The Hala Protocol

BP 14. Preserve the relevant audio data and its metadata

Digital material can be easily deleted, lost, corrupted, or tampered with. A well designed preservation protocol is therefore crucial for ensuring that audio data can be transferred in the future to third-party recipients, such as accountability mechanisms, and that those recipients can trust the data’s authenticity. Poor preservation may negatively affect the data’s probative value in the event that it is presented as evidence in court.

In designing a preservation protocol, Collectors should account for 1) the preservation of the material, and 2) the demonstration of the quality of preservation.

First, regarding the preservation of the material itself, audio data should be stored in multiple copies on secure servers with access controls to minimise the security risks posed to the data (see BP 6). The use of secure servers can be costly, so Collectors with limited resources should consider forming partnerships with appropriate organisations if they are collecting sensitive data with high security needs, or if the data will need to be stored for an extended period of time. When choosing a third-party server or arranging their own, Collectors should consider the advantages and disadvantages of centralised versus decentralised storage and choose an approach that best corresponds to their mission objectives.

Second, to demonstrate the quality of the preservation, Collectors should utilise cryptography to demonstrate audio data’s authenticity. Cryptographic tools such as hash values can be used to show that data is unchanged from when it was collected, making it more reliable and improving its potential probative value. Hash values are a part of the audio data’s metadata and should be included in or linked to the audio data file (see BP 12). The other items in the audio data file should also be assigned a hash value, including transcriptions, translations, log books, and any corroborating information; these values can be listed in a hash list. Once the audio data file is compiled, a hash value should also be generated for, and clearly linked with, the audio data file itself.

Other cryptographic tools Collectors can consider using include a cryptographic signature, which can serve to both safeguard and demonstrate a digital asset’s provenance.

Collectors must ensure that their preservation protocol saves an original copy of the audio data in a way that is unchanged from the point of collection,1 and only permits changes to be made to duplicates of the audio data (e.g., including anonymisation, per BP 5, or enhancements, per BP 15).

The Collector must be able to report on how each piece of audio data was preserved.2 Such reports should be linked to the audio data in the data organisational system (see BP 11). Such reports can be composed manually or through the use of a tool that generates the reports automatically.

Tech Specs & Resources

The creation of multiple copies should adhere to the ‘3-2-1 backup rule’, which maintains that a redundant backup of digital information includes at least three copies, stored on at least two different media types, with at least one of them stored off-site. For guidance, see e.g., U.S. Cybersecurity and Infrastructure Security Agency (CISA), US-CERT recommendations and Backup Options

Commercial storage systems (potentially paywalled) include, e.g.,

For overarching preservation considerations, see e.g., OHCHR, Berkeley Protocol, pages 60 - 62; and NIST IR 8387, Digital Evidence Preservation Considerations for Evidence Handlers (2022), pages 7 - 10.

For audio file formats that are recommended as having the best chances for survival and continued accessibility, see e.g., Library of Congress, Recommended Formats Statement 2024-2025.

Immutable storage products can pose risks as well as advantages in terms of security, protection from accidental deletion/overwrite, and compliance. They may be a feature of a system’s commercial offering (e.g., Amazon’s Object Lock), or part of a system’s cornerstone design (e.g., Filecoin). 

Systems of record can be used to publicly disclose select elements of non-critical, non-identifiable metadata (e.g., cryptographic hash values) for the purpose of registering them with a publicly-verifiable timestamp.

Legal Framework

See section 5.3. on the role played by chain of custody in the probative value of potential evidence. 

See also Prosecutor v. Mladić (ICTY), Decision on Prosecution Motion for Admission of Documents from the Bar Table, paras. 11-12 wherein the Chamber noted that the tendering by the Prosecution of the original audio recordings contributed to finding these to be relevant and probative.

See also Prosecutor v Ongwen (ICC), Trial Judgment, paras. 654-655, wherein the Chamber noted that the Prosecutor had provided an original audio recording alongside the enhanced version. This allowed for comparison between the two and contributed to the evidence being found to be reliable.

Footnotes

  1. Prosecutor v Ongwen (ICC), Trial Judgment, paras. 654-655; Prosecutor v. Mladić (ICTY), Decision on Prosecution Motion for Admission of Documents from the Bar Table, paras 11-12.

  2. This is an extension of the requirement stated in BP 3 that Collector ‘personnel must at all times strive to document the collection effort in a manner that is as consistent, clear, and transparent as possible’: Prosecutor v Ongwen (ICC), Trial Judgment, para. 658; Prosecutor v Ongwen (ICC), Confirmation of Charges, para. 51; Prosecutor v Ongwen (ICC), Transcript, para. 44, lines 8-24; Prosecutor v Tolimir (ICTY), Judgment, para. 64, referring to Prosecutor v Tolimir (ICTY), Transcript, page 5033; Prosecutor v Blagojević and Jokić (ICTY), Decision on Admission of Intercept Materials, para. 21; Prosecutor v Katanga and Chui (ICC), Decision on Bar Table Motion, para 30. See the discussion in sections 5.2. and 5.3. of the Legal Framework.