The critical purpose behind the forensic node is to keep a trail of behaviour on the innovative technology arrangement (ITA) as a whole. It allows qualified systems auditors to attest to the ITA’s reliability with respect to the functionality specified in the ITA’s blueprint (which, in the case of a virtual financial asset (VFA) issuer, refers to the whitepaper), and also ensures that all relevant information is stored and synchronized in real-time, including information stored on an Off-DLT Application Layer. This guarantees the continued assessment of the ITA and enables the Technical Administrator to intervene in the case of unexpected behaviour leading to material cause of loss to any user or a material breach of the relevant law. It also allows for investigations if needed at a later stage. In order to clarify and ascertain the purpose and requirements of the Forensic Node, the Malta Digital Innovation Authority (MDIA) has recently published a Guidelines document, which is overall mostly directed at ITA certification applicants and to Systems Auditors.
Notably, it is not a requisite for the Forensic Node to be a DLT (distributed ledger technology) or to reside on a DLT. This ensures that data privacy obligations are respected, as it limits the possibility of there being sensitive and/or personal information stored on the node. That being said, it must be ensured that all relevant events and data are recorded faithfully in real-time on the Forensic Node without risk of omission or corruption. Moreover, the forensic node must be tamper-proof and procedures must be in place to safeguard the Technical Administrator’s timely access to the information stored on the node.
The MDIA Guidelines also instruct that the forensic node must be wholly based in Malta in a qualified data centre. With regards to the method to be used in order to achieve the objectives of a forensic node, this must be included in the ITA Blueprint, which amongst other aspects must include:
- Clear identification of the datasets and events which will be collected and retained on the Forensic Node;
- Clear description of the existing security measures to ensure that data stored in the Forensic Node cannot be tampered with and accessed without authorisation;
- Data retention policies justifying the storage, deletion and access parameters of the Forensic Node;
- Detailed documentation of how the Forensic Node’s purpose is achieved; and
- Clear information on the physical aspects of the Forensic Node, including location of the node and the hardware used.
Given the overarching uses of a forensic node, its significance should not be underestimated. It aids to ensure that the ITA adheres to the legal criteria and standards required by the law. While some may argue that it overcomplicates issues and continues to overburden Malta’s current elaborate framework, it represents another positive step in the right direction, as it ensures that the ITA is used for legitimate objectives, in compliance with the existing necessary regulations.