Ensure trust with Shared Audit Trails and Blockchain Technology!

In our first article of this three-part series [1], we explored, why over 90% of carbon certificates are ineffective. It was revealed that Verra [2], a company certifying carbon offsets, allowed projects to count the same areas of forests multiple times, making the offsets worthless. This has raised concerns about the efficacy of carbon offsetting schemes and the ability of companies like Shell [3] or Rossmann [4] to make meaningful progress in reducing their carbon footprint.

In this article, we will introduce shared audit trails. An audit trail is an organized, time-stamped record of the history and information pertaining to a transaction, business process, or financial ledger. The main objective of an audit trail is to track the sequence of events and actions chronologically. A full audit trail denotes a comprehensive record of the incidents that took place during a transaction. With the timestamping of each phase of a transaction, the audit trail maintains important data regarding transactions and processes for future reference. The complexity of an audit trail can vary, from simple records with just the essential details, to very detailed records with many attributes [5].

There are many examples for audit trails from different domains. In grocery stores, the receipt is an example of a simple audit trail covering a transaction as it provides details of what was purchased, the exact time and location of the transaction. In the financial sector, the SEC and NYSE use audit trails to track improper market activities, such as when a particular entity is manipulating a stock's share price. Regulators document and analyze all trades to determine who the manipulator is and may require additional forensic accounting [6]. And in the healthcare industry an audit trail is a record that keeps track of who has accessed a patient's medical information and any changes made to it.

Shared audit trails are typically composed of two main components: the audit control system and the audit log. The audit control system is responsible for setting up the audit trail and specifying the types of events that trigger a record. The audit log is basically an event log, containing the records of events being tracked by the audit control system.

In the graphic above you see the example of a simple event log from a shipping carrier. A shipment is dropped off in the post office by the sender in Frankfurt, Germany, then transported in multiple steps through the delivery network and finally, delivered to the recipient in Paris, France. What looks seemingly simple in the tracking view of a shipment is highly complex. In particular when there are handovers between different organizations. In our example, the first part of the shipping process is controlled by the German shipping company Deutsche Post, then a hand over is performed to the French shipping company La Poste, which controls the final leg of the journey to the French recipient. If the parcel was lost during transit, it would be possible to derive from the event log, where it was lost and which party is responsible. Yet, it is not always this simple.

Trust concerns may arise during inter-organizational collaborations, particularly when it comes to non-repudiation of event occurrences. To avoid potential compensation claims from other stakeholders, organizations must be able to prove that an event took place [7].

Blockchain technology can be used to ensure non-repudiation by creating a decentralized event log [8]. This log will save the occurrence of events and related data immutably on a shared distributed ledger. The data related to the event will be hashed and submitted with a transaction to the ledger, while the raw text will be distributed off-chain to other relevant stakeholders. These stakeholders can ensure the integrity of the event by comparing the on-chain hash with the hash received off-chain.

A recent example of this trust pattern was implemented in the logistics domain. Blockchain technology was used to log SLA violations detected by IoT devices during the delivery of high-value parcels. However, the pattern is not without limitations. If an organization decides to keep the occurrence of an event concealed and not write it to the blockchain, the trust pattern will be ineffective.  In conclusion, the blockchain technology can be used to establish a shared audit trail, which provides a reliable way for organizations to ensure non-repudiation of event occurrences [9].

Our focus are carbon capture technologies, which involves capturing carbon either from the air or through the transformation of solid biomass into products rich in carbon and storing it in confinement. This process is carbon net-negative and requires multiple actors in its supply chain.

The complexity of this multi-participant supply chain makes it susceptible to breaches of integrity. It is difficult for regulation authorities to verify the correct execution of the processes. To address this, JadenX has developed Trust Trail, a tracking system for carbon capture supply chains. This system uses blockchain technology to store proofs and attestations in an immutable shared audit trail of the process.

Participants can forge false evidence, but this can be attested to by different parties in the process, making it a decentralized system of actors with an audit trail on their behavior. This provides a clear advantage over other companies that create certificates but rely on a centralized authority.

In the next article of this series, we will talk in more detail about our Trust Trail project.

Follow us on LinkedIn or directly get in touch if that topic is close to you.

References

[1] https://www.deeptechcenter.org/post/analysis-shows-over-90-of-rainforest-carbon-offsets-from-largest-certifier-are-ineffective
[2] https://verra.org/
[3] https://www.shell.com/
[4] https://www.rossmann.de/
[5] https://www.auditboard.com/blog/what-is-an-audit-trail/
[6] https://www.investopedia.com/terms/a/audittrail.asp
[7] Müller, Marcel & Ostern, Nadine & Rosemann, Michael. Silver Bullet for all Trust Issues? Blockchain-based Trust Patterns for Collaborative Business Processes. 10.13140/RG.2.2.23651.58402, 2020.
[8] Pradipta K Banerjee, Pooja Kulkarni, and Harshal S Patil. Distributed logging of application events in a blockchain, June 11 2019. US Patent 10,320,566.
[9] Marcel Müller, Sandro Rodriguez Garzon, Martin Westerkamp, and Zoltan Andras Lux. Hidals: A hybrid iot-based decentralized application for logistics and supply chain management. In 2019 IEEE 10th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON), pages 0802–0808. IEEE, 2019.