To appreciate the significance—or the ubiquity— of commercial tamper protection, one needn’t go any farther than the local grocery store.
Toothpaste, aspirin, multivitamins, and milk are just a few of the items you’re likely to find equipped with visible tamper-detection seals. In fact, if you’re like most consumers, you wouldn’t knowingly purchase any of these products without some form of asset integrity assurance. But if you got home and discovered that a “seal” had been broken, what are the odds that you would let your family consume that product? Let me take a guess—ZERO!
Of course, a damaged seal doesn’t, in and of itself, prove tampering; it merely raises the possibility to some value greater than zero. But if grocery store patrons have a low tolerance for uncertainty, imagine the burden of proof facing scientific intellectual property owners in a court of law.
Surely, validating the integrity and ownership of complex lab information takes more than a plastic seal. The typical researchers, in truth, will spend several hours per month “signing” and “witnessing” each other’s lab notes through inefficient manual administrative processes, based on company procedures.
For electronic content and records, the procedure is even less efficient, with added steps for printing and pasting into paper notebooks. But until recently, this was the only reliable method for establishing the legal defensibility of research-based intellectual assets inside the lab.
Today, with the advent of an electronic “sign and witness” process, that’s all changing. Researchers are finally free to focus on what they do best—research. And in a world where you have to prove ownership, saving hundreds of man-hours and costs each year is no small achievement.
But how does the electronic “sign and witness” process ensure indisputable authenticity and long-term legal defensibility throughout the chain of custody? The answer, believe it or not, is a modern-day wax seal. Or, you might say, its digital equivalent.
The price of uncertainty
For good or ill, electronic tampering of records, files, or any form of digital content is extremely difficult to detect. Whereas physical manipulations are usually crude and basic, digital tampering is more often elegant and sophisticated. We see images every day on TV that have been manipulated, such as “first down lines” during televised football games and ballpark ads in the background that aren’t really there. And while the seamless manipulation of digital images and electronic files may work wonders for Hollywood and their high-priced corporate sponsors, those same capabilities present an enormous obstacle to the verification of authentic scientific research.
Furthermore, recent court opinions1 pertaining to ediscovery have forced most scientific-based businesses to significantly alter their digital asset protection schemes or else risk losing hundreds of millions of dollars in funding, revenues, legal fees, and damages.
Hence, there’s been considerable migration toward more aggressively protecting digital, scientific intellectual property, namely the attestation of content ownership through the “sign and witness” process.
Meanwhile, a quick scan of the latest headlines reveals just how dearly R&D-centric companies have paid for recent protection inadequacies. As recently as 2010, several of the nation’s largest scientific research organizations found themselves mired in unwinnable lawsuits that jeopardized their revenues, their community standing, and in some cases even their market position.
To make matters worse, the threats these companies face are often diverse in origin. Just as motivated insiders might alter data to protect reputations or to thwart regulators, unintended gaps in the chain of custody might easily arise from system upgrades, employee turnover, or cross-organizational collaboration.
Plainly said, lab managers are well advised to adopt comprehensive, transparent, and—above all—legally defensible methods for proving ownership of their intellectual property “crown jewels.” The question is only at what cost?
It’s about time
Thus far we’ve talked about the price of “uncertainty.” But “certainty” has its price too.
For instance, mainly in paper-based lab notebook environments, there’s a reason the words “sign and witness” send chills down the spines of even the most scrupulous lab researchers. For all its practicality and utility, the “sign and witness” ceremony has always been—to put it mildly—tedious and inefficient.
Countless man-hours have been wasted for want of a simplified, automated solution. But the potential security and authenticity risks associated with digital signing and witnessing have persistently outweighed the potential efficiency gains. Even as researchers migrated to electronic lab notebooks (ELNs) over the past several years, nearly all retained paper journals for printing, cutting, and pasting the signed, witnessed data sets.
It’s been a model of inefficiency and a huge disruption to research teams, which can perform much more soundly when unburdened by repetitive administrative tasks. But will streamlined electronic “sign and witness” ever prove legally defensible over the long term? Actually, it already has.
Believe it or not, fully secure, automated “sign and witness” solutions can be implemented today, immediately, on any ordinary lab department desktop computer or integrated into an existing ELN.
It’s possible because of a unique, trusted time-stamping approach called hash-chain-link, “widely witnessed” time-stamping. This technique enables the signing, the witnessing, and the unassailable authentication of that research data provable over the long term, mainly for the life of the “sealed” content.
“Sealing” for long-term protection
Binding data and signatures to a legally defensible time stamp doesn’t have to be difficult. While most time stamps are usually supplied by local machine servers, or even PKI-based time stamps from certification vendors, they are solely dependent on the trustworthiness of internal system clocks, all of which can be easily discredited in a court of law or are dependent on a company’s level of proven protection against hacking. But to solidly prove trustworthiness in electronic records, an unbreakable “sealing” process of complete indelibility is required.
Realizing the need for this type of solution, Surety brought to market a technology service called Absolute- Proof®. AbsoluteProof provides laboratory R&D-centric industries with an independent, cryptographically verifiable solution that establishes the exact contents of every record or transaction and the time it was created, in such a way that it is beyond challenge and unimpeachable. This solution utilizes a patented “hash-chainlinking” and “widely witnessed” approach to securing electronic content and incorporates four key components for legally defensible, long-term record authentication:
- The ability to digitally seal any kind of electronic record, including ELN and LIMS records, formula design diagrams, device readings, audit logs, spreadsheets, videos, and email correspondence
- A digital timeline of proof of the progress or development of scientific IP in support of a company’s ownership claims
- Validation of the authenticity of electronic records, and evidence that content was created when claimed and has not been altered since
- Compliance with 21 CFR Part 11 mandates for tamper-proof time-stamping and secure audit logs.
If a lab’s IP protection strategy involves associating identities with protected content (e.g., as part of a “sign and witness” process), the seals can be combined with digital or electronic signatures in a way that overcomes the legal shortcomings of the signature technology.
But the real secret to this method’s legal defensibility is the “widely witnessed” component. At the end of each week, hash values for each of Surety’s data sets—and their “sign and witness” attestations—are published in the New York Times, ensuring that any independent cryptographer can verify that the content in question existed at that point in time and hadn’t changed since the newspaper’s printing. In many cases, this could stretch decades, as newspaper editions are protected and stored for the long term, as well.
Much like state lotteries televise their drawings, this simple step is what gives lab managers the transparency and auditability necessary to satisfy a courtroom’s stringent burden of “widely witnessed” proof.
So long as data authentication solutions depend on the reliability of outside parties—no matter how trustworthy— there will inevitably be credibility and security risks.
But with “hash-chain-link” time-stamping, one need only trust the strength of the underlying hash algorithms themselves. And to date, there is no other legally defensible, electronic “sign and witness” solution available.
The future of “sign and witness”
Just as tamper detection on packaging buoyed the food and drug industries, so, too, can tamper detection strengthen the electronic world and position it to revolutionize laboratory IP safety and validation.
We’ve come a long way since “sealing” content by using wax seals on important documents, but the principle remains. And each day, we as an industry move that principle forward, into the digital landscape, by molding the technology for better efficacy, availability, and ease of use.
Empowering lab scientists is the bottom line— with unobtrusive, streamlined processes that maximize productivity while protecting intellectual accomplishments for generations to come.
That’s the power and the promise of electronic “sign and witness.” It’s science fiction no longer.
1. The Federal Rules of Evidence (FRE) now allow for electronic records, including electronic lab notebook (ELN) content, to be equally admissible as paper records in patent or legal proceedings, provided that they are kept in the course of regularly conducted business activity and that the source of information or the method of preparation is trustworthy.
Robert P. Flinton, vice president of marketing & product management, Surety, LLC, can be reached at bflinton@ surety.com or by phone at 571-748-5795.