By Faye Cheung, Researcher
Libraries, archives, museums and galleries have a responsibility to safe-guard their collections, including making sure that they are well looked after, preserved, and safe protected from loss and theft (including on site and online). Fortunately, whilst such incidents are relatively rare, famous incidents in libraries include the ‘Transy Book Heist’, or the theft of over $8 million worth of rare books and manuscripts at the Carnegie Library of Pittsburgh, or the damages of £300,000 suffered by The British Library as a result of an academic who tore out pages from historic books.
Nowadays, archives and libraries must also worry about the online safety of their digital collections. Digitisation of collections provides much-needed income for many institutions via commercial licensing. Fundamentally, digitisation also enables preservation of collections and much greater access for educational and research purposes.
However, the Vatican Apostolic Library is also seeking to protect its digitisations from manipulation, which could harm the Library’s reputation and the ‘world’s historical memory’. The Library’s Chief Information Officer, Manlio Miceli, voiced his concerns to the Observer:
In the era of fake news, these collections play an important role in the fight against misinformation and so defending them against ‘trust attacks’ is critical.
This is an information protection concern, but not a data protection issue. The Vatican Apostolic Library holds the oldest known copy of the bible, notes from the trial that charged Galileo with heresy for his astronomical findings and letters to the Pope from Henry VIII’s representatives regarding his divorce, which led to the establishment of the Church of England. It is therefore no surprise that the Library would be concerned with protecting its reputation and ensuring its digitisations remain true and trustworthy reproductions.
In terms of the law, it is possibly more of a copyright concern, but infringing the copyright of a Vatican owned photograph is not going to worry hackers seeking to ‘wreak havoc’ by manipulating material and disseminating it.
Therefore, to boost security of its digital collections the Vatican has partnered with Darktrace. Darktrace is a cyber security company who use artificial intelligence (AI) to identify and instantly stop any unusual activity that might indicate an incoming attack. Darktrace say that on average they defend against 100 security incidents per month at the Library.
In the UK, under the Data Protection Act 2018, the Information Commissioner’s Office (ICO) can issue companies with significant financial penalties for failing to prevent and report data breaches resulting from cybercrime. This was seen with British Airways, who were fined £20 million after a cyber-attack in 2018 exposed the data of more 400,000 customers. The breach went unnoticed for two months. The ICO originally intended to fine British Airways £183.39 million, but this was reduced for a variety of reasons including the impact of Covid-19 on the business. Lack of adequate protection and the fact that the data breach went unnoticed was a key factor in the ICO’s enforcement action. If artificial intelligence can identify, stop and report cyber security breaches instantly then such fines, as experienced by British Airways, may be avoidable.
Artificial intelligence is more commonly seen as a cause for data protection breaches rather than a solution. As highlighted by the ICO, this is because ‘transparency of processing, mitigating discrimination, and ensuring individual rights around potential automated decision-making can pose difficult questions’. However, if AI can help protect the Vatican Library’s digital collections, it can also help to protect data that is subject to data privacy law. Therefore, AI might also be part of a data protection solution.
© Naomi Korn Associates, 2020. Some Rights Reserved. The text is licensed for use under a Creative Commons Attribution Share Alike Licence (CC BY SA)
Disclaimer: The material in this blog post is for general information only and is not legal advice. Always consult a qualified lawyer about a specific legal problem.