The United Kingdom Accreditation Service (UKAS) has announced it is launching new certificates of accreditation which will include blockchain-backed verification capability through the use of a QR code appearing on both printed or electronic versions of the certificates.
Little else is known of the initiative, but some assumptions can be made. Presumably the QR code will — if scanned or captured by a cell phone camera — take the user to an official UKAS website entry confirming that the certificate is valid. This database is likely a blockchain, and not a traditional database, presumably to ensure accurate and valid results.
Blockchains are a different form of database in which each transaction — such as entering, updating or deleting data — is permanently captured, and which theoretically prevents corruption or manipulation of the data. In reality, this “immutability” of blockchain data depends entirely on how UKAS set up the blockchain itself, who has access keys, and what other controls are in place, all of which is information UKAS is unlikely to reveal.
Blockchains are supposed to be transparent, with all transactions roughly visible to anyone who wants to view them, but private blockchains — such as that created by UKAS — are not required to have this level of transparency.
If successful, it would largely cripple the practice by bad actors from publishing fake UKAS certificates while falsely claiming accreditation. It would also prevent companies from re-using certificates issued to one company or division and suggesting they apply to a different company or division.
The use of QR codes is unwieldy, however, as they require someone to scan the code using a cell phone equipped with special software in order to access the link beneath it. For a supply chain manager to verify a QR code of an image of a UKAS certificate, the manager would have to take a cellphone photo of their computer monitor, obtain the result on their cell phone, then mail that result back to themselves to their computer. Few people are likely to go through this effort, meaning usage of the system is expected to be poor.
The move won’t likely improve UKAS’ willingness to allow its CBs to abuse its logo, either. The company Hoerbiger was caught using a photoshopped certificate issued to one division, which it altered to indicate it applied to a different division, in order to bid on a lucrative oil contract. The registrar LRQA then rewarded Hoerbiger with a valid certificate in exchange for a three-year contract, which prompted complaints. LRQA, along with UKAS and the IAF, all ruled that no violations had occurred. LRQA pays UKAS accreditation fees, creating a conflict of interest.
Under the new UKAS scheme, such scams would be easier to identify, but would be largely useless if UKAS maintains a position that it won’t prosecute invalid uses of its certificates or logos by its certification bodies or their clients.
UKAS’ announcement claims the new certificates will go into effect on December 9th, 2019.