Skip to content
InTechnology Podcast

#15 – Increasing Security, Traceability & Trust With Blockchain

In the latest episode of Cyber Security Inside, Tom and Camille chat with IBM Senior Technical Staff Member, Arnaud Le Hors, about the enterprise use cases for blockchain.

They cover things like:

  • The hype of blockchain vs. the reality of blockchain
  • Where blockchain fits with supply chain tracking and transparency
  • When blockchain makes sense and when it’s overkill
  • The network necessity of blockchain
  • Balancing transparency with privacy
  • And more

Plus, Arnaud shares real world examples of how blockchain’s being used globally and across multiple industries.

Check it out.


Here are some key take-aways:

  • The food industry was an early adopter of blockchain, and uses it to improve transparency and traceability in the supply chain.
  • Blockchain makes the most sense where trust, transparency, and control/access of data is of concern.
  • Blockchain in and of itself is not a solution. It’s a technology that can be built into a solution.
  • You can have privacy settings in place with blockchain, so that you’re controlling who can access the information.
  • The data is rarely stored on the chain. What is stored is proof that the data is accurate.

Some interesting quotes from today’s episode:

  • “I kind of think of blockchain as a way to store data amongst businesses that don’t trust each other.”
  • “It’s not a single player type of technology, right? You cannot just do blockchain on your own. It doesn’t make sense. To make sense, you have to have a network of business partners who are going to use it.”
  • “The very key aspect of the system being completely decentralized allows us to have the system around the world, literally.”
  • “The blockchain itself is a way to actually store data. So it’s not just about what’s the most current or who’s the owner, but it actually keeps all the data, basically since the beginning, as soon as you start tracking, and it just never ends. It’s a present day.”
  • “And that’s something that wasn’t so clear in the early days. There was, you know, definitely proponents of the notion that everything should be stored on the actual chain. But it’s clear that we’re evolved from this now, where the chain becomes just like the universal source of truth, where you go as a backup to be able to back your assertions, your claims.”

Share on social:


Tom G: Hi, Camille, how are you doing today?
Camille M: Hey, I’m doing well.
Tom G: It is a beautiful day here in Oregon. The sun has come out for the first time in several days. Um, so what’s, uh, what’s on your mind?
Camille M: Well, I’ve been sort of thinking back a little bit. Uh, I’ve been thinking back to the days when blockchain was on the cover of all the major media stories seemed like almost every couple of weeks and we were seeing some very cool pilots. Um, of course, cryptocurrency sort of it’s the news up and down in waves, depending on how well it’s doing, but I feel like I haven’t seen that much about some of this kind of enterprise usecases or supply chain use cases recently.
Um, and I’m just wondering, was it just hype? I know it did hit the top of the hype curve with Gartner while ago or something brewing behind the scenes?

Tom G: Yeah, that’s interesting. You know, from my perspective, A couple of things happen. So first of all, it was definitely hyped. There’s no doubt about that. Um, but also about the time where it was sort of coming off the hype curve down into the, this is where real work needs to happen, that’s about the time when all this virus stuff hit, too.
So we ended up with like the industry, just being completely moved over in terms of focus, trying to get their, their company up and running and so forth in the COVID days. And so it really, really went dark. But it would be interesting to sort of dig into where are we at now with blockchain? Because it was, it was hyped as you know, it slices it dices. It does everything, but there are still real applications of blockchain for things like, uh, you know, supply-chain tracking as an example.

Camille M: I think when people were doing things before and it was sort of hitting the, the news wire, it was like, you know, the silver bullet that was going to solve everything for you. And everybody wanted to have a pilot or proof of concept or a headline showing that they could make it work. And so they did make it work. They did something, but they didn’t really address some of those kind of nitty gritty issues that would actually allow it to be deployed for real.
And, and so I’m wondering if people maybe are kind of digging into those issues right now. We’re starting to see little things like, you know, contract tracing and tracking for coronavirus type of apps coming up now since the outbreak.
Um, and some other stuff is still happening in the background, but I’m wondering what people are digging into now to kind of solve so they can go launch actual solutions on it.

Tom G: Yeah. I, you know, I think you’re pointing out something that’s important too, is when, when the technology first came out, it was, uh, one word, I guess, hyphenated word or whatever, you know, technology and everybody was buzzing about it. Oh, blockchain, blockchain, blockchain, but blockchain by itself really, Isn’t a solution.
It’s like an infrastructure play. It’s a, it’s a technology that you need to build into whatever solution, whether you’re tracking disease progression or you’re tracking supply chain or you’re doing something, you know, with your inventories or something, you know, tracking shipments across the world. Whatever it happens to be. It’s an infrastructure it’s by itself, not a solution. You have to actually build it into whatever your solution is.

Camille M: Right. Your, your news headline really can’t be blockchain it has to be what you’ve solved or what you’re addressing. It’s really just a way of structuring data. It’s. Um, it’s a kind of a database, um, it’s a kind of way to store information. It’s a kind of a way to get a consensus. So now it’s like a tool in the toolbox and we’re making all of these fine tune adjustments to that tool so that we can actually use it for something as opposed to it being the very thing that it is.
The internet! It’s a thing, so exciting. It’s going to solve all our problems. And then we kind of dive into realize, well, it can also create some problems and there’s a few things we need to think about with respect to this. And it takes us a number of years as a community before we can actually use it in a useful way and understand how we’re not to use it and where the pitfalls are and how we can benefit from it.

Tom G: Yeah. So I think this is a good topic, you know, trying to figure out where are we at with blockchain and where are the uses as an industry?

Camille M: Yeah. Not cryptocurrency, but the other side of it.

Tom G: Exactly. Exactly. That sounds like a good podcast.

Camille M: Sounds great.

Tom G: All right, let’s do it.
Our guest today is Arnaud Le Hors. He has over 25 years working on standards and open source development. He’s a senior technical staff member at IBM focused on blockchain and web open technologies. Arnaud splits his time in California, Sweden and France. So welcome to the podcast Arnaud.

Arnaud: Thank you very much. It’s a pleasure to be here.

Tom G: So I thought it would be good to maybe just spend a few minutes and, uh, briefly describe blockchain and we’ll, we’ll start there.

Arnaud: Yes. So, you know, there’s a lot that has been said about blockchain and a lot of people I’ve heard about blockchain through what we call cryptocurrencies. Like obviously, Bitcoin is kind of the father of all. There are other systems that are also popular, like Ethereum. And when we talk about blockchain, we’re talking about the blockchain for the enterprise, which is essentially a form of decentralized database, which nobody has uniquely control over.
And some people say, “uh, come on, this is not a database,” but at the end of the day, it’s just data storage system. You put data in and you get data back from there. To me, that’s a database, usually it’s not at all like a relational database, but it’s the, it’s the data storage system, right?

Tom G: I, I kind of think of blockchain as a way to store data amongst businesses that don’t trust each other. And so it’s not all the data is in one place. You distribute it. And then no one person has control over it.

Arnaud: That’s exactly right. And that’s the key box, right? I mean, there are older distributed databases that’s in itself is not new, but typically you have one entity that has full control over the system. In this case, we’re talking about a system that has decentralized control so that no single body has the full control of the data that is stored on it.

Tom G: Right, so I wonder also, if you could spend just a minute and talk about some of the work that’s related to blockchain that you’re doing at IBM.

Arnaud: Sure. So, I mean, for the last five years, I’ve been primarily focusing on Hyperledger, which is a collaborative project under the Linux foundation. And the goal of which is basically to provide a venue for the industry to develop blockchain-related technologies, again, in the context, not of cryptocurrencies, but really of the blockchain for the enterprise.

Camille M: So what kind of use cases are you seeing out of this?

Arnaud: So there are many different use cases. The finance industry really got on board very early on, especially because of the background with cryptocurrencies. But actually what I call the poster child of the blockchain for the enterprise use case is the supply chain use case.
So we have, for instance, different platforms that have already been going into production. There’s a system called the IBM Food Trust, which allows the food industry to trace products and have full transparency over the provenance of, for the products that you find in the store all the way from the farm to the shelf in the store.

Camille M: Well, I’m interested in why the food industry, you know, why that’s such a good industry for blockchain, in particular.

Arnaud: So obviously consumer as more, uh, uh, more and more sensitive is about this notion of knowing what they get in their plate. And so, uh, they want to know the provenance of the products they are buying in the store. And at the same time, there’s a very long supply chain, right, from the producer all the way to the store going through, you know, different intermediaries.
And the goal is to have full transparency over the path that each product has been going through from, again, the producer, all the way to the shelf. The industry also is interested because it gives them a way to control problems that typically happen regarding contamination in the food industry.
Today, if you have a salmonella break, they don’t know which sled is to pull out of the shells because they typically don’t know which lettuce come from, which farm. And so they can’t identify quickly which products they need to remove from the shelf. There’s a lot of waste. If we have actually transparency where we actually know which lettuce came from which farm in the shelves, we can actually have a much more controlled recall, and it’s actually beneficial to everybody.
And by the way what’s interesting is there’s a use case like this is not only of interest to a single distributor, but because what happens is when there is an outbreak as such, it’s not like people stopped buying those from one specific producer; they just stopped buying letters altogether, so it impacts the whole industry. So there’s huge motivation for the industry as a whole to get on board with this kind of system.

Tom G: Now, this is interesting. Um, Arnaud, do you have examples of the use of this technology in the technology world?

Arnaud: You know, the use case of supply chain obviously is applicable across all industries because we always have this notion of supply chain, right? There is- we are living in a global economy where people have supply chains that go across the world.
For instance, we have another platform with trade lands, which, you know, we started with a partnership with Maersk, which is a shipping company, is the world leader of shipping containers around the world. And the biggest problem is they have, actually, is not so much the keeping track of the containers themselves, but it’s actually the paperwork associated with the containers. Because every time they have to ship a container from one place in the world to another, they have to have a paper trail that collect all sorts of signatures from different parties throughout the transport of the container. And it involves different parties like, you know, of course the transporter, but the port authorities, insurance companies controls customs, uh, tax authorities, et cetera.
And so they have a lot of stamps, you know, a lot of signatures, they need to collect all the way along the way. And so that’s actually a bigger problem that can be very costly and that requires many different agents at different points to interact. And with this kind of decentralized system, it allows everybody to have access to the record that, you know, is associated with a specific shipment and to add and access to information it is needed.

Tom G: Yeah, I think that the fact that the, the blockchain itself is a way to actually store data. So it’s not just about what’s the most current or who’s the owner, but it, it actually keeps all the data basically since the beginning, as soon as you start tracking and it just never ends, it’s a present day. And so like your paperwork example, you don’t just have the most current paperwork. You’re also able to go back in time and look at all the paperwork from all the different countries and, uh, following it back to the source

Arnaud: Indeed. And that’s the, the very key aspect of the system being completely decentralized allows us to have the system around the world, literally.

Camille M: So, how are you dealing with the fact that, um, if everybody, who’s a part of the network that you’re on is storing all of the data from everybody, I imagine you have competitors within the same supply chain. So how are you dealing with the privacy or confidentiality then if everybody’s keeping the data?

Arnaud: Indeed. So that’s very good question. And, uh, that’s a difference between. public “permission-less networks,” which basically allows anybody to access the information with the system that we typically work in the cases that I just mentioned, where we actually talk about “permission networks.”
So, first of all, it’s not everybody can join the network we control access. And indeed, we actually use also some different privacy settings to limit who has access to the information. So just being on the network doesn’t necessarily mean you will have access to the data that everybody else is putting there.
And there are many different technical aspects that I don’t have time to get into now, but you know, that basically revolves around, uh, cryptography. We use encryption, we use all sorts of mechanisms, some of which are very advanced. Uh, we use system like now called “zero knowledge proof,” which, you know, it’s been in existence for a long time, but they’re now becoming practical because systems are fast enough, then we can actually make use of them. And that actually gives us a great degree of privacy, allowing us to very finely decide who gets to see what. And it does allow competitors to share the system without sharing information, they don’t want to share with their competitors.

Tom G: I know on the supply-chain side, we’ve done a few podcasts in this series around supply chain security, and there’s a great deal of interest in the technical world, uh, around providing that visibility into the, the components that go into various devices.
Uh, but one of the concerns is, is that Vendor A would be able to see what Vendor B is doing, um, you know, by accessing the blockchain. And that’s one of the biggest concerns, actually, for people is, um, can I keep my, uh, supply information secret from my competitors while still getting benefit to my customers for having it on the blockchain?

Arnaud: Yes, and this is a very valid concern and very common. And that’s why we have systems where essentially, you know, you don’t necessarily have to store the actual data on the chain. All you need to store is enough data to prove that the data you own is accurate. And so essentially, we often rely on the notion of hashing, which allows you to have, you know, a representation of a certain type of data at a given point.
And what we store on the chain that is visible by all is actually a key associated to the data, if you will, or digital signature, I should say, but not the actual data. And that’s, uh, something that, you know, wasn’t so clear in the early days there was, you know, definitely proponents of the notion that everything should be stored on the actual chain, but it’s clear that we’re evolved from this now where the chain becomes just like the universal source of truth, where you go as a backup to be able to back your assertions, your claims.
So the data is rarely actually stored on the chain. What you store is proof that the data you hold is accurate. So we use mechanisms such as, you know, we exchange the data directly between bodies and the signature of that data is stored on the, on the chain. So at any point in time, later on, you can refer back to these data and say, “yes, that’s the actual data we were holding at that time.” And you can verify the digital signature by going to the chain, find a transaction that holds this signature to match it.

Tom G: And you mentioned a few minutes ago, you mentioned Hyperledger. Can you just describe how that’s related or different than blockchain in general?

Arnaud: Hyperledger is really a consortium, right? It’s not a specific technology. It’s again, a consortium of industry players and it’s open to everybody to participate. You don’t even have to pay anything to participate. And it basically hosts a whole set of different projects that people are interested in to, in developing an open source blockchain-related technologies. So there are now I think, 16 different projects that focus on different aspects. There are different frameworks. There are libraries, activities, tools.

Camille M: Can you explain why open source is so important in your view when it comes to blockchain?

Arnaud: Yeah. So I have a long history with open source. I’m usually, you know, generally speaking an advocate of open source, but in this case it makes especially sense because a proprietary solution is not going to be very, uh, I was going to be very difficult to get broad adoption over.
Uh, people want to be able to trust the system because, as Tom was saying earlier, you basically in this system where nobody trusted each other completely, you’re working with potentially competitors. And so you need to be able to look under the hood and be able to make sure that the system you can trust. From that point of view is better to have a full access to the source code. Even if you don’t, you have actually the possibility of doing it.
And also it facilitated adoption because it removes the barrier to entry. Because it’s a network, a technology, it’s not a single player type of technology, right? You cannot just do blockchain on your own. It doesn’t make sense. To make sense, you have to have a network of business partners who are going to use.
And, you know, as a fact Hyperledger Fabric, which is the blockchain framework that I began started in Hyperledger, in open source, in now and is one of the most advanced most popular, uh, framework within Hyperledger, is hosted by many different cloud providers. All the major cloud providers, support Fabric, which makes it much easier for companies to adopt it and be able to connect with one another.

Camille M: It seems like one of the most important decisions or gauges you need to make when you’re going to start a blockchain is how much trust does my network or my ecosystem have with each other .If we fully trust each other, we may as well just go centralized and not bother with the blockchain. If we don’t trust each other at all, you know, we need blockchain on the far left column. And if we trust each other a whole lot, but there’s still some value to the blockchain, then we’re on the far right column.
Does Hyperledger or do other blockchains that are out there available for building on offer kind of different options based on the type of network that you’re building?

Arnaud: Yes, absolutely. And you’re absolutely right in your premise because indeed it’s not a black and white issue. At the end of the day there are many different possible situations and you’re right. If you’re willing to trust a single entity to hold the keys, basically to the system and then you don’t need blockchain, that’s pretty clear.
At the same time, we often work in the environment where we’re in the business network, where entities know each other. So they are identified. If you compare that to Bitcoin, when you can exchange with others, but you don’t necessarily know who they are, right? And there is actually no way for you to identify who they really are. You just send money to some address. We more often working again, permission network where the parties are identified, and so there is already a certain level of trust in that. And then, you know, just because we control access, it also means that there are other means of remediation if there’s a bad player in the system.
In a public network the system has to protect itself against everybody because anybody is potentially an adversary. In a business network, typically that doesn’t happen. And again, this time, you know who they are. So first of all, you control access. You can revoke their access, get them out of the network. But on top of it because you know who they are, you can always go to court and sue them if you really need because you typically have a legal contract behind these interactions that go beyond the system we are talking about.
And so you’re right. That’s why we have different frameworks within Hyperledger itself. There are different use cases that, um, or different frameworks that are better fitted to different scenarios and that’s why we don’t have a one solution fits all. There are many different solutions that are being proposed. And even each solution typically has many different types of configurations you can use to fine tune to your use case.

Tom G: So Arnaud, I feel like we’re just getting, going on this one, but it’s such a, such an interesting topic. And I’d like to thank you for spending the time with us to get us at least introduced to blockchain and Hyperledger, because I know so much is being written about it.

Tom: Um, as part of our podcast, we also like to do something fun about, uh, what have you learned? You know, something you’ve learned recently that you think might be interesting for our listeners to also learn from you. Uh, so do you have anything in mind that you’d like to share with our listeners?

Arnaud: Well, I don’t know if I have something recently, that’s the thing, but there’s one that I wanted to share, if I may, and it goes actually it’s not recent at all because it dates from the 1990. This is when I actually, I was a research engineer at the time. And, um, I kind of fell into the open source space before even the term “open source” was coined because, you know, I was doing, I was doing this in a public research in France where everything you do basically is public domain.
And so I wrote a piece of code that is still in use today. And the fascinating part of it is, because it was open source, I haven’t touched this code in many years. But it is out there and the community has kept it up to date; they have fixed some security bugs. Uh, that is to say (laughs) back in the nineties, we didn’t worry so much about security issues. And then, you know, later on people discovered problems and they were keen on fixing them because they were using the code.
If you use an Ubuntu desktop, they actually use it. There’s this piece of code lying on it. And to me, this really shows the power of open source–that basically 30 years later, you can add a piece of code like this that has gone way beyond the original interest of the author that is still being maintained by the community at large.

Tom G: Yeah. It’s kind of a, it’s kind of like you had, uh, almost like a child now. Your child is what? 1990. So it’s like 30 years old. You got a 30 year-old child it’s grown up. It’s gone into the world. That’s cool. That’s great!

Arnaud: And I have to say I had lost track of it for a long time, you know? And then at some point I had a machine I installed Ubuntu on it–it’s a library for the Linux window system, which runs on Ubuntu. And I was like, “Oh, I wonder if there’s still this piece of code around?” And you know, it’s just a library of who shoot thousands thousand lines of code. It’s nothing like extraordinary, but it served a purpose and still around, which I thought was quite amazing.

Tom G: That’s great. How about you, Camille, anything interesting you want to share?

Camille M: Well, I’m going to stick in this vein of open source, though it’s a bit different. Um, in researching, you know, what kind of family adventure can occur in the time of COVID to get away a little bit, um, maybe experience nature, I have discovered that most of the Bureau of Land Management and state forests in America are open to camping, even though all the campgrounds are closed. They offer something called “dispersed camping.”
So as long as you’re not near other people, you can get a permit, uh, for very little money or even for free and just go camp in any of the public lands in the United States.
Tom G: Wow. So you’re talking about like real dry camping. You’re not, there’s not the hookup with cable and sewer and everything else.

Camille M: Yeah. There wouldn’t be a hookup. However, you can have, uh, a fire in most of the forests in the wintertime.

Tom G: Nice. That’s kind of cool,

Arnaud: You know, in Sweden you can actually camp on somebody’s property. I mean, there are limits obviously, but you know, they have a very different take than Americans have on property. And if somebody has a very large property and you just walk, you know, you can actually cross their property and you can even camp them overnight, you know? And it’s legal. (laughs)

Tom G: Yeah. (laughs) That’s very different here. Um, So, uh, I’m going to stick with sort of a travel theme with what you said, Camille, and maybe, uh, listeners I’ve heard this before, but I found it fascinating. So in the spirit of COVID and we all want to just get out and start seeing the world again, we go to Easter Island and those iconic faces that are in the dirt there. Did you know that archeologists actually found that there are full torsos that are buried in the dirt below those heads? They’re like 30 feet tall. It’s not just the faces that you know about. There’s an entire body down below the dirt. I didn’t know that I thought it was pretty fascinating.

Camille M: I heard that under one of them, there’s a, some sort of a molecule or, or, um, metal or rock or some mineral that doesn’t exist anywhere else on earth. But I have yet to look into

Arnaud: Is that for real? (laughs)

Tom G: it, that sounds like X-Files or something. Nice. All right. Well, Hey, we will, uh, we’ll end it there on the mysteries of Easter Island, but Arnaud, I just want to thank you again for spending time with us today and talking about blockchain. I thought it was fascinating topic.

Arnaud: Well, thank you very much. Again, it was a pleasure to be here with you.

More From