1. Introduction
In recent years, issues related to the high crime rate and the performance of criminal organizations have been constantly making headlines around the world, where, being an emerging and important topic, mainly due to the economic and social impacts, crime prevention has increasingly become a worldwide concern.
Many of the benefits of globalization and the rise of technology in society—such as, for example, agility and ease of communication and financial movement and mobility—has created opportunities for criminal groups to flourish, diversify, expand, and organize [
1].
In a survey conducted in March 2018 [
2], 2373 senior managers from large global organizations across 19 countries found about
$1.45 trillion of total loss estimated as a result of financial criminal activities. Recent statistical studies [
3] have also pointed out that, in 2018, there were an estimated 1,206,836 violent crimes in the United States alone.
Figure 1 presents a statistical survey about the total violent crime reported in United States from 2013 to 2018 with data reported by the Federal Bureau of Investigation (FBI) and presented by Statistita.
These and several other studies point to concerns about the evolution and expansion of crime. Due to the diversity and volume of existing criminal practices, preventive, repressive (impediment of continuity), control, or punitive action by government institutions are essential to minimize social damage.
To this end, several government institutions in various countries are working to fight against crime by establishing nits or sectors that specialize in investigation and intelligence activities who act in different areas and expertise’s, such as, for example, FBI or EUROPOL, which have units specialized in combating crimes such as corruption, criminal organizations, violent crimes, white-collar crime, financial crimes, and more [
4,
5].
However, due to high crime rates, carrying out investigations and intelligence actions that prevent, suppress, or punish crime has also increased. Consequently, even with the excellent results obtained with the help of currently adopted solutions, over time the high volume of requests directed at these specialized units result in limitations and challenges regarding their treatment.
One of the reasons is because a good part of the technological resources and team with the appropriate expertise is centralized in specialized units, in which stakeholders end up forwarding a high volume of requests due to limitations of knowledge, technological or specialized expertise’s, and more. Thus, among the disadvantages usually found in centralized approaches [
6], they can also lead to needs for prioritizing requests or even defining acceptance criteria.
Therefore, there is an opportunity to adopt solutions that contribute to agile results, simplification, or optimization of processes, as well as the reduction of resources necessary to carry out operational activities. Moreover, practices that have been increasingly adopted in the market, in addition to concepts of process automation, can be used to contribute to these guidelines when using technology, systems, and data to improve the control and progress of workflows and, when possible, replacing manual activities with automated ones [
7].
However, in the case of intelligence and investigation units, there is the question that they also work with classified information and specific activities with considerable complexity [
8]. These issues generate a high concern with security and confidentiality [
9] during internal operational processes, including the generation, storage, and/or sharing of information or assets between members of the same unit or even between different units or institutions.
In the case of exposure, information leaks, or even digital assets like electronic documents that contain standards, methodologies, techniques, or strategies adopted, it can harm the performance not only of a specialized unit but also of the organization and others involved [
10].
Although current approaches aimed at process automation application and digital asset management can be used in specialized units, there are challenges regarding the location and adoption of approaches that take into account the issues and challenges inherent in the considerable complexity and specificity of the process automation application and digital asset management, as well as a concern with security. Concerning digital asset management, it is still a big challenge to provide a secure, verifiable, and traceable way to manage, store, share, and retrieve them. In some cases, due to the involvement of a trusted third party, many approaches lack trust, transparency, security, and immutability [
9].
Despite the existence of several studies that have presented different approaches related to process automation and blockchain in industrial or academic environments, to the best of our knowledge, no records of application-oriented work in the context of intelligence and investigation units were found.
For the case of adopting approaches currently used in the market or even those involving the hiring of companies that provide specialized consultancy services for either process optimization and improvement or operational activities automation that use specialized systems, there are limited or partial applications due to restricted access of existing operating procedures, workflows, and information.
Consequently, there are also challenges regarding the location and adoption of market solutions that meet the needs of these specialized units. For the case of specialized systems that aim to automate processes or operational activities, specialized units tend to develop their solutions and underutilize previously acquired market tools. This finding was presented in a survey [
11] about leading specialized agencies in the fight against organized crime in Brazil.
Motivated by this scenario, this work presents an approach that adopts concepts of process automation and blockchain to assist and guide researchers and professionals interested in studies and practices aimed at simplification and/or automation of processes in the context of intelligence and investigation units. Based on this context and due to the considerable concern with security, as well as the characteristics inherent to the context of these units, an opportunity has arisen to adopt alternative solutions aimed at the management, storage, and/or sharing of generated digital assets. After carrying out a survey with specialists from specialized units who perform an experience in an institution, our results showed evidence of the feasibility of use and suitability of the approach for the given scenario, especially regarding how it helps interested parties apply process automation and establish a deeper trust in management, storage, and/or sharing of generated digital assets.
The two significant contributions of this study are as follows:
This paper proposes an approach that helps (i) business processes analyzes; (ii) verification of processes suitable for automation; and (iii) analyzes and prioritizes classification for automation, considering simplification methods before automation, when necessary. Furthermore, the proposed method was tailored for business analysts without the need to become experts in process automation or business process management, and can be adopted as a guide to contribute to the direction of process automation application in the context of units who carry out intelligence and investigation activities.
A proposal to apply blockchain technology and cryptography as support mechanisms in the management, storage, sharing, and/or retrieval of generated digital assets. Issues related to auditability (traceability), versioning identification, authenticity, access control, non-repudiation, integrity verification, security, decentralization, and transparency are considered and discussed.
2. A Motivational Example
While considering a case of action in the fight against crimes such as corruption and money laundering, we consider a scenario of specialized units that acted or supported complex criminal investigations involved with high and complex volumes of data [
11].
Created by the Brazil’s Department of Assets Recovery and International Legal Cooperation in 2007, the Technology Laboratory Against Money Laundering (LAB-LD) performs, among its main activities, the support of complex investigations related to crimes such as money laundering and corruption [
12,
13].
As part of the Federal Laboratory Network against Money Laundering (REDELAB), there were 52 laboratories distributed across several public prosecutors, police agencies, and other intelligence and investigation organizations across Brazil in 2019. In these laboratories, activities related to the analysis of a vast amount of information collected from a variety of sources (e.g., bank accounts, emails, or telephone records of investigated people) are performed to uncover illicit assets or recover embezzled public money (among other activities), using methodologies developed by specialists and replicated for the entire network of laboratories [
12,
13].
Figure 2 presents an example of a general flow of requests forwarded to these laboratories.
In the above example, stakeholders submit requests to laboratories, wherein specialists use tools and data available from various sources, methodologies, techniques, and operational procedures to perform activities that achieve expected results. To fulfill the request and reach the expected result, one or more specialists may be involved during the performed flow of activities.
In the exemplified scenario, an opportunity arises to adopt solutions that contribute to agile results, simplification, and process optimization, as well as reducing the use of necessary resources to carry out operational activities.
During the execution of various activities inherent to these specialized units, as well as steps related to process automation application, different assets are generated and there may be a need to manage their use, storage, and/or sharing within a unit or between different units (units may be located in one or more organizations).
In this case, specialists responsible for these assets need to not only perform CRUD operations (create, read, update, and delete) on the generated assets but also have available means to perform with greater reliability: access control, auditability, versioning identification, authenticity, non-repudiation, integrity verification, and security of the generated digital assets.
Inspired by this context, in subsequent sessions, this article presents an approach to assist in the process automation application by proposing blockchain technology as a support mechanism in the management, storage, and/or sharing of generated digital assets.
This paper is organized as follows:
Section 3 outlines a brief overview of the literature and related work.
Section 4 presents the approach proposed in the study.
Section 5 presents the evaluations, results, and discussions. In
Section 6, research limitations are discussed. Finally, in
Section 7, we present conclusions.
3. Literature Review: Background and Related Work
Intelligence activities generate products that result from collecting, grouping, and analyzing data aimed at the dissemination of useful information that supports decision making for future interventions [
14]. With regard to the investigation, Osterburg et al. [
15] adds that it covers the collection of information and evidence to identify, apprehend, and convict suspected criminals.
Although they appear similar, there are some differences in several of their components, such as the objective of the final product, techniques related to data collection and analysis, the necessary skillset needed to carry out activities, orientation of the time, nature of the conclusion, how the information is disseminated, and more [
10,
14,
15]. However, in both contexts there are similar activities such as carrying out operational activities aimed at collecting, grouping, and analyzing information, as well as producing/presenting results in order to achieve a particular objective.
Although there are also activities carried out in several other contexts, in the case of intelligence and investigation units, they also work with classified information and specific and/or complex activities, with security concerns in management, storage, or sharing of generated assets [
8,
9,
10].
3.1. Process Automation
According to Weske [
16], Scheel et al. [
17] and Curtis et al. [
18], processes are composed of sequences of tasks ordered and organized with the participation of agents, resources, and tools, and are usually executed to achieve a particular objective.
With regard to automation, Goldberg [
19] and Nof [
20] mentions that it is the application of techniques and tools in a given process with the objective of making it possible to increase its efficiency and production, reducing the consumption of resources, or to reduce work or manual interferences.
In this context, process automation can be understood as the integration of technology into an organizational environment to create values and advantages such as improved efficiency or increased productivity, concepts that reduce cost and time to complete processes, standardize activities, and more [
16,
17,
18,
19,
20].
Over the years, several studies and practices have focused on the application of process automation. Concepts have been applied in the market and academy, which have been motivated by different objectives, such as contributing to greater agility of results, reduction of time, resources, and costs for carrying out operational activities [
21].
However, according to Kapp [
22], many organizations tend to initiate projects aimed at automating processes without first trying to understand them. Further, many organizations do not try to better integrate information technology within the organization. By ignoring the essential steps of understanding and simplifying, organizations have an increased risks of developing ineffective systems.
For this purpose, the adoption of an approach or strategy for the implementation of process automation can be an essential factor to contribute to a higher success rate. In this context, Groover [
21] mentions that the approach presented by Kapp [
22], the USA principle (understand, simplify, and automate), is common sense and can have its strategy applied to different types of projects aimed at process automation.
In his approach, Kapp [
22] points out that the first step of a process automation application project (i.e., understand) is to understand the current process in all its details in order to execute different methods such as walking through the process, conducting an analysis of the work breakdown structure (WBS), or fishbone analysis.
With the knowledge obtained after the execution of the first step, the next step is to look for ways to simplify the process. For example, one may check the possibility of excluding unnecessary steps, unnecessary or inefficient use of resources, or other improvements. Finally, once the process has been reduced to its simplest form, automation can be considered [
21,
22].
According to Kapp [
22], applying the USA principle to a system not only leads to higher stakeholder involvement but also contributes to an increase of acceptance and productivity by those affected by the technology.
In addition to the strategy for application in projects aimed at process automation, it is also worth mentioning the importance of identifying criteria for applying automation in processes or workflows that contribute to the identification of automation processes. In this regard, Fung [
23] pointed out nine characteristics that can be used as criteria for the application of automation, resulting from literature reviews and interviews with information technology (IT) professionals.
The characteristics cited were high transaction volume, high transaction value, frequent access to multiple systems, stable environments, limited human intervention, limited exception handling, manual IT processes prone to errors or rework, ease of decomposition of the process into well-defined processes, and a clear understanding of current manual costs [
23,
24,
25].
Leshob et al. [
26] also proposed a method that assists organizations in analyzing and classifying processes to identify those that are suitable for automation through the adoption of robotic process automation (RPA). The proposed approach aims to contribute to the analysis and classification of business processes through the adoption of six properties (i.e., level of maturity and standardization of processes, interactions with software applications, the adoption of business rules, complexity levels, and transaction volume).
According to Leshob et al. [
26], Jovanović et al. [
27] and IRPA [
28], RPA is a form of business process automation that adopts software-based robots in the performance of manual labor structured tasks, such as data manipulation, interactions, and communications with system applications. Leshob et al. [
26] added that, although RPA does not focus on the optimization or simplification of the process (i.e., traditional process automation), the approach allows for the virtual workforce to perform tedious and repetitive work.
Willcocks et al. [
29,
30,
31] recommended the use of RPA when the degree of process maturity, process standardization, transaction volume, and business rules are all high. On the other hand, Willcocks et al. [
31] found that RPA is suited better for processes with a high workload and low complexity. According to Lowes et al. [
32], the RPA approach was not necessarily relevant to a certain type of business but for standardized and repetitive processes that take significant time to form a conclusion, perform manual interactions with software applications, are focused on business rules, and perform at regular intervals [
32].
Another important issue inherent to the application of process automation is related to the technological solutions developed. Botef [
33] pointed out important issues for information systems that aim to automate processes such as security, incorporating the human factor in the software application’s stage design, the decomposition of complex problems in manageable sub-problems, the removal of irrelevant or redundant information or steps [
34], and more.
A systematic literature review carried out by Leite et al. [
35] focused on the identification, selection, grouping, and rigorous analysis of approaches (71 studies) that apply information technology to fight money laundering. They also pointed out a lack of approaches aimed at process automation application within this scenario. Having selected this type of financial crime due to its scope and economic/social impact, as well as the high complexity and volume of information, the study grouped the selected approaches into five main categories. The categories were the detection of suspicious transactions, detection of patterns or anomalies, risk analysis, applications of visual techniques and applications in security, governance, and/or control. The adopted support mechanisms were also the subject of research in which results showed a greater tendency to use algorithms or mathematical solutions such as data mining and machine learning.
Table 1 presents a brief comparison of the approach presented in this paper and studies presented in the literature with relation to characteristics regarding the analysis of business process for automation.
Security considerations in the management, storage, and/or sharing of generated digital assets were also considered due to the importance of the issue within the scenario of units that carry out or support intelligence and investigation activities.
3.2. Blockchain Technology
In 2008, Satoshi Nakamoto introduced the core technology behind Bitcoin [
36], the blockchain technology that has gained attention in both business and academic environments. With the growing interest and participation of information technology around the world, blockchain technology is considered one of the most promising technologies in our current era. In December 2018, Statista conducted a statistical survey where from 2019 to 2023, it was possible to observe a considerable increase in the size of the blockchain technology market around the world (
Figure 3).
According to Swan [
37], blockchain is defined as a distributed and decentralized network composed of peers responsible for the storage of the transactions carried out between participants in strict order in an immutable, transparent append-only ledger composed of blocks connected via cryptographic hashes [
38,
39,
40,
41].
Through blockchain technology, the idea is to allow actors to trade data or digital assets in a decentralized network made up of peers that stores these transactions in a distributed manner. During these operations, transactions and other information like asset owners are recorded on a ledger. To allow validation of the performed transactions, network nodes employ a ‘consensus mechanism’ [
42,
43].
Transactions stored on the P2P network are first validated by the nodes where, after the agreement of their legitimacy, the transactions are confirmed and stored in blocks. All new block are added to the previous chain of blocks and locked in the chain. The most recent block maintains the information about the current state of the blockchain [
44].
The content of the blocks are hashed, forming a unique block identifier stored in the current and subsequent block. Each block stores time-stamped data transactions, where through hash algorithms and public key cryptography, integrity and authenticity are guaranteed. From the deterministic and irreversible result of the hash function, it is possible to verify if the block content has been modified. As each block also stores the hash of the previous block, a link is established between them forming the blockchain. By following the hashes from the current block, the first block creates a specific blockchain, also called the genesis block [
45,
46,
47].
An illustrative example of the chain data structure of a blockchain is presented in
Figure 4.
The data (transactions) are digitally signed, broadcasted by participants, and chronologically grouped into blocks. After a new block is verified and included in the ledger, transactions cannot be included without the majority of the participants’ consensus [
48].
To maintain data consistency in a distributed ledger, consensus algorithms are used to guarantee data integrity within the existing copies in each peer of the network. For this, a consensus algorithm must be executed to reach an agreement to confirm the order of transactions that reaches an agreement on a suitable decision among nodes [
48,
49,
50].
In order to contribute to the formalization and security of relationships over a blockchain network, a smart contract may be used to automate an agreement process between parties of the decentralized network.
As first introduced by Szabo [
51], a smart contract is an application (like a digital protocol) responsible for the verification, execution, and enforcement of business rules that have been agreed by network participants. With these contracts, transactions are securely and automatically executed, which allows for more agility, transparency. and absence of conflicts in operations without having to rely on third parties. By adding functionality to blockchain, business logic and validations are included to transactions [
38,
49,
52].
With the growing interest in blockchain technologies, the application scope is extensive and can be divided into public, consortium, and private blockchains types.
Table 2 presents a general comparison on types of blockchain [
46,
47,
50,
52,
53,
54].
According to Swan [
37], with the use of blockchain technology there is the possibility of implementing processes aimed at recording data and assets, as well as storing and exchanging information on both physical and intangible assets (e.g., ideas, health data, voting results). Enabling the monitoring of the ledger by the participating organizations, creation, evolution, and monitoring of the immutable history of transactions is jointly conducted.
Different approaches were proposed in academic researches that were related to blockchain application in the context of data and digital assets management, storage, and/or sharing,
Verma et al. [
61] presented general discussions on the use of the blockchain technology, aiming to provide a solution for dynamic asset sharing among members of a consortium. The solution was focused on the creation of a logical and centralized asset management system composed of participants who followed a previously defined policy.
In order to provide authenticity and data quality (including from purchasing customers), and to provide a stable business platform for asset owners, a framework aimed at data sharing and forwarding digital assets based on blockchain technology has been proposed [
62]. In this scenario, the following were combined: decentralized storage, Ethereum blockchain, encryption, interplanetary file system (IPFS) benefits, smart contract, and incentive mechanism.
Regarding the healthcare domain, a novel drug supply chain management system implemented in Hyperledger Fabric has been proposed [
45]. The records of transactions where performed based on a blockchain to handle drug supply chain data with the objective of creating a smart healthcare ecosystem that enabled access to patient health data and medicines through smart contracts.
In concern of adopting cloud environments to allow the sharing and storage of sensitive medical data, Xia et al. [
63] proposed a permissioned blockchain based framework that made it possible to carry out the management and control of access records in a satisfactory manner.
Xuan et al. [
64] proposed a double-chain (alliance and private chain) model focused on the current Internet of Things environment that was focused on data-sharing-transaction application. In the multi-layer model, the transactions were processed by the alliance chain and were composed of participant organizations, while the storage of the transactions data were performed by the private chain deployed within each organization. An IPFS cluster server built by the alliance stores and real data from the blockchain platform.
In recent years, organizations from several sectors and industries around the word have been exploring the potential of blockchain benefits. Based on the Cambridge Centre for Alternative Finance (CCAF) dataset of 67 live enterprise blockchain networks from 25 countries deployed in production, Michel et al. [
65] pointed out that 43% of the cases are applicable to the finance and insurance sector, whereas only 6% of the cases were applicable to food, accommodation services, social assistance, and healthcare.
In previous academics research, several surveys have focused on blockchain technology with different focuses, i.e., security and privacy [
66,
67], blockchain architecture [
68], smart contracts, consensus protocols [
50,
54,
69], forms of security applications, and the Internet of Things [
46,
70,
71].
Surveys focused on the privacy and security of platforms such as Bitcoin [
36] and Ethereum [
44], as well as a systematic review of 41 papers related to blockchain that analyzed current research trends [
72]. From the review, prototype applications were identified and the adoption of blockchain in other environments such as P2P broadcast, Botnet, and the Internet of Things were also suggested.
Regarding government applications of blockchain technology, Batubara et al. [
73] performed a systematic review of current research applications, challenges, and future trends within e-Government. From the 21 published papers found, seven studies focused on general discussions of applications in e-Government, including general ideas, benefits, potential uses, and current issues. Moreover, four studies focused on healthcare, which received greater attention than education and smart cities, who had three articles each. Only two supply chains studies were found in government, business, tax, e-voting, and digital identity subjects. Results point to a lack of applications of blockchain technology in the government scenario.
In the government adoption of blockchain scenario [
74], the economy, technology, and strategic and organizational aspects were also identified. A study performed by Jun [
75] also pointed out that in 2008, about 40 countries created more than 100 blockchain projects with the aim of transforming government systems. Zhang et al. [
76] also noted that governments in the United Kingdom (UK), Europe, China, and United States of America (USA) have been showing interest in blockchain technology development by releasing white papers and technical reports. However, with regard to applications within the domain of intelligence and investigation units, there was a lack of approaches in both the industrial and academic aspects.
4. The Proposed Approach
This section discusses the proposed approach developed by the adoption of a method based on design science research (DSR). The approach considers improvement opportunities and gaps presented in some studies [
22,
23,
24,
25,
26,
27,
29,
30,
31] for the context of intelligence and investigation units.
According to Pries-Heje et al. [
77], to be able to validate research based on DSR, first the generated artifacts must be evaluated. From the results, evidence of the achievement of the desired objectives can be obtained. To enable the application of research in practice or to support the studies, validation is essential [
78]. Dresch [
79] points out that partial evaluations obtained are essential for verifying the progress of research in relation to expected objectives.
Based on the goal question metric approach [
80] for the planning of the research, the study definition contains the following parts [
81]:
Motivation: Analyze the feasibility of using the proposed approach.
Purpose: Characterize.
Object: Process for the definition of an approach to support the application of automation and blockchain in the context of intelligence and investigation units.
Perspective: Specialists from intelligence and investigation units.
Domain: Definition of a guide (proposed approach) for a specific domain application.
Scope: Unique design.
In order to identify the desired goal, the following questions were adopted: Can the use of the proposed approach be applicable in real case scenarios? Can it be performed by business analysts and helps the analysis and suitability verification for automation, potential analysis, priority classification, and simplification of internal processes in units that carry out or support intelligence and investigation activities?
Motivated from References [
22,
23,
24,
25,
26,
27,
29,
30,
31], this paper proposes an approach that helps (i) business process analysis; (ii) verifies whether the processes are suitable for automation; (iii) analyses and prioritizes automation classification and simplification methods before automation, when necessary. From the digital assets generated, a blockchain technology application is proposed as a support mechanism in the management, storage, and/or sharing of the digital assets.
4.1. Selection of the Organization and Specialists Identification
To carry out the elaboration of the approach and its evaluation, we selected a public institution in Brazil that fights against crime. Among many motivations that led to the choice of this institution, it has an intensive performance in the fight against crime and criminal organizations, including structured units that carry out or support intelligence and investigation activities and a technology laboratory for stopping money laundering.
The institution’s adherence in this study was due to the fact that the institution invested in and researched technological solutions that contribute in the fight against criminal organizations. However, the selected institution still faces difficulties in meeting the current high volume of specialized requests (e.g., generating bottlenecks and service limitations). Moreover, they and several other public institutions have limitations on financial and personnel resources.
Another important factor would be the need and importance that the institution gives with the agility to meet demands aimed at combating crime, since malicious agents have a negative impact on society.
In addition to the authors of this paper, a group of three experts who support intelligence and investigation activities at the chosen Brazilian institution was selected to participate in the elaboration of the proposed approach. For the selection of the specialists, a non-probabilistic process was adopted only considering the experts performance in technical areas related to activities of intelligence and investigation.
It is worth mentioning that the selected specialists had more than five years of experience in intelligence or investigation activities and at least seven years working on the organization. The whole process was coordinated by the authors of this work.
Table 3 shows the profile of the selected specialists.
During the elaboration stage, the experts indicated the need to not only to carry out the validation of processes suitable for automation but also to create a list or process, expressing the need to attach or adopt a solution that provides better reliability in the management, storage, or sharing of generated digital assets. The participants also validated or proposed properties adopted in the validation of eligibility of processes (e.g., suitable or not suitable for automation), classification process, and examples of questions to be adopted for extracting information during the stages of the approach.
With regard to property selection, using the criteria/properties mentioned in [
22,
23,
24,
25,
26,
27,
28,
29,
30,
31,
32], duplications were extracted and, from the properties obtained (see
Table 4), specialists selected the most promising properties within the context studied (i.e., scenario of units that carry out or support intelligence and investigation activities), taking into account the simplicity and possibility of use by business users without technical expertise’s in automation processes. Seven properties were selected as essential; the rest were made available as optional documentation for use by specialists (in case of interest) who adopted the approach.
4.2. Overall Approach
The overall approach is illustrated in
Figure 5.
After selecting the specialized unit, if there was more than one in an organization than we identified specialists, including their roles and responsibilities. Then, requests were sent to the unit, as well as expected results, are identified briefly. With a general list of existing processes in the selected unit, each process went through the classification (understanding), simplification, and automation procedure steps (when applicable).
4.2.1. Classification of Processes (Understand)
In the process classification phase, four steps/tasks are performed: the process analysis to verify what is eligible for automation; the potential analysis for automation; the calculation of the prioritization index; and the classification step. The classification helps specialists in the business area in determining the list of processes categorized by automation priority.
In the validation phase for eligibility for automation, an evaluation of the process level of maturity (property P1) and standardization (property P2) is performed. The maturity evaluation considers the environment and process stability, as well as the predictability of results. For this, two questions are adopted for use by business analysts.
Table 5 presents the list of properties and questions adopted in each activity of the first three classification process steps/tasks.
Regarding the process standardization evaluation phase, specialists are asked to perform a validation if the Curtis et al. [
18] process perspectives can be extracted (specifying them), checking to see if activities are carried out following the same (or similar) operational procedures. According to Leshob et al. [
26], when it is possible to extract perspectives [
18] clearly from the process definition, it is also possible to adopt modeling tools (e.g., business process model and notation) in the process specification [
82].
Table 6 presents four perspectives and examples of questions adopted for information extraction in the context of intelligence and investigation units.
For the evaluation of the potential weight of a business process to be automated, three properties were considered: if the process usually accesses systems or data sources (multiple or individual with frequency) (P3); if there is a possibility of decomposing a process into sub processes (P4); and if the activity performed is based on a pre-defined business rules (P5).
According to Lacity et al. [
83], processes activities can be atomic or non-atomic where, especially considering the two cases in measuring the potential for automation of a process [
26]:
Atomic activities (Case 1): To make it possible to calculate the automation potential weight for the of atomic activities, a question-based approach (questions presented in
Table 5) is adopted by the business analysts for the three properties. In case of negative answers in any of the questions for an activity of a process, the potential is 0 (i.e.,
Pot(Ap) = 0) otherwise is 1 (i.e.,
Pot(Ap) = 1).
Activities composed of sub-processes (Case 2): for activities composed by atomic activities, the potential weight, in this case, is obtained from the product of the percentage of these activities, that is, Pot(Ap) = Perc(P3) x Perc(P4) x Perc(P5). The obtained value will be between 0 and 1.
Furthermore, to calculate the priority index, we consider the transactions volume (P6) and complexity (P7). The property P6 is defined considering the average transactions performed per month by all process actors (i.e., specialists of the selected unity) divided by 30 (recommendation). For the property P7, the time it usually takes to finish the process was used [
31]. In the context of the specialized units, some processes requires less than two hours to be completed, while others may take a day or more.
Adapting the method proposed by Leshob et al. [
26], two steps (tasks) are carried out to perform this analysis. In the first, the index is calculated for each activity. In the second, the results are used to calculate the expected priority index.
Task 1: For each process activity, the properties P6 and P7 are analyzed using the scale for assigning a relevance weight (SARW) model (
Figure 6). Aiming at the quantification of the relevance for process automation based in the level of complexity and transaction volume, this model was adapted from Willcocks et al. [
31] and Lacity et al. [
83]. With this scale, specialists are able to analyze these properties where one of the available values (i.e., 0, 0.25, 0.5, 0.75, and 1) can be achieved (denoted by Pi(A)), and a scale value (low, moderate, and high) can be determined to each property.
Task 2: To calculate the priority index of the whole process (N activities), denoted as Pi(Pn), an average of the values obtained from Task 1 is calculated (the priority index will be valued between 0 and 1). Therefore:
Finally, to obtain a list of processes subject to automation in order of priority, the final step assigns a category classification to a process based on the results of step 2 (potential evaluation) and step 3 (priority index calculation).
We classified and processed a quadrant (
Figure 7) based on Leshob et al. [
26]. Four categories were adopted (A, B, C, and D) for the inclusion of processes by automation priority, i.e., processes included in category A would have priority to go through the automation procedure, followed by category B and so on. For example, given a process with the potential for automation of 0.75 (75%) and has a priority index of 0.25, it would be included in the category B process list.
4.2.2. Simplification Step (Simplify) and Automation (Automate)
With the knowledge obtained from the previous step, the simplification stage begins [
22] where the combining, eliminating, rearranging, and increasing opportunity areas may be performed.
Table 7 presents the four areas with descriptions and examples of questions that may be used to help specialists identify opportunities for simplification.
Finally, after completing the simplification process, the automation stage begins by developing technological solutions that aim to automate internal operational activities of the processes. For this, there is a greater participation of the organization’s technology team with the beginning of the solutions development process.
4.2.3. Blockchain Application
During the stages of classification (understanding), simplification, and automation (when applicable), several digital assets can be generated, i.e., models, records of internal operating procedures, standards, investigation and analysis methodologies, techniques applied in the processes, and more.
In this case, specialists responsible for these assets need to not only perform CRUD operations on the generated assets but also have available means to perform access and authentication control, auditability, versioning identification, and integrity verification of the generated digital assets with greater reliability.
Inspired in this context, in this session, application of blockchain technology is proposed as a support mechanism in the management, storage and/or sharing of generated digital assets.
Figure 8 presents a scenario where, during the execution of various activities inherent to the application of process automation, different assets are generated and there may be a need to manage their use, storage, and/or sharing.
In the proposed design, three layers were adopted. The user layer is composed of one or more front-end applications to enable users to access the system management layer, perform operations with digital assets and other management activities. Through this layer, users send transactions proposals to call backend services (e.g., CRUD operations, check log entries, or sharing digital assets) provided by the blockchain network that transforms the ongoing data between the nodes.
The system management layer is where the blockchain network is implemented and is composed of nodes responsible for the secure and efficient running of the scheme. Information about all operations is recorded in a distributed ledger where each block contain transactions that are hashed and encrypted. A sample example of the system management layer blockchain network topology is presented in
Appendix A.
In the scenario of specialized units, permissioned blockchains (private or consortium) are more appropriate because of the need to limit access to more stable and restricted environments, as well as to identify participants and their operations.
In the system management layer, smarts contracts are used by the participants for the execution of the transactions automatically and for providing controlled access to the ledger. Invoked by the applications, the smart contract takes the transactions and execute queries and updates on the ledger state, where transactions are stored in appended blocks and the update results are returned to the application. Current (world state) and historical information (logs) are stored in the ledger that are accessed by smart contracts. Adapted from Jamil et al. [
45],
Figure 9 illustrates the ledger operations using a smart contract.
Finally, the third layer composes the infrastructure responsible for the storage of the actual digital assets (off-chain storage). Regarding storage, distributed (e.g., inter-planetary file system [
62]) or centralized (e.g., cloud storage or traditional databases) approaches can be adopted depending on participant needs.
With respect to the procedures performed regarding the interaction of users (through applications) and the system management layer, the main interactions are focused on queries and updates on digital assets and user data, as well as queries in log history records. Regarding asset management, all CRUD transactions in assets are recorded in ledgers allowing users to also query the log history of these transactions for auditing purposes (traceability).
When user applications need to access ledgers and smart contracts, they need to communicate with peers.
Figure 10 presets an illustration of the interaction between user applications and peers to access the ledgers via smart contracts. Through a peer, queries and updates can be performed in the ledger by executing smart contracts which contains the information’s of transactions performed in assets.
Peers and orderers are responsible for keeping the ledger up to date on all nodes. In the illustration presented in
Figure 4, it can be seen that the user application connects to a peer through a channel and invokes the smart contract (SC) to query or update the ledger. The SC generates a proposal response that contains a query result or a ledger update. The proposed response is then received by a user application (in this point the process is completed for queries).
A proposal may contain the identity of the user, the transaction payload, a smart contract identifier, and a transaction identifier (the proposal is also signed by the user).
Regarding updates, endorsed responses are grouped into transaction proposals by the application and send to orderers responsible for the distribution of the generated blocks to participating peers. After receiving the transactions, a validation is performed by peers in order to identify whether the transactions were endorsed by the units identified as responsible according to the endorsement policy. After updating the ledger, an event is generated by the peer and received by the requesting application.
Table 8 presents information on smart contract model that can adopt operations on digital assets for the scenario of specialized units, including participant descriptions, assets, and transactions. The specialists are the system users and are linked to a specific unit, and this unit to an organization. Transactions are focused on digital assets and can be categorized (e.g., financial crimes, violent crimes, etc.), having specific subjects. Only transactions focused on assets were exemplified.
Figure 11 presents a script example of the “readDigitalAsset” transaction using the Typescript language where, from the insertion of the identifier of the digital asset as an input parameter, a verification for the existence of the asset is maid and, if found, its state is obtained and the data is returned in the JSON format.
Table 9 presents the implementation and smart contract execution environment adopted in the proposed scheme. In
Appendix B, a brief simulation of the execution of the smart contracts is presented.
With regard to user management, the information is recorded in network configuration files managed by administrators representing the participating units. The administrator’s selection is defined by the consortium (collection) of participating units and changes to configuration files must be approved by the majority. The consortium defines the set of units interested in communicating and transacting with each other.
Through the adoption of a membership identity service, user management and authentication are performed, and participants are also aware that transactions can be detected and audited, which allows them to identify network members.
Access control lists can also be used to provide additional layers of permission through specific network operation authorization. By the adoption of access control lists, it is possible to perform restrictions on operations on the network or on assets. For example, a specific user ID could be permitted to operate CRUD operations on assets but cannot perform queries in log history for auditability.
5. Evaluation, Results, and Discussions
In this section, we recount two empirical studies that were conducted to evaluate the approach proposed in this paper.
In the first study, the applicability of the approach is verified. Moreover, it is inquired if it is possible to execute business analysts with no process automation technical expertise, and if the approach helps the analysis and suitability verification for automation, potential analysis, priority classification, and simplification of internal processes in units that carry out intelligence and investigation activities. To validate these aspects, limited specialists have the appropriate knowledge to walk through the proposed approach in the context of specialized units.
The second study aims to identify evidence, through an experience of use, if the approach is applicable in real case scenarios of units that carry out or support intelligence and investigation activities.
5.1. Survey with Specialists
To conduct the first study, a survey was performed with specialists from five different specialized units that carry out or support intelligence and/or investigation activities in a public institution in Brazil, as mentioned in
Section 4.1. Based on prior methodology [
84,
85,
86,
87,
88,
89], we composed questions, validated and executed the pilot, and guaranteed the applicability of the chosen questions (
Figure 12). After the evolution of the questionnaire, the obtained version was adopted in the execution of the survey with the specialists.
Table 10 presents the adopted research questions.
The adopted form that resulted from the questionnaire’s composition and validation phase consisted of two parts: (i) profile information of the participant (i.e., personal data, academic background, experience in intelligence or investigation activities, experience with process automation, and time in the organization); and (ii) the research questions presented in
Table 10. Several documents contained an overview and instructions on how to apply the approach, including BPMN models that describes its stages, which were designed and forwarded.
The research question related to the blockchain technology (RQ9) assisted the specialists to form a better understanding of the technology. A material was also sent with general concepts, illustrative examples, and how the technology can be applied as a support mechanism in management, storage, and/or sharing of the generated digital assets. One of the researchers of this work also remained available to answer any questions about the technology and its application in the considered scenario.
Aiming at the fulfilment of the expected objectives, the questionnaire was performed by three researches, who requested improvements. The questionnaire was structured and adapted to permit specialists to answer one of the five scales [
90,
91]: strongly disagree (1), disagree (2), undecided (3), agree (4), and strongly agree (5). Specialists also had an extra field in the questionnaire for comments, whether for suggestions or disagreements.
To test the questionnaire (pilot application), the survey was performed with one specialist of each of the five selected specialized units (i.e., five specialists). From the obtained data analysis, the final version of the questionnaire was achieved, but the results of the pilot survey were not considered because two new questions (questionnaire evolution) were included, one being about the experience of the participant in process automation and another about the participant time in the organization.
After that, the survey invitation was sent to specialists of the five selected specialized units. The specialists who participated in the elaboration of the approach did not participate in the survey. After the questionnaire availability expired, the obtained results were documented in spreadsheets, which allowed for grouping and analyzing the answers.
Survey Results
Figure 13 presents the profile of the 52 specialists who participated in the survey, specifically with regard to the time they were in the organization (years) and their experience in carrying out or supporting intelligence and investigation activities (years). Regarding the academic qualifications of the participants,
Figure 14 shows the distribution of the participants by the graduation level. It should be added that, of the specialists who answered the survey, none had experience with methodologies and techniques of process automation.
Regarding the answers to the research questions,
Figure 15 shows the distribution of the participants’ answers per question. The survey showed that 96.15% of the experts who participated agreed that the approach could be performed by business analysts without process automation technical expertise (there were no disagreements, however 3.85% of the participants did not decide whether they agree or not).
Positive results (without disagreements) were also identified in the answers to RQ2 (92.31%), RQ4 (92.31%), RQ5 (98.08%), RQ6 (94.23%), RQ7 (96.15%), and RQ9 (88.46%).
Regarding the properties and techniques adopted in the potential analysis and priority index calculation of internal processes, 82.7% of the participants agreed that they were applicable and sufficient for the considered scenario. However, 7.68% disagreed and 9.62% remained undecided.
Of the four participants who disagreed, none questioned evaluation methods for automation. Concerning the calculation of the priority index, they mentioned that the complexity is not limited only to the execution time. They added that complexity, at least in the scenario in which they operate, is a characteristic that allows them to analyze the degree of difficulty in understanding and explaining a process. The number of existing activities, the number of parallel branches and the existence of loops are examples of characteristics that allow this measurement. For the case of the approach in question, the specialists recommended changing the name of the property to “execution time”. They agreed that two properties (i.e., transaction volume and time to complete the process) are sufficient for the proposed objective of the approach within of the studied context, and that allows the adoption by users that do not have technical expertise with process automation.
Another alternative recommendation is to keep the name of the property as “complexity”, but provide instructions or recommendations to interested parties regarding the consideration, not only for the process execution time but for the adoption of other metrics that allow for the identification and classification of processes regarding its complexity, such as McCabe’s cyclomatic complexity (MCC), cognitive weight and number of activities in a process (NOA) [
92,
93].
Following the recommendation of the participants, the name of the property (complexity) was maintained, but instructions/recommendations were added regarding the possibility of including new complexity measurements (in addition to the use of time to complete the process) for users with the intention to adopt the calculation. The additions were included as optional documentation because they contribute to the increase in complexity, application time, or difficulty in using the approach. The use of the time to complete the process was considered applicable and sufficient for the context studied and expected objective.
There were also disagreements regarding the common understanding of the results after carrying out the approach. Although 73.07% of participants agreed (9.62% remained undecided), 17.31% of participants found that documenting the results after executing the approach is confusing and that the documentation with instructions for use could contain illustrative examples for better understanding.
To assist in the better use of methods and techniques, as well as the application of the approach, improvements in the documentation of the instructions were included, i.e., the inclusion of practical usage examples in each step of the approach.
Together with the answers, positive considerations were also pointed out by the participants of the survey, namely that it: (i) was a useful guide to be used as a reference within the considered scenario; (ii) enables standardization, as well as better internal organization of activities within the units; (iii) contributes to the improvement and simplification of existing processes as well as an overview of the work carried out; (iv) resulting products can contribute to agile results, resource savings and better reallocation of work performed by specialists; (v) reducing the burden of requests to specialized units by making available, when possible, automated systems directly to interested parties who forward requests to these units.
Thus, from the results obtained with the survey, evidence that the approach meets the expected objectives was obtained as to applicability, use by business analysts without process automation technical expertise, and assistance with analysis and suitability verification for automation, potential analysis, priority classification, and simplification of internal processes in units that carry out intelligence and investigation activities.
5.2. Experience of Use
In order to obtain evidence of the applicability of the approach in real case scenarios, an experience of use was carried out in a Brazilian public institution that, among its attributions, also acts in the fight against crime (as mentioned in
Section 4.1).
For this experience, a technology laboratory against money laundering was selected as the specialized unit among the units that perform or support intelligence or investigation activities (decision of the institution’s senior management). After identifying the experts involved in the processes and identifying the requests and expected results, the classification (understanding), simplification, and automation stages started.
While carrying out of the experiment, the following actions were performed:
For each existing process, interviews and information collection that was inherent to the process’s activities were performed with specialists, aiming at modeling and simplification of the processes.
In order to validate if the process perspectives (
Table 6) can be extracted and defined, as well as check if the operational procedures are executed in the same way, the “walking the process” ([
22]) method was adopted. That is, an individual went through a whole process observing each activity, technique, or methodology performed, information used and participation of the specialists involved. With that, it was possible to identify opportunities for improvement, unnecessary uses of resources or poor organization of time, among other problems that were being exposed.
After storing the generated digital assets (e.g., documentation, models, operating procedures, methodologies adopted, etc.), activity performed during all stages of the approach when necessary, and selecting the processes identified as “suitable for automation”, the stages of potential evaluation and calculation of the prioritization index were initiated.
In the potential evaluation step, specialists were asked to answer the questions presented in
Table 5. With the result obtained, the calculation of the potential weights was performed as proposed in the approach presented in this paper.
To calculate the prioritization index, experts who were responsible for executing the process reported, based on a history of executed works, the average number of transactions executed per month (the reported values were divided by 30 as recommended by the proposed approach). The specialists also informed the time it usually takes to complete the process.
After the priority index calculation and analysis using the scale for assigning a relevance weight (SARW) model (as illustrated in
Figure 6), the classification of the identified processes was performed using the quadrant as illustrated in
Figure 7.
Of the processes categorized as highest likely for automation (quadrant A of
Figure 7), two processes were selected by the managers of the team of specialists to start the development procedure of information systems implemented to automate the selected processes. The adopted selection criteria were a process with one of the highest volume of requests, and another with one of the longest execution time in relation to the others in the category.
Before the selected processes’ automation, the information obtained in the process validation step for verification is suitable for automation (obtained through the “walking the process” method) if used in the simplification step. With the information, it was possible not only to reorganize some steps performed in the processes, such as the execution of efforts identified as unnecessary, but also eliminate unnecessary steps or procedures.
The first selected process involves procedures of collecting, crossing, and analyzing information, as well as applying operational procedures based on investigative techniques and methodologies. Finally, int involved generating reports that resulted from individual analysis (e.g., natural and legal persons) within criminal investigative contexts.
In the collection and crossing phase, specialists carried out data and information that they searched from various sources and organizations in which the selected institution had cooperation agreements and public databases. Cross-checking and grouping of these data were performed in order to obtain the maximum amount of information available from investigated individuals.
After that, investigative techniques and methodologies were carried out on the information collected in order to obtain evidence of suspicious behavior commonly linked to certain types of crimes. Finally, the results were organized and structured into reports.
The procedures were similar in the first and second process. However, they each worked with highly confidential sources of information such as bank statement data and activities that differed in methodologies, techniques, and results (but also with the objective obtaining evidence of criminal behaviors).
Finally, after the conclusion of the extraction and modeling of the process, the system implementation with the objective of automating the selected processes was performed. Investments were not necessary for the project’s implementation since the solutions were developed with the adoption of free tools (e.g., programming languages: PHP, Javascript and CSS; application server: Apache), and other resources already existing in the institution (e.g., SQL Server database management system, Linux application server, among others).
We decided to use web applications after discussions with the institution’s senior management team and information technology team. The decision was not only because the vast majority of the institution’s technological solutions were focused on web applications but also to enable future use of the developed solutions not only by specialized units but with interested parties who forward requests to specialized units and partner institutions that carry out similar activities.
5.3. Results and Discussions
In order to analyze the benefits reached with the execution of the experiment and the existence of evidence of the applicability of the approach in real case scenarios, we performed an analysis of data obtained before and after using the developed tools.
The criteria used in the analysis were indications of contributions that save resources (e.g., time) for carrying out operational activities, obtaining results in a more agile way (quantity of requests answered), and involving specialists in the process.
Table 11 and
Table 12 shows the comparative analysis before and after the implementation of the developed systems for the first and second process, respectively, comparing the three criteria mentioned before its implementation, with data obtained after.
It should be added that the information contained in the “Before” column was provided by the specialized sector of the institution, who reported a monthly average of the last 12 months before the implementation of the project. The information in the “After” column resulted from the verification of log history records obtained from the use of the system in the period of 12 months after the beginning of its use.
The average time presented for the fulfillment of each request after the adoption of the systems is only an average of the time that the tools took to attend each request and make available the final result (i.e., reports), time that can vary depending on the speed of the internet used by the requester and the ability of users to handle the tools.
Regarding the participation of specialists after using the systems (*), in the initial period of use, specialists still received requisitions and used the tools to attend to them. However, from the second month of use, it was decided to make the systems available directly to interested parties, where it only necessitated the use by specialists in a sporadic way.
Due to the possibility of using the tools directly by interested parties who previously requested the specialized unit, the number of requests handled increased exponentially. For the case of requests related to the second process, there were not many monthly requests, however it was selected for the experiment due to the considerable time of execution of the process. In this way, the average number identified after using the tool—which used to be 2 to 3 and changed to 16—did not appear to have considerable growth, but with the reduction of time it allowed the reallocation of specialists in other activities.
Regarding the products developed as a result of the experiment, their access was made available for use by other specialized units that carry out similar activities (including partner’s institutions). Evaluation committees awarded the system at the state [
94,
95] and national [
96] level, in recognition of the benefits and savings obtained from their adoption.
5.4. The Management, Storing, and Sharing of Generated Digital Assets: Discussions
Regarding the management, storage and/or sharing of digital assets generated during the approach, the characteristics’ inherent of blockchain technology, as well as the adoption of permissioned blockchains, cryptography, and the use of Hyperledger Fabric (as proposed in the sample topology scenario in
Appendix A), may contribute in activities related to auditability (traceability), access control, versioning identification, authenticity, non-repudiation, integrity verification, security, decentralization, and transparency.
Regarding data integrity, the tamper resistance characteristic of blockchain makes it possible to be reached. Due to consensual validation of transactions stored in the ledgers by the participants of a network (including the adoption of hash algorithms), blocks become immutable. With the immutable log of transactions, traceability of changes, auditability, and versioning identification are possible to accomplish with greater reliability [
37,
38,
39,
40,
41].
Since all transactions are signed and registered with a generated hash value in the blocks, adopting cryptography to allow more security and confidentiality is also provides integrity verification, non-repudiation analysis, and authenticity. The use of private channels and/or cryptography increase the protection from data leaks, since only specific and authorized participants can access the channel [
42,
43,
49,
59].
With the adoption of a permissioned blockchain, smart contracts and certificate authorities are identified and verified, allowing for permissioned participants to access and transact in the network. Security and access control can be achieved by the execution of the access roles written in smart contracts. [
38,
49,
51,
52].
Finally, due to the synchronization of the distributed ledger between network peers, participants have more confidence in the authenticity, transparency, and accuracy of the stored information [
48,
49,
50]. Despite the advantages with the use of blockchain technology as a support mechanism in the considered scenario, it is also necessary to comment on some issues and challenges regarding security.
According to Lin et al. [
97], the majority attack (also known as the 51% attack) is an existing concern in blockchain networks, where, in the event of possible attackers taking control of more than half of the network’s nodes, changes or inclusions may be manipulated, compromising the entire blockchain network. This kind of attack usually has more of an impact in public blockchains that are composed by unknown participants that do not trust each other.
Ways to minimize these occurrences involve greater control over the network (e.g., private permissioned blockchains) since well-established configurations, access limitations, and properly identified participants can create a design that disadvantages this type of attack. For example, given an organization that has five participants, it may contain a network configuration that determines new changes or additions approved by all participants, thus making it more difficult for an attack to occur. However, in the case of private permissioned blockchains, there is still the possibility of compromise by the network administrators.
In the scenario presented in this paper, the Hyperledger Fabric Platform was adopted. Being a framework built with focus on security, as pointed out by [
98], every element of the network must be authenticated to participate the network and, having support for confidentiality, members of the network can keep confidential data in a separate location. As all parties know, their actions are recorded on the blockchain following a policy of endorsement previously established and agreed upon by the participants. Guilty parties can be easily identified, enabling agile actions against incidents and malicious activities.
Another important concern is implementing users who access blockchain networks as exemplified in the design proposed in this research. Application vulnerabilities can contribute to flaws or gaps in network access, which is why it is also recommended to adopt the appropriate secure software coding practices. In this regard, useful directions can be found in a work described in Leite et al. [
99], where the authors map out the major vulnerabilities, risks, and proactive controls that exist in web applications.
6. Research Implications and Limitations
Despite the positive benefits obtained from the survey and the process automation application executed in an intelligence and investigation unit, some further considerations must be pointed out.
Regarding the execution of the survey, it was carried out in one institution that, among its attributions, fights against crime. In order to minimize possible bias, the survey was given to specialists from five different units who work or support intelligence and investigation activities in different areas of expertise, such as combating criminal organizations, corruption, money laundering, tax evasion, and more. A similar limitation is that the survey was given to participants in only one institution. For this case, it was decided to select two processes instead of one.
One possible threat identified in the realization of the experience of use is the participation of an author of this paper in the execution of the process. Prior knowledge of the approach and its objectives may have positively influenced the results. Although the execution and application of the approach were carried out by specialists (measure adopted in a way to reduce bias), it would have been for an unbiased third-party to conduct the approach. However, an author from this study executed and managed the project at the request of the organization’s senior management
Studies related to in-depth analysis of blockchain security issues, i.e., quantifying the security and reliability of the proposed architecture, as well as performance evaluations (e.g., throughput, latency, and use of computational resources) were not analyzed in this study. These analyses would have been a good opportunity for new lines of research and future work.
Another limitation that should be pointed out is the absence of an experience of use in a real case scenario regarding the inclusion of the application of blockchain technology as a support mechanism related to the management, storage, and/or charring of generated digital assets. Despite the fact that the proposed approach was developed based on works that also underwent experiments in real case situations, and discussions of the benefits and ways in which blockchain technology contributes to providing greater reliability in activities related to auditability and integrity verification were provided, the evaluation in real case scenarios remains a possible future work.
7. Conclusions
Concerns about the evolution and expansion of crime have been raised in several recent studies and media reports around the world. Due to the diversity and volume of existing crime practices, actions by government institutions are increasingly fundamental for the reduction of the damage caused to society.
From the established intelligence and investigative units to act in different areas of expertise in simplify and optimize processes, and reduce resources to carry out operational activities that consider characteristics inherent to the context of these units.
Motivated by this scenario, this work presented an approach that considers process automation in order to assist researchers and professionals interested in studies and practices aimed at the simplification and/or automation of processes in the context of intelligence and investigation units.
Furthermore, to analyze the feasibility of applying the approach, a survey was carried out with specialists from specialized units and an experience of use was performed at a real institution.
By analyzing the survey’s research questions, results pointed out that the approach met the expected objectives such as possible use by business analysts without process automation technical expertise, and assistance in the analysis and suitability verification for automation, potential analysis, priority classification, and simplification of internal processes. We also obtained evidence about the applicability and benefits of the approach in real case scenarios.
Results showed evidence of the feasibility of use and suitability of the approach for the given scenario, and that it helps interested parties regarding the application of process automation in the scenario of intelligence and investigative units.
Regarding the management, storage, and/or sharing of generated digital assets that expkored the main characteristics of blockchain technology, this paper presented an overview of different application trends of blockchain technology, and proposed the use of blockchain as a support mechanism.
Discussions were provided on how to use blockchain technology, along with how the use of cryptography, smart contracts, certificate authorities, and permissioned blockchains (e.g., Hyperledger Fabric) can contribute to activities related to auditability, versioning identification, authenticity, non-repudiation, integrity verification, security, decentralization, and transparency.
It should be added that the adoption of blockchain technology, as proposed in this paper, is not limited only during the application of the approach, but may extend to management, storage, and/or sharing of digital assets in daily operations of specialized units.
Finally, it is believed that this research can be a useful resource for of technological and automation approaches in the fight against crime for interested practitioners and academic researchers and will help future research trends in the field.
For future work, it is recommended that the scope of the study is expanded by applying new experiences in real case scenarios of specialized units that perform or support intelligence and investigation activities, and perform experiences on the use of blockchain technology as well as evaluations, as proposed in this paper.
Regarding the lack of approaches within the studied scenario, lines of study aimed at the analysis of security and reliability in the adoption of this technology, as well as performance analysis, are also good opportunities for future studies.