Document management is one of four blockchain business initiatives that can save money and generate revenue, according to Gartner. Technology has the potential to impact all document management processes and expand their capabilities. It also has broad implications for securing and authenticating intellectual property at lower cost and with greater efficiency.
This article is not an introduction to blockchain; however, I will describe some of the specific government records management challenges and how distributed ledger technology can provide a solution.
Securing government records is a huge and complex undertaking. The number of data breaches increased by more than 400% in 2018exposing nearly 15 billion records, according to identity intelligence firm 4iQ, and the average cost of a security breach is $17 million. In 2015, when the Office of Personnel Management discovered its databases were breached, officials said the hackers obtained personally identifiable information — including social security numbers, fingerprints, work history and financial data — for about 22 million people.
Government records must be secure while ensuring that parties to a transaction enjoy maximum privacy and confidentiality and can access the data only when needed. But that’s easier said than done. Centralized databases expose a single point of failure and are prone to costly security breaches. Reconciliation of multi-party transactions between individual and private registries is slow and costly and often results in unreliable and inconsistent data. Digital signature technologies are expensive and certificates are difficult to acquire. In addition, there is also uncertainty about the impartiality of third-party providers.
In addition to technological obstacles, the significant growth of global interprofessional regulations over the past 10 years further complicates document management. Government records must be retained to meet regulatory compliance, and organizations may need to demonstrate to auditors or attorneys that there has been no negligent or malicious corruption of data.
Integrity of records via the blockchain
The blockchain is used to create and store a cryptographic hash that serves as a data reference check against a record, its workflow, and its signatures. If any of the above is changed, the hash no longer works. Blockchain is attractive to auditors and litigants because it effectively certifies uncorrupted data.
Government blockchain systems must use distributed ledger technology with private permission. It is not recommended to use a public blockchain to store personally identifiable information or even the corresponding hash. Data stored on the blockchain is always accessible on an immutable public ledger, and the quantum computers on the horizon may be able to crack today’s encryption algorithms. Best practice, therefore, is to store all private data off-chain and exchange it only over encrypted, private, peer-to-peer connections. Additionally, the public blockchain is permissionless and conducts its transactions under a pseudonym, which makes the identity of the parties to the transaction difficult to establish and violates regulations that require participants to be identifiable.
With smart contracts, agencies can run the transactional elements of a legal agreement as software on the blockchain. The smart contract may need to be reconciled or synchronized with its corresponding digital contract records. Contract professionals (including lawyers and auditors) will also soon need to be able to read and decipher smart contracts, and even learn how to write them.
This simple use case explains how blockchain can be leveraged for records management.
- Ann uploads a contract record to a records management repository and generates a URL for the document.
- Ann digitally signs the contract using a blockchain application programming interface and generates a unique cryptographic hash for the document.
- Ann sets up a workflow where she is the contract proposer and Bob is the reviewer.
- When Ann clicks Save, a smart contract is created on the authorized distributed ledger. It includes the cryptographic hash and the document URL as unique references.
- Bob receives an email with a link to view the contract and is prompted to accept or reject the contract proposal.
- Bob accepts the proposal and is redirected to sign the contract file.
- After signing the contract record, the original smart contract is archived and a new, fully executed contract is created on the distributed ledger, with Ann and Bob voluntarily entering into the contract.
- The smart contract is now synchronized with the contract record, attached by a reference to the document hash and URL.
The blockchain-based records management architecture will ultimately be a next-generation, secure, transparent, and regulatory-compliant infrastructure, synchronizing records, workflow processes, and signatures for smart contracts and contract records for multiple parties to a transaction.
For a detailed introduction to blockchain technology, particularly as it relates to records management, please see this National Archives and Records Administration white paper.