Ideas on using appraisal techniques to plan for the use of blockchain technologies in recordkeeping systems

Posted on by Cassie Findlay
Photo from Setting the Records Straight National Summit, by Nicola Laurent @NicolaCLaurent

Recordkeeping professionals seek to design systems that will ensure that trustworthy evidence can be relied upon by the communities we serve, and community memory protected over time. However current recordkeeping implementations are flawed, and permit imperfect recordkeeping, inequitable access to records and records loss. Recordkeeping systems implementations have failed to keep pace with trends towards decentralization and personally controlled personal data. The emergence of decentralised trust through computation as seen with blockchain technologies allows us to imagine new models for recordkeeping that can also bring greater assurance of longevity and availability for records users, and offer new opportunities for individuals to keep their own records. In this post, I consider the problem of enabling children in out of home care to make and keep their own records in light of innovations in decentralised trust mechanisms and specifically blockchain technology, and use the core recordkeeping skill of appraisal to better understand how blockchain technologies might form part of the solution.  

Introduction

Recordkeeping professionals possess a robust set of techniques for ensuring the creation and proper management of records of business activity for a given individual, community, organization or jurisdiction. Here a broad definition of business activity is used, to encompass any actions and transactions in which some form of evidence is deemed necessary to be made and kept by the parties involved. According to the International Standard ISO 15489-1:2016 Records Management (ISO 15489), records are:

“information created, received and maintained as evidence and as an asset by an organization or person, in pursuit of legal obligations or in the transaction of business.”[1]

Records are contextualized and controlled traces of events or transactions, made and retained – for a few seconds or a millennium – for a variety of purposes, and to meet the needs of a changing array of stakeholders. In today’s business, governmental and other societal domains, records are most often made and kept in the form of sets of data, grouped and persistently linked to metadata that contextualizes and manages them.

Systems for records are designed and implemented to control and maintain records, and their metadata, over time. Such systems have traditionally been set up and controlled by entities such as government agencies or corporations, in pursuit of accountability and efficient business. In recent times, however, such actors have failed to keep pace with societal trends towards decentralisation and participatory models of business and personal memory making, their systems remaining largely centralized, their contents controlled and protected by the maintaining entity. Systems suited to the needs and supporting the agency of the individual or a community have been left behind.

Blockchain technologies are defined for the purposes of this study as  the platforms and applications that are built to make use of blockchain databases (blockchains). Blockchains are “an open, distributed ledger that can record transactions between two parties efficiently and in a verifiable and permanent way. The ledger itself can also be programmed to trigger transactions automatically.”[2] They present a new paradigm for the creation and management of records by giving us the tools to build business environments in which the presence of a trusted third party to verify transactions is not required. They offer uncensorable, immutable and timebound recording of the exchange of value or information, that will remain available to those with a right of access for as long as the Internet – and the resources required to power it – survives. This has the potential to put more power over the creation and maintenance of the record of business and the formation of memory to individuals and communities.

To date, applications for blockchain technologies have mostly been found in the realms of finance, property, contracts and identity. Amongst these domains we can see needs for both high volume recordkeeping solutions and more ad hoc, tailored solutions to specific needs, including:

  • centralized registries controlled and/or maintained by governments for land ownership;
  • systems supporting the creation and management of signed contracts with retailers or service providers, records of which are retained by both parties or by one party with limited access for the user;
  • financial management systems used by banks to record the exchange of money; and
  • proof of identity systems such as birth registries or systems for confirming eligibility to open bank accounts.

The rise of these technologies has coincided with a new wave of thinking and experimentation with individual-centric models for recordkeeping to address concerns about personal privacy, to make interactions with authorities and corporations more efficient, or to support people with limited capacity for personal recordkeeping but a pressing need, such as children in care, or persons displaced by conflict. As a profession, we are interested in the possibility of true peer-to-peer and community-owned recordkeeping models, and of personal recordkeeping that fulfils requirements for persistent, trustworthy records of our own experience, transactions and interactions, to be retained for our purposes and shared at our instruction. Exciting initiatives towards systems for personally managed records in data form are emerging, in tandem with the growing maturity and uptake of blockchain technologies and services. Recordkeeping professionals should be contributing to the development of these new forms of recordkeeping. There is promise here of finally responding to calls from both Chris Hurley and Sue McKemmish, made since the 1990s, for sets of functional requirements for post-custodial personal archives.[3]

Appraisal for Managing Records

Appraisal is the recurrent process of analysing business activity and its context(s) to determine which records need to be made and how they should be managed, over time. It combines an understanding of business activity – the agents, stakeholders, processes and more – with the identification of business, regulatory and societal requirements affecting the business and the assessment of risks.

Articulated within a systems design and implementation methodology in the first edition of ISO 15489, it has been positioned in the new edition as ‘core business’ for recordkeeping professionals of all types, and essential for managing the dynamic and fast changing needs of modern digital and online business.

In the Standard, appraisal work is shown as essential to the development of control tools used to manage records, including access rules, retention rules, classification schemes and metadata schemas. Such tools can be implemented in a variety of ways, from manual to highly automated methods, for records in a range of different settings, including when they are under archival control. Appraisal is also shown to be a vital technique for ensuring the selection of appropriate policy, procedural and technological decision making in recordkeeping.

The key areas of analysis in conducting appraisal for records are:

  • the context in which the ‘business’ is being conducted, including business, technological, legal and societal factors;
  • business activity, including functions, activities, transactions and work processes, and the agents involved in these;
  • requirements for records, from requirements to create records to requirements for retention and use of records over time; and
  • the assessment of risks and how these may be managed via recordkeeping.

Each of these areas of analysis can assist a recordkeeping professional in the design and implementation of systems for records, including making decisions regarding the use of blockchain technologies.

Using Appraisal in the Design of Recordkeeping and Archiving Systems for Children who Experience out of Home Care

In selecting a case study for this paper I am borrowing from the terms of reference for the Setting the Record Straight for the Rights of the Child (SRSRC) Initiative, led by Monash University. The Initiative, which includes a National Summit was organized, in part, as a response by the Australian recordkeeping community and allied groups to the findings of the Royal Commission into Institutional Reponses to Child Sexual Abuse, which commenced in 2013 and continues to date[4].

The partners in the Initiative have stated:

“Recordkeeping and archiving systems are failing to meet the lifelong identity, memory and accountability needs of children who get caught up in child welfare and protection systems.”[5]

and also that:

“Children who experience out-of-home care need quality recordkeeping and archiving systems to:

  • develop and nurture their sense of identity and connectedness to family and community;
  • account for their care experiences, and
  • prevent, detect, report, investigate, and take action against child neglect and abuse.”

In the following sections, the author presents the beginnings of an appraisal analysis for an imagined project to build a suitable and sustainable recordkeeping and archiving system for children in care. While recognizing that questions about the deployment of blockchain technology will not generally be central to the resolution of many recordkeeping questions, the author’s proposal is that a detailed and fully informed justification for its selection and use will benefit any project in which it is considered, and that appraisal is the ideal framework from which to develop such a justification.

This analysis is based on a hypothetical systems design and implementation project, and is presented purely for the purpose of illustrating the process and how it might be affected by the presence of blockchain technology options in the recordkeeping professional’s suite of available implementation methods.

Analysis of the context(s) in which the appraisal is being conducted, including business, technological, legal and societal factors

The contexts for the recordkeeping that supports and enables the progress of a child through a welfare or other out of home care system are multiple. In line with records continuum thinking they can and do exist simultaneously. They may include, for example:

  • the immediate socio-legal context of the child’s interactions with the agency or agencies that serve as their legal guardian(s), and their interactions with care givers, other children and related support agencies.
  • the context of the family unit and community from which the child hails. In some instances, looking at this context may involve understanding, for example, the needs and expectations of Indigenous people or people from particular ethnic backgrounds.
  • the wider societal context in which members of the community expect, particularly post Royal Commission, that recordkeeping standards for children in case are improved, and that the records of their experience are available for purposes of redress should they be required; or
  • the personal context of the child’s life experiences, preferences and expectations. In a profession that has traditionally been geared towards institutional and government recordkeeping and archiving needs, this is a layer of context that has been largely ignored, and is lacking in proven methods for its analysis.

In the analysis of these context(s), questions that will assist in decision making regarding the design of  the system and the use of blockchain based technologies may include the following:

  • Are there acceptable arrangements already in place for the long term retention of the child’s records, suited to the child and manageable in terms of costs?
  • How readily can the child access the Internet? Is an offline component required in the solution that is developed?
  • Which applications does the child use regularly to make or save records? Proprietary systems may present challenges to integration.
  • What legislation and regulations apply to how the child makes and keeps their own records, if any?
  • Who are the stakeholders in the business and in the recordkeeping and archiving solution? Can these stakeholders be consulted, or perhaps assist with user testing of the proposed solution?
  • What expectations are there, if any, of usability and preservation of these records for purposes beyond the child’s needs, and their needs as an adult?

Analysis of business activity and the agents involved

Here the focus of the analysis is on the expected or likely ‘business’ that the recordkeeping solution will be required to support. This will include identifying functions and activities at a higher level, as well as looking at specific processes and transactions at a lower level.

In personal recordkeeping, definition of a fixed set of functions, activities or work processes can be problematic. Indeed, as noted by Sue McKemmish in ‘Evidence of Me’, the formation of any ‘rules’ for recordkeeping personal, however generalized, may not be possible.

However by consulting with known agents in the processes and other stakeholders including the children, caregivers and advocacy groups, it may be possible to arrive at a core set of customizable processes based on common interactions between identified agents, to which more ad hoc processes may be added. For example, a child may email family members regularly. Can we link this process to a functional context? Are there a set of steps typically taken, at which the recordkeeping transaction of copying and registering the correspondence might naturally occur? Which agents are generally involved? (For example, these might include the child, the child’s relatives, other correspondents). For this work, the analysis of process, recordkeeping events and dependencies, as described in ISO TR 26122: Information and documentation — Work process analysis for records[6], an important part of any appraisal activity, is essential.

Analysis of requirements for records; assessment of risks

Requirements for records of the child’s experience will obviously derive from their personal expectations, but should also take account of regulatory and societal needs as well.

In analysing documentary sources and consulting with stakeholders, consideration should be given to all aspects of recordkeeping, including questions on access, relationships between processes and their records, usability and metadata for contextualizing and managing the records.

Requirements should be determined in consultation with the most important stakeholders; children in care and adults who were formerly in care. The determination of agreed requirements should be informed by the extent to which they will manage identified and agreed risks. A useful approach to risk assessment for recordkeeping is available in ISO Technical Report ISO 26122.[7]

A high level set of requirements for the records system(s) required already exists in the form of the SRSRC Initiative’s guiding Principles:

  • “Child/person centred – Recordkeeping and archiving respectful of, and responsive to, the preferences, needs and values of the people who experience childhood out-of-home care. Respectful and nurturing rather than bureaucratic and officious.
  • Participatory – Recognising children in out-of-home care and adult Care leavers as participatory agents not passive, captive subjects of the record.
  • Accountable and transparent – Recordkeeping and archiving frameworks, processes and systems which hold themselves to the highest standards of accountability and transparency, respectful of multiple rights in records.
  • Evidence based – Recordkeeping and archiving based on, and supportive of, evidence based decision making and action.
  • Integrated – Records and recordkeeping integrated into processes rather than being a separate paperwork or filing activity.
  • Connected and co-ordinated – Record holding organisations acting as nodes in a network rather than organisational silos.
  • Clever use of information technology – Recordkeeping and archiving systems that make the best use of digital capabilities.”

Could we perhaps regard these as the beginnings of a set of functional requirements for personal recordkeeping as proposed by McKemmish (1996)?

Other examples of requirements for records which might be identified in this case indicate the suitability of blockchain technologies as part of the overall recordkeeping solution. These could include the following:

  • Control over access to, and sharing of, the records at a personal level by the child or a guardian – not by a government or institutional actor.
  • Long term use requirements for the records, potentially by the child’s descendants or as part of a family archive.
  • Robustness against intrusion or tampering, for cases in which wrongdoing has occurred.
  • Metadata that properly contextualizes the child’s interactions with care givers, official guardian, family and others.
  • Metadata that assists in identifying and linking related records of the child’s experience to ensure the availability and usability of these over time.
  • With regard to metadata, we have a starting point in the form of standards on metadata for records such as ISO 23081, but metadata specific to the experience of the child in care and the other contexts identified earlier should also be identified.

Considering these requirements, we can see a number of ways in which blockchain technologies might serve as a useful element in the proposed recordkeeping solution. Two examples are described below.

  1. A number of projects and commercial enterprises are the building applications for identity management and personally controlled data storage utilizing blockchain technologies. These include the Enigma project at MIT[8] and the Estonia e-residency initiative[9]. Such tools could be adapted to the needs of a child in care and serve as a repository for identity data as well as a registry for personal records, linked to a distributed file storage platform such as the Inter Planetary File Systems (IPFS)[10].
  2. Smart contracts based on blockchain technologies can negotiate rights, payments and the performance of services automatically. Smart contracts could be designed to offer trustworthy exchange of value or information between the child and relatives, guardians or care givers. The robustness of the recordkeeping in this environment serve to protect the interests of the child and the other participants in the transaction. By choosing a decentralized approach the ongoing availability of the records could be more assured. Metadata should be incorporated into the recording of the exchanges that links to the immediate personal context of the child (stage of life, location, age etc), offering a richer record for future use and memory-keeping. A candidate for the development of such contracts is Ethereum[11], a public blockchain platform with programmable transaction functionality provides a decentralized virtual machine that can execute peer-to-peer contracts using a crypto asset called Ether.

Conclusions

In summary, the appraisal analyses described above would result in data being gathered on:

  • cultural technological and socio-legal contexts in which the recordkeeping takes place;
  • the agents and stakeholders involved in the ‘business’ of a child’s progress through an out of home care experience;
  • a detailed understanding of the recordkeeping needs and expectations of the prime agent, the child; and
  • a detailed set of requirements for records and their management that addresses questions of access, use and usability, metadata and retention.

This data – and the documentation of the analysis process itself – are vital to accountable and consultative decision making on the inclusion of blockchain technologies in the proposed system(s).

It is proposed that future research and experimentation is needed on the use of these technologies in the design and implementation of recordkeeping systems for specific use cases. The problem of how to provide sustainable, trustworthy systems for personally controlled recordkeeping by children in care presents a particularly powerful use case. Partnerships with developers and user experience designers will be essential to the effort to make the creation, capture and use of recordkeeping processes that rely on blockchain technologies seamless and user-friendly. Recordkeeping expertise, and in particular accountable and thorough appraisal work, will be critical for the design of a system that meets the range of needs for evidence and memory that exist in this case, and many others.

Footnotes

[1] ISO 15489-1:2016 Information and documentation —Records Management – Concepts and Principles, 3.14

[2] Iansiti, Marco; Lakhani, Karim R. (January 2017). “The Truth About Blockchain”. Harvard Business Review, Harvard University.

[3] McKemmish, S. (1996). Evidence of me. The Australian Library Journal, 45(3), 174-187

[4] Royal Commission into Institutional Reponses to Child Sexual Abuse, n.d. Retrieved from https://www.childabuseroyalcommission.gov.au/

[5] Setting the Record Straight for the Rights of the Child Initiative, n.d. Retrieved from https://rights-records.it.monash.edu/

[6] ISO/TR 26122, Information and documentation — Work process analysis for records

[7] ISO/TR 18128, Information and documentation — Risk assessment for records processes and systems

[8] Enigma, (n.d.) Retrieved from: http://www.enigma.co/

[9] Estonian e-residency (n.d.) Retrieved from: https://e-estonia.com/e-residents/about/

[10] Inter Planetary File System, (n.d.) Retrieved from: https://ipfs.io/

[11] Ethereum, (n.d.) Retrieved from: https://www.ethereum.org/

 

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s