In the last article, we explored potential uses for blockchain technology in records management and information governance. Several startups have pilot projects for blockchain records management software, but none have been brought to market yet. Once blockchain software solutions are available, organizations thinking about a switch to blockchain should carefully consider the ways the software addresses some of these key challenges and technical hurdles. This will help ensure the software is right for their organization before investing in blockchain technology.
An organization would first need to ensure there is a feasible way to validate new blocks. Then, it would need to decide whether this process should be public or private. The software’s validation system and whether it uses public participation are critical factors to the overall security and usability of the blockchain software. For example, Bitcoin uses a “proof-of-work” validation algorithm intended to be difficult. This method spurs fierce competition among a global audience of “miners” and “nodes” that validate each new block. This works well for decentralized payments, but it might not be practical for enterprise records management. Having each public node maintain a full copy of the blockchain ledger raises serious information privacy issues. Unless the public can validate blocks without being able to read the plain text of each block’s underlying contents, this format won’t be feasible for a private organization managing sensitive non-public information.
Rather than involving the public in the validation process, it would probably be best to have a “walled garden” of a few permissioned private participants without compensation, instead of tens of thousands of permissionless public participants. This system might use only a handful of servers at a few strategic corporate locations or, at most, one on each employee workstation. In this case, blocks would need to be easy to solve so employees could add new blocks without relying on luck or wasteful computation. However, a difficult validation algorithm is a source of security, so simplifying the algorithm and validating in private increases the risk of cyberattack. The easier it is to validate new blocks, the less secure the system becomes.
One potential way to resolve this issue is an alternative validation method called “proof-of-stake.” In this format, solving blocks depends on the amount of a “resource token” a miner holds rather than their computing power. This means only the holders of tokens (e.g. a corporate records manager or IT admin) can generate and validate new blocks. But while this initially appears to be a promising solution, some experts warn that proof-of-stake validation is not secure.
Another big issue is what data to store on the blockchain itself. Ideally, you would store entire records and their change history in complete form on the blockchain. But if the blockchain ledger is open to the public rather than closely held by a corporate user, the ledger would soon grow to an enormous size. Even for a single organization using its own private blockchain, the size might be easily manageable at first, but over the years it could become very large.
You could shrink the ledger to avoid this problem. If the ledger only contains an index of check-ins and check-outs that reference the underlying files and data, it will be smaller. This would fix the space issue, but you wouldn’t get the full benefits of blockchain.
One proposal, called “sharding,” seeks to resolve this problem by breaking the blockchain into manageable pieces and having each node store only a small fragment of the entire blockchain. However, the practicality of this idea is far from certain.
Another hurdle for blockchain records management software is how to handle the permanence of blockchain data. In a blockchain, data can only be appended to the end of the ledger. Old data on previous blocks can never be erased. While the immutability of data stored on the blockchain has many benefits, it poses a problem for records management because permanent data retention collides with ordinary records lifecycle and disposition policies. As any records manager will tell you, permanent retention is usually neither defensible nor advisable for most enterprise records.
Although deleting old blocks is impossible, you could still dispose of records by making the contents of old blocks unreadable. This might involve “burning,” a process in which intentionally forgetting or erasing the cryptographic key that decrypts the contents of a block renders the underlying content permanently illegible. The challenge is to develop a flexible process that can burn or otherwise eliminate readable data on the blockchain without compromising its overall integrity and continuity. Any credible blockchain software for records management would need to have a workable method for disposition of old data.
To reap the benefits of blockchain, you must be able to prove that it does what it says it does to interested groups. A court or a regulator will not accept your say-so that a record is authentic and unaltered because it was “blockchained.” You would have to prove it. With Bitcoin, the software is open source and the world’s programmers have pored over it to ensure that it really does live up to its claims, beyond any doubt. Similarly, you would want to ensure that experts have looked under the hood at the source code for your chosen blockchain software. They would need to verify that it operates as advertised and is free from exploits or vulnerabilities. In the current climate of blockchain hype, do not accept extraordinary claims at face value. If the inner workings of the technology are kept under wraps, no one will be able to draw any concrete conclusions about the properties and qualities of the system, which negates many of the technology’s benefits.
Although the buzz about blockchain shows signs of fading, its development for uses like records management is still just starting. Whether enterprise blockchain technology should use a public global network or be confined to a local intranet and whether the blockchain validates through proof-of-work or an alternative method remain open questions. There are numerous other technical, policy, and economic issues enterprise users need to carefully consider before making a transition to records management blockchain technology.
Disclaimer: The purpose of this post is to provide general education on Information Governance topics. The statements are informational only and do not constitute legal advice. If you have specific questions regarding the application of the law to your business activities, you should seek the advice of your legal counsel.