In a time when everything said, whether factual, fake, or AI-created, may be recorded and posted on the internet, it’s more important than ever to ensure that what was recorded accurately represents a point in time.
When someone claims you said, “I was Smoking on a flight, watching Star Wars, the best special effects movie of all time,” was that a false claim? Did they include the date and the context? As humans, our knowledge of a “thing” often evolves over time as we learn new information or have more context. We append new information, such as new facts, and amend a position because of the new facts.
In this article, I’ll explore a few historical, real-world scenarios where time-shifted knowledge yielded different opinions about what decisions were, could, or should have been made. I’ll also explore the importance of recording information, including the appending and amending of information over time on immutable ledgers, such as an IETF SCITT-based implementation by DataTrails, ensuring what is said about a thing is accurately recorded.
Knowledge At the Moment
For as long as records have been kept, humans have adapted their opinions based on the knowledge they have at the moment.
A persons views that don’t evolve as thier knowledge and perspectives grow, is not very evolved.
How can our digital worlds reflect the ability to append new information from multiple sources and amend a perspective while accurately recording when the information and decisions were known and made?
Great Movies for Their Time
Based on your generation, you likely have a different set of movies you thought were awesome at the time but may not hold up to today’s standards or cultural norms. The original Star Wars movie’s special effects were quite impressive for 1977 – 47 years ago – wow. Watching Star Wars today, it would be hard to say how amazing the effects are compared to today’s special effects, such as Dune Part 2 (2024).
The context of the time is required to ensure the credibility of the opinion.
Then, consider cultural references, such as one of my favorite cult classics, Re-Animator (1984). There’s a scene where Dr. Hill carries his own decapitated head, and when startled from behind, rather than turn around, he spins his head in his hands. While I still laugh at this specific visual, I recently re-watched it with my wife, forgetting the scene setting that is not as culturally appropriate to today’s standards. Saturday Night Fever (1977) and Animal House (1978) have similar scenes that would not fare well today.
Our opinions evolve over time, and what may seem like “the norm” for that time changes as we evolve. Quoting “a great movie” without associating a time with it could convey the wrong impression. Imagine producing Tropic Thunder (2008) in today’s cultural climate. Although The Fifth Element (1997) still holds its own, in my opinion. Which brings in the aspect of who said something, not just when.
Where Are the Smoking Rows?
In today’s world, we wouldn’t even consider asking about smoking on an airplane or any public transit. However, it wasn’t that long ago when the majority of the population smoked, and it was only a question of which rows were smoking rows.
The decision to prohibit smoking on public transit was based on appended information about the health risks of smoking. For a long time, smoking was still allowed, even while information was gathered. Only after decades of studies and advertising campaigns that persuaded public opinion were laws changed and the rules amended to limit and eventually prohibit smoking in public places. As the no-smoking laws rolled out, it was confusing which airlines, buses, trains, and restaurants across various cities banned smoking,
Facts, opinions, amended rules, and our expectations evolved over time.
Asbestos – The Standard for Fire Protection
In the article Roles and Responsibilities of Signing, SBoMs, and Security Scanners, I discussed the evolution of Asbestos, which was the best way to protect against heat and fire. In the 1930s, Asbestos suits were a standard issue for firefighters, protecting them from heat and fire. Between the 1950s and into the 1980s, Asbestos curtains were the standard for theaters to protect their patrons from theater lighting causing a fire. The curtains were boldly advertised as made with Asbestos, which required the lowering and raising the curtain to comfort attendees in case of a fire.
If you’ve only experienced LED lights, you couldn’t imagine how hot theater lights could get.
At the time, building codes and safety standards required Asbestos to protect consumers. Companies sued for using Asbestos fibers must prove they were following the required standards and didn’t know its risk. This flipped, requiring companies to state they either do not have Asbestos or they have plans to remediate its existence. Recording precisely when information about each installation and product was known enables continued safety and mitigation.
Over time, as new (amended) facts were recorded, we learned that you may survive the fire only to die from cancer. With appended facts, the use of Asbestos was amended. Today, Asbestos Suits refer to protective clothing used to remediate Asbestos fibers from older buildings. The reference to Asbestos Suits completely changed its meaning based on the context and date.
Asbestos remediation is a great example of the fact that every risk may not be practical to immediately remediate, and a recorded plan is more practical and safer.
Construction & Safety Standards, Applied Based on Criteria
If you’ve toured Edinburgh, Scotland, you’ve likely heard of the plumbing standards in the 1600s. The standard involved yelling GardyLoo as the residents of the tightly packed city emptied their “soiled” buckets from multi-story windows onto the streets, which eventually washed into the river. Emptying the buckets was allowed only after 10 pm and yelling GardyLoo. GardyLoo was “the standard,” which continued into the 1930s when indoor toilets became the standard.
Locals say the term “shitfaced” came from those leaving the bar after 10 pm, being so drunk to look up when they heard yells. Only to quickly get a “dose of reality.” It may not be a great immutable ledger reference, but it is a good example of evolving standards based on knowledge and experience. Perhaps Alexander Cumming, the inventor of the S Trap in a toilet, was so motivated on his way home one evening. It’s also worth noting that the Greeks had better systems dating back to 500 BC; clearly, it was a bit of time-shifted knowledge that wasn’t conveyed or applied.
Construction and Safety Standards are another great example of associating a compliance statement with a particular time. Similar to asbestos remediation requirements, holding all historic implementations to “current” standards is impractical. A building constructed in 1970 is not expected to adhere to the same new construction standards.
The permitting process is a great example of immutable ledgers. A building is approved to move forward based on the standards at the time. A new standard, even if it becomes a new requirement after construction has begun, may not be required to be applied to the completion of the approved phase of the project.
However, another portion of the same project, which begins just six months later, might be held to the newer standard. Proving which portion of the project was started when and to which standard provides stability to a constantly evolving ecosystem and the sanity of those involved in construction.
Supply Chain Tracking
Consider airlines, where every accident is diligently reviewed for its cause. The NTSB Aviation Accident Occurrence Categories document starts with 4 pages of noted revisions and 36 categories. Every detail is captured, and mitigation is applied going forward. When the risk is catastrophic, such as the Aloha Airlines Flight 243, the specific model and version of an airframe or part could ground all impacted flights until the incident is understood and a solution is implemented. While the Aloha Flight 243 was found to be a maintenance issue for the specific plane, it took 20 months for the Boeing 737 Max to resume commercial flight status after it was found to be a design flaw.
When the risk is rated lower impact, the inspection may be deferred until scheduled maintenance. Tracking which parts are currently installed on every airline and who did the inspection and maintenance enables evolving safety standards.
Why Did You Deploy the Vulnerable Software
One of the classic cases is the liability for deploying vulnerable software. These range from the highly visible Solar Winds, Log4j, or smaller impactful cases like left-pad to the most recent Crowdstrike incident. A security person or people could be held accountable for intentionally deploying a known vulnerability. However, when was the vulnerability public knowledge? In some of the above cases, there was a time window of days to months where deploying a specific version was considered the standard security practice. Some businesses were required to deploy Solar Winds or Log4j to maintain security and visibility in the operation of the system.
CrowdStrike was more nuanced as it was a faulty signature file deployed, and the CrowdStrike product didn’t have ringed deployments, enabling customers to test the potential impact. The “standard” requires staying current, with the most current version of the software or packages. Ironically, it was applying the most current version that triggered the above incidents and most other security exploits as well. Tracking what tests were validated, for which scenarios, and tested in which ringed environments would have provided more insight, and risk mitigation.
As a contrived scenario, on November 12, 2020, Jane Fictitious deployed the Solar Winds Orion product to the ACME Rockets production systems. As the Solar Winds exploits became common knowledge, Jane was asked why she approved the deployment, making the launch control production systems vulnerable. All the current security scanners block the deployment of versions less than 2020.2.1 HF of the Orion platform. For Jane to have approved Orion version 2020.2, she must have bypassed the security measures and should be prosecuted.
However, this is a perfect example that at the time Jane Fictitious approved the deployment (November 12, @ 04:02), version 2020.2 was the known stable and secure version, and the security scanners would no longer allow the older version 2019.4.2. Which, according to the Solar Winds FAQ, was the secured version. Had Jane not “kept current,” ACME Rockets would not have been impacted. Because Jane could prove she deployed version 2020.2 as the known standard, she was not liable.
Consent and Revocation of Consent for Use (vCons)
The above historical examples demonstrate how information is recorded, and decisions are made over time. Another example involves recording consent and subsequently revoking consent for specific use.
Have you ever thought about the consent you approve for a support call being recorded for “training purposes”? If you don’t provide consent, are you expected to hang up without a means to a resolution? For companies to manage their inbound calls from outsourced customer services specialists or their outbound sales calls to ensure they’re working toward their company standards, conversations are recorded, transcribed, and processed for summary reporting and actionable tracking.
Companies are expanding these scenarios to better understand and help their customers through sentiment, specific needs, and deliverables. Sales calls are recorded and transcribed with the customer’s consent. If there was content or other related materials related to the call, the attachments are bundled into a Virtual Conversation (vCon) and recorded on a SCITT ledger, assuring what was agreed upon at a point in time. A link to the conversation, transcription, and attachments can be sent to the customer, allowing them to review the information and determine the next steps.
Consider the auto sale scenario where a consumer seeks a specific year, make, model, color, and options. Companies like Strolid enable the call to be transcribed and shared with multiple dealerships to find a vehicle. The consumer consents to their information being used for sales purposes and processed by AI systems. However, when the sale is satisfied through a dealer in the network or the consumer finds it elsewhere, they wish to revoke their consent for the use of this specific call for the purposes of sales. They wish to opt out.
For all the spam calls you’ve received, you’ve likely said (a version of), “Please don’t call again and take me off your list.” Do you know which list, and if they’re actually removing you from “the list”? Can you prove you revoked your permission to use your information for a specific scenario?
Using vCon and SCITT, both standards developed under the IETF, companies can interoperate across transcriptions, consent, and CRM systems to enable these verifiable workflows. Rather than leaving “trust in the caller” to act upon your requests, consumers will have proof of what they said, when they said it, and for what purpose.
Further, if customers find errors in their transcription, they have the opportunity to amend or append information for accuracy.
That’s a wrap. In a future blog post, I’ll explore the Life of a vCon and show how SCITT enables vCon consent workflows.
For more info on SCITT and vCons:
