Companies from various sectors spend billions of dollars each year distributing documents in paper form, mainly through a registered post. Until recently, this was viewed as an unavoidable cost due to both regulatory and business requirements.
On the regulatory side, European payment service directives (PSD 1 and PSD 2 which regulate the rights and obligations for payment providers and users), together with the Market in Financial Instruments Directive(s) (MiFID II, which regulates investment markets), oblige firms from the financial services sector to deliver documents in the form of ‘durable medium’ that ensures data immutability, accessibility, and longevity. These directives further require that clients have independent and unrestricted access to their contractual documents for as long as the contractual relationship carries any legal implications. While those regulations deal broadly with the creation and safekeeping of data, the General Data Protection Regulation (GDPR) sets out rules for the removal of data – and the combination of both can create contradicting priorities. Countries around the world differ in the strictness of the regulations in force, but regardless of those regulations, there is no doubt that the client’s highest satisfaction, together with taking proper care of protecting their data, should be the main point of focus for all enterprises. Business requirements, on the other hand, centre around security concerns. Although, companies tend to send multimillion-dollar contracts via email, share them on public clouds, or sign them using e-signatures. Are they aware of the potential risks? To do so would at a minimum risk interception of the data travelling between servers or a bad actor signing on behalf of an unwitting counterparty. Electronic contracts could also be vulnerable to cyber attacks, privacy breaches, or holes in outdated IT systems, which could result in critical data being stolen or leaked.
Thus the tradition of paper as a durable medium and in-person signatures persists, and while this also can serve as a part of the Know Your Client (KYC) process, it is not practical in a fast-paced business environment. What companies need to go paperless is a comprehensive, easily integrated, and multifunctional trusted document management system that allows secure data storage and management and seamless client communication.
What Doesn’t Work
Publishing or sharing documents online is the most obvious and cheapest option to go paperless. Yet existing solutions do not meet regulatory requirements because they lack some of the features of the paper outlined above. Online banking, for example, doesn’t comply because while documents are dispatched through a mailbox in an online account, they are still stored on the company’s own servers and therefore could theoretically be changed at will without notice to the client. Changing those documents would violate the requirement of a durable medium.
In previous years, European regulators turned a blind eye to the inconsistencies resulting from the failure to adjust the internal policies of institutions to the existing regulations. This indulgence no longer takes place. Regulatory authorities may impose fines on companies and institutions for detected irregularities resulting from non-compliance with regulatory requirements (including KYC, Durable Medium). Such penalties have been imposed, for example, on most of the leading banks in Poland. The Polish Competition and Consumer Protection Office found irregularities in 14 institutions. During the inspection, it turned out that banks did not fulfil their obligations towards consumers, such as an appropriate form of informing the client about plans to change the terms of contracts two months in advance or presenting a legal basis to justify the increase (e.g. a provision in the contract stating that they are possible in the event of a specific increase in inflation rate).
While individual country interpretations and consequent regulations differ, according to the EU Court of Justice ruling in the BAWAG (an Austrian bank) case, sending documents by email is not a solution either. Email does not meet the active delivery requirement as, according to the judgment, for information ‘to be provided,’ the institution must use ‘active behaviour’ to draw the user’s attention to the existence of that information. Without such notification, if a client does not log into his or her email regularly, he or she may be unaware of the communication. Such information is therefore considered as ‘made available’, not actively delivered. Moreover, in many countries, for information to be considered as provided in a durable medium, proof of delivery is required (i.e. confirmation that the information was received). That’s why companies use registered posts for paper documents, which makes client communication so expensive. German banks are struggling with similar problems. The Federal Association of Consumer Organizations sued Postbank. The institution claims that certain clauses by which the bank can amend its general terms and conditions are ineffective. Many customers don’t even notice when their bank changes the fine print.
The issue of adapting to the policy related to the protection of personal data is similar. Initial reminders and orders for compensation towards clients often turned into high penalties for banks for these and other abuses (including those related to the General Data Protection Regulation – GDPR). Two leading Polish banks (PKO BP and PEKAO SA) received a total fine of approximately USD 17 million. Considering the size of the country, this is a significant amount. A financial penalty is not everything. Losses resulting from the deteriorating market reputation should also be added, for example, a decline in the company’s listing on the stock exchange. Nevertheless, sanctions, difficulties in litigation and the consequences of ‘bad PR’ can be avoided if appropriate digital mechanisms are put in place, which – against all odds – may turn out to be way cheaper and more customer-friendly, then penalty costs and paper-based and manual solutions.
A New Alternative: Blockchain
But where older technologies fall short, newer ones may succeed. Billon has developed a system called Trusted Document Management (TDM) which addresses the two most contentious regulatory points: the durable medium requirement and the GDPR. TDM ensures seamless client communication, data storage and management, as well as remote document signing and proof of delivery in a legally compliant form. How?
It all comes down to the proper use of blockchain, the technology underlying Billon’s solution. Blockchain is a type of distributed ledger (type of database) that is cryptographically secure and decentralised. Instead of relying on a central server, blockchain is distributed between a number of independent nodes. Blockchain ensures data immutability and data integrity for that which is stored on the chain. These features are a consequence of the way data is structured on blockchain, which takes the form of interconnected blocks. It all comes down to the mathematical tie (hash) that exists between all of the data, where the tie (chain) and data (blocks) connect together to form a chain of blocks (hence the name, blockchain). If only one byte of information already stored on blockchain is changed, the hash sum will not match. This mismatch will trigger the creation of a whole new block – the changed data (for example, a document) will be written into blockchain as a new, cryptographically secure version along with a time-stamp and the ID of the user who made the changes.
This means that technically, once data is written into the blockchain, it cannot be changed or deleted because the blockchain keeps all versions of it intact. This gives clients and business partners comfort that their data cannot be tampered with or altered and that in the case of a dispute, they have access to their original documents. Moreover, the blockchain is distributed between many independent nodes, with each one providing secure storage space for a copy or pieces of the ledger. Because it’s distributed, the data isn’t controlled by a single entity (for example, a bank or insurer) and cannot be unilaterally changed.
Of course, a discussion about the features and potential of blockchain wouldn’t be complete without mentioning that which has been dominating the public’s attention when it comes to blockchain: bitcoin. Bitcoin and other cryptocurrencies are a specific subgroup of blockchains that suit a niche purpose. Those blockchains have been specifically created to, among other things, keep users anonymous.
Given that absolute anonymity is rarely useful in an enterprise context, other blockchain systems, including Billon’s, are trusted networks that do not allow anonymous transactions or anonymous users to access them. Each participant in this type of system, including the client and document issuer (e.g. bank), has a securely set up identity. Once that’s validated during an onboarding process, it doesn’t have to be checked every time a transaction is made. The client confirms his or her identity by signing up to the network with special logins and keys via their application.
These features of appropriately constructed blockchain solutions, namely the ability to ensure document authenticity, prevent unauthorised document tampering and manage client identities – all that in a secure and resilient manner – are attractive for a wide variety of businesses. In particular, this is of interest to companies with large client bases who need to communicate via durable medium and for those who need to ensure data authenticity and verify a counterparty’s identity to conduct their business.
Not All Blockchain Solutions Are Created Equal
There are thousands of blockchain projects around the world, but many of them limit the use of blockchain to data authentication. To illustrate what data authentication means in this context, let’s take as an example a large financial institution that has four separate onboarding documents for new clients. The company stores its four original files in its central server and uses a cryptographic algorithm to derive four different electronic “fingerprints” (hashes) unique to each particular document and store them in a blockchain. The hashes serve as authentication: when the client receives the document, he or she downloads the hash from the blockchain and runs it against the document to verify that the document they received has not been altered. If the document has been altered, the hash won’t match, and the client will know that something has changed (though they won’t know exactly what).
This type of system ensures that the document can’t be changed without the client knowing but does not address GDPR or durable medium requirements. Furthermore, since the documents are still stored off-chain on central servers, they are vulnerable to all central repository flaws. If there was a way to store the document in its entirety on-chain along with the hash, then these concerns could be addressed.
Regulator Friendly Blockchain: On-Chain Storage Succeeds where Off-Chain Fails in the Quest to Go Paperless
Why limit storage to just a hash when the entire document could be stored on blockchain for no extra cost?
As discussed in our previous section, off-chain storage is when only a hash (a document’s electronic ID is stored on blockchain, and the document itself is stored on a central server.1 Such off-chain systems manage documents in the same way they have always been managed; central repositories. The existence of the hash allows the client to check that the document they received is the same as the one from which the hash was derived (document integrity), but the document is still subjected to all of the central repository flaws: the publisher is the sole administrator of it (and therefore the document) and so, hypothetically, could do anything with it, including deleting, changing or restricting access.
Furthermore, as the central repository is protected with only one set of credentials, it has a single point of failure and consequently a high risk of data loss or leakage. Moreover, off-chain systems cannot be considered to be durable and medium compliant (as they do not ensure data immutability, accessibility and longevity), and as we will see later on, they are also not compatible with GDPR.
The On-Chain Difference: Billon’s TDM
Blockchain can do far more than just act as a data authentication tool and can store documents on-chain. Billon’s TDM is the first enterprise blockchain system able to put documents on-chain at scale. As proven in the proof of concept (BIK—Biuro Informacji Kredytowej), it is able to publish, store and manage at least 5 million public and private (personalised) documents on blockchain a day, thus being able to satisfy the needs of major companies and institutions.
TDM on-chain architecture brings many benefits, including:
Data Integrity and Immutability: The architecture of blockchain allows for guaranteed data integrity of what is put on the chain and is often used as an authentication mechanism. On-chain storage takes this a step further by storing the document itself, not just a hash (document’s electronic ID) derived from it.
Let’s look at an example. Say a bank sends out an interest rate document to some clients on a weekly basis. Both off-chain and on-chain architecture allow the client to receive the document and validate its authenticity. However, one week the bank has to republish the document because of an error in one figure that is only relevant to a small part of their client base. Nonetheless, they must publish the new version to all clients. If the bank uses off-chain architecture, a client with the old version of the document would only see that the document they have didn’t match the hash sum; they wouldn’t know why (Old version? Tampering? Critical amendment? Something else?). But if the bank uses on-chain architecture, the client will have access to both documents and will be able to determine the differences between the two versions and what impact, if any, they would have on their business. Blockchain ensures full transparency of the data management process between the client and, in this example, the bank as all of the actions related to the document (the original, any amendments, the fact it was opened and viewed etc.) are recorded on-chain along with timestamps and user IDs. When on-chain storage is employed, no operation related to the data stored on blockchain can go unnoticed or unrecorded. There is also no risk of the loss of data.
Security: Unlike in a central repository where one key (or passcode) can unlock everything, all data stored in the blockchain structure is secured individually. TDM uses asymmetric cryptography, a form of client-side encryption, to secure personalised documents.
This form of encryption uses public-private key architecture to encrypt personalised documents onto a blockchain. The encryption module encrypts a document with a unique symmetric key, and then the key is secured by the sender’s (say a bank’s) public key and by the public key of the document’s recipient/subjects. The secured symmetric key is then written into the blockchain and connected with the dedicated user’s identity. The client accesses their documents using an application on their device (a mobile or a desktop computer), and the decryption process happens on the device. That means that the document doesn’t travel on the network in a readable form; instead, it is retrieved from the blockchain and only decrypted on the client’s device. Asymmetric encryption is the basis for client-side encryption, which is considered to be one of the most sophisticated security standards available today. It ensures that only a specific person will be able to retrieve and access the data.
Unrestricted Access and Data Longevity: Given that the blockchain itself is distributed across nodes, a blockchain with documents stored on it will have those documents stored across different nodes in a decentralised form. To keep the blockchain secure and resilient to a partial failure of the nodes, Billon’s blockchain is fitted with a multiplication mechanism. Before being dispersed in the network, the encrypted documents are automatically multiplied. If a node is lost, either temporarily or permanently, the distributed ledger reproduces itself to keep the number of secure copies intact, which ensures data security and longevity. Thus, even if, for example, all nodes belonging to the issuing party are down due to an unexpected or even intentional failure, the data will still be available to the clients thanks to Billon’s blockchain security mechanisms.
The unrestricted access requirement is not limited to availability during the life of a contractual relationship. With Billon’s TDM, a client has access to all of their contractual documents even after the relationship with a company is over. If the client decides to close their account with a bank, for example, all banking documents will still be available to them via TDM for reference should the need arise.
Check it in practice: The Polish Credit Office
The Polish Credit Office (Biuro Informacji Kredytowej – BIK), the largest credit office in the CEE, gathers, integrates and shares data on customer credit history.
Background: The Polish regulator demands that the exchange of legally binding documents between clients and the entities from the financial and insurance sector should fulfil durable medium regulations.
Problem: BIK was looking for a sectorial solution for the banking sector to replace expensive paper or CD documents distribution to end customers with a digital process, ensuring the integrity and non-repudiation of documents along with fully digital communication between banks and customers in compliance with durable medium regulations.
Solution: BIK relied on Billon’s technology to implement the BIK Blockchain Platform in order to work out an industry-wide durable medium solution pursued by the Polish Bank Association (ZBP).
Conclusions
There are many benefits to using on-chain storage, including security and immutability, which are not available in other electronic methods of communication. However, one significant requirement that hasn’t yet been discussed in the quest to go paperless is the right to be forgotten, introduced in GDPR. Despite appearances to the contrary (i.e. the immutability of data on the blockchain), on-chain architecture can also address these new European privacy rules.
Going Paperless: Addressing GDPR Concerns with Blockchain
Contrary to popular belief, the right to be forgotten and data immutability are not mutually exclusive. Billon’s Blockchain for Trusted Document Management (TDM) demonstrates how.
With data immutability and decentralisation, it seems that blockchain is intrinsically incompatible with GDPR. The new European privacy rules require companies to manage data more transparently, granting customers the right to view, change or track the use of their data. Customers may also request to have their data deleted when there is no legitimate reason to keep it (‘the right to be forgotten’).
Given these requirements, some suggest that blockchain should only be used when no personal data is involved (to avoid the problem of data immutability, a basic feature of any blockchain). Others claim that off-chain storage is a viable solution. Supposedly, when data is stored on central servers and only hashes (the electronic fingerprints or cryptographically obtained document IDs) are kept on blockchain, the problem of data immutability vanishes. But off-chain storage comes with all central server-related flaws and does not meet durable medium requirements. Moreover, such an application of blockchain can only be used for data authentication, meaning a very narrow application.
In the following part of the article, we will show that the only way multifunctional, blockchain-based trusted document management systems can address GDPR requirements is when all data is stored in a cryptographically secure way on-chain.
Blockchain and GDPR: The Same Priorities
Blockchain has a lot in common with the intent of GDPR. For example, both blockchain and GDPR are intended to devolve power back to the data subjects (customers and/or citizens). GDPR does it by imposing a series of requirements related to data collecting, processing, transfer and retention, giving data subjects knowledge of how their data is being used, stored and otherwise processed by entities they interact with. Blockchain does so through advanced cryptography and a distributed ledger system which allows a data subject to verify the authenticity of documents they receive, keep track of any changes that are made and control access to their identity.
However, blockchain and GDPR seem to clash in data immutability, which is an inherent feature of any blockchain, and ‘the right to be forgotten’ requirement mandated by GDPR. Here again the solution is to store information on-chain instead of off-chain. Only on-chain storage (both data/documents and hashes are stored on the chain) can address the durable medium requirement and GDPR at the same time. How?
It All Comes Down to Decryption Keys
As we have discussed before, blockchain stores data in an encrypted form, and so the data is only readable by the parties who have access to the correct decryption keys. How does it work?
Let’s say a client needs the bank to issue a document confirming the balance and details of his or her account. This is a personalised document (let’s say a PDF file) containing sensitive information such as the client’s address and financial data. The bank prepares a document. First, the document is time-stamped, signed with the bank’s private key, which certifies authenticity, and then encrypted with the recipient’s public key as well as a unique encryption key generated separately for every document. As a result, the document is accessible to the publishing entity (which uses the bank’s private key) and to a person being a subject of the personal data enclosed in such a document (through the use of the client’s private key). The document is processed through Billon’s publication module where it is deconstructed into blocks of bytes by a series of mathematical algorithms and subsequently dispersed on-chain across different nodes.
If a client wants to extract their document, they have to enter the blockchain and retrieve the data. By logging into the application, the client activates the decryption key stored on their device (mobile phone, for example). Using it, they can locate and retrieve fragments of the dispersed document, assemble it and extract the document’s individual decryption key. The document is only decrypted on the end user’s device.
Such mechanisms have two consequences, both very important from the GDPR point of view. First, what is actually processed in blockchain is not readable personal data but pieces of mathematically transformed information in the form of seemingly random bytes. Personal data (more specifically, the document containing it) is only accessible to a dedicated user who holds the necessary decryption keys and is only readable on their device. Second, as we already mentioned in Part II of this three-part series, the document doesn’t travel over a network in a readable form, therefore cannot be intercepted or leaked. That ensures an unprecedented level of security and addresses the GDPR requirement.
Executing ‘the right to be forgotten’
But let’s say the client closes their account and wishes their data to be no longer processed in any way by the bank – in other words, the client wants to execute their ‘right to be forgotten’. How could that be done? The answer is simple. Since the only way to extract data from the blockchain is by decryption keys, the ‘right to be forgotten’ could be executed in two steps. First, if a client wants to keep access to his contractual documents intact but wishes the bank to no longer have access to their data, the bank scrambles its copy of the document’s individual decryption key. The client’s decryption keys are kept intact so that the client has access to all their contractual data.
Secondly, if the client wishes to render the document unreadable to themselves, they can do so by scrambling their copy of the document’s individual decryption key. This has to be done for each document that the client receives, as they all are encrypted with separate keys. As the key encrypts a document, once it’s lost, it renders the data permanently unreadable. Such information is effectively lost and will never be able to be reconstituted. What’s left in the system is just bits of unreadable, mathematically transformed information, purged from the system from time to time to keep it efficient. The activity of scrambling is recorded on the blockchain’s trail, so the operation is transparent to both the client and the regulator.
Check it in practice: TAURON
How has TDM made it possible to store, share, send and sign digital documents in line with the above regulatory requirements? We recommend a case study with one of the leading energy providers in Poland.
TAURON serves over 5.6 million customers in Poland, sending out multi-page contracts with different conditions for each customer group.
TAURON – Remote Client Contracts on Blockchain
Background: TAURON, an energy provider serving over 5.6M clients, needs to send out multi-page contracts with attached T&C, different for each client group.
Problem: After the call centre records the confirmation of client terms, these contracts are compiled manually and arrive via mail on average 14 days later.
Solution: All contract documents are automatically stored in the blockchain as required by the regulator and available to customers in real-time. Billon provided a blockchain-based e-document client platform with a tamper-proof, immutable register of documents for better data management and sharing.