Can anyone elaborate on how this protects against tampering? It sounds like you can't actually look at the LOCKSS copies unless the "live" source is down. So long as the single "live" tampered copy doesn't go down it doesn't sound like it offers any protection.
It appears to use some sort of Byzantine fault tolerance in its auditing system (to detect the fault and repair) spread across many "boxes" running the system. There is also a manual audit process by librarians to check that content is correct (this may handle cases where the "live" copies are tampered).
For the most part (from what I can gather from their site), the system is a kind of "self-audited" backup for live content, not for ensuring that that live content is correct. So, for a document that you needed to keep correct (given that a live copy may be tampered), you could simply not have a live copy.
