The Logbook That Cannot Be Rewritten: Autonomous Vessels and the Discipline of the Signed Record

A page you could not tear out

There is an old rule of the sea that has nothing to do with the sea and everything to do with trust. The ship's logbook had to be written in ink, in sequence, at the time the thing happened, with no blank lines left to fill in later and no pages removed. A struck-through error stayed legible, with the correction beside it. The reason was not tidiness. The reason was that the logbook was evidence. When a vessel was lost, when cargo was ruined, when one ship rammed another in fog, the court did not interview the captain's memory. It read the book. The book was admissible precisely because of how it was kept: contemporaneous, ordered, and resistant to quiet revision after the fact.

I keep coming back to that object because it solved, with paper and discipline, a problem we are now pretending is brand new. The maritime world worked out three centuries ago that the value of a record is not the information it contains. It is the believability of the record as a sequence. A logbook you can rewrite the morning after a collision is worth nothing. A logbook that physically resists rewriting is worth everything. We are now putting machines in command of vessels, and we have kept the data and thrown away the discipline. That is the gap I want to walk into, because it is wider and more consequential than the industry admits, and the answer is older and plainer than the technology suggests.

What changed when the bridge emptied

An autonomous or highly automated vessel does not make fewer consequential decisions than a crewed one. It makes more, and faster, and most of them are never seen by a human at all. A collision-avoidance system decides, in the space of a few seconds, that the contact crossing from starboard is a fishing boat rather than a wave return, that the correct response is to alter course to starboard rather than slow, and that the new heading is clear. Each of those is a judgement. Each was made under the International Regulations for Preventing Collisions at Sea, the rules every mariner calls the COLREGs, by a piece of software interpreting sensor data the way a watch officer once interpreted the view from the bridge.

When a crewed ship does this, the watch officer's actions, the helm orders, the radar plots, and the times are written down. That record is imperfect and human, but it exists as an ordered account that an investigator can later reconstruct. When the bridge is empty, the account becomes whatever the system chose to log, in whatever format the manufacturer preferred, stored in whatever way was cheapest, and produced after an incident by the same company whose software is under scrutiny. We have automated the decision and quietly un-automated the accountability. The faster and more numerous the machine's judgements become, the more this matters, because there is no longer a human in the loop whose contemporaneous account can be cross-checked against the instruments.

The voyage data recorder is not enough, and never claimed to be

Maritime people will object that we already have a black box. The voyage data recorder, the VDR, captures bridge audio, radar, position, heading, and a long list of sensor channels in a protected capsule built to survive a sinking. It is a genuinely good piece of safety engineering and it has resolved many investigations. But it was designed to answer a different question. The voyage data recorder records what the ship's instruments observed. It does not record, in any verifiable way, why an autonomous decision system did what it did, what it believed the world to be at the moment it acted, or which model version and which parameters were live on the bridge at the time.

There is a second, harder problem the voyage data recorder was never built to address. A recorder protects against accident and loss. It does not protect against revision. The data inside it is trusted because we trust the operator and the seal on the capsule, not because the record proves its own integrity. For a crewed ship two decades ago that was a reasonable settlement. For a vessel where the decisive actor is a software system maintained, updated, and answered for by a commercial vendor, trusting the vendor's own recording to be complete and untouched is no longer a reasonable settlement. It is the thing under dispute. The capsule answers the question of survival. It does not answer the question of integrity, and integrity is precisely what an autonomous casualty turns on.

Why after-the-fact logging fails exactly when it matters

Consider how a modern incident actually unfolds. An automated vessel grounds in a narrow channel. Three weeks later, in a room with lawyers, the operator produces logs. The logs are clean, internally consistent, and show the system behaving correctly until an unforeseeable sensor anomaly. Maybe that is exactly true. Maybe a junior engineer, under pressure, regenerated a log file to fix a formatting bug and broke the chain of custody without meaning to. Maybe a parameter was changed after the grounding and the change date was set to before it. The point is not that operators are dishonest. The point is that the record cannot tell the difference between an honest operator and a dishonest one, because nothing about its structure resists revision.

This is the security-realist's first instinct, and it is not cynicism. It is the assumption that any record which can be quietly altered will eventually be doubted, whether or not it was altered, because doubt is free and proof is not available. A log written after the fact, or one that can be rewritten after the fact, gives an investigator no way to distinguish a faithful account from a flattering one. The mariners who wrote in ink understood this in their bones. The instrument has to make cheating expensive and visible, or it protects no one, least of all the honest operator who has nothing to hide and no way to prove it. An operator who behaved correctly and cannot demonstrate it is in almost the same position as one who did not, and that is an injustice the structure of the record imposes, not the facts of the case.

What the logbook actually guaranteed

It is worth being precise about what the old discipline bought, because the engineering answer has to reproduce those exact properties and not merely gesture at them. A well-kept logbook gave you four things. It was contemporaneous: each entry was made at the time, not reconstructed later. It was sequential: entries followed in order, so you could not insert a convenient line between two real ones without it showing. It was append-only in practice: you struck through and corrected rather than erasing, so the history of the history survived. And it was independently readable: a court, an insurer, a rival captain could all read the same book and reach the same understanding without asking the author to vouch for it.

Notice that none of those four properties is about the content. They are about the form of the record over time. A digital system can hold infinitely more content than a paper log and still fail every one of these tests, which is precisely what most autonomous systems do today. They capture oceans of telemetry and guarantee none of the four properties that made a few handwritten lines admissible in an admiralty court. We mistook volume for evidence. The sea never made that mistake. A terabyte of unsigned, rewritable telemetry is, for the purposes of proving what happened, worth less than four legible lines that nobody could have tampered with.

Translating ink into cryptography

The good news is that each of those four properties has a clean modern equivalent, and together they describe a specific kind of record rather than a vague aspiration. Contemporaneous becomes signing the entry before the action it describes is allowed to execute, so the record cannot lag the decision or be assembled afterwards. Sequential and append-only become a hash chain, where each entry carries a cryptographic fingerprint of the one before it, so that altering any past entry breaks every entry that follows and the break is detectable by anyone. Independently readable becomes verifiable offline, with a public method and open tooling, so that an investigator with an ordinary computer and no relationship to the vendor can confirm the chain without anyone's permission.

This is the design philosophy behind what we build at Mickai. Our Sovereign Intelligence Operating System (SIOS), which is built and running today, treats every action its fifty brains take the way a disciplined mate treated the log. Each action is signed before it executes, not narrated after. The signatures form an append-only, hash-chained record we call the Open Audit Record (OAR). And the Open Audit Record is verifiable in an ordinary browser, offline, with no trust placed in us as the vendor. I did not invent the requirement. The requirement is three hundred years old. We built the instrument that meets it for machines instead of mates, and we are training our own models now, fine-tuning and specialising open foundations such as Llama 3.2 and Qwen 2.5 against a sealed corpus, so the system that signs the record is one we understand all the way down.

The part most people skip: surviving the quantum horizon

A vessel built today may still be working in twenty or thirty years. A signature that is unforgeable in 2026 is not automatically unforgeable in 2040, because the mathematics that protects today's digital signatures is exactly the kind of mathematics a sufficiently capable quantum computer is expected to break. This is not science fiction in the maritime planning horizon. Governments and standards bodies are already migrating critical infrastructure to post-quantum cryptography for precisely this reason: an adversary can record signed material now and attack it later, once the hardware exists. A maritime audit trail meant to stand up in a dispute decades from now has to be signed with algorithms chosen for that horizon, not for this one.

That is why the Open Audit Record signs with a post-quantum scheme, the standard the United States National Institute of Standards and Technology (NIST) published as Federal Information Processing Standard 204 (FIPS 204), the lattice-based signature known as ML-DSA-65. The choice is deliberately boring. It is a published government standard, not a clever in-house scheme, because the whole value of an evidentiary record is that an independent party can trust the cryptography without trusting the author. An audit trail you have to take on faith is not an audit trail. It is a press release with a hash on it. Choosing a standard meant for the next several decades is not over-engineering. It is the only honest choice for a record whose entire job is to be believed long after the ship and the company that built it are gone.

Anchoring: who timestamps the timestamper?

There is one more attack the careful reader will already be circling. A hash chain proves internal consistency: you cannot alter the middle without breaking the end. But what stops an operator from discarding the entire chain and producing a fresh, equally consistent one, recomputed from scratch to tell a better story? Internal integrity is necessary and insufficient. You also need an external, independent reference point that fixes the record in time and that the operator cannot quietly rewind. Without that anchor, a perfectly valid chain proves only that someone built a consistent story, not that it is the original one.

The honest answer is to anchor the root of the audit record to something an operator cannot edit. In our architecture that role is filled by Pantheon, a sovereign Layer 1 chain that periodically commits the audit root to Bitcoin, whose own ledger is about as expensive a thing to rewrite as humanity has built. Pantheon carries a fixed supply of five billion PAN, and that part of the stack is the one component I will be plain about: the Pantheon chain is still being built, while the signing, hash-chaining, and offline verification of the Open Audit Record are live in the SIOS today. I would rather tell you which brick is still wet than imply the whole wall is finished. The principle, though, is settled: a record that timestamps itself proves nothing, and a record anchored to an independent, costly-to-rewrite reference can prove a great deal.

What this looks like on a real bridge

Strip away the cryptography and picture the workflow, because that is where adoption lives or dies. The collision-avoidance system is about to alter course. Before the rudder moves, the system writes an entry: the time, the sensor picture it believes to be true, the contacts it has classified, the COLREGs rule it is applying, the model and parameter version that is live, and the action it is about to take. That entry is signed and chained to the last one, and only then does the action execute. The order matters. The record is the precondition of the action, not its echo. A decision the system was unwilling to sign for is a decision it does not get to take.

After an incident, the investigator does not ask the operator to hand over logs and hope. They take the audit record, run open verification tooling on an ordinary machine, and confirm three things without the operator in the room: that the chain is unbroken from the anchored root to the moment in question, that no entry was inserted or altered, and that the signatures are valid under the published standard. If the operator's account matches the verified record, the operator is vindicated by mathematics rather than by reputation. If it does not match, the discrepancy is visible to everyone at once. That symmetry, protecting the honest and exposing the dishonest with the same instrument, is the entire point. It does not pick a side. It removes the room in which sides used to be argued without evidence.

The honest caveats

I will not pretend this solves everything, because a record that overpromises is its own kind of dishonesty. A signed audit trail proves what the system recorded and that the recording was not altered after the fact. It does not prove the sensors were honest at the moment of capture; a spoofed satellite position faithfully logged is still a spoofed position, and defending the sensor layer is a separate discipline. It does not prove the decision was correct, only that it was made as recorded and can be examined. And it adds real cost: signing before acting introduces latency that has to be engineered down to nothing that matters at sea, and post-quantum signatures are larger and heavier than the schemes they replace. These are solvable engineering problems, but they are problems, and anyone who tells you otherwise is selling.

There is also a governance reality bearing down on all of this. Regulators are converging on the view that high-risk automated systems must be traceable, that their decisions must be reconstructable after the fact, and that liability for autonomous harm will land somewhere whether or not the evidence exists to apportion it fairly. In Europe the high-risk obligations under the European Union (EU) Artificial Intelligence Act arrive in force in 2026, and the direction of travel for liability around artificial intelligence everywhere is toward demanding exactly the kind of record we are describing. A vessel that cannot produce a tamper-evident account of why it did what it did is not just an engineering gap. It is, increasingly, a legal and insurable exposure that someone will eventually be made to pay for, and the someone is rarely the party that chose to skip the record.

The discipline, not the device

What the sea actually teaches is that the format of accountability outlives the technology of the day. The logbook survived the shift from sail to steam, from sextant to satellite, because it was never really about ships. It was about keeping a record that an adversary, a court, or your own future self could not quietly bend. We are at the same hinge with autonomous decision-making, and we have a choice between two settlements. We can let each manufacturer keep its own private logs in its own format, trusted because we have no alternative, and relearn the cost of that the hard way after the first contested casualty. Or we can insist that a machine in command keeps its account the way a disciplined mate kept the log: contemporaneously, in sequence, append-only, and readable by anyone without the author's permission.

That is the whole of our thesis, and it is older than any of our patents. We hold 101 filed United Kingdom patent applications, about 2,234 claims, owned by Mickai LTD with myself as the named inventor, covering the substrate that makes this practical, but the idea they protect is one a sailing master would have recognised instantly. A record that can be rewritten is not a record. It is a story. The achievement of the signed, hash-chained, offline-verifiable account is to give a machine at sea something the old mariners had and the new ones quietly lost: a logbook with a page you cannot tear out. Build the ship to think for itself if you must. But make it keep a book it cannot lie in, and make that book legible to everyone but its maker. The sea has been telling us this for three hundred years. It is time we listened to it in code.