The Indiana Law Blog: Law - Changes to the Federal Register to make it more accessible - Part II [Updated]

« Ind. Decisions - Supreme Court issues one today | Main | Ind. Courts - What if the Court of Appeals held an oral argument, and nobody, not even the attorneys, came? »

Wednesday, October 07, 2009

Law - Changes to the Federal Register to make it more accessible - Part II [Updated]

Earlier today I posted Part I, detailing the new availability of Federal Register data in XML format. This Part II hits a little closer to home, because it touches on issues related to authentication, which I've raised in the past with respect to the Indiana Register.

Carl Malamud has posted an entry on the O'Reilly Radar website titled "Questions (and Answers!) About the Federal Register." Some quotes:

[I]magine my surprise when I got a call from the White House saying they were making Raymond Mosley, Director of the Office of the Federal Register (OFR) and Michael L. Wash, the Chief Information Officer of the Government Printing Office (GPO) available just in case there were any technical questions from the net. * * *

Question: Ray, a lot of people talk about authenticity as something that happens at the final point of information dissemination, like the FDSyS system. But, authenticity goes back to the root of the content. Can you talk a little bit about what you folks do in the Office of the Federal Register to make sure you're only publishing the real thing? What's to prevent me from creating a fake office or submitting on behalf of somebody else or otherwise hacking the system?

Ray Mosley: We have a number of safeguards to ensure that impostors do not publish faked documents. About 40 per cent of all documents submitted are all-electronic, digitally signed originals. We require digital signatures to have medium level assurance, and be issued in compliance with the Federal Bridge Certificate Authority requirements. For signed ink-on-paper original documents, we have other controls, which we won't discuss in great detail for obvious security reasons. One of the biggest factors is human. We have experienced editors and a legal staff who could recognize fraudulent documents submitted by anyone foolish enough to risk a felony conviction. We have a system of agency Liaison Officers who vouch for their agencies' documents. We have almost daily contact and personal relationships with those liaisons and many other agency program staff and general counsel. Major regulatory documents are often sent for pre-submission review, so we know what is in the pipeline. "Start-up" agencies' documents do not get past the front door until our legal staff has checked out their legal authority and bona fides.

We also maintain a "chain of custody" throughout the editorial process. When we edit documents, we maintain an electronic record of every change and annotate those changes with notes to record the authorization of the agency. We share the GPO production network with our statutory partners, which largely eliminates errors in transferring files. We feed files to GPO all day, and exchange production information all day. GPO does not independently alter any Federal Register material. Their production staff can and does call to consult with senior OFR staff at any time of day or night.

Question: There's a lot of concern about authenticity, particularly from groups like law librarians. Mike, can you talk about digital signatures and other things you have in place to make sure you're looking at the real deal when you see an official journal? What happens when copies of this stuff get made .... is there anyway to see that you're not looking at a Bogus Register?

[ILB - In his answer, Mike Wash, who I've met and who is a Purdue grad, moves from discussing authentication of the current Federal Register, to the new XML files, which are currently not authenticated ...]

Mike Wash: The XML is not digitally signed. The Office of the Federal Register is working with Data.gov to enhance the language on Data.gov to clearly indicate that the XML is not signed. New language is being added to the Federal Register pages on Data.gov that will read as follows:
The current XML data set is not yet an official format of the Federal Register. Only the PDF and Text versions have legal status as parts of the official online format of the Federal Register. The XML-structured files are derived from SGML-tagged data and printing codes, which may produce anomalies in display. In addition, the XML data does not yet include image files. Users who require a higher level of assurance may wish to consult the official version of the Federal Register on FDsys.gov The FDsys data set includes digitally signed Federal Register PDF files, which may be relied upon as evidence in a court of law. [See: http://www.fdsys.gov/fdsys/browse/collection.action?collectionCode=FR ]
Our XML user guide explains that we may digitally sign XML files in the future, but for now we are still concentrating on enhancing the display and content of XML files. We require complete assurance that the XML product is a true rendition of the FR official legal record before proceeding with digital signatures. As the official publisher, data integrity is paramount. For us, the equation is: digital signature = authentic official edition.

Posted by Marcia Oddi on October 7, 2009 01:49 PM
Posted to General Law Related