Introduction

This chapter discusses the certification of digital records and their long-term preservation as authentic records. Two scenarios in which the records’ trustworthiness might be questioned are examined. The first scenario addresses digital records and their potential inadmissibility as evidence to external audits. The examples from the African context, and particularly from South Africa, are discussed, followed by an analysis of the framework to certify the trustworthiness of digital records that support the audit process.

The second scenario examines challenges of long-term preservation of digitally signed or sealed records relying on certificates which normally have a short life span. It focuses on long-term preservation of the validity information of digital signatures or seals. A blockchain-based model, showing that periodical re-signing or re-timestamping of records is not necessary, is presented. Even though the two scenarios are focused on the auditing process and the digitally signed or sealed records, both the framework and the model can be applied broadly, wherever records need to be relied on as accurate and authentic. In order to better understand the two scenarios, a discussion of the concept of authenticity is offered.

Authentic digital records

The widespread use of technology to conduct government activities has resulted in an increased creation of digital records. This development brings with it issues about the reliability and authenticity of digital records (Park, 2001, 270).

Duranti and Thibodeau (2006) identify three types of digital records: (1) computer stored records; (2) computer generated records; and (3) computer stored and generated records. Computer stored records contain human statements. They are created in the course of business and can be in the form of, for example, e-mail messages or word-processing documents. They may be used as substantive evidence, i.e. evidence of their content. In comparison, computer generated records do not contain human statements. They are the output of a computer program designed to process input following a defined algorithm, for example server log-in records from internet service providers, ATM records, etc. They may be used as demonstrative evidence, i.e. evidence of the action from which they result. Finally, computer stored and generated records are a combination of the two previously mentioned types. An example of such a record may be a spreadsheet record that has received human input followed by computer processing, i.e. the mathematical operations of the spreadsheet program. These records may be used as substantive and/or demonstrative evidence.