Distributed ledger technology (DLT), of which blockchain is a subset, has the potential to strengthen the implementation of export controls. The Stimson Center is investigating potential applications for export controls in three areas: 1) sensitive data management; 2) detection and prevention of falsified documents and valid identities; and 3) traceability of sensitive items and data.
DLT is a distributed record or “ledger” of transactions in which these transactions are stored in a permanent and inalterable way with cryptographic techniques, ensuring immediate, across-the-board transparency. Products and transactions can be traced easily as transactions are time-stamped. In a permissioned platform, the requirements of the ecosystem will determine who can participate, who can access what information and who can perform specific tasks, which is verified and controlled through “keys” which relate to digital identities.
Sensitive Data Management
One of the key features of DLT is its ability to protect data from tampering, theft and hacking. Information transferred between companies and governments, within governments, and between governments is proliferation-sensitive and must be protected from cyber-attacks and insider theft as securely as possible. Private companies and researchers also have an interest in securing this information (known as transactions in the DLT community) in order to protect their intellectual property.
Some governments have begun to develop electronic licensing systems and other advanced technological tools to facilitate the application process, to protect export control information and to manage the increasing number of documents related to validated technology transfers. DLT is considered a highly effective tool to ensure cybersecurity, maintain data integrity and protect information against theft, as any modification would be visible to everyone in the platform. Furthermore, as data is replicated across participants, hackers do not have a single point of entry nor can they access entire repositories of data if they do get in.
Electronic licensing systems typically have a front office where industry can interact with government, and a back office where government authorities manage applications and interact with each other. DLT could guarantee the integrity in this process and allow the authority to incorporate additional government databases with highly confidential information in order to better process and evaluate applications. Permits and licenses granted with specific conditions could also be issued, where further restrictions on use or re-export, or actions such as delivery verification requests or post-shipment verifications can be traced, verified and, if desirable, automatized (through smart contracts).
Proprietary information is not only exchanged between private entities and authorities. In the case of some nuclear exports, governments may exchange information through government to government assurances (GTGA). Furthermore, nuclear cooperation agreements (NCAs) have several bilateral reporting conditions which may be ideally suited for a DLT platform.
Detection and prevention of falsified documents and validation of identities
One of the main challenges faced by licensing authorities is corroborating the validity of the growing number of documents that are routinely processed and analyzed in export control applications. DLT is particularly effective to ensure data integrity and provenance, guaranteeing that digital documents, such as end-use certificates and other documentation provided in an application, have not been falsified. This would equally apply to licenses and permits issued by authorities.
DLT achieves this through the creation of hashes in which each transaction is ‘hashed’ with its own digital fingerprint, time-stamped and put on the shared ledger, which in turn is linked (hashed) to previous transactions. The combination of hashing and timestamping makes DLT systems highly tamper resistant. By timestamping a document, one can prove when and by whom a transaction was created. Hashing ensures that if anyone attempts to modify or delete information in one block, the subsequent block will reject the mediation.
DLT enables the issuance of secure certificates or digital identities, which prove who conducted a transaction (who issued a document, who conducted an inspection, who received an item). Documents attached to licensing applications on a DLT platform would be time-stamped, hashed and, therefore, impossible to forge or falsify and their provenance could always be corroborated.
Furthermore, digital identities could be assigned to authorized or pre-approved end-users in a supply chain as well as to people responsible for export control applications in private entities. Broker validation processes and certificates could also be assigned to authorized brokers to limit the diversion risks associated with such activities. Guaranteeing the validity of documents and identities would considerably improve the efficiency of export control procedures, particularly where the volume of data becomes increasingly difficult to manage such as in transit and transshipment ports.
DLT-based solutions could also be jointly developed with major exporters wishing to expedite their operations and to provide assurance to the licensing authority about their end users within the supply chain. Some collaborative efforts are underway such as TradeLens, an interconnected ecosystem of supply chain partners. 1For additional examples of DLT-based supply chain use cases see: https://www.tradefinanceglobal.com/posts/dlt-supply-chain-digitization/).
Traceability of sensitive items and data
Supply chain management and tracking the transport of certain goods across borders are some of the best use cases for DLT. DLT allows the establishment of a link between digital identities and the actual items through digital identifiers on the DLT platform. These digital identifiers trace the location of items and would be useful in auditing and verification activities. This would greatly enhance supply chain integrity; support verification of stated end uses and end users – including of intangible transfers – and reduce chain of custody concerns.
In this regard, DLT is an interesting tool to manage and protect fractional ownership, which are rights owned by various holders. In this sense, DLT can track the individual components of complexly assembled devices, which may have parts with various origins, as exemplified by a nuclear reactor. There is growing interest in public-private initiatives to develop digital infrastructure models that would further connect different actors along the supply chain in a more holistic way through a DLT platform. Such a platform would have the potential to transform the world of transportation, logistics and export controls. Digitalization of trade on DLT platforms could combine actors in trade finance, border procedures, transportation and logistics, financial services, insurance, retail distribution, Intellectual Property and government procurement, providing for a secure environment.