This study aims to present a policy-aligned steganographic traceability framework for public-sector information governance, enabling document-level accountability through format-independent watermarking integrated into existing institutional structures.
The framework integrates General Deterrence Theory, ISO/IEC 27001 and the NIST Insider Threat Framework with a three-layer architecture (governance, integration and embedding). Fast Fourier transform phase-modulation watermarking treats files as one-dimensional signals, encoding identity via a 96-bit payload composed of a 32-bit user-id hash, a 32-bit timestamp and a 32-bit document-id hash. Imperceptibility was tested on PDF, DOCX, CSV and TXT; robustness was evaluated under noise, compression, format conversion, XOR masking, tail cropping and block reordering.
Imperceptibility tests yielded NC = 1.000 (SNR 18.4–27.4 dB) across all four formats. Watermarks remained intact under 1%–5% noise, format conversion, compression and XOR 0x5A on DOCX-XML and TXT but failed under tail cropping (=10%) and block reordering. CSV showed format-specific brittleness under XOR. Multi-user identity recovery achieved zero collision across five distinct user payloads.
The evaluation is based on controlled simulations rather than actual field deployments. Therefore, longitudinal pilot studies and cross-jurisdictional research are necessary.
A five-level adoption maturity model and a stakeholder matrix, encompassing ministries, chief information security officer offices, legal and ethics units and national cyber-incident authorities, provide policymakers with a concrete implementation roadmap.
Document-level accountability enhances citizen trust, supports proportional whistle-blower protection and aligns practices with rule-of-law imperatives.
This study conceptualises steganographic watermarking as a governance tool rather than merely a technical artefact, thereby integrating individuals, processes and policies within the framework of public-sector information governance.
