security: they offer “trust through technology” rather than through knowledge, objectivity, repeatability, and verifiability. Security based on technology involves location independence, a core aspect of the cloud delivery model – as mentioned earlier, because sharding and obfuscation cannot happen without spreading the records among servers in data centers around the globe. The second choice Cloud providers offer is between Control and Economy: they offer “trust through control on expenditures” rather than through the ability to audit how the documents are managed. (†497)
community cloud : A community cloud infrastructure is shared by two or more organizations with common privacy, security, and regulatory considerations. It may be managed by the organizations or a third party, and may be hosted internally or externally. (†484)
custody : The primary justification of custody is historical accountability: the citizens have a right to access the documentary evidence of how they were governed. For this to happen, the documents must be under the physical and intellectual control of a neutral third party. (†489)
hybrid cloud : The most complex [deployment model] is the hybrid cloud, composed of two or more Clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability. (†485)
Infrastructure as a Service (IaaS) : Infrastructure as a Service (IaaS) offers the consumer on-demand access to the basic computing infrastructure of servers, software, and network equipment. The consumer does not manage or control the underlying Cloud hardware and software infrastructure components, but has broad freedom and control over operating systems, storage, deployed applications, and some networking components (e.g. host firewalls). Security of consumer-chosen elements is carried out mainly by the consumer. (†488)
metadata : Metadata may also constitute a risk. How do metadata follow or trace records in the cloud? How are these metadata migrated as a record preservation activity over time? Is the Cloud provider creating metadata related to the management of the records? (†500)
Platform as a Service (PaaS) : Platform as a Service (PaaS) offers the consumer on-demand access to the computing platform upon which applications can be developed and deployed. The consumer controls applications and environment settings, and security is split between the Cloud provider and Cloud consumer. (†487)
post-custodialism : The 1991 article by David Bearman, “An Indefensible Bastion: Archives as a Repository in the Electronic Age,”5 significantly shook all established assumptions about archives, claiming that the existence of archival institutions or organizations having the physical and legal custody of archives was due to conditions that no longer existed: 1) the need to protect the physical integrity of the records, 2) the economic advantage of concentrating historical material in one place, and 3) the benefit to users of having related materials accessible in the same place. Bearman’s proposal was for archivists to leave the electronic records with the creators as they could be easily copied and made accessible on disc, and to limit their responsibilities to keeping paper records and to providing creators with directions for preservation and dissemination of electronic records, monitoring the way in which they carried out such activities. . . .
¶ This trend, which came to be called “postcustodialism,” found much support in Australia and some in the Netherlands, but generally was not accepted by the international archival community, and appeared to have been definitely buried in 1998 by the renaming of the Australia Commonwealth Archives Office “National Archives of Australia” and the attribution to it of the primary mandate of preserving the “national archival collection.” However, fifteen years later, albeit by another name, the idea of postcustodialism is again raising its ugly head, but this time it is not concerning only electronic records created by government agencies, but all records, born digital and digitised, be they indivisible archival aggregations or isolated documents only virtually connected, public or private, old or new, open to access or not, destined to be kept forever or for a nano second. Today’s postcustodialism is called “Cloud computing.” [Notes omitted.] (†490)
post-custodialism : Fifteen years later, albeit by another name, the idea of postcustodialism is again raising its ugly head, but this time it is not concerning only electronic records created by government agencies, but all records, born digital and digitised, be they indivisible archival aggregations or isolated documents only virtually connected, public or private, old or new, open to access or not, destined to be kept forever or for a nano second. Today’s postcustodialism is called “Cloud computing.” (†491)
post-custodialism : While the original postcustodialism was a form of distributed physical and legal custody of archival material, whose care would be entirely entrusted (admittedly, under monitoring by the archivist) to those who have the highest interest in modifying or destroying that which does not serve the image they wish to project of themselves – the creators, the new postcustodialism requires that centralised legal custody and intellectual control responsibility be left with the archives, but it delegates physical custody and technological access provisions to the Cloud provider, which can be the archives itself (private Cloud), an archival community (community Cloud), a commercial provider (public Cloud), or a mix of the three (hybrid Cloud). Thus, while it is clear that creators could not be trusted with the historical documentary memory of our times, we are left wondering whether the Cloud should be trusted, and consequently whether the object of its custody, the historical documents it stores, would be trustworthy. (†492)
private cloud : A private Cloud infrastructure is operated for a single organisation, that is, the material kept in it does not share space with material belonging to other individuals or organizations. A private Cloud may be managed by the organization or by a third party, and may be hosted within the organization’s IT infrastructure, or externally. (†482)
public cloud : Public Cloud infrastructure is made available to the general public over the Internet. By definition external to the customers’ organization, public clouds are owned and operated by third-party providers, and usage is subject to detailed service level agreements. (†483)
risk : A risk is defined as the probability that an adverse event will occur multiplied by the impact that such event would have. It is really a question of comparison among available choices: if it is not possible to have all one wishes to have, what is one to give up with the least consequences? (†496)
risk : The risks involved in the adoption of a Cloud environment for the storage and preservation of our historical documentary memory by far outweigh the benefits, to the point that the association of the idea of historical memory with the idea of Cloud sounds like an oxymoron. (†501)
security : Security, the biggest benefit of the Cloud, presents also the biggest risk. There can be unauthorized access provided to sub-contractors, and hackers tend to attack Cloud environments much more than in-house systems. It is not a matter of if but when a breach will occur. (†498)
Software as a Service (SaaS) : Software as a Service (SaaS) offers the consumer on-demand access to one or more applications and the computational resources to run them. The Cloud provider carries out management, control, and security of network, servers, operating systems, applications, and storage. (†486)
trust : In business, trust involves confidence of one party in another, based on an alignment of value systems with respect to specific benefits in a relationship of equals. In jurisprudence, trust is usually described as a relationship of vulnerability, dependence, and reliance in which we participate voluntarily. In substance, trust means having the confidence to act without the full knowledge needed to act. (†493)
trust : Traditionally, trust in records is based on four types of information about their custodian: reputation, which results from an evaluation of the trustee’s past actions and conduct; performance, which is the relationship between the trustee’s present actions and the conduct required to fulfill his or her current responsibilities as specified by the trustor; competence, which consists of having the knowledge, skills, talents, and traits required to be able to perform a task to any given standard; and confidence, which is an assurance of expectation of action and conduct the trustor has in the trustee (†494)
trust : The parameters of trust in one cultural context may be very different from those in another context. (†495)