Smart Questioning - Implementing Flexible Transparency Across Supply Chains (Part 2)
Written by Pietro Pasotti
Modern supply chains are trapped between two poles. On one side, consumers request more and more transparency in supply chains as a means of holding supply chain actors responsible for their actions. On the other, companies see transparency as a risk to their competitive advantage and therefore oppose it. We are not going to pick a side. We are not therefore building a tool that favours either one, we treat this as an open debate that still needs room to settle and evolve, and we seek precisely to provide that room.
As we explained in an earlier article, we believe that the concept of Flexible transparency is what we need. Flexible transparency is a state in which both sides engage in a dynamic negotiation of what information they need and are willing to provide. The resulting equilibrium is not foreseeable, and while it makes for an interesting subject of speculation, the topic of this article is: how do we provide the right tools for the job. In other words, how do we empower supply chains and consumers to be flexibly transparent with each other and negotiate how exactly this flexible line needs to be drawn?
Look at the electronic device you are using to read this article. It was manufactured by, lets say, George Lucas. Suppose that you want the guarantee that no baby seal was hurt by anyone involved in the manufacturing process -- because you do not want to give your honestly earned money to that kind of people. How would you go about trying to obtain said guarantee? Well, you may think of asking George. He might just reply: “Sure, I mean, this product is totally baby-seal-violence-free”.
But what if you do not trust George and want to validate his statement? Assume that George knows the exact, full history of the product and its parts. By performing internal audits, he knows with certainty that no manufacturer ever in touch with this particular product ever hurt a baby seal. George may agree to share the outcome of the audits: that is, a pile of certificates, and that would be a good start.
However, we see that real-world supply chains are so complex (especially with electronic products) that in some cases George may simply have no idea. Let us introduce here a picture that will guide us through the article: that of the supply chain of some product as a chain of rectangles connected by dotted black arrows.
A supply chain of a product is here broadly construed to include any party that ever comes in contact with it, and that includes its production, delivery, consumption and recycling. Therefore, a rectangle represents a company, a person or entity involved with the supply chain of some product. We know what goes in this rectangles, where it comes from, what goes out and where it goes to, and at times we may also be interested in some high-level properties of how the ins are turned into outs; such as whether any baby seals were hurt to achieve that transformation.
The low-level details of the manufacturing process, as well as some of the low-level details of the ins and outs, are to remain secret because that is part of what constitutes George’s competitive edge. George is in fact one of these rectangles. The others are the parties in his supply chain. The dotted arrows represent supplier-client relationships.
George, like many other supply chain actors, knows who his suppliers are but not who his suppliers’ suppliers are (tier 2 suppliers). In general, the further along the chain he goes, the less information he has access to, and the lower its reliability is. So George may prompt his suppliers to provide to all those interested customers certain guarantees regarding their activities, for example that no baby seal was hurt. George’s tier 1 suppliers are then going to do the same to their tier 1 suppliers (tier 2 for George), and so on. Suppose now that some of these parties can in fact provide such guarantee; namely they already have audit frameworks in place that produce certifications that they are willing to share. They are then going to send those to George, and tell him: do with them what you wish.
However, suppose that George is jealous about his suppliers: he is afraid that if it were to become public knowledge who they are, competitors might take advantage of that knowledge and damage his business. Then, in short: George does something with blockchain and everyone is happy.
Now for the long version.
A high-level breakdown of a communication barrier
Some people want information, while others want to share some, but not all of the information they have. In a nutshell, the problem is that information often comes in bundles, and normally one cannot avoid sharing or learning more than what is really needed and desirable to share or learn. There is such a thing as “too much information”.
For example, suppose that George wants to prove beyond reasonable doubt to you, a customer, that all of his suppliers have a baby seal violence-free certification. He could simply package up all the paperwork from his suppliers, including certifications and the receipts that show that indeed, they are in a supplier-client relationship, and send them to you. But that is too much information, partly because you really do not care about all that paper, you just want to know that they have a certification, you do not really want to have a copy of it. More importantly, because the certificates often contain the name, street address and other details that would expose George’s whole supply chain. And George is not going to let that happen. George, in other words, needs to share precisely what he means to. But only wizards can do that. Fortunately there is a magic software trick that does just that, and that is what we make.
Furthermore, as we are determined not to trust George, and George is determined not to trust his suppliers, all these information exchanges need to be securely logged so that nobody in the future can have any doubt that they have happened: George wants to be able, in the future, to hold up in front of a court that he did his due diligence in obtaining the certifications, and his suppliers want to do the same with respect to sending them. For example George will not be able to lie and claim that he received a certification from someone while he did not. Fortunately there is a software trick to log every information exchange in such a way that it cannot be changed by anyone, ever, and that it can be accessed by everyone who has the right access credentials, just like that, forever.
And mathemagically it works
George knows what you may ask about the products he manufactures, and he already knows what he is going to reply to all of your questions, if at all. He chooses then to answer these questions in advance, and attach the question-answer pairs to the product itself (think FAQ). You, upon purchasing the product, also gain access to this information packet and can query it as if it were an answer machine -- or a database.
The information that George can attach to his product is virtually boundless. He can add a user manual, information about the recycled materials content in the chassis, but, why not, an infographic about beer consumption across the world and cuddly cat pictures. Some information he is forced by law to disclose, some other he can disclose because it provides an economic return, some other because he feels like doing more than what he is required to. Either way, this digital information can be attached to products by using machine-readable codes that can be glued or engraved onto physical objects.
Symmetrically, the information that one can request regarding a product is also virtually boundless. So you can ask whether the machine is baby-seal-cruelty-free certified by this or that organisation, or whether it has more or less than 4GB of memory, or whether it contains at least 5mg of mercury, but also, why not, whether the product has ever been touched by a man called Tommy, or whether it is very effective in confusing cats.
These two ends, the demand and supply of information concerning products, must meet. Just like George can add information that nobody requested, you can ask to obtain access to information that George did not disclose of his own initiative. Of course, George remains free to not oblige, unless the law says otherwise.
On the difficulty of magic
Let us complicate the picture a little bit. George, as mentioned earlier, has less information about the products he buys and sells the further away he goes up or down his supply chain. So, while he may very well know what logo is on the chassis of the electronic device in your hands, because it is his logo, he may not know what the logic circuit printed on the back of that tiny flash memory you can only see if you hack the device apart and put it under a microscope. He may not know, because he purchased the whole board from some lady in Alaska who bought it from someone in Cambodia who in turn bought the pieces from Canada and Malta and Mozambique and so on… but George has trouble obtaining information from the Alaska lady already, and it only gets worse. Also, as mentioned earlier, George wants all these people to remain anonymous.
What George needs then is:
As all mathematicians know, there are many, probably infinitely many ways of achieving the same thing, but most of them involve cats. The main metrics is: which one is best. Recently a tool has emerged that promises to make trustless, reliable data exchange an issue of the past, and that is a decentralised database technology known as blockchain.
If you store your data on a traditional, centralised database, there is a risk that it may be lost or corrupted due to accidents or malicious attackers. This risk is reduced if you make a copy of the database, store it somewhere else, and keep the copies in sync. Decentralised databases work essentially like that; multiple identical copies of the same database are hosted by different parties, and are kept in sync by some clever mathemagical procedure called consensus. In plain words, the outcome is that everyone has the same information on their local copy.
Furthermore, even more mathemagically, each local copy of the database contains a copy of all previous versions of itself. The bottom line is, if an attacker wanted to alter the records of the decentralised database, not only it would have to hack a majority of the peers who maintain a local copy of it, but it would also have to modify their local storage in a non-trivial way.
As we hinted at earlier, there are very many different flavours of blockchains. Different ways of evaluating whether a proposed update “looks good”, different ways of storing the information, different ways of proposing updates and agreeing on them... What matters here is the high level. But keep in mind that there are lots of variants, and we can choose whichever one we prefer, depending on their speed, scalability, sustainability, etc.
We have seen George’s puzzle. We have seen a decentralised database technology. We still have to see how can this technology address George’s puzzle; that is, make George’s supply chain flexibly transparent.
The communication barrier in supply chains can be abstracted in this way: someone needs information to gain insight in a product or process; someone else has access to data that would provide such information. Who needs insights and who can provide them need not be in a supplier-client relationship; they can be parties at the opposite poles of a supply chain: consumer and raw material extractor, recycler and manufacturer, and so on.
Secure communication is a must, because the information being transferred and everyone’s identities have to remain private, but it is also not enough: the party with the data needs to turn that data into actionable insights first, and only forward those. Fact is, George wants to prove to you that no baby seal were hurt, and that, then, is all he is going to prove to you. Everything else can in principle remain hidden; and that can only mean, never even be shared. In fact, what is said about the internet, that “once it’s out there, just assume it’s gone forever” is even more true about the blockchain.
Finally, we need to make the system such that none of the parties involved in the information exchange, nor anyone else, need to trust in one another, trustless for short. This is absolutely essential in all systems, such as ours, where no identifying information is exchanged. Since we are removing the need for parties to know one another, lacking a mechanism for keeping them accountable, we need to build the system so that they do not need to be.
For this reason we implement the protocol on a blockchain service, so that data is immutable, information exchanges are trustless but at the same time they can be logged and false information can be audited and traced back to the source.
The trust bottleneck
Now, all is good and the system works as follows: George asks his suppliers to start attaching information to their products; and his suppliers do the same, and so on for the whole supply chain.
Your electronic device now has a little label on the back that you can scan using an app that we provide, thereby gaining access to some initial brand-provided information such as: warranty, user manual, and a seizure-inducing amount of flashing ads because, let’s face it, that’s what brands do with any new technology. Hopefully that will eventually wane.
If you want to go further, however, you can: you can tap on that little red question mark and type in your question. Do you want to know whether the gold in your phone was extracted in an ethical way? Do you want to know whether any baby seals were hurt in the process? Do you want to know whether there is more or less than 5mg lithium in those batteries? Of course if you are a recycler and are able to prove it, you will receive more information. But, whoever you are, feel free to ask.
Now, the mathemagical world behind the scenes ensures that, if someone puts a whole stack of certificates on the blockchain, the answer to the crucial baby seal question reflects what is on the certificates. But still, you need to trust whoever issued those certificates in the first place. That is the last remaining trust bottleneck. Better than to have to trust every single person who has ever handled those certificates, sure, and better yet than having no guarantee at all.
Challenges, and the future
As I learned during my time as an Artificial Intelligence person, when it comes to the way people interact with complex things, one of the main challenges is expectation management. Systems that are so complicated that they may seem to be smart, such as smart questioning, are no exception.
In other words, we need to be able to manage the user’s expectations about which questions can be asked and be reasonably expected to be answered. The rest is just math.
Now about the future. How does the future look like? All evidence points to the fact that soon we will be in an uncomfortable corner, our shoulders rubbing against climate change on the one side and alternating layers of consumeristic bricks and capitalistic mortar on the other. And I for one am not looking forward to finding out which wall is stronger. I think we all know the answer. If that is possible at all, technology and enlightened policy can make it happen.
So, instead of waiting, we use state-of-the-art tech to allow supply chains to improve their efficiency, while becoming more circular; i.e. less harmful to the world.