T 2.72 Inadequate migration of archive systems

Archived data should typically remain stored over a very long period. During this period, the underlying technical system components, storage media, and data formats may age physically and/or technologically and become useless. Furthermore, compatibility issues regarding the data formats used may arise over the course of time.

If there is no reaction to the ageing of the existing system, it must be taken into account in the long term that

• archived raw data can no longer be read physically from the archiving media,
• archived data is changed due to physical errors in archive systems and archiving media,
• spare parts for hardware components are no longer available,
• supplements for software components are no longer available,
• data formats used no longer correspond to the integrity requirements,
• electronic signatures become useless,
• encrypted data becomes accessible to unauthorised persons.

Even if system components are replaced or the data is copied in time, the use of cryptographic procedures may still cause problems. For example, vulnerabilities in integrity-ensuring procedures may arise, since encryption and signature algorithms may lose their protective effects over the course of time and with increasing computing power (see also T 2.79 Ineffectual regeneration of digital signatures during archiving).

Examples:

• Data media may be damaged by physical long-term influences (material wear, deformation, scratching of media surfaces, plasticisers). Depending on the purpose of the respective data medium as system or archiving medium, archive system operation may be disturbed or the data stored on the archiving media may be lost.
• The manufacturer of an archive system planned a debug field in the context data for documents. During the pilot phase of the archive system, documents from normal business operations were archived for testing purposes, with the test status being documented in the debug information. During the transition to the operating phase, the test documents were not deleted, since they had been archived to WORM data media, but the documents identified with the corresponding debug information were no longer displayed. The successor system was delivered by a different manufacturer representing debug information differently. During the subsequent migration of the archived data to the new archive system, the old debug field was accidentally not analysed, however. The old test documents were still in the archive upon completion of data migration, but suddenly emerged as allegedly authentic documents during later research.
• Electronic signature methods may be compromised by trying the signature keys or by mathematical methods. If this occurs during the archiving period, it is possible to falsify electronic signatures even retroactively.