Protected Audit Trails







"You Don't Need to Trust Codel"

The Codel system makes possible, for the first time, an audit trail which is immutable (without detection). That is to say, although, technically, it remains impossible to prevent people amending an audit trail, Codel can prove, with mathematical certainty, whether or not someone has amended it.

The importance of the Protected Audit Trail can not be overstated. The corporate scandals of recent times have demonstrated the problems that arise from an inability to prove integrity. And its not only financial transactions that need to be tracked, although they tend to hog the headlines.

Either society at large, or any organisation accountable to Society must benefit from the ability to prove that an official record of events has not been tampered with since the record was made (and, preferably, is complete but that's another problem altogether). This applies not just to commercial organisations, but to all public bodies, from the Police to Politicians and from your local library to your regional Parliament.

If an organisation is honest, then it benefits from enhanced Trust. Otherwise, Society benefits by exposing fraud.

If whatever business an accountable body conducts on behalf of their community is captured to an immutable audit trail then, in the event of any dispute, they will always have the evidence to fall back on. There need be no arguments over who said what to whom. It will all be on the audit trail. Furthermore, it can remain private until and unless a dispute arises.

The irony is that, in many cases, much of the potentially useful evidence already exists; but because no steps are taken to "snapshot" it, such evidence is virtually worthless. There is little, in other words, to stop an accountable person creating documents which cover their behaviour after the event, or destroying evidence which might expose them to risk.

The essence of Codel Protection for audit trails is that it provides an unintrusive method of taking a snapshot of the audit trail in such a way that no one can cheat after the snapshot has been registered.

And we can do all this without knowing anything about - or keeping copies of - the data.

The client keeps all that to themselves. We simply receive a single hash at the end of each audit period. Any document which contributed to the hashing hierarchy which, in turn, culminated in that single hash, cannot be changed or deleted without the certainty that such changes can always be detected.

So documents, recordings, photographs etc can remain completely secret and secure within the organisation. Yet, should the organisation ever be required to account for its actions, it will be able to show, to independent investigators or auditors, that what is currently on its audit trail is precisely what it was at the time of the incident being investigated.

The implications are enormous and stretch way beyond the commercial field.

Yes, it can protect a sealed bid or provide legal evidence of a purchase or a contract; but it can also validate CCTV footage, it can provide a bulletproof alibi, it can validate an international arms inspection protocol and thus even justify (or challenge) a declaration of war.

Commercially, it provides an unprecedented level of "Proof of Integrity". As we are careful to point out here, it does not prove the validity of the content of an audit trail, only its integrity. For the first time in human history, it provides a definitive proof that an audit trail has - or, preferably, has not - been tampered with.

Both False negatives and False Positives are impossible.

The nearest equivalent to a false positive (suggesting a fraud has taken place when it has not) will be the discovery that a document has changed but that the change is trivial (like the accidental addition of an extra space somewhere in the text, or the correction of a minor spelling error).

A false negative would only be possible in the event that someone claims to have carried out an audit check and pronounced a clean bill of health when, in fact, there is a hidden fraud but they have not examined the data. As their audit itself should be monitored by the same system it will then be possible to retrace their steps and confirm (or not) their alleged findings.

In conclusion, this protocol can not make everyone honest. But it does make it much harder to be dishonest.