Next Article in Journal
An Economic Analysis of An Innovative Floating Offshore Wind Platform Built with Concrete: The SATH® Platform
Next Article in Special Issue
DASH Live Broadcast Traffic Model: A Time-Bound Delay Model for IP-Based Digital Terrestrial Broadcasting Systems
Previous Article in Journal
A Helmholtz Resonator with Spiral Neck for Analyte Concentration Measurement in Low Frequency Range
Previous Article in Special Issue
Online Mining Intrusion Patterns from IDS Alerts
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Applied Sciences
Volume 10
Issue 11
10.3390/app10113677
applsci-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles thumb_up
...
Endorse textsms
...
Comment
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Process Automation and Blockchain in Intelligence and Investigation Units: An Approach

by
Gleidson Sobreira Leite
*,
Adriano Bessa Albuquerque
and
Plácido Rogerio Pinheiro
UNIFOR, Department of Computer Science, University of Fortaleza, Fortaleza 60811-905, Ceará, Brazil
*
Author to whom correspondence should be addressed.
Appl. Sci. 2020, 10(11), 3677; https://doi.org/10.3390/app10113677
Submission received: 7 April 2020 / Revised: 3 May 2020 / Accepted: 21 May 2020 / Published: 26 May 2020
(This article belongs to the Special Issue Computational Intelligence, Soft Computing and Communication Networks for Applied Science)
Browse Figures
Versions Notes

Abstract

:
In the context of combating crime, government institutions in several countries have instituted units specialized in investigation and intelligence activities to act in different areas and expertise. However, due to the considerable complexity and specificity of these activities, as well as a significant concern with security and other related aspects, there are challenges regarding the location and adoption of approaches aimed at applying process automation in the context of these units. Motivated by this scenario, this work presents an approach that adopts concepts of process automation in order to assist researchers and professionals interested in studies and practices aimed at simplification and/or automation of processes in the context of intelligence and investigation units. Exploring the main characteristics of blockchain technology, this paper also presents an overview of different application trends of blockchain technology and proposes the use of this technology as a support mechanism in the management, storage, and sharing of generated digital assets. On the other hand, to analyze the feasibility of applying the approach, a survey was carried out with specialists from specialized units and a real case scenario experience of use was performed. Results show evidence of the feasibility of use and suitability of the approach for the given context, and that it helps interested parties regarding the application of process automation in the scenario of intelligence and investigation units.

1. Introduction

In recent years, issues related to the high crime rate and the performance of criminal organizations have been constantly making headlines around the world, where, being an emerging and important topic, mainly due to the economic and social impacts, crime prevention has increasingly become a worldwide concern.
Many of the benefits of globalization and the rise of technology in society—such as, for example, agility and ease of communication and financial movement and mobility—has created opportunities for criminal groups to flourish, diversify, expand, and organize [1].
In a survey conducted in March 2018 [2], 2373 senior managers from large global organizations across 19 countries found about $1.45 trillion of total loss estimated as a result of financial criminal activities. Recent statistical studies [3] have also pointed out that, in 2018, there were an estimated 1,206,836 violent crimes in the United States alone. Figure 1 presents a statistical survey about the total violent crime reported in United States from 2013 to 2018 with data reported by the Federal Bureau of Investigation (FBI) and presented by Statistita.
These and several other studies point to concerns about the evolution and expansion of crime. Due to the diversity and volume of existing criminal practices, preventive, repressive (impediment of continuity), control, or punitive action by government institutions are essential to minimize social damage.
To this end, several government institutions in various countries are working to fight against crime by establishing nits or sectors that specialize in investigation and intelligence activities who act in different areas and expertise’s, such as, for example, FBI or EUROPOL, which have units specialized in combating crimes such as corruption, criminal organizations, violent crimes, white-collar crime, financial crimes, and more [4,5].
However, due to high crime rates, carrying out investigations and intelligence actions that prevent, suppress, or punish crime has also increased. Consequently, even with the excellent results obtained with the help of currently adopted solutions, over time the high volume of requests directed at these specialized units result in limitations and challenges regarding their treatment.
One of the reasons is because a good part of the technological resources and team with the appropriate expertise is centralized in specialized units, in which stakeholders end up forwarding a high volume of requests due to limitations of knowledge, technological or specialized expertise’s, and more. Thus, among the disadvantages usually found in centralized approaches [6], they can also lead to needs for prioritizing requests or even defining acceptance criteria.
Therefore, there is an opportunity to adopt solutions that contribute to agile results, simplification, or optimization of processes, as well as the reduction of resources necessary to carry out operational activities. Moreover, practices that have been increasingly adopted in the market, in addition to concepts of process automation, can be used to contribute to these guidelines when using technology, systems, and data to improve the control and progress of workflows and, when possible, replacing manual activities with automated ones [7].
However, in the case of intelligence and investigation units, there is the question that they also work with classified information and specific activities with considerable complexity [8]. These issues generate a high concern with security and confidentiality [9] during internal operational processes, including the generation, storage, and/or sharing of information or assets between members of the same unit or even between different units or institutions.
In the case of exposure, information leaks, or even digital assets like electronic documents that contain standards, methodologies, techniques, or strategies adopted, it can harm the performance not only of a specialized unit but also of the organization and others involved [10].
Although current approaches aimed at process automation application and digital asset management can be used in specialized units, there are challenges regarding the location and adoption of approaches that take into account the issues and challenges inherent in the considerable complexity and specificity of the process automation application and digital asset management, as well as a concern with security. Concerning digital asset management, it is still a big challenge to provide a secure, verifiable, and traceable way to manage, store, share, and retrieve them. In some cases, due to the involvement of a trusted third party, many approaches lack trust, transparency, security, and immutability [9].
Despite the existence of several studies that have presented different approaches related to process automation and blockchain in industrial or academic environments, to the best of our knowledge, no records of application-oriented work in the context of intelligence and investigation units were found.
For the case of adopting approaches currently used in the market or even those involving the hiring of companies that provide specialized consultancy services for either process optimization and improvement or operational activities automation that use specialized systems, there are limited or partial applications due to restricted access of existing operating procedures, workflows, and information.
Consequently, there are also challenges regarding the location and adoption of market solutions that meet the needs of these specialized units. For the case of specialized systems that aim to automate processes or operational activities, specialized units tend to develop their solutions and underutilize previously acquired market tools. This finding was presented in a survey [11] about leading specialized agencies in the fight against organized crime in Brazil.
Motivated by this scenario, this work presents an approach that adopts concepts of process automation and blockchain to assist and guide researchers and professionals interested in studies and practices aimed at simplification and/or automation of processes in the context of intelligence and investigation units. Based on this context and due to the considerable concern with security, as well as the characteristics inherent to the context of these units, an opportunity has arisen to adopt alternative solutions aimed at the management, storage, and/or sharing of generated digital assets. After carrying out a survey with specialists from specialized units who perform an experience in an institution, our results showed evidence of the feasibility of use and suitability of the approach for the given scenario, especially regarding how it helps interested parties apply process automation and establish a deeper trust in management, storage, and/or sharing of generated digital assets.
The two significant contributions of this study are as follows:
  • This paper proposes an approach that helps (i) business processes analyzes; (ii) verification of processes suitable for automation; and (iii) analyzes and prioritizes classification for automation, considering simplification methods before automation, when necessary. Furthermore, the proposed method was tailored for business analysts without the need to become experts in process automation or business process management, and can be adopted as a guide to contribute to the direction of process automation application in the context of units who carry out intelligence and investigation activities.
  • A proposal to apply blockchain technology and cryptography as support mechanisms in the management, storage, sharing, and/or retrieval of generated digital assets. Issues related to auditability (traceability), versioning identification, authenticity, access control, non-repudiation, integrity verification, security, decentralization, and transparency are considered and discussed.

2. A Motivational Example

While considering a case of action in the fight against crimes such as corruption and money laundering, we consider a scenario of specialized units that acted or supported complex criminal investigations involved with high and complex volumes of data [11].
Created by the Brazil’s Department of Assets Recovery and International Legal Cooperation in 2007, the Technology Laboratory Against Money Laundering (LAB-LD) performs, among its main activities, the support of complex investigations related to crimes such as money laundering and corruption [12,13].
As part of the Federal Laboratory Network against Money Laundering (REDELAB), there were 52 laboratories distributed across several public prosecutors, police agencies, and other intelligence and investigation organizations across Brazil in 2019. In these laboratories, activities related to the analysis of a vast amount of information collected from a variety of sources (e.g., bank accounts, emails, or telephone records of investigated people) are performed to uncover illicit assets or recover embezzled public money (among other activities), using methodologies developed by specialists and replicated for the entire network of laboratories [12,13].
Figure 2 presents an example of a general flow of requests forwarded to these laboratories.
In the above example, stakeholders submit requests to laboratories, wherein specialists use tools and data available from various sources, methodologies, techniques, and operational procedures to perform activities that achieve expected results. To fulfill the request and reach the expected result, one or more specialists may be involved during the performed flow of activities.
In the exemplified scenario, an opportunity arises to adopt solutions that contribute to agile results, simplification, and process optimization, as well as reducing the use of necessary resources to carry out operational activities.
During the execution of various activities inherent to these specialized units, as well as steps related to process automation application, different assets are generated and there may be a need to manage their use, storage, and/or sharing within a unit or between different units (units may be located in one or more organizations).
In this case, specialists responsible for these assets need to not only perform CRUD operations (create, read, update, and delete) on the generated assets but also have available means to perform with greater reliability: access control, auditability, versioning identification, authenticity, non-repudiation, integrity verification, and security of the generated digital assets.
Inspired by this context, in subsequent sessions, this article presents an approach to assist in the process automation application by proposing blockchain technology as a support mechanism in the management, storage, and/or sharing of generated digital assets.
This paper is organized as follows: Section 3 outlines a brief overview of the literature and related work. Section 4 presents the approach proposed in the study. Section 5 presents the evaluations, results, and discussions. In Section 6, research limitations are discussed. Finally, in Section 7, we present conclusions.

3. Literature Review: Background and Related Work

Intelligence activities generate products that result from collecting, grouping, and analyzing data aimed at the dissemination of useful information that supports decision making for future interventions [14]. With regard to the investigation, Osterburg et al. [15] adds that it covers the collection of information and evidence to identify, apprehend, and convict suspected criminals.
Although they appear similar, there are some differences in several of their components, such as the objective of the final product, techniques related to data collection and analysis, the necessary skillset needed to carry out activities, orientation of the time, nature of the conclusion, how the information is disseminated, and more [10,14,15]. However, in both contexts there are similar activities such as carrying out operational activities aimed at collecting, grouping, and analyzing information, as well as producing/presenting results in order to achieve a particular objective.
Although there are also activities carried out in several other contexts, in the case of intelligence and investigation units, they also work with classified information and specific and/or complex activities, with security concerns in management, storage, or sharing of generated assets [8,9,10].

3.1. Process Automation

According to Weske [16], Scheel et al. [17] and Curtis et al. [18], processes are composed of sequences of tasks ordered and organized with the participation of agents, resources, and tools, and are usually executed to achieve a particular objective.
With regard to automation, Goldberg [19] and Nof [20] mentions that it is the application of techniques and tools in a given process with the objective of making it possible to increase its efficiency and production, reducing the consumption of resources, or to reduce work or manual interferences.
In this context, process automation can be understood as the integration of technology into an organizational environment to create values and advantages such as improved efficiency or increased productivity, concepts that reduce cost and time to complete processes, standardize activities, and more [16,17,18,19,20].
Over the years, several studies and practices have focused on the application of process automation. Concepts have been applied in the market and academy, which have been motivated by different objectives, such as contributing to greater agility of results, reduction of time, resources, and costs for carrying out operational activities [21].
However, according to Kapp [22], many organizations tend to initiate projects aimed at automating processes without first trying to understand them. Further, many organizations do not try to better integrate information technology within the organization. By ignoring the essential steps of understanding and simplifying, organizations have an increased risks of developing ineffective systems.
For this purpose, the adoption of an approach or strategy for the implementation of process automation can be an essential factor to contribute to a higher success rate. In this context, Groover [21] mentions that the approach presented by Kapp [22], the USA principle (understand, simplify, and automate), is common sense and can have its strategy applied to different types of projects aimed at process automation.
In his approach, Kapp [22] points out that the first step of a process automation application project (i.e., understand) is to understand the current process in all its details in order to execute different methods such as walking through the process, conducting an analysis of the work breakdown structure (WBS), or fishbone analysis.
With the knowledge obtained after the execution of the first step, the next step is to look for ways to simplify the process. For example, one may check the possibility of excluding unnecessary steps, unnecessary or inefficient use of resources, or other improvements. Finally, once the process has been reduced to its simplest form, automation can be considered [21,22].
According to Kapp [22], applying the USA principle to a system not only leads to higher stakeholder involvement but also contributes to an increase of acceptance and productivity by those affected by the technology.
In addition to the strategy for application in projects aimed at process automation, it is also worth mentioning the importance of identifying criteria for applying automation in processes or workflows that contribute to the identification of automation processes. In this regard, Fung [23] pointed out nine characteristics that can be used as criteria for the application of automation, resulting from literature reviews and interviews with information technology (IT) professionals.
The characteristics cited were high transaction volume, high transaction value, frequent access to multiple systems, stable environments, limited human intervention, limited exception handling, manual IT processes prone to errors or rework, ease of decomposition of the process into well-defined processes, and a clear understanding of current manual costs [23,24,25].
Leshob et al. [26] also proposed a method that assists organizations in analyzing and classifying processes to identify those that are suitable for automation through the adoption of robotic process automation (RPA). The proposed approach aims to contribute to the analysis and classification of business processes through the adoption of six properties (i.e., level of maturity and standardization of processes, interactions with software applications, the adoption of business rules, complexity levels, and transaction volume).
According to Leshob et al. [26], Jovanović et al. [27] and IRPA [28], RPA is a form of business process automation that adopts software-based robots in the performance of manual labor structured tasks, such as data manipulation, interactions, and communications with system applications. Leshob et al. [26] added that, although RPA does not focus on the optimization or simplification of the process (i.e., traditional process automation), the approach allows for the virtual workforce to perform tedious and repetitive work.
Willcocks et al. [29,30,31] recommended the use of RPA when the degree of process maturity, process standardization, transaction volume, and business rules are all high. On the other hand, Willcocks et al. [31] found that RPA is suited better for processes with a high workload and low complexity. According to Lowes et al. [32], the RPA approach was not necessarily relevant to a certain type of business but for standardized and repetitive processes that take significant time to form a conclusion, perform manual interactions with software applications, are focused on business rules, and perform at regular intervals [32].
Another important issue inherent to the application of process automation is related to the technological solutions developed. Botef [33] pointed out important issues for information systems that aim to automate processes such as security, incorporating the human factor in the software application’s stage design, the decomposition of complex problems in manageable sub-problems, the removal of irrelevant or redundant information or steps [34], and more.
A systematic literature review carried out by Leite et al. [35] focused on the identification, selection, grouping, and rigorous analysis of approaches (71 studies) that apply information technology to fight money laundering. They also pointed out a lack of approaches aimed at process automation application within this scenario. Having selected this type of financial crime due to its scope and economic/social impact, as well as the high complexity and volume of information, the study grouped the selected approaches into five main categories. The categories were the detection of suspicious transactions, detection of patterns or anomalies, risk analysis, applications of visual techniques and applications in security, governance, and/or control. The adopted support mechanisms were also the subject of research in which results showed a greater tendency to use algorithms or mathematical solutions such as data mining and machine learning.
Table 1 presents a brief comparison of the approach presented in this paper and studies presented in the literature with relation to characteristics regarding the analysis of business process for automation.
Security considerations in the management, storage, and/or sharing of generated digital assets were also considered due to the importance of the issue within the scenario of units that carry out or support intelligence and investigation activities.

3.2. Blockchain Technology

In 2008, Satoshi Nakamoto introduced the core technology behind Bitcoin [36], the blockchain technology that has gained attention in both business and academic environments. With the growing interest and participation of information technology around the world, blockchain technology is considered one of the most promising technologies in our current era. In December 2018, Statista conducted a statistical survey where from 2019 to 2023, it was possible to observe a considerable increase in the size of the blockchain technology market around the world (Figure 3).
According to Swan [37], blockchain is defined as a distributed and decentralized network composed of peers responsible for the storage of the transactions carried out between participants in strict order in an immutable, transparent append-only ledger composed of blocks connected via cryptographic hashes [38,39,40,41].
Through blockchain technology, the idea is to allow actors to trade data or digital assets in a decentralized network made up of peers that stores these transactions in a distributed manner. During these operations, transactions and other information like asset owners are recorded on a ledger. To allow validation of the performed transactions, network nodes employ a ‘consensus mechanism’ [42,43].
Transactions stored on the P2P network are first validated by the nodes where, after the agreement of their legitimacy, the transactions are confirmed and stored in blocks. All new block are added to the previous chain of blocks and locked in the chain. The most recent block maintains the information about the current state of the blockchain [44].
The content of the blocks are hashed, forming a unique block identifier stored in the current and subsequent block. Each block stores time-stamped data transactions, where through hash algorithms and public key cryptography, integrity and authenticity are guaranteed. From the deterministic and irreversible result of the hash function, it is possible to verify if the block content has been modified. As each block also stores the hash of the previous block, a link is established between them forming the blockchain. By following the hashes from the current block, the first block creates a specific blockchain, also called the genesis block [45,46,47].
An illustrative example of the chain data structure of a blockchain is presented in Figure 4.
The data (transactions) are digitally signed, broadcasted by participants, and chronologically grouped into blocks. After a new block is verified and included in the ledger, transactions cannot be included without the majority of the participants’ consensus [48].
To maintain data consistency in a distributed ledger, consensus algorithms are used to guarantee data integrity within the existing copies in each peer of the network. For this, a consensus algorithm must be executed to reach an agreement to confirm the order of transactions that reaches an agreement on a suitable decision among nodes [48,49,50].
In order to contribute to the formalization and security of relationships over a blockchain network, a smart contract may be used to automate an agreement process between parties of the decentralized network.
As first introduced by Szabo [51], a smart contract is an application (like a digital protocol) responsible for the verification, execution, and enforcement of business rules that have been agreed by network participants. With these contracts, transactions are securely and automatically executed, which allows for more agility, transparency. and absence of conflicts in operations without having to rely on third parties. By adding functionality to blockchain, business logic and validations are included to transactions [38,49,52].
With the growing interest in blockchain technologies, the application scope is extensive and can be divided into public, consortium, and private blockchains types. Table 2 presents a general comparison on types of blockchain [46,47,50,52,53,54].
According to Swan [37], with the use of blockchain technology there is the possibility of implementing processes aimed at recording data and assets, as well as storing and exchanging information on both physical and intangible assets (e.g., ideas, health data, voting results). Enabling the monitoring of the ledger by the participating organizations, creation, evolution, and monitoring of the immutable history of transactions is jointly conducted.
Different approaches were proposed in academic researches that were related to blockchain application in the context of data and digital assets management, storage, and/or sharing,
Verma et al. [61] presented general discussions on the use of the blockchain technology, aiming to provide a solution for dynamic asset sharing among members of a consortium. The solution was focused on the creation of a logical and centralized asset management system composed of participants who followed a previously defined policy.
In order to provide authenticity and data quality (including from purchasing customers), and to provide a stable business platform for asset owners, a framework aimed at data sharing and forwarding digital assets based on blockchain technology has been proposed [62]. In this scenario, the following were combined: decentralized storage, Ethereum blockchain, encryption, interplanetary file system (IPFS) benefits, smart contract, and incentive mechanism.
Regarding the healthcare domain, a novel drug supply chain management system implemented in Hyperledger Fabric has been proposed [45]. The records of transactions where performed based on a blockchain to handle drug supply chain data with the objective of creating a smart healthcare ecosystem that enabled access to patient health data and medicines through smart contracts.
In concern of adopting cloud environments to allow the sharing and storage of sensitive medical data, Xia et al. [63] proposed a permissioned blockchain based framework that made it possible to carry out the management and control of access records in a satisfactory manner.
Xuan et al. [64] proposed a double-chain (alliance and private chain) model focused on the current Internet of Things environment that was focused on data-sharing-transaction application. In the multi-layer model, the transactions were processed by the alliance chain and were composed of participant organizations, while the storage of the transactions data were performed by the private chain deployed within each organization. An IPFS cluster server built by the alliance stores and real data from the blockchain platform.
In recent years, organizations from several sectors and industries around the word have been exploring the potential of blockchain benefits. Based on the Cambridge Centre for Alternative Finance (CCAF) dataset of 67 live enterprise blockchain networks from 25 countries deployed in production, Michel et al. [65] pointed out that 43% of the cases are applicable to the finance and insurance sector, whereas only 6% of the cases were applicable to food, accommodation services, social assistance, and healthcare.
In previous academics research, several surveys have focused on blockchain technology with different focuses, i.e., security and privacy [66,67], blockchain architecture [68], smart contracts, consensus protocols [50,54,69], forms of security applications, and the Internet of Things [46,70,71].
Surveys focused on the privacy and security of platforms such as Bitcoin [36] and Ethereum [44], as well as a systematic review of 41 papers related to blockchain that analyzed current research trends [72]. From the review, prototype applications were identified and the adoption of blockchain in other environments such as P2P broadcast, Botnet, and the Internet of Things were also suggested.
Regarding government applications of blockchain technology, Batubara et al. [73] performed a systematic review of current research applications, challenges, and future trends within e-Government. From the 21 published papers found, seven studies focused on general discussions of applications in e-Government, including general ideas, benefits, potential uses, and current issues. Moreover, four studies focused on healthcare, which received greater attention than education and smart cities, who had three articles each. Only two supply chains studies were found in government, business, tax, e-voting, and digital identity subjects. Results point to a lack of applications of blockchain technology in the government scenario.
In the government adoption of blockchain scenario [74], the economy, technology, and strategic and organizational aspects were also identified. A study performed by Jun [75] also pointed out that in 2008, about 40 countries created more than 100 blockchain projects with the aim of transforming government systems. Zhang et al. [76] also noted that governments in the United Kingdom (UK), Europe, China, and United States of America (USA) have been showing interest in blockchain technology development by releasing white papers and technical reports. However, with regard to applications within the domain of intelligence and investigation units, there was a lack of approaches in both the industrial and academic aspects.

4. The Proposed Approach

This section discusses the proposed approach developed by the adoption of a method based on design science research (DSR). The approach considers improvement opportunities and gaps presented in some studies [22,23,24,25,26,27,29,30,31] for the context of intelligence and investigation units.
According to Pries-Heje et al. [77], to be able to validate research based on DSR, first the generated artifacts must be evaluated. From the results, evidence of the achievement of the desired objectives can be obtained. To enable the application of research in practice or to support the studies, validation is essential [78]. Dresch [79] points out that partial evaluations obtained are essential for verifying the progress of research in relation to expected objectives.
Based on the goal question metric approach [80] for the planning of the research, the study definition contains the following parts [81]:
  • Motivation: Analyze the feasibility of using the proposed approach.
  • Purpose: Characterize.
  • Object: Process for the definition of an approach to support the application of automation and blockchain in the context of intelligence and investigation units.
  • Perspective: Specialists from intelligence and investigation units.
  • Domain: Definition of a guide (proposed approach) for a specific domain application.
  • Scope: Unique design.
In order to identify the desired goal, the following questions were adopted: Can the use of the proposed approach be applicable in real case scenarios? Can it be performed by business analysts and helps the analysis and suitability verification for automation, potential analysis, priority classification, and simplification of internal processes in units that carry out or support intelligence and investigation activities?
Motivated from References [22,23,24,25,26,27,29,30,31], this paper proposes an approach that helps (i) business process analysis; (ii) verifies whether the processes are suitable for automation; (iii) analyses and prioritizes automation classification and simplification methods before automation, when necessary. From the digital assets generated, a blockchain technology application is proposed as a support mechanism in the management, storage, and/or sharing of the digital assets.

4.1. Selection of the Organization and Specialists Identification

To carry out the elaboration of the approach and its evaluation, we selected a public institution in Brazil that fights against crime. Among many motivations that led to the choice of this institution, it has an intensive performance in the fight against crime and criminal organizations, including structured units that carry out or support intelligence and investigation activities and a technology laboratory for stopping money laundering.
The institution’s adherence in this study was due to the fact that the institution invested in and researched technological solutions that contribute in the fight against criminal organizations. However, the selected institution still faces difficulties in meeting the current high volume of specialized requests (e.g., generating bottlenecks and service limitations). Moreover, they and several other public institutions have limitations on financial and personnel resources.
Another important factor would be the need and importance that the institution gives with the agility to meet demands aimed at combating crime, since malicious agents have a negative impact on society.
In addition to the authors of this paper, a group of three experts who support intelligence and investigation activities at the chosen Brazilian institution was selected to participate in the elaboration of the proposed approach. For the selection of the specialists, a non-probabilistic process was adopted only considering the experts performance in technical areas related to activities of intelligence and investigation.
It is worth mentioning that the selected specialists had more than five years of experience in intelligence or investigation activities and at least seven years working on the organization. The whole process was coordinated by the authors of this work. Table 3 shows the profile of the selected specialists.
During the elaboration stage, the experts indicated the need to not only to carry out the validation of processes suitable for automation but also to create a list or process, expressing the need to attach or adopt a solution that provides better reliability in the management, storage, or sharing of generated digital assets. The participants also validated or proposed properties adopted in the validation of eligibility of processes (e.g., suitable or not suitable for automation), classification process, and examples of questions to be adopted for extracting information during the stages of the approach.
With regard to property selection, using the criteria/properties mentioned in [22,23,24,25,26,27,28,29,30,31,32], duplications were extracted and, from the properties obtained (see Table 4), specialists selected the most promising properties within the context studied (i.e., scenario of units that carry out or support intelligence and investigation activities), taking into account the simplicity and possibility of use by business users without technical expertise’s in automation processes. Seven properties were selected as essential; the rest were made available as optional documentation for use by specialists (in case of interest) who adopted the approach.

4.2. Overall Approach

The overall approach is illustrated in Figure 5.
After selecting the specialized unit, if there was more than one in an organization than we identified specialists, including their roles and responsibilities. Then, requests were sent to the unit, as well as expected results, are identified briefly. With a general list of existing processes in the selected unit, each process went through the classification (understanding), simplification, and automation procedure steps (when applicable).

4.2.1. Classification of Processes (Understand)

In the process classification phase, four steps/tasks are performed: the process analysis to verify what is eligible for automation; the potential analysis for automation; the calculation of the prioritization index; and the classification step. The classification helps specialists in the business area in determining the list of processes categorized by automation priority.
In the validation phase for eligibility for automation, an evaluation of the process level of maturity (property P1) and standardization (property P2) is performed. The maturity evaluation considers the environment and process stability, as well as the predictability of results. For this, two questions are adopted for use by business analysts. Table 5 presents the list of properties and questions adopted in each activity of the first three classification process steps/tasks.
Regarding the process standardization evaluation phase, specialists are asked to perform a validation if the Curtis et al. [18] process perspectives can be extracted (specifying them), checking to see if activities are carried out following the same (or similar) operational procedures. According to Leshob et al. [26], when it is possible to extract perspectives [18] clearly from the process definition, it is also possible to adopt modeling tools (e.g., business process model and notation) in the process specification [82]. Table 6 presents four perspectives and examples of questions adopted for information extraction in the context of intelligence and investigation units.
For the evaluation of the potential weight of a business process to be automated, three properties were considered: if the process usually accesses systems or data sources (multiple or individual with frequency) (P3); if there is a possibility of decomposing a process into sub processes (P4); and if the activity performed is based on a pre-defined business rules (P5).
According to Lacity et al. [83], processes activities can be atomic or non-atomic where, especially considering the two cases in measuring the potential for automation of a process [26]:
  • Atomic activities (Case 1): To make it possible to calculate the automation potential weight for the of atomic activities, a question-based approach (questions presented in Table 5) is adopted by the business analysts for the three properties. In case of negative answers in any of the questions for an activity of a process, the potential is 0 (i.e., Pot(Ap) = 0) otherwise is 1 (i.e., Pot(Ap) = 1).
  • Activities composed of sub-processes (Case 2): for activities composed by atomic activities, the potential weight, in this case, is obtained from the product of the percentage of these activities, that is, Pot(Ap) = Perc(P3) x Perc(P4) x Perc(P5). The obtained value will be between 0 and 1.
Furthermore, to calculate the priority index, we consider the transactions volume (P6) and complexity (P7). The property P6 is defined considering the average transactions performed per month by all process actors (i.e., specialists of the selected unity) divided by 30 (recommendation). For the property P7, the time it usually takes to finish the process was used [31]. In the context of the specialized units, some processes requires less than two hours to be completed, while others may take a day or more.
Adapting the method proposed by Leshob et al. [26], two steps (tasks) are carried out to perform this analysis. In the first, the index is calculated for each activity. In the second, the results are used to calculate the expected priority index.
  • Task 1: For each process activity, the properties P6 and P7 are analyzed using the scale for assigning a relevance weight (SARW) model (Figure 6). Aiming at the quantification of the relevance for process automation based in the level of complexity and transaction volume, this model was adapted from Willcocks et al. [31] and Lacity et al. [83]. With this scale, specialists are able to analyze these properties where one of the available values (i.e., 0, 0.25, 0.5, 0.75, and 1) can be achieved (denoted by Pi(A)), and a scale value (low, moderate, and high) can be determined to each property.
  • Task 2: To calculate the priority index of the whole process (N activities), denoted as Pi(Pn), an average of the values obtained from Task 1 is calculated (the priority index will be valued between 0 and 1). Therefore:
P i ( P n ) = i = 1 N P i ( A i ) n
Finally, to obtain a list of processes subject to automation in order of priority, the final step assigns a category classification to a process based on the results of step 2 (potential evaluation) and step 3 (priority index calculation).
We classified and processed a quadrant (Figure 7) based on Leshob et al. [26]. Four categories were adopted (A, B, C, and D) for the inclusion of processes by automation priority, i.e., processes included in category A would have priority to go through the automation procedure, followed by category B and so on. For example, given a process with the potential for automation of 0.75 (75%) and has a priority index of 0.25, it would be included in the category B process list.

4.2.2. Simplification Step (Simplify) and Automation (Automate)

With the knowledge obtained from the previous step, the simplification stage begins [22] where the combining, eliminating, rearranging, and increasing opportunity areas may be performed. Table 7 presents the four areas with descriptions and examples of questions that may be used to help specialists identify opportunities for simplification.
Finally, after completing the simplification process, the automation stage begins by developing technological solutions that aim to automate internal operational activities of the processes. For this, there is a greater participation of the organization’s technology team with the beginning of the solutions development process.

4.2.3. Blockchain Application

During the stages of classification (understanding), simplification, and automation (when applicable), several digital assets can be generated, i.e., models, records of internal operating procedures, standards, investigation and analysis methodologies, techniques applied in the processes, and more.
In this case, specialists responsible for these assets need to not only perform CRUD operations on the generated assets but also have available means to perform access and authentication control, auditability, versioning identification, and integrity verification of the generated digital assets with greater reliability.
Inspired in this context, in this session, application of blockchain technology is proposed as a support mechanism in the management, storage and/or sharing of generated digital assets.
Figure 8 presents a scenario where, during the execution of various activities inherent to the application of process automation, different assets are generated and there may be a need to manage their use, storage, and/or sharing.
In the proposed design, three layers were adopted. The user layer is composed of one or more front-end applications to enable users to access the system management layer, perform operations with digital assets and other management activities. Through this layer, users send transactions proposals to call backend services (e.g., CRUD operations, check log entries, or sharing digital assets) provided by the blockchain network that transforms the ongoing data between the nodes.
The system management layer is where the blockchain network is implemented and is composed of nodes responsible for the secure and efficient running of the scheme. Information about all operations is recorded in a distributed ledger where each block contain transactions that are hashed and encrypted. A sample example of the system management layer blockchain network topology is presented in Appendix A.
In the scenario of specialized units, permissioned blockchains (private or consortium) are more appropriate because of the need to limit access to more stable and restricted environments, as well as to identify participants and their operations.
In the system management layer, smarts contracts are used by the participants for the execution of the transactions automatically and for providing controlled access to the ledger. Invoked by the applications, the smart contract takes the transactions and execute queries and updates on the ledger state, where transactions are stored in appended blocks and the update results are returned to the application. Current (world state) and historical information (logs) are stored in the ledger that are accessed by smart contracts. Adapted from Jamil et al. [45], Figure 9 illustrates the ledger operations using a smart contract.
Finally, the third layer composes the infrastructure responsible for the storage of the actual digital assets (off-chain storage). Regarding storage, distributed (e.g., inter-planetary file system [62]) or centralized (e.g., cloud storage or traditional databases) approaches can be adopted depending on participant needs.
With respect to the procedures performed regarding the interaction of users (through applications) and the system management layer, the main interactions are focused on queries and updates on digital assets and user data, as well as queries in log history records. Regarding asset management, all CRUD transactions in assets are recorded in ledgers allowing users to also query the log history of these transactions for auditing purposes (traceability).
When user applications need to access ledgers and smart contracts, they need to communicate with peers. Figure 10 presets an illustration of the interaction between user applications and peers to access the ledgers via smart contracts. Through a peer, queries and updates can be performed in the ledger by executing smart contracts which contains the information’s of transactions performed in assets.
Peers and orderers are responsible for keeping the ledger up to date on all nodes. In the illustration presented in Figure 4, it can be seen that the user application connects to a peer through a channel and invokes the smart contract (SC) to query or update the ledger. The SC generates a proposal response that contains a query result or a ledger update. The proposed response is then received by a user application (in this point the process is completed for queries).
A proposal may contain the identity of the user, the transaction payload, a smart contract identifier, and a transaction identifier (the proposal is also signed by the user).
Regarding updates, endorsed responses are grouped into transaction proposals by the application and send to orderers responsible for the distribution of the generated blocks to participating peers. After receiving the transactions, a validation is performed by peers in order to identify whether the transactions were endorsed by the units identified as responsible according to the endorsement policy. After updating the ledger, an event is generated by the peer and received by the requesting application.
Table 8 presents information on smart contract model that can adopt operations on digital assets for the scenario of specialized units, including participant descriptions, assets, and transactions. The specialists are the system users and are linked to a specific unit, and this unit to an organization. Transactions are focused on digital assets and can be categorized (e.g., financial crimes, violent crimes, etc.), having specific subjects. Only transactions focused on assets were exemplified.
Figure 11 presents a script example of the “readDigitalAsset” transaction using the Typescript language where, from the insertion of the identifier of the digital asset as an input parameter, a verification for the existence of the asset is maid and, if found, its state is obtained and the data is returned in the JSON format.
Table 9 presents the implementation and smart contract execution environment adopted in the proposed scheme. In Appendix B, a brief simulation of the execution of the smart contracts is presented.
With regard to user management, the information is recorded in network configuration files managed by administrators representing the participating units. The administrator’s selection is defined by the consortium (collection) of participating units and changes to configuration files must be approved by the majority. The consortium defines the set of units interested in communicating and transacting with each other.
Through the adoption of a membership identity service, user management and authentication are performed, and participants are also aware that transactions can be detected and audited, which allows them to identify network members.
Access control lists can also be used to provide additional layers of permission through specific network operation authorization. By the adoption of access control lists, it is possible to perform restrictions on operations on the network or on assets. For example, a specific user ID could be permitted to operate CRUD operations on assets but cannot perform queries in log history for auditability.

5. Evaluation, Results, and Discussions

In this section, we recount two empirical studies that were conducted to evaluate the approach proposed in this paper.
In the first study, the applicability of the approach is verified. Moreover, it is inquired if it is possible to execute business analysts with no process automation technical expertise, and if the approach helps the analysis and suitability verification for automation, potential analysis, priority classification, and simplification of internal processes in units that carry out intelligence and investigation activities. To validate these aspects, limited specialists have the appropriate knowledge to walk through the proposed approach in the context of specialized units.
The second study aims to identify evidence, through an experience of use, if the approach is applicable in real case scenarios of units that carry out or support intelligence and investigation activities.

5.1. Survey with Specialists

To conduct the first study, a survey was performed with specialists from five different specialized units that carry out or support intelligence and/or investigation activities in a public institution in Brazil, as mentioned in Section 4.1. Based on prior methodology [84,85,86,87,88,89], we composed questions, validated and executed the pilot, and guaranteed the applicability of the chosen questions (Figure 12). After the evolution of the questionnaire, the obtained version was adopted in the execution of the survey with the specialists. Table 10 presents the adopted research questions.
The adopted form that resulted from the questionnaire’s composition and validation phase consisted of two parts: (i) profile information of the participant (i.e., personal data, academic background, experience in intelligence or investigation activities, experience with process automation, and time in the organization); and (ii) the research questions presented in Table 10. Several documents contained an overview and instructions on how to apply the approach, including BPMN models that describes its stages, which were designed and forwarded.
The research question related to the blockchain technology (RQ9) assisted the specialists to form a better understanding of the technology. A material was also sent with general concepts, illustrative examples, and how the technology can be applied as a support mechanism in management, storage, and/or sharing of the generated digital assets. One of the researchers of this work also remained available to answer any questions about the technology and its application in the considered scenario.
Aiming at the fulfilment of the expected objectives, the questionnaire was performed by three researches, who requested improvements. The questionnaire was structured and adapted to permit specialists to answer one of the five scales [90,91]: strongly disagree (1), disagree (2), undecided (3), agree (4), and strongly agree (5). Specialists also had an extra field in the questionnaire for comments, whether for suggestions or disagreements.
To test the questionnaire (pilot application), the survey was performed with one specialist of each of the five selected specialized units (i.e., five specialists). From the obtained data analysis, the final version of the questionnaire was achieved, but the results of the pilot survey were not considered because two new questions (questionnaire evolution) were included, one being about the experience of the participant in process automation and another about the participant time in the organization.
After that, the survey invitation was sent to specialists of the five selected specialized units. The specialists who participated in the elaboration of the approach did not participate in the survey. After the questionnaire availability expired, the obtained results were documented in spreadsheets, which allowed for grouping and analyzing the answers.

Survey Results

Figure 13 presents the profile of the 52 specialists who participated in the survey, specifically with regard to the time they were in the organization (years) and their experience in carrying out or supporting intelligence and investigation activities (years). Regarding the academic qualifications of the participants, Figure 14 shows the distribution of the participants by the graduation level. It should be added that, of the specialists who answered the survey, none had experience with methodologies and techniques of process automation.
Regarding the answers to the research questions, Figure 15 shows the distribution of the participants’ answers per question. The survey showed that 96.15% of the experts who participated agreed that the approach could be performed by business analysts without process automation technical expertise (there were no disagreements, however 3.85% of the participants did not decide whether they agree or not).
Positive results (without disagreements) were also identified in the answers to RQ2 (92.31%), RQ4 (92.31%), RQ5 (98.08%), RQ6 (94.23%), RQ7 (96.15%), and RQ9 (88.46%).
Regarding the properties and techniques adopted in the potential analysis and priority index calculation of internal processes, 82.7% of the participants agreed that they were applicable and sufficient for the considered scenario. However, 7.68% disagreed and 9.62% remained undecided.
Of the four participants who disagreed, none questioned evaluation methods for automation. Concerning the calculation of the priority index, they mentioned that the complexity is not limited only to the execution time. They added that complexity, at least in the scenario in which they operate, is a characteristic that allows them to analyze the degree of difficulty in understanding and explaining a process. The number of existing activities, the number of parallel branches and the existence of loops are examples of characteristics that allow this measurement. For the case of the approach in question, the specialists recommended changing the name of the property to “execution time”. They agreed that two properties (i.e., transaction volume and time to complete the process) are sufficient for the proposed objective of the approach within of the studied context, and that allows the adoption by users that do not have technical expertise with process automation.
Another alternative recommendation is to keep the name of the property as “complexity”, but provide instructions or recommendations to interested parties regarding the consideration, not only for the process execution time but for the adoption of other metrics that allow for the identification and classification of processes regarding its complexity, such as McCabe’s cyclomatic complexity (MCC), cognitive weight and number of activities in a process (NOA) [92,93].
Following the recommendation of the participants, the name of the property (complexity) was maintained, but instructions/recommendations were added regarding the possibility of including new complexity measurements (in addition to the use of time to complete the process) for users with the intention to adopt the calculation. The additions were included as optional documentation because they contribute to the increase in complexity, application time, or difficulty in using the approach. The use of the time to complete the process was considered applicable and sufficient for the context studied and expected objective.
There were also disagreements regarding the common understanding of the results after carrying out the approach. Although 73.07% of participants agreed (9.62% remained undecided), 17.31% of participants found that documenting the results after executing the approach is confusing and that the documentation with instructions for use could contain illustrative examples for better understanding.
To assist in the better use of methods and techniques, as well as the application of the approach, improvements in the documentation of the instructions were included, i.e., the inclusion of practical usage examples in each step of the approach.
Together with the answers, positive considerations were also pointed out by the participants of the survey, namely that it: (i) was a useful guide to be used as a reference within the considered scenario; (ii) enables standardization, as well as better internal organization of activities within the units; (iii) contributes to the improvement and simplification of existing processes as well as an overview of the work carried out; (iv) resulting products can contribute to agile results, resource savings and better reallocation of work performed by specialists; (v) reducing the burden of requests to specialized units by making available, when possible, automated systems directly to interested parties who forward requests to these units.
Thus, from the results obtained with the survey, evidence that the approach meets the expected objectives was obtained as to applicability, use by business analysts without process automation technical expertise, and assistance with analysis and suitability verification for automation, potential analysis, priority classification, and simplification of internal processes in units that carry out intelligence and investigation activities.

5.2. Experience of Use

In order to obtain evidence of the applicability of the approach in real case scenarios, an experience of use was carried out in a Brazilian public institution that, among its attributions, also acts in the fight against crime (as mentioned in Section 4.1).
For this experience, a technology laboratory against money laundering was selected as the specialized unit among the units that perform or support intelligence or investigation activities (decision of the institution’s senior management). After identifying the experts involved in the processes and identifying the requests and expected results, the classification (understanding), simplification, and automation stages started.
While carrying out of the experiment, the following actions were performed:
  • For each existing process, interviews and information collection that was inherent to the process’s activities were performed with specialists, aiming at modeling and simplification of the processes.
  • In order to validate if the process perspectives (Table 6) can be extracted and defined, as well as check if the operational procedures are executed in the same way, the “walking the process” ([22]) method was adopted. That is, an individual went through a whole process observing each activity, technique, or methodology performed, information used and participation of the specialists involved. With that, it was possible to identify opportunities for improvement, unnecessary uses of resources or poor organization of time, among other problems that were being exposed.
  • After storing the generated digital assets (e.g., documentation, models, operating procedures, methodologies adopted, etc.), activity performed during all stages of the approach when necessary, and selecting the processes identified as “suitable for automation”, the stages of potential evaluation and calculation of the prioritization index were initiated.
  • In the potential evaluation step, specialists were asked to answer the questions presented in Table 5. With the result obtained, the calculation of the potential weights was performed as proposed in the approach presented in this paper.
  • To calculate the prioritization index, experts who were responsible for executing the process reported, based on a history of executed works, the average number of transactions executed per month (the reported values were divided by 30 as recommended by the proposed approach). The specialists also informed the time it usually takes to complete the process.
  • After the priority index calculation and analysis using the scale for assigning a relevance weight (SARW) model (as illustrated in Figure 6), the classification of the identified processes was performed using the quadrant as illustrated in Figure 7.
  • Of the processes categorized as highest likely for automation (quadrant A of Figure 7), two processes were selected by the managers of the team of specialists to start the development procedure of information systems implemented to automate the selected processes. The adopted selection criteria were a process with one of the highest volume of requests, and another with one of the longest execution time in relation to the others in the category.
  • Before the selected processes’ automation, the information obtained in the process validation step for verification is suitable for automation (obtained through the “walking the process” method) if used in the simplification step. With the information, it was possible not only to reorganize some steps performed in the processes, such as the execution of efforts identified as unnecessary, but also eliminate unnecessary steps or procedures.
The first selected process involves procedures of collecting, crossing, and analyzing information, as well as applying operational procedures based on investigative techniques and methodologies. Finally, int involved generating reports that resulted from individual analysis (e.g., natural and legal persons) within criminal investigative contexts.
In the collection and crossing phase, specialists carried out data and information that they searched from various sources and organizations in which the selected institution had cooperation agreements and public databases. Cross-checking and grouping of these data were performed in order to obtain the maximum amount of information available from investigated individuals.
After that, investigative techniques and methodologies were carried out on the information collected in order to obtain evidence of suspicious behavior commonly linked to certain types of crimes. Finally, the results were organized and structured into reports.
The procedures were similar in the first and second process. However, they each worked with highly confidential sources of information such as bank statement data and activities that differed in methodologies, techniques, and results (but also with the objective obtaining evidence of criminal behaviors).
Finally, after the conclusion of the extraction and modeling of the process, the system implementation with the objective of automating the selected processes was performed. Investments were not necessary for the project’s implementation since the solutions were developed with the adoption of free tools (e.g., programming languages: PHP, Javascript and CSS; application server: Apache), and other resources already existing in the institution (e.g., SQL Server database management system, Linux application server, among others).
We decided to use web applications after discussions with the institution’s senior management team and information technology team. The decision was not only because the vast majority of the institution’s technological solutions were focused on web applications but also to enable future use of the developed solutions not only by specialized units but with interested parties who forward requests to specialized units and partner institutions that carry out similar activities.

5.3. Results and Discussions

In order to analyze the benefits reached with the execution of the experiment and the existence of evidence of the applicability of the approach in real case scenarios, we performed an analysis of data obtained before and after using the developed tools.
The criteria used in the analysis were indications of contributions that save resources (e.g., time) for carrying out operational activities, obtaining results in a more agile way (quantity of requests answered), and involving specialists in the process.
Table 11 and Table 12 shows the comparative analysis before and after the implementation of the developed systems for the first and second process, respectively, comparing the three criteria mentioned before its implementation, with data obtained after.
It should be added that the information contained in the “Before” column was provided by the specialized sector of the institution, who reported a monthly average of the last 12 months before the implementation of the project. The information in the “After” column resulted from the verification of log history records obtained from the use of the system in the period of 12 months after the beginning of its use.
The average time presented for the fulfillment of each request after the adoption of the systems is only an average of the time that the tools took to attend each request and make available the final result (i.e., reports), time that can vary depending on the speed of the internet used by the requester and the ability of users to handle the tools.
Regarding the participation of specialists after using the systems (*), in the initial period of use, specialists still received requisitions and used the tools to attend to them. However, from the second month of use, it was decided to make the systems available directly to interested parties, where it only necessitated the use by specialists in a sporadic way.
Due to the possibility of using the tools directly by interested parties who previously requested the specialized unit, the number of requests handled increased exponentially. For the case of requests related to the second process, there were not many monthly requests, however it was selected for the experiment due to the considerable time of execution of the process. In this way, the average number identified after using the tool—which used to be 2 to 3 and changed to 16—did not appear to have considerable growth, but with the reduction of time it allowed the reallocation of specialists in other activities.
Regarding the products developed as a result of the experiment, their access was made available for use by other specialized units that carry out similar activities (including partner’s institutions). Evaluation committees awarded the system at the state [94,95] and national [96] level, in recognition of the benefits and savings obtained from their adoption.

5.4. The Management, Storing, and Sharing of Generated Digital Assets: Discussions

Regarding the management, storage and/or sharing of digital assets generated during the approach, the characteristics’ inherent of blockchain technology, as well as the adoption of permissioned blockchains, cryptography, and the use of Hyperledger Fabric (as proposed in the sample topology scenario in Appendix A), may contribute in activities related to auditability (traceability), access control, versioning identification, authenticity, non-repudiation, integrity verification, security, decentralization, and transparency.
Regarding data integrity, the tamper resistance characteristic of blockchain makes it possible to be reached. Due to consensual validation of transactions stored in the ledgers by the participants of a network (including the adoption of hash algorithms), blocks become immutable. With the immutable log of transactions, traceability of changes, auditability, and versioning identification are possible to accomplish with greater reliability [37,38,39,40,41].
Since all transactions are signed and registered with a generated hash value in the blocks, adopting cryptography to allow more security and confidentiality is also provides integrity verification, non-repudiation analysis, and authenticity. The use of private channels and/or cryptography increase the protection from data leaks, since only specific and authorized participants can access the channel [42,43,49,59].
With the adoption of a permissioned blockchain, smart contracts and certificate authorities are identified and verified, allowing for permissioned participants to access and transact in the network. Security and access control can be achieved by the execution of the access roles written in smart contracts. [38,49,51,52].
Finally, due to the synchronization of the distributed ledger between network peers, participants have more confidence in the authenticity, transparency, and accuracy of the stored information [48,49,50]. Despite the advantages with the use of blockchain technology as a support mechanism in the considered scenario, it is also necessary to comment on some issues and challenges regarding security.
According to Lin et al. [97], the majority attack (also known as the 51% attack) is an existing concern in blockchain networks, where, in the event of possible attackers taking control of more than half of the network’s nodes, changes or inclusions may be manipulated, compromising the entire blockchain network. This kind of attack usually has more of an impact in public blockchains that are composed by unknown participants that do not trust each other.
Ways to minimize these occurrences involve greater control over the network (e.g., private permissioned blockchains) since well-established configurations, access limitations, and properly identified participants can create a design that disadvantages this type of attack. For example, given an organization that has five participants, it may contain a network configuration that determines new changes or additions approved by all participants, thus making it more difficult for an attack to occur. However, in the case of private permissioned blockchains, there is still the possibility of compromise by the network administrators.
In the scenario presented in this paper, the Hyperledger Fabric Platform was adopted. Being a framework built with focus on security, as pointed out by [98], every element of the network must be authenticated to participate the network and, having support for confidentiality, members of the network can keep confidential data in a separate location. As all parties know, their actions are recorded on the blockchain following a policy of endorsement previously established and agreed upon by the participants. Guilty parties can be easily identified, enabling agile actions against incidents and malicious activities.
Another important concern is implementing users who access blockchain networks as exemplified in the design proposed in this research. Application vulnerabilities can contribute to flaws or gaps in network access, which is why it is also recommended to adopt the appropriate secure software coding practices. In this regard, useful directions can be found in a work described in Leite et al. [99], where the authors map out the major vulnerabilities, risks, and proactive controls that exist in web applications.

6. Research Implications and Limitations

Despite the positive benefits obtained from the survey and the process automation application executed in an intelligence and investigation unit, some further considerations must be pointed out.
Regarding the execution of the survey, it was carried out in one institution that, among its attributions, fights against crime. In order to minimize possible bias, the survey was given to specialists from five different units who work or support intelligence and investigation activities in different areas of expertise, such as combating criminal organizations, corruption, money laundering, tax evasion, and more. A similar limitation is that the survey was given to participants in only one institution. For this case, it was decided to select two processes instead of one.
One possible threat identified in the realization of the experience of use is the participation of an author of this paper in the execution of the process. Prior knowledge of the approach and its objectives may have positively influenced the results. Although the execution and application of the approach were carried out by specialists (measure adopted in a way to reduce bias), it would have been for an unbiased third-party to conduct the approach. However, an author from this study executed and managed the project at the request of the organization’s senior management
Studies related to in-depth analysis of blockchain security issues, i.e., quantifying the security and reliability of the proposed architecture, as well as performance evaluations (e.g., throughput, latency, and use of computational resources) were not analyzed in this study. These analyses would have been a good opportunity for new lines of research and future work.
Another limitation that should be pointed out is the absence of an experience of use in a real case scenario regarding the inclusion of the application of blockchain technology as a support mechanism related to the management, storage, and/or charring of generated digital assets. Despite the fact that the proposed approach was developed based on works that also underwent experiments in real case situations, and discussions of the benefits and ways in which blockchain technology contributes to providing greater reliability in activities related to auditability and integrity verification were provided, the evaluation in real case scenarios remains a possible future work.

7. Conclusions

Concerns about the evolution and expansion of crime have been raised in several recent studies and media reports around the world. Due to the diversity and volume of existing crime practices, actions by government institutions are increasingly fundamental for the reduction of the damage caused to society.
From the established intelligence and investigative units to act in different areas of expertise in simplify and optimize processes, and reduce resources to carry out operational activities that consider characteristics inherent to the context of these units.
Motivated by this scenario, this work presented an approach that considers process automation in order to assist researchers and professionals interested in studies and practices aimed at the simplification and/or automation of processes in the context of intelligence and investigation units.
Furthermore, to analyze the feasibility of applying the approach, a survey was carried out with specialists from specialized units and an experience of use was performed at a real institution.
By analyzing the survey’s research questions, results pointed out that the approach met the expected objectives such as possible use by business analysts without process automation technical expertise, and assistance in the analysis and suitability verification for automation, potential analysis, priority classification, and simplification of internal processes. We also obtained evidence about the applicability and benefits of the approach in real case scenarios.
Results showed evidence of the feasibility of use and suitability of the approach for the given scenario, and that it helps interested parties regarding the application of process automation in the scenario of intelligence and investigative units.
Regarding the management, storage, and/or sharing of generated digital assets that expkored the main characteristics of blockchain technology, this paper presented an overview of different application trends of blockchain technology, and proposed the use of blockchain as a support mechanism.
Discussions were provided on how to use blockchain technology, along with how the use of cryptography, smart contracts, certificate authorities, and permissioned blockchains (e.g., Hyperledger Fabric) can contribute to activities related to auditability, versioning identification, authenticity, non-repudiation, integrity verification, security, decentralization, and transparency.
It should be added that the adoption of blockchain technology, as proposed in this paper, is not limited only during the application of the approach, but may extend to management, storage, and/or sharing of digital assets in daily operations of specialized units.
Finally, it is believed that this research can be a useful resource for of technological and automation approaches in the fight against crime for interested practitioners and academic researchers and will help future research trends in the field.
For future work, it is recommended that the scope of the study is expanded by applying new experiences in real case scenarios of specialized units that perform or support intelligence and investigation activities, and perform experiences on the use of blockchain technology as well as evaluations, as proposed in this paper.
Regarding the lack of approaches within the studied scenario, lines of study aimed at the analysis of security and reliability in the adoption of this technology, as well as performance analysis, are also good opportunities for future studies.

Author Contributions

Conceptualization, G.S.L., A.B.A., and P.R.P.; data curation, G.S.L.; formal analysis, G.S.L., A.B.A., and P.R.P.; investigation, G.S.L. and P.R.P.; methodology, G.S.L., A.B.A., and P.R.P.; project administration, G.S.L., A.B.A., and P.R.P.; resources, G.S.L. and P.R.P.; software, G.S.L.; supervision, A.B.A. and P.R.P.; validation, G.S.L., A.B.A., and P.R.P.; visualization, G.S.L., A.B.A., and P.R.P.; writing—original draft, G.S.L., and A.B.A.; writing—review and editing, A.B.A. and P.R.P. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Acknowledgments

The third author thanks Brazilian National Council for Research and Development (CNPq) via Grant No. 305805/2017-7.

Conflicts of Interest

The authors declare no conflict of interest.

Appendix A

A sample example of the system management layer blockchain network topology is presented in Figure A1. Due to the possibility of interaction not only between units or specialists in the same organization but between units that carry out similar activities in different organizations, the example consists of four specialized units (U1, U2, U3, and U4), where U1 and U2 belong to organization Org1, and U3 and U4 belong to organization Org2. All unities can communicate (access digital assets) with each other, but U1 and U2 also have needs for private communications within the Org1 network, as do U3 and U4 in Org2.
Hyperledger Fabric was adopted in the development of the proposed design for being a comprehensive yet customizable open source framework for developing enterprise blockchain solutions. Another reason for the choice was because it is permissioned and offers the ability to create channels, work with smart contracts, as well as allow identity management, has efficient processing and chaincode functionality [45,49,59,98].
Androulaki et al. [59] also pointed out that Hyperledger is adopted in different organizations and cases in more than 400 prototypes, proofs-of-concept, and production systems, and is, according to Michel et al. [65], the most used enterprise permissioned blockchain project in production.
Applsci 10 03677 g0a1 550
Figure A1. Network Topology based on Hyperledger Fabric.
Figure A1. Network Topology based on Hyperledger Fabric.
Applsci 10 03677 g0a1
To compose the blockchain network, each unity has pears nodes that maintain the state of the network, including a ledger copy (L1, L2, and L3) associated with the channels used (C1, C2, and C3) in the communications, and smart contracts (S).
The network, under the control of unities U1 and U3, is governed by following the policy rules described and stored in the network configuration (NC). Each of the four organizations has a preferred certificate authority where are used for identification and access control.
User applications (A1, A2, A3, and A4) connect with other participants through channels. A1 and A2 connect with C1 and C2, and A3 and A4 with C2 and C3.
A channel is a secure primary communication mechanism by which confidentiality and data isolation can be provided. Channel C2 acts as a central channel communication and is under control (channel configuration policy CC2) of all participants. C1 and C3 are exclusive channels used for private and secure transactions to share confidential data directly without exposing them to all units.
Policy rules dictate operations in Channel C1 (specified in channel configuration CC1 under control of U1 and U2), and C3 according to CC3 (under control of U3 and U4).
The ordering service O1 is the node responsible for ordering transactions into blocks. Endorsed transactions are accepted, ordered into blocks, and delivered to committing peers. Although the illustration shows only one ordering service, more than one can be used.

Appendix B

In this section, a brief simulation of the execution of the smart contracts is presented. Figure A2 shows the adopted transaction data file (TDF) in JSON format. TDFs are available in the IBM Blockchain Platform extension of Visual Code Studio to facilitate transactions calls in tests execution. In this simulation, a standard transaction (“digitalAssetExists”) is initially called to verify the existence of the asset to be created (Figure A3 shows the performed transactions log). Confirming the assistance of the digital asset, the transaction “createDigitalAsset” is executed informing the necessary input arguments. The call to the “readDigitalAsset” transaction is then executed to demonstrate that the asset was properly created, returning its data. Then the execution of the transaction “updateDigitalAsset” is carried out where its success is confirmed after a new call to “readDigitalAsset” that retrieves the updated data. Finally, the asset deletion transaction is executed (“deleteDigitalAsset”) whose confirmation of the operation is carried out after a new execution of “digitalAssetExists”.
Applsci 10 03677 g0a2 550
Figure A2. Transactions data file (TDL).
Figure A2. Transactions data file (TDL).
Applsci 10 03677 g0a2
Applsci 10 03677 g0a3 550
Figure A3. Logs of the smart contracts execution tests.
Figure A3. Logs of the smart contracts execution tests.
Applsci 10 03677 g0a3

References

  1. UNODC. Organized Crime. United Nations Office on Drugs and Crime. Available online: https://www.unodc.org/unodc/en/organized-crime/intro.html (accessed on 18 November 2019).
  2. REFINITIV. Revealing the True Cost of Financial Crime—2018 Survey Report. Available online: https://www.refinitiv.com/content/dam/marketing/en_us/documents/reports/true-cost-of-financial-crime-global-focus.pdf (accessed on 20 November 2019).
  3. FBI. FBI Releases 2018 Crime Statistics. Federal Bureau of Investigation National Press Office, Department of Justice, United States. 30 September 2019. Available online: https://www.fbi.gov/news/pressrel/press-releases/fbi-releases-2018-crime-statistics (accessed on 16 November 2019).
  4. FBI. What We Investigate. Federal Bureau of Investigation Department of Justice, United States. Available online: https://www.fbi.gov/investigate (accessed on 13 November 2019).
  5. EUROPOL. Crime Areas—Fighting Crime on a Number of Fronts. European Union Agency for Law Enforcement Cooperation. Available online: https://www.europol.europa.eu/crime-areas-and-trends/crime-areas (accessed on 11 November 2019).
  6. Karjalainen, K. Estimating the cost effects of purchasing centralization—Empirical evidence from framework agreements in public sector. J. Purch. Supply Manag. 2011, 17, 87–97. [Google Scholar] [CrossRef]
  7. Sharma, K.L.S. Overview of Industrial Process Automation, 2nd ed.; Elsevier: Amsterdam, The Netherlands, 2017; pp. 1–14. [Google Scholar] [CrossRef]
  8. Drezewski, R.; Sepielak, J.; Filipkowski, W. The application of social network analysis algorithms in a system supporting money laundering detection. Inf. Sci. 2015, 95, 18–32. [Google Scholar] [CrossRef]
  9. UNDP. Investigation Guidelines. United Nations Development Programme. Available online: https://www.undp.org/content/dam/undp/library/corporate/Transparency/Investigation_Guidelines_ENG_August_2019.pdf (accessed on 2 November 2019).
  10. UNODC. Criminal Intelligence—Manual for Analysts; United Nations Office on Drugs and Crime: Vienna, Austria, 2011. [Google Scholar]
  11. Santos, R.; Nunes, F.; Oliveira, M.; Júnior, M. A Survey on the use of Data Mining and Data Analytics techniques by Brazilian criminal investigation agencies. In Brazilian Symposium on Information Systems (SBSI), Lavras, 13th Brazilian Symposium on Information Systems; Sociedade Brasileira de Computação: Porto Alegre, Brazil, 2017; pp. 593–600. [Google Scholar]
  12. Ministry of Justice and Public Safety. Technology Laboratory Against Money Laundering—LAB-LD. Federal Government. Available online: https://www.justica.gov.br/sua-protecao/lavagem-de-dinheiro/LAB-LD (accessed on 18 November 2019).
  13. UNODC. Organized Crime. United Nations Office on Drugs and Crime. Collection of Information Prior to the Sixth Intersessional Meeting of the Open-Ended Intergovernmental Working Group on Prevention Established by the Conference of States Parties to the UN Convention against Corruption—Response to Brazil. Available online: https://www.unodc.org/documents/treaties/UNCAC/WorkingGroups/workinggroup4/2015-August-31-to-September-2/Contributions_NV/Contribution_-_Brazil.pdf (accessed on 18 November 2019).
  14. Metscher, R.; Gilbride, B. Intelligence as an Investigative Function. New York: International Foundation for Protection Officers. 2005. Available online: https://www.ifpo.org/wp-content/uploads/2013/08/intelligence.pdf (accessed on 13 November 2019).
  15. Osterburg, J.W.; Ward, R.H. Criminal Investigation: A Method for Reconstructing the Past, 6th ed.; Taylor & Francis Inc.: Cincinnati, OH, USA, 2010; ISBN 9781422463284. [Google Scholar]
  16. Weske, M. Business Process Management: Concepts, Languages, Architectures, 2nd ed.; Springer Science and Business Media: Berlin, Heidelberg, Germany, 2012; pp. 1–24. [Google Scholar] [CrossRef]
  17. Scheel, V.H.; Rosing, V.M.; Scheer, A.W. The Complete Business Process Handbook; Elsevier: Cambridge, MA, USA, 2015; pp. 1–9. ISBN 978-0-12-799959-3. [Google Scholar]
  18. Curtis, B.; Kellner, M.I.; Over, J. Process modeling. Communications of the ACM—Special issue on analysis and modeling in software development. Process Model. Commun. ACM 1992, 35, 75–90. [Google Scholar] [CrossRef]
  19. Goldberg, K. What Is Automation? IEEE Trans. Autom. Sci. Eng. 2012, 9, 1–2. [Google Scholar] [CrossRef]
  20. Nof, S.Y. Springer Handbook of Automation; Springer: Berlin, Germany, 2009. [Google Scholar]
  21. Groover, M.P. Automation, Production Systems and Computer-Integrated Manufacturing, 2nd ed.; Prentice Hall: Upper Saddle River, NJ, USA, 2001. [Google Scholar]
  22. Kapp, K.M. A Framework for Successful E-Technology Implementation: Understand, Simplify, Automate. J. Organ. Excell. 2001, 21, 57–64. [Google Scholar] [CrossRef]
  23. Fung, H.P. Criteria, Use Cases and Effects of Information Technology Process Automation (ITPA). Adv. Robot. Autom. 2014, 3, 1–11. [Google Scholar] [CrossRef]
  24. Slaby, J.R.; Fersht, P. Robotic Automation Emerges as a Threat to Traditional Low Cost Outsourcing. HfS Research Ltd. 24 October 2012, pp. 1–18. Available online: https://www.hfsresearch.com/pointsofview/robotic-automation-emerges-threat-traditional-low-cost-outsourcing (accessed on 4 November 2019).
  25. Sutherland, C. Framing a Constitution for Robotistan—Racing with the Machine for Robotic Automation. HfS Research, Ltd. October 2013. Available online: https://www.hfsresearch.com/pointsofview/framing-constitution-robotistan (accessed on 4 November 2019).
  26. Leshob, A.; Bourgouin, A.; Renard, L. Towards a Process Analysis Approach to Adopt Robotic Process Automation. In Proceedings of the 2018 IEEE 15th International Conference on e-Business Engineering (ICEBE), Xi’an, China, 12–14 October 2018; pp. 46–53. [Google Scholar] [CrossRef]
  27. Jovanović, S.Z.; Đurić, J.S.; Šibalija, T.V. Robotic Process Automation: Overview and Opportunities. Int. J. Adv. Qual. 2018, 46. [Google Scholar] [CrossRef]
  28. IRPA. RPA—Definition and Benefits. Institute for Robotic Process Automation. Available online: https://irpaai.com/definition-and-benefits/ (accessed on 25 November 2019).
  29. Willcocks, L.; Lacity, M. Robotic Process Automation: The Next Transformation Lever for Shared Services. The Outsourcing Unit Working Research Paper Series, Paper 16-01. 2016. Available online: http://www.umsl.edu/~lacitym/OUWP1601.pdf (accessed on 11 December 2019).
  30. Willcocks, L.; Lacity, M.; Craig, A. Robotic Process Automation at Xchanging. The Outsourcing Unit Working Research Paper Series, Paper 15-03. 2015. Available online: http://www.xchanging.com/system/files/dedicated-downloads/robotic-process-automation.pdf (accessed on 11 December 2019).
  31. Willcocks, L.; Lacity, M.; Craig, A. Robotic Process Automation at Telefónica O2. The Outsourcing Unit Working Reasearch Paper Series, Paper 15-02. 2015. Available online: http://eprints.lse.ac.uk/64516/1/OUWRPS_15_02_published.pdf (accessed on 11 December 2019).
  32. Lowes, P.; Cannata, F.R.S.; Chitre, S.; Barkham, J. The Business Leader’s Guide to Robotic and Intelligent Automation. Deloitte Development LLC. 2017. Available online: https://www2.deloitte.com/content/dam/Deloitte/us/Documents/process-and-operations/us-sdt-process-automation.pdf (accessed on 4 December 2019).
  33. Botef, I. Enterprise Information Integration: People, Automation, and Complexity Concerns. In WSEAS Transactions on Information Science and Applications; Stevens Point: Wisconsin, WI, USA, 2011; Volume 8, pp. 223–232. ISSN 1790-0832. [Google Scholar]
  34. Yeh, C.H.; Fisher, G.W. A structured approach to the automatic planning of machining operations for rotational parts based on computer integration of standard design and process data. Int. J. Adv. Manuf. Technol. 1991, 6, 285–298. [Google Scholar] [CrossRef]
  35. Leite, G.S.; Albuquerque, A.B.; Pinheiro, P.R. Application of Technological Solutions in the Fight Against Money Laundering—A Systematic Literature Review. Appl. Sci. 2019, 9, 4800. [Google Scholar] [CrossRef] [Green Version]
  36. Nakamoto, S. Bitcoin: A Peer-to-Peer Electronic Cash System. Available online: https://bitcoin.org/bitcoin.pdf (accessed on 18 January 2020).
  37. Swan, M. Blockchain: Blueprint for a New Economy; O’Reilly Media, Inc.: Sebastopol, CA, USA, 2015. [Google Scholar]
  38. Zheng, Z.; Xie, S.; Dai, H.; Chen, X.; Wang, H. An Overview of Blockchain Technology: Architecture, Consensus, and Future Trends. In Proceedings of the 2017 IEEE International Congress on Big Data (BigData Congress), Boston, MA, USA, 11–14 December 2017; pp. 557–564. [Google Scholar]
  39. Aste, T.; Tasca, P.; Di Matteo, T. Blockchain Technologies: The Foreseeable Impact on Society and Industry. Computer 2017, 50, 18–28. [Google Scholar] [CrossRef] [Green Version]
  40. Roehrs, A.; Da Costa, C.A.; Da Rosa Righi, R.; Alex, R.; Costa, C.A.; Righi, R.R. Omni-PHR: A distributed architecture model to integrate personal health records. J. Biomed. Inf. 2017, 71, 70–81. [Google Scholar] [CrossRef] [PubMed]
  41. Ren, Y.; Leng, Y.; Zhu, F.; Wang, J.; Kim, H.-J. Data Storage Mechanism Based on Blockchain with Privacy Protection in Wireless Body Area Network. Sensors 2019, 19, 2395. [Google Scholar] [CrossRef] [PubMed] [Green Version]
  42. Back, A.; Corallo, M.; Dashjr, L.; Friedenbach, M.; Maxwell, G.; Miller, A.; Wuille, P. Enabling Blockchain Innovations with Pegged Sidechains. Open Science Review. 2014. Available online: https://www.blockstream.ca/sidechains.pdf (accessed on 18 January 2020).
  43. Warburg, B. How the Blockchain Will Radically Transform the Economy. TEDSummit TED Talk. June 2016. Available online: https://www.ted.com/talks/bettina_warburg_how_the_blockchain_will_radically_transform_the_economy?language=en (accessed on 18 January 2020).
  44. Buterin, V. Ethereum White Paper: A Next-Generation Smart Contract and Decentralized Application Platform. Ethereum White Paper. 2014. Available online: https://www.weusecoins.com/assets/pdf/library/Ethereum_white_paper-a_next_generation_smart_contract_and_decentralized_application_platform-vitalik-buterin.pdf (accessed on 18 January 2020).
  45. Jamil, F.; Hang, L.; Kim, K.; Kim, D. A Novel Medical Blockchain Model for Drug Supply Chain Integrity Management in a Smart Hospital. Electronics 2019, 8, 505. [Google Scholar] [CrossRef] [Green Version]
  46. Alkurdi, F.; Elgendi, I.; Munasinghe, K.S.; Sharma, D.; Jamalipour, A. Blockchain in IoT Security: A Survey. In Proceedings of the 2018 28th International Telecommunication Networks and Applications Conference (ITNAC), Sydney, NSW, Australia, 21–23 November 2018; pp. 1–4. [Google Scholar] [CrossRef]
  47. Zheng, X.; Zhu, Y.; Si, X. A Survey on Challenges and Progresses in Blockchain Technologies: A Performance and Security Perspective. Appl. Sci. 2019, 9, 4731. [Google Scholar] [CrossRef] [Green Version]
  48. Mercenne, L.; Brousmiche, K.-L.; Hamida, E.B. Blockchain Studio: A Role-Based Business Workflows Management System. In Proceedings of the 2018 IEEE 9th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON), Vancouver, BC, Canada, 1–3 November 2018. [Google Scholar] [CrossRef]
  49. Cachin, C. Architecture of the hyperledger blockchain fabric. In Proceedings of the Workshop on Distributed Cryptocurrencies and Consensus Ledgers, Chicago, IL, USA, 25 July 2016; Volume 310. [Google Scholar]
  50. Yu, Z.; Liu, X.; Wang, G. A Survey of Consensus and Incentive Mechanism in Blockchain Derived from P2P. In Proceedings of the 2018 IEEE 24th International Conference on Par-allel and Distributed Systems (ICPADS), Singapore, 11–13 December 2018; pp. 1010–1015. [Google Scholar] [CrossRef]
  51. Szabo, N. Smart Contracts. 1994. Available online: http://szabo.best.vwh.net/smart.contracts.html (accessed on 12 January 2020).
  52. Feng, Q.; He, D.B.; Zeadally, S.K.; Muhammad, K.K. A survey on privacy protection in blockchain system. J. Netw. Comput. Appl. 2019, 126, 45–58. [Google Scholar] [CrossRef]
  53. Yang, J.; Onik, M.; Lee, N.-Y.; Ahmed, M.; Kim, C.-S. Proof-of-Familiarity: A Privacy-Preserved Blockchain Scheme for Collaborative Medical Decision-Making. Appl. Sci. 2019, 9, 1370. [Google Scholar] [CrossRef] [Green Version]
  54. Cachin, C.; Vukolic, M. Blockchain Consensus Protocols in the Wild. Leibniz International Proceedings in Informatics (LIPIcs). Schloss Dagstuhl Leibniz-Zent. Fuer Inform. 2017, 91, 1–16. [Google Scholar] [CrossRef]
  55. Vasin, P. Blackcoin’s Proof-of-Stake Protocol v2. 2014. Available online: https//blackcoin.co/blackcoin-posprotocolv2-whitepaper.pdf (accessed on 10 January 2020).
  56. Castro, M.; Liskov, B. Practical Byzantine fault tolerance and proactive recovery. ACM Trans. Comput. Syst. 2002, 20, 398–461. [Google Scholar] [CrossRef]
  57. Ongaro, D.; Ousterhout, J. In search of an understandable consensus algorithm. In Proceedings of the USENIX Annual Technical Conferencem, Philadelphia, PA, USA, 19–20 June 2014; pp. 305–319. [Google Scholar]
  58. Litecoin—Open Source p2p Digital Currency. Available online: https://litecoin.org/ (accessed on 10 January 2020).
  59. Androulaki, E.; Barger, A.; Bortnikov, V.; Cachin, C.; Christidis, K.; De Caro, A.; Enyeart, D.; Ferris, C.; Laventman, G.; Manevich, Y.; et al. Hyperledger fabric: A distributed operating system for permissioned blockchains. In Proceedings of the Thirteenth EuroSys Conference, ser, Porto, Portugal, 23–26 April 2018; ACM: New York, NY, USA, 2018; pp. 1–15. [Google Scholar] [CrossRef] [Green Version]
  60. Hearn, M. Corda: A Distributed Ledger. 2016. Available online: https://docs.corda.net/_static/corda-technical-whitepaper.pdf (accessed on 5 January 2020).
  61. Verma, D.; Desai, N.; Preece, A.; Taylor, I. A block chain based architecture for asset management in coalition operations. In Proceedings of the Ground/Air Multisensor Interoperability, Integration, and Networking for Persistent ISR VIII, Anaheim, CA, USA, 10–13 April 2017. [Google Scholar] [CrossRef]
  62. Naz, M.; Al-zahrani, F.A.; Khalid, R.; Javaid, N.; Qamar, A.M.; Afzal, M.K.; Shafiq, M. A Secure Data Sharing Platform Using Blockchain and Interplanetary File System. Sustainability 2019, 11, 7054. [Google Scholar] [CrossRef] [Green Version]
  63. Xia, Q.; Sifah, E.; Smahi, A.; Amofa, S.; Zhang, X. BBDS: Blockchain-Based Data Sharing for Electronic Medical Records in Cloud Environments. Information 2017, 8, 44. [Google Scholar] [CrossRef]
  64. Xuan, S.; Zhang, Y.; Tang, H.; Chung, I.; Wang, W.; Yang, W. Hierarchically Authorized Transactions for Massive Internet-of-Things Data Sharing Based on Multilayer Blockchain. Appl. Sci. 2019, 9, 5159. [Google Scholar] [CrossRef] [Green Version]
  65. Michel, R.; Apolline, B.; Keith, B.; Stephen, M. 2nd Global Enterprise Blockchain Benchmarking Study. Cambridge Centre for Alternative Finance. University of Cambridge Judge Busines School. 2019. Available online: https://www.jbs.cam.ac.uk/fileadmin/user_upload/research/centres/alternative-finance/downloads/2019-ccaf-second-global-enterprise-blockchain-report.pdf (accessed on 3 January 2020).
  66. Kareem, A.; Sulaiman, R.B.; Farooq, M.U. Algorithms and Security Concern in Blockchain Technology: A Brief Review. 2018. Available online: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3234933 (accessed on 3 January 2020).
  67. Henry, R.; Herzberg, A.; Kate, A. Blockchain Access Privacy: Challenges and Directions. IEEE Secur. Priv. 2018, 16, 38–45. [Google Scholar] [CrossRef]
  68. Mohan, C. Blockchains and Databases: A New Era in Distributed Computing. In Proceedings of the 2018 IEEE 34th International Conference on Data Engineering (ICDE), Paris, France, 16–19 April 2018; pp. 1739–1740. [Google Scholar]
  69. Wang, S.; Ouyang, L.; Yuan, Y.; Ni, X.; Han, X.; Wang, F. Blockchain-Enabled Smart Contracts: Architecture, Applications, and Future Trends. IEEE Trans. Syst. Man Cybern. Syst. 2019, 49, 2266–2277. [Google Scholar] [CrossRef]
  70. Al-Jaroodi, J.; Mohamed, N. Blockchain in Industries: A Survey. IEEE Access 2019, 7, 36500–36515. [Google Scholar] [CrossRef]
  71. Roy, S.; Ashaduzzaman, M.; Hassan, M.; Chowdhury, A.R. BlockChain for IoT Security and Management: Current Prospects, Challenges and Future Directions. In Proceedings of the 2018 5th International Conference on Networking, Systems and Security (NSysS), Dhaka, Bangladesh, 18–20 December 2018; pp. 1–9. [Google Scholar]
  72. Yli-Huumo, J.; Ko, D.; Choi, S.; Park, S.; Smolander, K. Where Is Current Research on Blockchain Technology? A Systematic Review. PLoS ONE 2016, 11, e0163477. [Google Scholar] [CrossRef]
  73. Batubara, F.R.; Ubacht, J.; Janssen, M. Challenges of blockchain technology adoption for e-government. In Proceedings of the 19th Annual International Conference on Digital Government Research Governance in the Data Age—Dgo’18, Delft, The Netherlands, 30 May 2018–1 June 2018. [Google Scholar] [CrossRef]
  74. Ølnes, S.; Ubacht, J.; Janssen, M. Blockchain in government: Benefits and implications of distributed ledger technology for information sharing. Gov. Inf. Q. 2017, 34, 355–364. [Google Scholar] [CrossRef] [Green Version]
  75. Jun, M. Blockchain government—A next form of infrastructure for the twenty-first century. J. Open Innov. Technol. Mark. Complex. 2018, 4. [Google Scholar] [CrossRef] [Green Version]
  76. Zhang, R.; Xue, R.; Liu, L. Security and Privacy on Blockchain. ACM Comput. Surv. 2019, 52, 3. [Google Scholar] [CrossRef] [Green Version]
  77. Pries-Heje, J.; Baskerville, R. The design theory nexus’. MIS Q. 2008, 32, 731–755. [Google Scholar] [CrossRef]
  78. Chakrabarti, A. A course for teaching design research methodology. Artif. Intell. Eng. Des. Anal. Manuf. 2010, 24, 317–334. [Google Scholar] [CrossRef]
  79. Dresch, A. Design Science and Design Science Research as Methodological Artifacts for Production Engineering. Master’s Thesis, University of Vale do Rio dos Sinos (UNISINOS), Rio Grande do Sul, Brazil, 2015. [Google Scholar]
  80. Basili, V.R.; Caldiera, G.; Rombach, H.D. The Goal Question Metric Approach; Encyclopedia of software engineering (Wiley): New York, NY, USA, 1994. [Google Scholar]
  81. Basili, V.R.; Selby, R.W. Paradigms for experimentation and empirical studies in software engineering. Reliab. Eng. Syst. Saf. 1991, 32, 171–191. [Google Scholar] [CrossRef]
  82. OMG. Business Process Model and Notation (BPMN). 2011. Available online: https://www.omg.org/spec/BPMN/2.0 (accessed on 10 January 2020).
  83. Lacity, M.; Willcocks, L.; Craig, A. Robotic Process Automation: Mature Capabilities in the Energy Sector; The Outsourcing Unit Working Research Paper Series; The London School of Economics and Political Science: London, UK, 2015. [Google Scholar]
  84. Kitchenham, B.A.; Pfleeger, S.L. Principles of survey research—Part 1: Turning lemons into lemonade. SIGSOFT Softw. Eng. Notes 2001, 26, 16–18. [Google Scholar]
  85. Kitchenham, B.A.; Pfleeger, S.L. Principles of survey research—Part 2: Designing a survey. SIGSOFT Softw. Eng. Notes 2002, 27, 18–20. [Google Scholar] [CrossRef]
  86. Kitchenham, B.A.; Pfleeger, S.L. Principles of survey research—Part 3: Constructing a survey instrument. SIGSOFT Softw. Eng. Notes 2002, 27, 20–24. [Google Scholar] [CrossRef]
  87. Kitchenham, B.A.; Pfleeger, S.L. Principles of survey research—Part 4: Questionnaire evaluation. SIGSOFT Softw. Eng. Notes 2002, 27, 20–23. [Google Scholar] [CrossRef]
  88. Kitchenham, B.A.; Pfleeger, S.L. Principles of survey research—Part 5: Populations and samples. SIGSOFT Softw. Eng. Notes 2002, 27, 17–20. [Google Scholar] [CrossRef]
  89. Kitchenham, B.A.; Pfleeger, S.L. Principles of survey research—Part 6: Data analysis. SIGSOFT Softw. Eng. Notes 2003, 28, 24–27. [Google Scholar] [CrossRef]
  90. Likert, R. A Technique for the Measurement of Attitudes. Arch. Psychol. 1932, 140, 1–55. [Google Scholar]
  91. Likert, R.; Roslow, S.; Murphy, G. A simplified and reliable method of scoring the Thurstone attitude scales. J. Soc. Psychol. 1934, 5, 228–238. [Google Scholar] [CrossRef]
  92. Cardoso, J.; Mendling, J.; Neumann, G.; Reijers, H.A. A discourse on complexity of process models. In Business Process Management Workshops; Springer: Berlin/Heidelberg, Germany, 2006; pp. 117–128. [Google Scholar] [CrossRef]
  93. Cardoso, J. Business process control-flow complexity: Metric, evaluation, and validation. Int. J. Web Serv. Res. 2008, 5, 49–76. [Google Scholar] [CrossRef] [Green Version]
  94. DOECE. Homologation Act and Medal Praise and Functional Merit Award. In Official Gazette [of the State of Ceará], Fortaleza, Ceará, Brazil, Series 3; 27 December 2017; pp. 151–152. [Google Scholar]
  95. DOECE. Homologation Act and Medal Praise and Functional Merit Award. In Official Gazette [of the State of Ceará], Fortaleza, Ceará, Brazil, Series 3; 30 October 2018; p. 54. [Google Scholar]
  96. DIÁRIO DO NORDESTE. Public Prosecutor’s Office of Ceará Receives Three National Awards. 2018. Available online: https://diariodonordeste.verdesmares.com.br/editorias/metro/online/ministerio-publico-do-ceara-recebe-tres-premios-nacionais-1.1999466 (accessed on 8 January 2020).
  97. Lin, I.-C.; Liao, T.-C. A Survey of Blockchain Security Issues and Challenges. Int. J. Netw. Secur. 2017, 19, 653–659. [Google Scholar] [CrossRef]
  98. Mitt, S. Plokiahela Rakendus–Hyperledger Fabric uuring. Ph.D. Thesis, University of Tartu, Institute of Computer Science, Tartu, Estonia, 2018. [Google Scholar]
  99. Leite, G.S.; Albuquerque, A.B. An Approach for Reduce Vulnerabilities in Web Information Systems. Adv. Intell. Syst. Comput. 2018, 86–99. [Google Scholar] [CrossRef]
Applsci 10 03677 g001 550
Figure 1. Total violent crime reported in the United States (in millions). Survey period: 2013–2018. Publication date: September 2019. Source: statista.com.
Figure 1. Total violent crime reported in the United States (in millions). Survey period: 2013–2018. Publication date: September 2019. Source: statista.com.
Applsci 10 03677 g001
Applsci 10 03677 g002 550
Figure 2. Example of request flow to a technology laboratory against money laundering.
Figure 2. Example of request flow to a technology laboratory against money laundering.
Applsci 10 03677 g002
Applsci 10 03677 g003 550
Figure 3. Size of the blockchain technology market around the word (in billion U.S. dollars). Survey period: 2018 to 2023. Publication date: December 2018. Source: statista.com.
Figure 3. Size of the blockchain technology market around the word (in billion U.S. dollars). Survey period: 2018 to 2023. Publication date: December 2018. Source: statista.com.
Applsci 10 03677 g003
Applsci 10 03677 g004 550
Figure 4. The chain data structure of blockchain.
Figure 4. The chain data structure of blockchain.
Applsci 10 03677 g004
Applsci 10 03677 g005 550
Figure 5. Illustration of the overall approach.
Figure 5. Illustration of the overall approach.
Applsci 10 03677 g005
Applsci 10 03677 g006 550
Figure 6. Adopted scale for priority index calculation.
Figure 6. Adopted scale for priority index calculation.
Applsci 10 03677 g006
Applsci 10 03677 g007 550
Figure 7. Classification quadrant.
Figure 7. Classification quadrant.
Applsci 10 03677 g007
Applsci 10 03677 g008 550
Figure 8. Scenario: iteration of specialists in the management, storage, and/or sharing of digital assets.
Figure 8. Scenario: iteration of specialists in the management, storage, and/or sharing of digital assets.
Applsci 10 03677 g008
Applsci 10 03677 g009 550
Figure 9. Operations in the ledger using smart contracts.
Figure 9. Operations in the ledger using smart contracts.
Applsci 10 03677 g009
Applsci 10 03677 g010 550
Figure 10. Application and peers interaction for queries and updates.
Figure 10. Application and peers interaction for queries and updates.
Applsci 10 03677 g010
Applsci 10 03677 g011 550
Figure 11. The “readDigitalAsset” transaction example.
Figure 11. The “readDigitalAsset” transaction example.
Applsci 10 03677 g011
Applsci 10 03677 g012 550
Figure 12. Process for the definition and application of the research.
Figure 12. Process for the definition and application of the research.
Applsci 10 03677 g012
Applsci 10 03677 g013 550
Figure 13. Quantitative distribution of specialists by time (in years) in the organization and experience in carrying out or supporting intelligence and investigation activities.
Figure 13. Quantitative distribution of specialists by time (in years) in the organization and experience in carrying out or supporting intelligence and investigation activities.
Applsci 10 03677 g013
Applsci 10 03677 g014 550
Figure 14. Quantitative distribution of the specialists by graduation level.
Figure 14. Quantitative distribution of the specialists by graduation level.
Applsci 10 03677 g014
Applsci 10 03677 g015 550
Figure 15. Distribution of the participants’ answers per research question.
Figure 15. Distribution of the participants’ answers per research question.
Applsci 10 03677 g015
Table
Table 1. Characteristics comparison of business process for automation.
Table 1. Characteristics comparison of business process for automation.
Characteristics/Papers[22][23,24][25,27][26][29,30,31]Proposed Approach
Understanding the process before automationXXXXXX
Simplifying/optimizing the process before automationX XX
“Suitable for automation” validations/analysis XX X
Classification of processes X X
Recommends or adopts criteria’s/properties for automation XXXXX
Security considerations in the management, storage, and/or sharing of generated digital assets X
Presents approach/method to analyze business process for automationX X X
Adoption by users without technical expertise in automation of processesX X X
Adoption (traditional process automation or robotic process automation (RPA))Traditional process automation and RPARPARPARPARPATraditional process automation and RPA
Table
Table 2. Blockchain types (public, private, and consortium).
Table 2. Blockchain types (public, private, and consortium).
PublicPrivateConsortium
DefinitionParticipation in transactions or consensus processes, as well as reading and writing operations, are allowed to all participants.They are used in a single organization. Only chosen participants can join the network with restricted participation.Operates under the leadership of a group of organizations. Only chosen participants can join the network with restricted participation.
AccessRead: Open
Write: Open
Consensus: Open		Read: Open/permissioned
Write: Permissioned
Consensus: Permissioned		Read: Open/permissioned
Write: Permissioned
Consensus: Permissioned
SecurityProof-of-work [36], proof-of-stake [55], other consensus protocolsPractical Byzantine Fault-Tolerance [56], Raft [57], legal contracts, proof of authorityPractical byzantine fault-tolerance [56], raft [57], legal contracts, proof of authority
PrivacyMediumHighHigh
EnvironmentUntrustedTrustedTrusted
SpeedSlowFastFast
CostHighMediumLow
ArchitectureDecentralizedPartially decentralizedPartially decentralized or centralized
Transaction rateSlowerFasterFastest
MembershipAnonymous/pseudonymousKnown identityKnown identity
Typical platformsBitcoin [36], Ethereum [44], Litecoin [58]HyperLedger [49,59], R3 Corda [60]HyperLedger [49,59], R3 Corda [60]
Table
Table 3. Specialists profile who participated in the approach elaboration.
Table 3. Specialists profile who participated in the approach elaboration.
ParticipantAcademic DegreeExperience (Years)Time in the Organization (Years)
P1specialization67
P2specialization57
P3master810
Table
Table 4. Criteria’s and properties for process automation
Table 4. Criteria’s and properties for process automation
Criteria’s/Properties
MaturityComplexityValue
StandardizationVolume of transactions (frequency, repeatability)Rules-based
Location in a stable environmentRealization by an individual or multiple peopleTime consume for finalization
Exception handling (Low/High)Easy decomposition into unambiguous rulesRisk (Low/High)
Prone to errors or re-workClear understanding of the current manual costsValue
Need for human interventionManual interaction with systems (or data sources)
Table
Table 5. Properties and questions adopted in each task of the classification phase.
Table 5. Properties and questions adopted in each task of the classification phase.
TaskIDPropertyQuestions
Validate EligibilityP1Maturity
  • Are the same results (or services) been expected by specialists that interact with the processes (i.e., process objectives)?
  • Is the environment of the process stable (e.g., from the point of view of business applications, platforms adopted are stable)?
P2Standardization
  • Is the extraction and specification of the four process perspectives [18] (dynamic, behavioral, organizational, informational) possible?
  • Are activities carried out following the same (or similar) operational procedures?
Evaluate PotentialP3Access to systems/data sources
  • The processes usually require manual access to systems or data sources (multiple or individual with frequency) to be completed?
P4Ease decomposition into sub-process
  • Is the decomposition of the business process into clearly defined sub processes possible?
P5Pre-defined business rules
  • Are the activities carried out based on well-defined business rules?
Calculate Priority IndexP6Transaction volume*
P7Complexity*
Table
Table 6. Perspectives adopted for information extraction and adopted questions examples.
Table 6. Perspectives adopted for information extraction and adopted questions examples.
PerspectivesDescriptionsQuestions
FunctionalIn this perspective, performed activities and their dependences are considered, as well as the relevant flows of informational entities like data, assets, among others.
  • What are the activities performed?
  • What are the expected input and output parameters for each activity?
  • What are the dependencies between activities?
  • What are the relevant entities informational flows?
BehavioralConsiders the moment and the form of how processes elements are performed (e.g., sequential form) and how they control dependency information between the activities.
  • What is the order of execution of the identified activities?
  • How does the execution take place (details of operating procedures)?
  • How does the information transition between activities (input/output) occur?
OrganizationalThe responsible for the execution of the process activities are identified, as well as the adopted communication mechanisms and the place in the organization where activities are executed.
  • Who are the people responsible for carrying out each activity?
  • How does the iteration/communication take place between the specialists involved?
InformationalEntities specifications manipulated by the processes are identified (e.g., assets, data, among others)
  • What are the entities manipulated by the process?
  • How is the interaction with systems/data sources (if any)?
  • What are the research standards/methodologies/techniques adopted?
  • What and how is the information used?
Table
Table 7. Primary areas for simplification and adopted questions examples.
Table 7. Primary areas for simplification and adopted questions examples.
Primary areasDescriptionsQuestions (e.g.,)
CombiningCombining operational steps can help in the simplification of processes and increasing productivity, also contributing to the reduction of unnecessary actions, specialist idle time, among others
  • Are there activities/steps that perform similar tasks (whether performed at different times)?
  • Are there activities/steps that can be adapted to incorporate tasks from other activities/steps?
EliminatingExamining steps within the activities performed in a process and elimination of duplication or unnecessary efforts (e.g., redundant tasks).
  • Are there activities/steps that can be discarded (all are really mandatory)?
  • Is there a possibility of replacing the activity/step with a less complex one?
  • Are there activities/steps performed more than once unnecessarily?
RearrangingReorganization of steps to a different location of the process or improving information collection through accumulation, among other options of rearranging.
  • Is there a possibility of distributing high volumes of information in different activities to be carried out in parallel or to reduce bottlenecks that may lead to longer waiting times?
  • Are there activities that, when repositioned, can optimize the execution of the process?
IncreasingIncreasing steps sometimes can contribute to simplification. For example, a new step linked to an existing complex activity can enable better distribution or division of tasks.
  • Is there a possibility of inserting a new activity/step that allows greater agility in the execution of the process or reduction of complexity? (e.g., making it possible to distribute high volumes of information between an existing activity and a new one inserted)
Table
Table 8. Smart control model.
Table 8. Smart control model.
TypeComponentDescription
ParticipantsSpecialist{“specialistID: <identifier>”, “name: <name>”, “email: <email>”, “telephone: <telephone >”, “occupation: <occupation>”, “unitID: <unit identifier>”, “accessLevel: <value>”}
Unit{“unitID: <identifier>”, “name: <name>”, “organization: <organization identifier>”}
Organization{“organizationID: <identifier>”, “name: <name>”}
AssetsDigital Assets{“assetID: <identifier>”, “subjectID: <subject identifier>”, “categoryID: <category identifier>”, “name: <name>”, “description: <description>”, “type: <extension>”, “size: <size>”, “location: <file path>”, “createdBy:<owner ID>”, “creationTimeStamp: <date time>”, “version: <value>”, “hash: <asset generated hash value>”, “accessLevel: <value>”, “currentState: <state>”; “lastAccessedUserID: <user ID>”, “lastAccessedTimeStamp: <date time>”, “lastTypeOfOperationPerformedInAsset: <create, update, read, or delete>”}
Category{“categoryID: <identifier>”, “description: <description>”}
Subjects{“subjectID: <identifier>”, “description: <description>”}
TransactionscreateDigitalAssetAdds a new digital asset. A Boolean value is returned.
readDigitalAssetFrom the insertion of an asset identifier as an input parameter, returns the data of the digital asset.
updateDigitalAssetUsed to update the digital asset. The asset identifier is mandatory. To call the transaction, all parameters must be entered, but empty values must be entered for fields that you do not want to update. A Boolean value is returned.
deleteDigitalAssetDelete an asset. The asset identifier is mandatory.
getHistoryLogAssetReturn the history log of operations performed on the asset. The asset identifier is mandatory.
Table
Table 9. Implementation and execution environment.
Table 9. Implementation and execution environment.
ComponentDescription
Operational SystemWindows 10 Pro (64 bits)
CPUIntel(R) Core (TM) i7-8565U CPU @ 1.80 GHz 1.99 GHz
Memory8 GB
Hyperledger Fabricv1.2
Programing LanguageTypescript
Docker Enginev19.03.8
Docker ComposeV1.15.4
Nodev10.20.1
Developing toolVisual Studio Code v1.44
PlatformIBM Blockchain Platform v1.0.27
Table
Table 10. Research questions for the survey.
Table 10. Research questions for the survey.
IDResearch QuestionsLikert Items [90,91] (Adaptation to Affirmatives)
RQ1Can the approach be executed by business analysts that have no technical experience in process automation?The approach can be executed by business analysts that have no technical experience in process automation
RQ2Are the properties and techniques adopted in the analysis for suitability verification for automation applicable and sufficient for the considered scenario?The properties and techniques adopted in the analysis for suitability verification for automation are applicable and sufficient for the considered scenario.
RQ3Are the properties and techniques adopted in the potential analysis and priority index calculation of internal processes applicable and sufficient for the considered scenario?The properties and techniques adopted in the potential analysis and priority index calculation of internal processes are applicable and sufficient for the considered scenario.
RQ4Are the techniques adopted in priority classification of internal processes applicable and sufficient for the scenario considered?The techniques adopted in priority classification of internal processes are applicable and sufficient for the scenario considered.
RQ5Does the approach helps in the analysis and suitability verification for automation?The approach helps in the analysis and suitability verification for automation.
RQ6Does the approach helps in the potential analysis and priority classification of internal processes?The approach helps in the potential analysis and priority classification of internal processes.
RQ7Does the approach helps in the simplification of internal processes?The approach helps in the simplification of internal processes.
RQ8Can the same understanding of the results be obtained by different users after carrying out the approach?The same understanding of the results can be obtained by different users after carrying out the approach.
RQ9Does the use of blockchain technology as a support mechanism contributes to greater reliability in the management, storage and/or sharing of digital assets?The use of blockchain technology as a support mechanism contributes to greater reliability in the management, storage and/or sharing of digital assets.
Table
Table 11. Comparison before and after the use of the system (first process).
Table 11. Comparison before and after the use of the system (first process).
BeforeAfter
Quantity of requests answered (average 12 months)60 per month664 per month
Average time per request6 to 18 h1 to 5 min
Number of specialists involved3*
Table
Table 12. Comparison before and after the use of the system (second process).
Table 12. Comparison before and after the use of the system (second process).
BeforeAfter
Quantity of requests answered (average 12 months)2 to 3 per month16 per month
Average time per request15 to 20 days3 to 8 min
Number of specialists involved3*

Share and Cite

MDPI and ACS Style

Sobreira Leite, G.; Bessa Albuquerque, A.; Rogerio Pinheiro, P. Process Automation and Blockchain in Intelligence and Investigation Units: An Approach. Appl. Sci. 2020, 10, 3677. https://doi.org/10.3390/app10113677

AMA Style

Sobreira Leite G, Bessa Albuquerque A, Rogerio Pinheiro P. Process Automation and Blockchain in Intelligence and Investigation Units: An Approach. Applied Sciences. 2020; 10(11):3677. https://doi.org/10.3390/app10113677

Chicago/Turabian Style

Sobreira Leite, Gleidson, Adriano Bessa Albuquerque, and Plácido Rogerio Pinheiro. 2020. "Process Automation and Blockchain in Intelligence and Investigation Units: An Approach" Applied Sciences 10, no. 11: 3677. https://doi.org/10.3390/app10113677

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop