DP Disrupted: A blue shield for the electronic battlefield

In March 2023 I was invited to speak to the International Advisory Committee of the Memory of the World Program at the UNESCO Offices in Paris.  The text that follows is the text of my presentation which is published the following day and with the consent of the Committee.

Ladies, gentlemen and friends and colleagues: the memory of the world should be off limits for cyber-warfare.

I’d like to start my presentation today with a word of thanks to Dr Banda and his colleagues who have invited me and made me so welcome.  I have enormous respect and ongoing interest across the entire UNESCO program so it’s a great honour to be involved in your meetings today. 

I am grateful also to our translators who will help facilitate our conversation.  I hope this will not only be fruitful but will be the foundation for a continuing dialogue with sustained and meaningful impact.

I have taken the step of scripting this presentation in full, partly to help with translation.  Colleagues know my bad habit of talking too long.  This full text will keep me to time.  It also affords me the luxury of posting the text to the DPC blog in due course, assuming you are happy for me to do so.

My brief is to introduce the theme of digital preservation in times of crises, and to outline an agenda for international action. 

This seems entirely appropriate.  Harper-Collins introduced the word ‘permacrisis’ as word of the year in the 2022 edition of their English Dictionary: the persistent sense of instability and insecurity arising from a continuing series of catastrophic events.  Reality seems to have hit us over the head since I was last in Paris. 

I want to suggest an agenda for UNESCO: a global response to a crisis which is by no means confined to documentary heritage but which invites specific and achievable actions for UNESCO with respect to the Memory of the World program. 

Digital libraries, archives and museums should be off limits for cyber-warfare.

My call will need UNESCO’s unique convening power and the leadership of state actors around the world; and partly it will involve the transformative effect of many coordinated local actions with common purpose to a common goal, and all for the common good.

I have a clear idea about what we need to do, and a lot of experience of the practical solutions that could be developed.  But I have much less insight into the process and potential that would be needed.  Let me be clear therefore about my own perspectives and limitations.   UNESCO, uniquely – and this committee specifically – has the competence to act and access to the machinery for change. 

I might look like a subject specialist; but you are the experts, with the insights and the impact which ideas alone lack.  This should be a discussion not a lecture and there should be something better than a blog post at the end of it.

I am going to present 8 themes.  They are not equal but all need to be referenced.

• I need to introduce the digital preservation idea so that we are all on the same page from the very start.
• I will then look at economic elements of digital preservation, noting that digital materials face significantly greater risk from economic shocks than more traditional forms of heritage.
• The climate crisis also has immensely important implications for digital preservation. From a technology perspective the climate crisis is also an economic crisis, and it has immediate implications for how we structure the preservation of digital content.
• I cannot talk about crises and overlook the Covid pandemic. Were we ready for it, were we changed by it, and has it taught us anything about digital preservation?
• Related but quickly spinning into a much wider discussion is the crisis of knowledge and the rise of misinformation.
• I will then turn to Digital Preservation in the context of armed conflict. Cyber-security is probably the biggest threat to every single organization and individual represented here; and cyber-warfare can make battlefields of almost anything. And yet there is no blue shield on the electronic battlefield.
• So there is a significant omission in the tools and frameworks needed to ensure our digital cultural heritage is accessible tomorrow. I will sketch some ideas about what we might want to do about that gap.
• I will end with a few words about the DPC as a friend and ally to your work, and with an invitation to leadership.

My key message: the digital memory of the world should be off limits for cyber-warfare.

DP 101

So firstly, let me offer a brief definition of digital preservation.

It’s “the series of managed activities necessary to ensure continued access to digital materials for as long as necessary.”

I know you know this so forgive me, but there’s a lot packed into this short statement which is worth holding in mind.  The words in bold are important.  Digital preservation is a process not an event; it fits within a managed framework of an organization and its mission; it’s about access which means more than just backup or storage; and it’s for as long as necessary – not forever and certainly not for everything. 

Digital lifecycles are short so lots of agencies which are not archives in the traditional sense have a digital preservation problem. Also, this definition includes all sorts of decisions and actions that impact on the design, creation and use of digital materials.  So key digital preservation decisions and actions happen long before an item reaches an archive.  Arguably, if we leave it to the archivists it’s already too late.

What’s in scope?  An awful lot is in scope for digital preservation: born-digital and digitized; structured and unstructured; ephemeral and essential.  Really any digital object where the lifecycle and use case is longer than the lifecycle of the infrastructure on which it was created.  Not all of it would be termed digital cultural heritage, but much of it will need preservation.

DP in economic crisis

If you approach digital preservation as a newcome you’d think it was a niche discussion about file formats or metadata.  It’s true that these topics can spark endless debate and are well represented in the literature.  They do matter, but I approach the topic with the advice of David Rosenthal from 2012 in my head, and still true a decade on: money turns out to be the biggest challenge to preserving our digital heritage.

At the time he was describing a funding crisis emerging from his realisation that the generation long price crash in storage and processing, which is all we’ve ever known of computing, will not necessarily be the historic norm.

There are lots of examples that support a wider interpretation of this statement, even in large agencies who understand the preservation challenge and take that responsibility seriously.  Here’s a  simple observation to help you understand the funding challenge. 

The Web Archive at the British Library, gathered under statute for legal deposit, grew from 365,000 collections in 2013 to almost 14,000,000 in 2018.  This thirty-eight-fold increase has not been met with an equivalent increase in funding.  You might well have imagined a national library or archive as a document store with a fringe digital collection. Increasingly it’s the other way round: they are large data centres with book collections bolted on.

But the argument that money is the greater threat to digital materials is more subtle and more true than you might think. 

The origins of digital preservation are entwined with the economic forces that propelled the digital shift.  Digital preservation is therefore a symptom of the accelerating cycles of innovation, adoption and disruption which have characterized information technology. Market forces mean we are locked – we have locked ourselves - into short lifecycles of technology, where obsolescence is taken for granted and infrastructures are disposable.

So while we have been worrying about file formats, business has been happily creating and dismantling the digital world for us, overseeing the deletion of swathes of digital content in response to business pressures. 

If you really want to see the long list of data which has been lost over the years, it’s more likely to be found in a longlist of discontinued services than a shortlist of entirely unrecoverable file formats.

We might as well mention Twitter in this context.  You have to have been on Mars not to have heard something of its troubles since being bought over by Elon Musk.  Twitter doesn’t own a copy of itself.  If the company declares bankruptcy there will be precious little left over. The fate of digital content is entwined with the companies who provide the platform: and therefore at immense and immediate risk from economic shocks. 

This becomes even more problematic when you realise the strange mismatch between share valuation and balance sheet which characterizes a lot of technology companies.  Facebook was valued at around 104bn USD when shares were first sold in March 2012; which is a lot compared to the net assets of 6.3bn USD.  Almost 100bn USD in ‘intangible assets’ which might as well be data.  It’s grown a lot since then, tipping over the 1 trillion dollars in 2021 before losing a whopping 232bn USD in one single day, 2^nd February 2022. 

Now I am not expecting Facebook to go anywhere soon – I’m no stock trader, but I understand these losses were the result of a specific mistake not a systemic crisis.  But just imagine what would have happened if that had been September 16^th 2008, being the day that Lehman Brothers collapsed creating an existential crisis for the banking sector and any business that relied on it.   The value of companies is ephemeral, the flight of capital inevitable and the loss of data too.

My point is that digital cultural heritage – including the memory of the world - faces immediate and massive risks from economic shock.  We’ve never had to deal with anything of this magnitude before. 

DP and the Climate Crisis

Perhaps wrongly I routinely connect economic dysfunction with the climate crisis. The climate crises is a reason for doing digital preservation in the first place, and a reason for doing it better.

There are unique challenges associated with preserving long-range scientific data about climate change. 

It stands to reason we would want to preserve such data because its value and usefulness grow through time.  But research institutes which have published findings or gathered data which might be considered hostile to vested interests have faced sustained denial of service attacks on their servers and their reputations.  There have been concerted if obscure efforts to make research institutions think twice before engaging in climate science. 

That’s a significant worry and, something we need to discuss openly. Climate science is not devoid of bad actors and misdirection.  Transparency is essential and I am not sure we always get that. 

Here’s a short story to illustrate.

I spoke on the fringes of COP26 last year about archives and climate change.  Later in the same workshop a consultant posted what seemed a useful and actionable insight, that 'If each adult in the UK sent one less email per day that would prevent 16,433 tonnes of CO2 per year; equivalent to 81,152 flights from London to Madrid or 3,334 diesel cars of the road.’ That’s very eye catching.  Less email is good news!

But this seemed a bit curious to me.  The established wisdom from those who study these things is that carbon footprint of any digital activity is associated with the source of the energy and the carbon locked into devices rather than the nature or size of the object involved.

In this case, the claim was requoted from an IT consultancy which in turn had derived the statistic from research which had been commissioned by a company called OVO.  OVO is one of the largest energy firms in the UK and critics have reported that despite its claimed green credentials its power generation has a higher than carbon footprint than the average  .

It seems important to know the source of the research that informs the debate.  It’s not that the research is inherently wrong. But, quite ostentatiously, it passes responsibility for carbon reduction onto the user.  It makes no commitment or comment about what the energy generators should be doing. 

In the media this is called framing.  We’re being framed.

Energy firms have a reputation of suggesting users change their behaviours while not addressing issues in their own infrastructure.  In January 2022 OVO advised customers to reduce their energy bills by cuddling pets for warmth, “challenging the kids to a hula hoop competition”, “doing star jumps”, and “cleaning the house”.At the same time, it reportedly made a profit of £600million and paid its Chief Executive £1.2million.  

In a debate with contentious themes of public policy and bad actors, the origins of data, and the framing of research become significant issues.  It’s how we will know whether the conclusions and actions which we take on climate change are designed to save the planet, or to save the carbon lobby.

And despite two decades of research data management, it’s still not clear to me that research workflows are sufficiently mature to enable end to end transparency, re-use and preservation. 

DPC was commissioned to assess digital preservation readiness within the emerging European Open Science Cloud in 2020.  It was quite revealing.  There’s a lot of policy development and good intentions, and some pockets of really excellent practice.  For example there’s a commitment to data management planning, and investment in digital repositories.  But the plans are seldom audited and the data, if it ever arrives in the repositories, bear only passing resemblance to what was promised.  The end-to-end workflows simply don’t add up because the accountabilities and responsibilities are muddled. 

There are two points here.

Firstly, this is what the debate is like. A nuanced discussion about the carbon costs was derailed by the third-hand repetition of an unconvincing but eye-catching claim based on research promoted by an energy firm heavily invested in carbon. A little bit of transparency goes a long way. You might even think that, if energy firms spent a bit more on infrastructure, and a bit less on shareholder dividends (not to mention misinformation) we'd all be better placed.  

There is a very strong intellectual case about preserving scientific data about the environment.  It’s a complicated task, made even more complicated by the need to understand and be open about the entire lifecycle journey of the data from inception. In fact, if the data is not open, and the methods and origins not entirely transparent, then there’s every reason to be suspicious. 

Climate justice needs climate honesty.  We need to get this right.

As a side bar, we should consider the carbon footprint of digital preservation too. 

There’s a habit in digital preservation to treat objects as either preserved or not, and to treat repositories as ‘trusted’ or not.  But considering the climate emergency we need to admit the possibility of something in between. 

Every touchpoint in a digital preservation workflow requires energy – ingest workflows, migration or access for example. So as well as reducing the data volumes we need to ask how many times a file needs to be processed.  There are some high value or high risk environments where the chain of custody really matters and you’d want to monitor the integrity of a file more or less continuously.  But computing across a large data set is going to require processor time and that means energy.

Migration is another example.  Should we migrate and normalize files on receipt at the repository, or do we migrate only when the need arises?  There are arguments both ways depending on the specific use case: but it’s time that we included the energy cost of migrating files in the discussion.

Finally, instant access means spinning disks and global access means data cached in numerous locations around the world.  Spinning disks are very intensive for energy consumption as against tape or offline disk storage, but both of those are a lot slower in terms of delivery.  Offline storage comes with slower access so is less good for the user, but is much healthier for the planet.

We need to admit more grey areas in preservation: files which are checked occasionally, formats that are not migrated unless someone really needs them, access which is slower but sustainable.

DP and the Pandemic

There’s no talk of crisis without touching on the pandemic.  In April 2020 the ICA brought together a group of agencies around the world, including the DPC, to amplify a call that had previously gone out from UNESCO.  Simply stated this noted that the duty to document does not cease in a crisis, it becomes more essential. 

Sound records management became more important than ever as governments took unprecedented steps to deal with the COVID-19 pandemic. Huge and rapid interventions followed, in markets, in healthcare and the daily lives of billions of people to secure the social, economic and cultural wellbeing of populations and uphold the rule of law.

It seemed to us essential that the basis of those decisions, the decisions themselves and the decision-makers should be thoroughly documented so that governments could remain accountable both during and after the emergency. We were particularly concerned that new ways of working were adopted without the usual processes and infrastructures that serve transparency. We were clear that steps should be taken to address ephemeral technologies that were deployed rapidly to aid decision-making.

Looking back now, certainly from the perspective of public records in the UK, all of our worst concerns seem to have been realised.

For example, a crisis in procurement, especially though not uniquely the provision of medical equipment, created profound conflicts of interests in 2020 and 21.  UK tax payers committed huge amounts of money to products and services of uncertain origin and unknown quality, often through unofficial channels.  Moreover, senior members of the UK government, from the Prime Minister down, have been sanctioned for breaches of their own emergency legislation, and face further sanction for allegedly lying about those breaches when challenged. 

If that was not enough, the public is now subjected to the sorry spectacle of ministers’ Whatsapp messages being drip-fed, selectively but sensationally through the press.  These are public records, not the private property of media barons.  It’s like profiteering from profiteering.

In conditions where those who make the law also break the law; in conditions where public officials are suspected of dishonesty, theft and corruption, the lack of evidence is profoundly concerning.  Even more concerning is the filtering of messages to build a narrative ahead of full disclosure and proper judicial assessment.

The pandemic has underlined the extent to which public records keeping infrastructure is failing.  But it is not the loss of records that are the deeper concern.  Deliberate and relentless manipulation has a corrosive effect on trust in political leadership and public institutions.   My concern is that a continuing and unresolved crisis in record-keeping becomes a deeper disaffection.  The legitimacy of the state will ultimately be called into question.

DP and the crisis of truth

This may seem over-stated.  But viewed from an important perspective this is exactly what has happened.  The legitimacy of government has exactly been called into question.

To remind you that the US Congress is currently investigating an armed insurrection, which was encouraged and likely organized by the defeated party of the 2020 US election, a militia which stormed the US Capitol just as the results of the presidential election were being validated. Opinion polls show a small but irreducible core of electors still believe the US presidential election results were fabricated. 

What on earth has happened to us? 

Fundamentally, meaning-making is hard.  Arguably the challenge meaning-making began with post-modernism, but it has been turbo-charged by technology.  The result: anyone can assemble their own history from the many ubiquitous sources that they chose not to ignore; they can publish it; and in so doing find an audience to share their pain; and then we can all live secure in self-made echo-chambers of reflexive narrative.  Stories which we repeat so often than they might as well be true.

That’s becoming the all-too-common experience on what it has become fashionable to dismiss as anti-social media.  The regular call is for better manners: that if we were just all a bit nicer we’d be able to resolve the differences which seem to define us. 

A dose of goodwill would certainly help but something more is needed if we are to avoid the traps set by conspiracy-theorists and fundamentalists of all kinds.  We need a shared and accessible set of tools to admit, share and interpret the facts in front of us.  Functioning states and the rule of law need a functioning shared intellect configured around the common good. They need facts.  This is why Laura Millar has implored us to stop talking about archives or records or data and start to talk about evidence.

DP and armed conflict

You have invited me here to talk about digital preservation and I am wandering far from my topic.  I have tried to survey the scene and there is plenty to discuss in all these themes so far.  But I want to change focus.

I have a specific if still poorly-formed recommendation for you. What should we do about digital cultural heritage in the context of armed conflict?

The following thoughts emerged for me in the context of the war in Ukraine, but they are not specific to that context.

UNESCO has long recognized that the memory of the world can be digital in form and origin.  This is most obvious in the UNESCO Charter on the Preservation of Digital Heritage.  It has practical expression in ongoing efforts to preserve software source code as digital cultural heritage, as envisaged by the PERSIST project.  UNESCO has discussed the digital cultural heritage explicitly and implicitly for many years and has initiated a number of programs that promote and implement digital preservation solutions. 

These are an important point of departure: there’s no doubt that digital falls into our shared understanding of what constitutes cultural value.

A year ago, UNESCO, ICA, ICOM and many others made public statements and took practical steps to safeguard the cultural heritage of Ukraine as the war began.  These calls were framed within the 1954 Hague Convention for the Protection of Cultural Property in the Event of Armed Conflict and its two Protocols. 

The DPC’s position has been similarly aligned around the Hague Convention.  In March 2022 we published a 5-point plan to mitigate the losses to digital cultural heritage.  As well as calling for an immediate cessation to the war, we called for efforts to preserve the record; efforts to support institutions on the ground; efforts to listen to affected communities; efforts to support our professional colleagues; and efforts to protect the global digital preservation community from fragmentation. 

This response drew an immediate response from a global digital preservation community, including practical offers of support.  Also, having translated our message into Ukrainian we delivered it to the Central State Electronic Archive of the National Archives of Ukraine. 

A very visible effort to gather and preserve web sites has progressed under the auspices of SUCHO - Saving Ukrainian Cultural Heritage Online.  This is welcome but there is significantly more risk to records and digital cultural heritage which is not online.  I am referring to the digital records of government and state institutions which are critical to effective government, vulnerable to cyber-attack and essential evidence for the maintenance, and longed-for return to the status quo ante bellum. 

This is when it became apparent to a small group of us that the current frameworks for the protection of cultural heritage need to be updated. 

The Hague Convention of 1954 defines norms for the identification and protection of cultural property and institutions.  This is most obviously expressed in the ‘Blue Shield’.  The Blue Shield emblem identifies cultural property protected under international law as well as personnel engaged in the protection of cultural property. 

At times of conflict, parties to the convention are required to respect the cultural property by making sure sites and objects exhibiting the blue shield are not exposed to destruction or damage; are not used to establish offensive positions; to refrain from any act of hostility, directed against such property; prohibiting and preventing pillage and looting or vandalism; and not removing cultural property from one country to another.

We might well argue – and should be concerned to ensure the effectiveness of this framework for the protection of tangible cultural heritage.  It is nonetheless a clear mandate and signal that cultural heritage has no place on the battlefield.  The battlefield should be elsewhere.

But there is no blue shield on an electronic battlefield.

This is the problem. In many different ways and over many years, UNESCO has acknowledged the cultural value of digital resources.  These are welcome but they lack the legal framework to preserve digital cultural heritage in times of conflict.  Digital libraries, digital archives and digital museums should be off limits for cyber-warfare.

Let me give six putative examples of cyberwarfare so the discussion can move from abstract to real insights:

• Stuxnet is a malicious computer worm which is believed to have been responsible for disruption the Iranian nuclear facilities at Natanz, a site where uranium is processed and enriched. The origins of the virus are debated but are linked to a serious nuclear accident in 2009.
• In 2021 the Health Service Executive of Ireland was subject to a major ransomware attack which shutdown its entire IT system. Hospital appointments were massively disrupted including all outpatient treatment and radiology services. COVID-19 referrals were affected as were cancer and stroke referrals. The origins of the attack were traced to operatives in Russia.
• The National Museum of Brazil burned down on the evening of 2^nd September 2016. Around 18 million items were destroyed. This disaster has been described as a lobotomy of Brazilian culture. However, prior to the fire the National Museum had partnered with a major technology provider to begin an extensive process of digitization. So a digital surrogate survived the fire.
• In September 2015, in the context of the civil war, ISIS set about the task of destroying the temple complex at Palmyra in Syria. However, a determined effort by UNESCO and colleagues meant that there had been significant efforts to document and digitise the site. Consequently it has been possible to reproduce in detail significant elements of the site.
• The Central State Electronic Archive of Ukraine has been working for many years to digitize holdings and collect born digital materials as the record of government and its departments. Considering the attack on Ukraine in Feb 2022 and the very real fear that Kyiv would be an early casualty of a Russian attack, there has been a strong response from partners around the world to protect its digital holdings.

Let’s compare these.

The first of these – the Iranian nuclear site involves an intervention in a military / industrial complex.  I can imagine the IAEA might take a view on the dangers that arise, but it’s not likely ever to be covered by the Hague Convention or anything approximating it.

In the second case we can sympathize, and may feel the need to act.  I think we all agree that health services and medical treatment should be put beyond reach of cyberwarfare and would be concerned if medical records were also lost: but this is a humanitarian case.  The World Health Organization might have a view and there is an archival component, but it would stretch the limits of the Hague Convention and UNESCO’s mandate to digital cultural heritage. 

In the Brazilian case, the digitized content becomes suddenly important.  This sudden importance is not because of an act of war, but in the event of war we’d want to know that the data was safe and accessible.  The digitization work was undertaken by Google so you’d want to ensure a framework in which the materials were designated and safely preserved, whether by establishing some kind of refuge, or having some kind of clarity from Google about their management.  Remember what I said about the economic challenges that face big tech companies.

In the fourth case, the digitized content became important because of an act of war which would by any standards be described as a war crime.  We can probably agree it would be a war crime now to attack the digital surrogates, if only there was a way to designate those digital surrogates.

In the case of Ukraine, it was possible to replicate the holdings of the State Electronic Archive to a refuge under the terms of a loan agreement.  This was undertaken as a goodwill gesture.  As typically is the case, the technology was less of an issue than the legal and diplomatic requirements.  There is a lot of work to establish secure channels and to validate the transfers, but the lesson is real: in the digital age it is entirely possible to evacuate a digital archive to secure location in a relatively short space of time.  I think we can also agree that, if the materials could be properly identified with a digital blue shield, any attack on that location would constitute a war crime.

To repeat: there is no blue shield on the electronic battlefield. 

This is an extraordinary omission.  Our generation takes cyber-warfare for granted.  Digital cultural heritage is not just close to a war zone; it exists in a war zone.  That has to be unacceptable to us.

Digital libraries archives and museums should be off-limits for cyberwarfare.

Agenda

You’ll realise I am now calling for a reform of instruments in international law and a whole new kind of action to preserve digital cultural heritage.  I think we can agree the principle, but the mechanisms to progress this seem significantly different as far as digital heritage is concerned. 

I want to provoke four discussions:

• I want to establish a consensus that such a step is necessary and viable;
• I want to build a consensus on the practical mechanisms that might implement a digital blue shield;
• I want to develop recommendations on the instruments, legal and practical that would need to be established or updated;
• I want clarity on how such efforts would extend current protections and not inadvertently deflect hard pressed resources.

You should be clear that I do not have explicit answers to all of these questions.  It is beyond my remit to specify how the international community can and should progress.  But I believe answers are within reach. 

The Digital Preservation Coalition already provides robust frameworks for advocacy, research, good practice, education and consultation.  This is in addition to the different parties already subscribed to Blue Shield International as well as the many partners in the technology sector who would and could be persuaded to extend and participate in the debate.

I imagine four steps:

Firstly, we need a concise but considered assessment of the scope and damage to digital materials arising from cybercrime and cyber warfare by state actors and their proxies.

It is important to move beyond sensationalism to hard facts and rigorous assessment.  This would help to develop practical responses but also the scope of the challenge.  My examples have been assembled hurriedly.  I have also spoken in broad terms about cultural heritage - I doubt Boris Johnson’s WhatsApp messages or Donald Trump’s Tweets – would ever be listed on the register.  Their significance is illustrative of the cultural forms which might in due course be listed but which would never survive unless steps were taken. Moreover, the examples include compelling reasons to remove digital objects from the digital battlefield but for humanitarian, scientific or ecological reasons which stretch the definition of digital cultural heritage.  Is the the problem with the definition of the terms of engagement or is it with lack of coordination between overlapping instruments.

This needs a scoping research project.

Secondly we need a set of guiding principles which can be used to establish good practice.

Some of these principles are already established.  For example, in the physical world, protected objects have to be clearly identified prior to conflict; and misidentification is also a breach.  That same principle seems obvious to apply.  Entire collections can be covered in one declaration, so that not every book or document or painting needs its own declaration. 

It is useful that the existing framework requires military operations be situated away cultural heritage: this principle could be extended to an assumption that we cannot use cultural heritage data as a distributed proxy for cyber-warfare.  The existing treaty arrangements also envision competent authorities who are responsible for tracking and ensuring compliance with protection, and they also establish the principle that refuges can be established to provide special protection: all of these ideas seem appropriate to the digital world.

We can meet some of these principles from the other side.  There is a small but important set of trusted digital archives in the world under the heading of the Core Trust Seal and the Nestor Seal.  We should start by simply giving these blue shield protections.  I think here of my own work at the Archaeology Data Service back in the day: the data which we held is all that survives from numerous archaeological research projects that cannot be repeated. Any cyber-attack on these is a hostile transgression on the digital cultural heritage and should be called out as such.

Other areas need more attention.  What would constitute a 'digital blue-shield' and how would it be guaranteed.  Are there practical cyber-security defences that need to be established, such as encryption, and how would that be managed and maintained? How would contents be verified and their condition monitored; how would access be managed? How should we manage the intersection between reasonable preservation actions with respect to copyright or data protection?  What provision should be made for digital surrogates of tangible heritage; and what provision for data associated with condition monitoring and conservation of tangible heritage.

I don’t doubt that these are complex issues but they can be aired and resolved.  It requires a task group to make clear recommendations.

All of this work needs a consistent and influential champion who is able to convene the relevant authorities at the right time and with determination.

To be effective that working group would need the support and sponsorship at the right level to be able to affect change.  Actions need to be synchronized for timely adoption within international agencies like UNESCO and the signatories to the 1954 convention.  Arguably this could involve a new protocol in international law – a significant undertaking.  For many state players this will appear a frivolity, to some a distraction, and to others an unwelcome intrusion that would restrict inhibit their actions.  We should not underestimate the advocacy that is required.

Finally, digital cultural heritage appears too often as an unfunded mandate.

Digital archives and digital libraries are often established on the same budgets that support tangible heritage, and thus deflect resources from areas which are hardly well-funded to start with.  So progress in digital preservation either at the expense of progress elsewhere or is funded in a piecemeal fashion with time limited projects. 

Any new work in this area should not be designed in such a way that it would absorb funding or expertise from existing priorities.  Perhaps the least welcome idea at this time is to point out that this needs to be funded additionally and with new money.

New money is perhaps the least achievable aspect of this proposal, but we should not underestimate the extent to which this proposal elides with concerns at the highest level in many governments and corporations.  Candidly, this is a cybersecurity project and as such is likely to get the attention of many state actors and agencies.  The idea that certain parts of the digital estate might be made permanently off-limits to cyber-warfare is a strong political statement with some important consequences. It may be easier to persuade them to fund this proposal as a new action than might be true of other elements of the UNESCO mandate.  

Conclusion

To conclude, it is has been the settled view of UNESCO for more than two decades that digital cultural heritage should be protected, and yet there is no blue shield on the electronic battlefield.  The lack of protection for digital cultural heritage is more than a small oversight.  It is an extraordinary omission.  Our generation takes cyber-warfare for granted.  Digital cultural heritage is not just close to a war zone; it is a war zone.  We should do something about that.

Digital cultural heritage should be off limits for cyberwarfare.

I am grateful for the opportunity to speak and I offer a hand of friendship to take forward these ideas. 

I haven’t yet mentioned the DPC explicitly.  We are an international membership organization and charity, building a global community to address the digital preservation challenge.  Some of you are members already, others I hope will join or consider joining in due course. We are growing very quickly, but not as quickly as the scale of the digital preservation challenge.  DPC’s members have mandated that we do 5 things:

• Community

• Advocacy

• Workforce Development

• Good Practice

• Good governance

So at the end I want to encourage you to think of DPC as a friend and partner to your work and your discussions.  We’ve come a long way, but it still seems like very early days. 

If you missed the point, or if you heard it loud and clear, say it with me: digital memory of the world should be off limits for cyberwarfare.