Blockchain for Contract and Records Management
By 2022 a blockchain based business will be worth $10 billion¹. Gartner also listed records management as 1 of 4 key blockchain business initiatives² saving on costs and providing opportunities to generate revenue³. The technology has the potential to impact all record management processes and extend its capabilities⁴.
In this article, I’m going to outline specific challenges with records management and how blockchain can help to solve these. I’ll present a scenario where multiple parties to a transaction voluntarily enter into a smart contract. Finally, I’ll propose a technology infrastructure that synchronizes the smart contract with the digital records, workflows, and signatures stored in an enterprise records management portal.
Security and Confidentiality
The number of data breaches increased more than 400 percent in 2018, exposing almost 15 billion records, according to the identity intelligence company 4iQ⁵. The Average cost of a security breach is $17 million⁶. 88% of companies surveyed feel they are losing control over their data⁷.
Enterprise records need to be secure while ensuring that parties to a transaction have maximum privacy and confidentiality and can access records solely on a need to know basis. Centralized databases expose a single point of failure and are prone to costly security breaches.
Data Regulatory Compliance
There’s been a significant growth of global cross-industry regulations over the past ten years⁸. For government or industry regulatory compliance, or e-discovery, organizations may have to prove to auditors or the courts that there has been no malicious or negligent corruption of digital records, workflows, and logs.
Reconciling transactions across individual and private ledgers takes a lot of time and is prone to errors. Distributed records management systems today, involving multiple parties are experiencing slow processing, high cost, high risk of errors, and often result in unreliable and inconsistent data.
Digital signature technologies come at a high cost, and the certificates are difficult to acquire⁹. Additionally, there’s also uncertainty around the impartiality of the third party provider.
Also, this is the era of smart contracts¹⁰, transactional elements of a legal agreement executing as code on the blockchain. How do we reconcile the smart contract with the corresponding digital contract records? As the industry moves towards the execution of smart contracts, contract professionals (including lawyers and auditors) may need to be able to read and decipher them, if not learn how to write them.
Blockchain provides a trusted, independent, and cost-efficient mechanism for multiparty transactional records management. There are inherent problems with the public DLT, particularly around the pseudonymity of the parties identities, as well as privacy and confidentiality. We can leverage additional enterprise technologies to mitigate this. I’ll cover this in the solution architecture.
Blockchain stores a cryptographic hash of the data, workflow processes and signatures for each record, rendering them effectively immutable, more valid, more authentic and more reliable. Blockchain is appealing to auditors and litigators as it effectively certifies corrupt free data as proof or record.
Blockchain technology could also be used to verify the workflow steps that a record went through during its creation and management. The technology can create a cryptographic hash of each step effectively creating an immutable proof of process for the record.
Blockchain is an essential technology for records management professionals to understand because it has broad implications for securing and authenticating intellectual property at lower cost and higher efficiency. It’s important to point out that a records repository can store any digital object including audio, video or even software. A cryptographic hash of the record can be stored on the blockchain together with a time stamp, serving effectively as proof of copyright.
Blockchain also provides for an advantage over legacy centralized digital signature technologies. The signatures, fingerprints, time stamps created for authentication purposes, are stored on the distributed ledger providing proof of data integrity and authenticity without the need of a third party.
This is a simple workflow that describes how the proposed solution architecture can be leveraged to synchronize the smart contract with the contract records for multiple parties.
- Ann uploads a contract record into the records management repository, essentially a document library and generates a URL (hyperlink) for the document.
- Ann digitally signs the contract using a blockchain API and generates a unique cryptographic hash for the document.
- Ann configures a workflow as the contract proposer and configures Bob as the reviewer.
- When Ann clicks SAVE, a smart contract proposal is created on the permissioned distributed ledger. She includes as properties, the cryptographic hash and document URL as unique references.
- Bob receives an email notification with a link to review the contract record. Bob is prompted to accept or reject the contract proposal.
- Bob accepts the contract proposal and is redirected to sign the contract record.
- After signing the contract record, the original smart contract is archived and a new fully executed contract is created on the distributed ledger with the two parties having entered voluntarily into the contract.
- The smart contract is now synchronized with the contract record, joined by a reference to the hash and the document URL.
The architectural components:
- Smart Contract Workflow Functionality Blockchain Permissioned Distributed Ledger.
- Smart Contract Application Functionality (Software as a Service).
- Enterprise Records Management Portal (SharePoint Online or On Premise).
Smart Contract Workflow Functionality
Ideally this would be smart contract language for modeling rights and obligations for multi-party business processes in any business domain, providing high integrity and privacy guarantees. The smart contracts would encode the rights of the parties as choices that they can exercise, and obligations as agreements that they agree to to.
A Permissionless distributed ledger technologies conducts transactions pseudonymously. Identities of parties can be hard to establish. Regulatory compliance dictates that parties to a transaction are identifiable. The smart contract workflow functionality provides for a permissioned ledger, reinforcing the essential properties of a smart contract:
- Proof of Rights and Obligations
- Confidential Execution
- Evidentiary Trail
- Formally Verifiable
The smart contract programming language should be intuitive, and support formal methods for catching design time errors. The language should also be accessible enough for lawyers and contract professionals to at least understand, if not write. The next illustration shows how a design time error is caught and displayed, warning the developer that the smart contract is not valid due to a missing authorization from the second party to the contract.
The solution architecture will ultimately be a next generation, secure, transparent and regulatory compliant infrastructure, synchronizing the records, workflow processes and signatures for the smart contract and contract records for multiple parties to a transaction.
Cecil (CJ) John is an architect, technologist and innovator and has worked with some of the largest companies in the world including the IMF, US Federal Government and some of the top 5 consulting companies. He is the CEO of virtualdeveloper.com, LLC a Microsoft Silver Partner and Goldman Sachs 10KSB alumni member. If you like what you have read, you can follow me on Medium for more great content. You can also sign up for my newsletter or contact me by email, Linkedin or Twitter.
1. Kandaswamy, Rajesh. (2018). “Pay Attention to These 4 Types of Blockchain”.
2. Kandaswamy, Rajesh. (2018). “Pay Attention to These 4 Types of Blockchain”.
3. Kandaswamy, Rajesh. (2018). “Pay Attention to These 4 Types of Blockchain”.
4. Kandaswamy, Rajesh. (2018). “Pay Attention to These 4 Types of Blockchain”.
5. Olenic, Doug. (2019). “Data breaches up 400 percent, 15 billion records compromised: report”.
6. Microsoft. (2019). “Microsoft 365 Security and Compliance Proactive Attack Prevention and Detection”.
7. Ernst & Young. (2016). “Global Information Security Survey”.
8. Stewart, Luke A. (2010). “The Impact of Regulation on Innovation in the United States: A Cross-Industry Literature Review”.
9. Aki, Jimmmy.(2018). “DocuSign Will Add Ethereum Blockchain Integration to Verify Signatures”.
10. A smart contract is a program running on a blockchain that facilitates, verifies, and/or enforces arrangements between parties. Source: Dyer, Barrington. (2018). “Smart Contracts Explained (for Lawyers) part -1”.