The Transparency Project, launched jointly with the Inter-American Development Bank and the Office of the Inspector General of Colombia last year, aimed to develop a blockchain-based software proof-of-concept (PoC) for public procurement (based on the public Ethereum blockchain network) to be tested in a procurement action of the Programa de Alimentación Escolar, the public-school meal programme for the children in need, in Colombia in 2020.
The goal of the project was to identify the value and constraints of blockchain technology for countering corruption in public procurement, also depending on the selected blockchain protocol, permissioned or permissionless. In addition, the report puts forward general suggestions on how to improve anti-corruption measures in public procurement and engage civil society in monitoring corruption risks arising in the course of procurement procedures.
The authors of the report identify four key stages of the public procurement process (planning, bidding, bid evaluation, and implementation and monitoring) and specify that the project was focused only on the second and third stages (tendering and the evaluation of bids of potential suppliers).
The project implies the use of the software PoC to counter manifestations of corruption through five specific channels:
- Permanent and tamper-evident record-keeping;
- Real-time procedural transparency and auditability;
- Automated functionalities with “smart contracts” ;
- Reduced reliance on the discretionary decision-making of centralized parties and authorities;
- Enhanced citizen engagement.
The selection and assessment of bids with the use of the software PoC consist of 13 steps (taking into account the peculiarities of the procurement process in Colombia):
1) Vendor registration to compete for tenders: each potential bidder generates a unique address (denoted as the “vendor ID”), which is used along with a unique identifier from the specific tender process, to generate a pseudonymous one-time address from which the vendor will submit anonymously their bid to the specific tender auction (denoted as the “hidden ID”);
2) Initial tender offer published: the tenderer publishes the draft tender offer; a new smart contract for the draft tender offer is created and is subsequently stored in a distributed file storage system compatible with the blockchain network (e.g. IPFS); the draft includes the full terms and conditions of the tender, as well as the evaluation criteria and the “price benchmark”, which the authors suggest keeping private until a certain moment in order to not compromise competitive bidding;
3) Public comment period for the tender offer: the public and prospective vendors submit their comments on the tenderer’s documents, ask questions and raise concerns about certain conditions of the tender offer. Public comments are submitted to a hash function; the tenderer makes necessary modifications; if there is potentially suspicious activity (e.g. the tenderer hiding adjustments through last-minute changes), it is marked by an automatic “red flag”.
4) Final tender offer published: the tenderer creates a second tender offer, modified according to the results of the previous step; a new smart contract is generated for it; a hash of the document is also published onto the smart contract; the tender offer cannot be modified after publication;
5) Provision for tender withdrawal, cancellation or restart: at this point the tenderer can withdraw the tender offer and restart the process, withdraw the tender and conduct a direct contract, or cancel the auction completely; all cases require the tenderer to put the rationale in the system;
6) Bidding period begins: vendors submit their encrypted bid offers with hidden IDs; at this point no parties other that the vendor can see bid information; each set of bid documents is stored in the decentralized file storage system and a hash of each bid offer document is also stored within its corresponding bid offer smart contract. This hash output can be used to verify against potential bid manipulation;
7) Bidding period closes: the bidding period is automatically closed according to the schedule programmed in the final tender offer; after that no bids are accepted;
8) Tenderer downloads bids of registered vendors: the tenderer automatically asks vendors to reveal their bid offers by requesting them to publish their hidden ID private keys, which can be used to decrypt their bid offers; only bid offers from vendors whose connection between their hidden and vendor IDs is proven are automatically decrypted and published;
9) Preliminary tender evaluation: the software automatically evaluates bid offers to meet minimal evaluation criteria; qualifying bids that will proceed to the next evaluation phase are recorded in the tender offer smart contract; results are automatically published for scrutiny;
10) Public comment period: public comments are received and submitted to a hash function with output recorded on a smart contract; if relevant, bids and tender offer can be evaluated against the hash to verify against changes after bid submission or tender offer publication;
11) Tender evaluation: the tenderer proceeds to evaluate either manually or automatically all qualifying bids and assigns scores to relevant sections in each bid; scores are automatically summed and the system produces the recommended winner; if the winner is different than the recommended winner, the system generates an automatic red flag; the tender evaluation, scoring and decision are published for scrutiny;
12) Public comment on the final evaluation of bids: public comments are received and submitted to a hash function with output recorded on the smart contract; the tenderer integrates any changes after the public comment period and publishes the final scoring, decisions and winner results;
13) Final winner decision is published: all process records remain permanent and tamper-proof for public scrutiny via blockchain-based record-keeping; records are also backed up in the centralized database.
In the outcome of the project the capabilities and limitations of the permissioned and permissionless blockchain network configurations were detected. In particular, the WEF highlights that despite a number of important advantages – in the first place, a high degree of network stability and security due to decentralization and public control over all steps of tendering process with open access to data – it has several distinct disadvantages:
- lower transaction scalability (a limited number of transactions processed per second);
- transaction fees;
- difficulties in securing vendors’ anonymity (vendors may need to pay a traceable transaction fee when submitting their bid);
- use of cryptocurrency (which may be problematic in a certain legal environment and requires further professional preparation of those who participate in procurement);
- spamming and draining attacks;
- energy consumption necessary for making the system work;
- complexity of management/adjustment/update of the system.
The use of a permissioned blockchain configuration makes it possible to solve these problems, because:
- it does not require the use of transaction fees (therefore, there are no problems of anonymity, additional costs, spamming attacks, need to train vendors and tenderers on cryptocurrency use and its adaptation to the local legal system);
- it can allow for higher transaction thoughtput;
- the system, being centralized, can implement software fixes, upgrades or governance decisions much more easily (e.g. in the event of a threat or unforeseen activity).
The main limitation of the permissioned protocol is weaker security and integrity, which automatically entails higher corruption risks.
Therefore, as an alternative, the authors of the report suggest using “hybrid” blockchain networks, which employ the advantages of both permissionless and permissioned base-layer blockchain protocols.
On the outcome of this work, along with the report the model Request for Proposal was published. It provides examples of functional specifications to be employed by the bodies seeking to design a blockchain-based e-procurement system. Besides that, the WEF prepared a Supplementary Research Report which provides recommendations on selecting the indicators to evaluate the anti-corruption efficacy of a blockchain-based procurement system, background information related to the Colombian public school meal programme and the national regulatory framework for the use of cryptocurrency, anti-procurement-corruption laws and regulations and additional use cases for blockchain in public sector anti-corruption advocated by international organisations, and information on leading publications for a deeper understanding of this topic.
In spite of the fact that the use of blockchain technology in public procurement has been subject to careful scrutiny of international organisations and public bodies more that once (see, for example, the findings of the Asian Development Bank, the Korea Power Exchange, and one of Seoul’s administrative districts), the WEF project is the first to “take a multidimensional approach to blockchain experimentation for corruption”.
At the same time, the first version of the software was initially designed to minimize a limited number of corruption practices inherent in public procurement: as it has already been highlighted, the project covers, in particular, only the submission and assessment of bids; and, as shown, the software makes it possible to analyse the data only within a certain procurement process without taking into account the information on previous procurement procedures.
The report also lists additional areas of expansion of blockchain technology that could be pursued in a second-generation project, including:
- direct contract monitoring;
- past vendor- and contract-performance tracking under current procurement procedures;
- advanced fraud detection and analytics of past tender auctions that would make it possible to detect, in particular, such corruption practices as systematic win of certain vendors;
- tracking the payments made to vendors after the contract is awarded and when the vendor is implementing the contract, along with the payments made to subcontractors, etc.
Consequently, the use of blockchain technology in procurement, as it is suggested by the WEF, may help prevent only some of the many undue practices (in Russian). Moreover, most corruption practices which the authors suggest countering through the use of blockchain, such as the lack of transparency at all stages of procurement or the risk of change of procurement documents in favour of a certain vendor, can be eliminated without blockchain systems, by improving “conventional” digital procurement platforms. In addition, as the authors themselves admit, some corruption practices cannot be prevented only through the use of technological solutions: these are bid-rigging schemes agreed upon by vendors among themselves and/or with the tenderer and bribery outside procurement system (i.e. without the use of the means received by the vendor for the implementation of the contract). Perhaps, the blockchain technologies have a stronger potential to be used in the contractual payments (between the client and the provider, as well as between the provider and the co-providers), which would make it hypothetically possible to counter corruption practices related to undue advance payments and subcontracting. However, this issue needs further research and serious consideration, particularly when it implies the use of cryptocurrencies both in legal and technical terms.
Blockchain, in general terms, is a continuing chain of blocks of information where every block contains data about a completed transaction and all those preceding it. Therefore, all blocks are interconnected and a change of one of them is impossible without the change of the others. The copies of the whole database of transactions are simultaneously kept in a multitude of autonomous computers, which makes it difficult to make outside changes or carry out cyberattacks. The technology was initially used to ensure the functioning of cryptocurrencies, whereas at present the field of its application has substantially widened and includes such areas as cybersecurity, banks’ financial sector operations, and registration of land title by public entities.
“Smart contract” is a computer programme or a transaction protocol which is intended to automatically execute the conditions of a contract concluded by the parties to a transaction with the use of electronic signatures. It cannot be used independently and is applicable only in a certain environment, generally, within a blockchain system.
Hash or hash function is a special mathematical algorithm that maps data of arbitrary size to a bit array of a fixed size. It is applied to control the integrity of information: the hash value (checksum) is calculated for a certain set of data and subsequently stored; then after a while the calculation is repeated and if the result differs from the initial one, it means that the data have been previously modified.