The potential of traceable time for compliance and data validation
By Richard Hoptroff, Founder and CTO, Hoptroff London
Data privacy regulations demand more than mere records in a database; we need data that can be trusted. The integration of a verifiable timestamp into blockchain adds a new dimension of security and traceability. Being sure that your time is correct, and being able to prove that, is vital when virtual events have physical outcomes for which someone must, now legally, take responsibility. In particular, we must get an individual’s permission to use their data, and then we can only use it in the manner for which they gave their permission. In data protection regulations like GDPR and PECR, proving that private data was used as agreed is vital.
A hash ledger can be used to make data immutable, and is much like blockchain, except that each entry is entered individually into the ledger by hashing it with the previous entry at the time it occurred using a local traceable clock. Time and place can be recorded in the ledger at regular intervals irrespective of digital events, to prove a ledger’s identity. Hash ledgers are only self-consistent, they are not identical to each other, so there is no proof of work burden.
Confidence of immutability is derived from the fact that hashing ensures that the sequence of events in a ledger cannot have happened in a different order; an entire ledger cannot be fabricated because it is interwoven with other ledgers. Real-world events, such as the inclusion of unpredictable data (e.g. news feeds) to prove “impossible before”, and the publication in indelible ledgers of record (e.g. advertising in print) to prove “impossible after”. Timestamps can confirm how personal data has been shared or used by telling us when, making traceable time a powerful tool to enforce data protection regulations like GDPR.
Traceable time in financial services:
Traceable time is already readily utilised in financial services under MIFID II regulations. In financial markets, transactions must be demonstrated to be timestamped correctly, so that the sequence of events between servers, each referencing different clocks, can be confidently proven.
With the introduction of far reaching personal data regulations, a new application from traceable time could find a home in the financial industry. Financial firms can often employ several different vendors to maintain their IT infrastructure, and data must be properly managed through every one of these entities. Any sharing of data with third parties or outside the purpose for which it was given permission risks breaching regulation. Beyond this firms must be prepared to recall all the information they hold on an individual, and even prove it has been deleted, if requested by a customer under what is known as ‘the right to be forgotten’.
When an event happens on a computer that will have an effect in the real world, it must be recorded in such a way that we can audit the data to confirm when and where the digital event happened, particularly in an industry as sensitive as financial services. It must be possible to audit the digital business world in as much detail as accountants audit the physical business world today.
Precision timing can offer an additional layer of trust and traceability to data ledgers
Precision timing can ensure that accurate timing is delivered not just to the local server clock, but all the way down to the application level in the server where autonomous systems execute autonomous decisions. By using machine learning to optimise the performance of our synchronization software by enabling it to learn the common performance characteristics within the server. The internal latency of the server can be measured and recorded between when an application calls the clock for a timestamp and the timestamp is eventually delivered. This process can provide granularity measurement to ensure that each machine action will have its own traceable unique timestamp ID. This level of accuracy creates an additional layer of trust in the records of digital events and confidence that the time stamp on those events is verifiably correct.
Timestamps can validate data and location
How do you prove where digital events happened? The answer is to turn place into time – time and space are inextricably linked. If a server tells some of its neighbours about an event, and the round-trip time of the message is measured and ledgered, we can be confident that the event happened where the server claims it did.
Developing hash ledgers that are immutable in sequence, time and place is of utmost importance. This creates document watermarks that not only guarantee the document is genuine, but also where and when it was created. This is done by providing APIs that synchronize the clocks on participating devices to Universal Time (UTC).
Watermarking time is achieved by weaving traceable timestamps generated by these APIs into the ledger. The latency signatures between the ledgers and the edge devices they are communicating with likewise allows location to be estimated by triangulation. This all works without relying on the edge device’s clock being right. We can’t trust the edge device, but we can measure and record its clock’s offset from UTC.
Accurate time-stamping and precision timing in conjunction with blockchain offer many benefits in financial services, data protection and responsible data management. The growing importance and potential of this technology should not be underestimated. Accurate timing may even bring further benefits to financial services more broadly, knowing exactly when events happened allows us to detect their likely causes by examining the events immediately prior. For instance, in financial markets the causes of flash crashes could be identified. Precision timing has a bright future, and financial services will reap the benefits of its success.”