Our project will utilize security measures at the technical, procedural, and personnel levels. We understand that the security of archaeological site information must be protected for ethical as well as legal reasons. In the United States, the locations of archaeological sites represent highly sensitive data and their release could have grave repercussions. For these reasons, managing (i.e., permitting access to) sensitive site location data lies beyond the scope of this project, and no such information will be posted nor released.
Below, we provide details of our communications with federal, state, and tribal officials relating to DINAA project goals and measures to safeguard sensitive data:
Communications with the NASA Email List (Aug. 24, 2013):
Keeping participants and interested parties in the loop is a major first step and continuing part of the process.
Right up front, everyone should be aware that we are not interested in maintaining access to or distributing detailed site data per se, which is properly and legally under the control of individual states and federal agencies. Our project is directed to developing translation routines so portions of state site file databases can be integrated into larger regional and national research and management efforts. We are developing these routines for some 15 to 20 states in Eastern North America in the first phase of this project. All we need for that is information on how site file records are maintained in individual states. That kind of information is freely available from every state, and is what we will be using.Once the integration routines are in place, individual state and agencies can chose to participate, or not, in our demonstration efforts. We have commitments from people in about a dozen states to provide data for our demonstration projects so far, and so will be able to meet our project objectives with data from a large, continuous portion of Eastern North America. If possible our translation routines will include as many eastern states as possible, but our first priority will be for those states where we can make use of data to generate demonstration maps on such things as ‘all NRHP eligible sites’ or ‘all Paleoindian’ sites, and so on.
We understand that the security of archaeological site information must be protected for ethical as well as legal reasons. In the United States, the locations of archaeological sites represent highly sensitive data and their release could have grave repercussions. It is very difficult to develop adequate information security measures for public-facing websites and prevent accidental data releases or data theft through hacking and other leaks. Even if we deployed appropriate security measures, our systems would need extensive auditing for compliance to Archaeological Resource Protection Act (ARPA) regulations and our project team would be legally liable for any release of sensitive data. For these reasons, managing (i.e., permitting access to) sensitive site location data lies beyond the scope of this project, and no such information will be posted nor released.
To eliminate the risk of accidental or malicious disclosure of sensitive data, this project will only manage and store site location data at a very reduced level of geographic precision. The exact spatial resolution we will use for public data will be negotiated with SHPO and agency personnel; this resolution is expected to be at the county scale or at ca. 20 km resolution, which have been previously accepted in earlier efforts (e.g., Anderson and Horak 1995; NADB Maps 1993). This will still permit important research programs that examine regional and large-scale geographic patterning in archaeological data. It will also still permit innovative Linked Open Data applications, which mainly require URI identification of specific data resources (archaeological site records). The project will associate appropriate SHPO contact information with each data record to enable qualified researchers to directly obtain higher resolution spatial data from state officials. PIDBA (Paleoindian Database of the Americas) has successfully implemented similar security strategies for 21 years and three project principals involved with data collection and selection are RPA (Register of Professional Archaeologists) certified, with strong backgrounds in compliance and site protection.
We will, of course, include NASA members in all general correspondence on our project as it proceeds. We welcome comment and assistance in this project, and look forward to hearing from and working with many of you in the months and years to come.
One thought on “DINAA Sensitive Data Security Measures and SHPO Collaboration”