A Steady March of Adoption
We dive into how EY is driving blockchain adoption with Paul Brody
Interview overview:
As part of an ongoing interview series, Cornell Blockchain sat down with Paul Brody, Principal & Global Innovation Leader of Blockchain Technology, at Ernst & Young on March 10, 2020. We discussed how EY is helping drive blockchain adoption, projects like Nightfall and Dye Pack, and a little about Paul himself. If you would like to learn more about Jason please follow his twitter.
The interview was conducted by Trent Davis, Director of Communications at Cornell Blockchain and a second-year master’s student of Applied Economics and Management at Cornell University, and Cale Harrison, first-year master’s Applied Economics and Management focusing on the impact of automation on inequality. First-year undergraduate student Nelson Liu, studying nutritional sciences, biometry, and statistics, assisted with formulating and structuring many of the questions.
Below is the transcript of the roughly 45-minute interview covering the topics mentioned above. Please keep in mind some of the transcript has been edited for clarity. The areas that are italicized are questions from either Trent or Cale.
(Trent) Before we start, we would like to put into context both EY and blockchain adoption; could you give us a brief history of how EY has embraced blockchain technology and how it’s helping drive adoption of blockchain tech across different industries?
(Paul Brody) Yeah, absolutely. So EY got started early on simply because we had audit clients who were starting to do significant amounts of business on blockchain. This was usually in regard to Bitcoin, they were obtaining Bitcoin, they were using Bitcoin as an asset, or they were using Bitcoin for payments. At that time, once you kind of hit a certain threshold, you really need to be able to audit those transactions. Otherwise, you can’t really hold on to the client, you can’t issue them a sort of proper audit opinion. And so we kind of found ourselves in that position where we really needed to move forward, so EY got into the blockchain business.
The firm pretty quickly realized that this was more than just kind of something they had to do. It was, you know, potentially a watershed, technological change. Shortly after I joined from IBM, it took me about six months to really convince EY that we really needed to move into creating a proper global blockchain team with a proper kind of set of core technologies and capabilities that spanned across audit tax and business consulting. So that’s where we got started, which was roughly five years ago.
(Trent) Could you give us a brief explanation as to what your position as the EY Global Blockchain Leader is, what you do on a day to day basis and how you’re personally helping drive the adoption of these other companies?
(Paul Brody) From an EY perspective as a blockchain business, we’re sort of a globally integrated software startup and I’m the CEO of the software startup. I’ve done a whole bunch of software startups in my life, and so for me, this is really great because we have the power and the brand of EY. Because of the name and stature of the firm when we engage with clients nobody says things like “hey, are you guys going to be around in 6 or 12 months,” so that’s tremendously positive.
We have, at EY, a vision, and I think I’ve had a big role in laying out this vision, that’s contrarian from a lot of the rest of the blockchain industry in a number of ways. So first of all, we took a pass on the whole ICO thing, we took a pass on a lot of the, let’s call it blockchain-based payment frenzy as well. Instead, for the last four years, we’ve really focused on this idea that we think blockchain will do, for networks of companies and business ecosystems, what ERP did for the single enterprise. And let me take a moment to unpack that a little bit. ERP transformed enterprises. If you were to go back forty or fifty years and talk to the largest companies in the world, the truth is the left and right hands of the business didn’t actually know that much about what was going on. To this day, if you ask a lot of companies how much inventory you have, the answer they’ll tell you is in weeks, but if you ask how much money they have, they can tell you down to the penny in many cases.
The reason for that is that large enterprises didn’t have very robust and fully integrated information systems. ERP means that now they have an end to end integration of their information systems, they have an end to end processes that are common and standardized, and they have analytics and other tools. What’s really amazing is that forty or fifty years of enterprise technology transformation has had virtually no impact on how companies digitally transact with each other. The minute you leave the enterprise walls, you’re going back to a technology that dates from the 1970s. People mostly send each other EDI messages. I believe that this is the area that is most ripe for transformation by utilizing blockchain, and it’s the area that we have really embarked upon and industrialized.
(Trent) So obviously EY is a company that is on the cutting edge of different business technologies and different business practices. You just touched on this a little, but from your experience, how much of an industry disruptor will blockchain be, and specifically, what is the most impacted role in a business, both internally and externally, do you see blockchain affecting? For example, do you see it affecting supply chains, finance, or communications the most, what are your thoughts on where it will be most disruptive?
(Paul Brody) So my personal opinion is that blockchain is going to be most disruptive to any industry where you have multiple companies engaged in complex multi-party agreements with shared business rules. That for sure starts with supply chain, and I think traceability has been the earliest blockbuster application because blockchains allow you to tokenize assets and move them across locations and retain continuity of visibility, but that’s like the appetizer. The main course is integrating traceability with procurement and inventory management. You know what you have and you know where you got it, then you ought to be able to do much better planning, you ought to be able to figure out when to reorder stuff, and you want to be able to optimize your procurement process as well. If you know what you have, you know where you got it, and you know how you got it, then you should also be able to integrate payments into this process as well. So I think the first and the best candidates are going to be supply chain transformations and it’s definitely not going to rest there, but it’s definitely going to be the first and the biggest.
(Trent) Specifically, with EY, how has blockchain been changing the internal operations of the firm?
(Paul Brody) So we haven’t actually had a lot of focus on the internal operations of EY. That being said, we’ve had a lot of discussion early on about should we be using blockchain to transform from the audit process, for example, internal audit activities, and we decided that our priority is enabling blockchain-based business transactions for our clients. So we’re laying the groundwork, one of the first things we’re going to start doing at EY is related to blockchain-based procurements internally. I hope we’ll see some of that getting done in the relatively near future.
Beyond that, it’s going to be a steady march of adoption, but our focus is on external clients. I think when you run a startup instead of a large enterprise, it’s really easy to get tracked and focused on internal stuff and we made the decision early on was that the number one priority was going to be clients and not internal operations.
(Trent) Previously you had mentioned, I believe in another interview, that blockchain could save upwards of a hundred million dollars for certain clients. We’re just curious about what are the specific upsides of blockchain tech that allow for such savings down the line for other businesses once they want to adopt the technology.
(Paul Brody) This was a very specific number that came from a very specific interaction with a client. The client in question was a large consumer packaged goods company and the problem they were struggling with was enterprise procurement. They had a designated number of subcontractors to manufacture products for them. Each subcontractor was making some mix of different products for them, those contractors buy a lot of the same stuff — they buy packaging, they buy plastics, they bus plastic bottles, etc — so this company decided to implement a global procurement system where they would negotiate volume discounts with some supplies and then the subcontractors who do the manufacturing would be able to purchase off of those volume purchase agreements. This very quickly seemed like a great idea that would be extremely difficult to implement because nobody has a single global picture of how much stuff has been ordered. If your price depends on your volume and you don’t know how much volume is ordered because your volume is split across a bunch of different contractors, you now start to have a significant issue. What we found was that if we converted their procurement process into a blockchain-based smart contract, we would be able to keep track, no matter what, of how much volume had been purchased, and we’d be able to assure the client that no matter who placed an order, no matter which subcontractor or entity, they would always get the maximum discount available.
They loved the use case, they loved the vision, and we were just heartbroken when they decided not to implement. They said this meets our vision and it’s going to save us a ton of money, but we’re not going to implement. We were all sort of sitting there like “oh my gosh what happened?” This was almost four years ago now.
Even though this was an amazing value proposition there were a number of reasons the client decided not to implement it. Number one, they generally found blockchain to be new and a little bit scary. Two, we couldn’t yet show them how it would be fully integrated into SAP, and SAP was kind of the core of their systems. And three, they couldn’t really be sure how they were going to get all their suppliers on the blockchain.
So we took that away and it really came back to three important things for us in order to help grow this technology: one, we’ve got to mature our technology and product experience; two, we’ve got to rededicate ourselves to the urgency of moving to public blockchains where the requirement that you onboard your suppliers to your special, private, unique blockchain is eliminated; and three, we had to get really good at SAP integration. Since then we’ve done all of those things and in the coming months, you’ll see a major push from us around precisely this kind of procurement solution because I think it creates enormous value.
I don’t know a single major enterprise in the world that does not leak value from their enterprise procurement agreements and almost nobody has a single global ERP, meaning everybody has some variance of the same problem.
(Trent) We would like to transition into some of the specific projects that we’ve found EY working on regarding blockchain, specifically the Nightfall and Dye Pack programs.
(Cale) Let’s begin by looking at Nightfall. From understanding, noisy wise experiments emerge public and private blockchain properties. Could you explain a little bit about what that means and how it would work?
(Paul Brody) Absolutely. And I’ll start by explaining something very important that people don’t realize: Nightfall isn’t ours. One of the most important things we did when we launched Nightfall was we put it into the public domain. So, you know, you’ll notice a lot of our other products are called something like EY OpsChain or EY Blockchain Analyzer. Nightfall is simply named “Nightfall” because it doesn’t belong to us. We gave up ownership of it. We put it into the public domain. Now, why did we put it into the public domain?
We put it in the public domain because we wanted to maximize adoption while also avoiding any risk of the conflict of interest of auditing ourselves. If we had continued to own Nightfall and somebody used it, who ultimately became an audit client of ours, we would have had a problem because we’d be evaluating technology that we owned and controlled, so Nightfall is now a public domain application.
Now, let me go back to why we created Nightfall and what the objective was. We knew from the beginning that the only way blockchains were ever really going to scale was if we utilize public blockchains to conduct business transactions. We saw this issue repeat itself time and time again. Over and over in the tech industry, people come up with a nice idea. They try to make a proprietary version of it, but at the end of the day, it’s not fundamentally very appealing or useful because you have to sort of arm-twist your business partners into your little silo. Whereas the internet is a great example of a properly public decentralized network where everybody can use the same infrastructure.
Now the internet actually had the same problem as blockchains did early on, and had the same issues with companies being reluctant to use them. The Internet in its early iterations didn’t really have any privacy. If you email somebody, most of your email messages went unencrypted in plain text. That was fine for the scientific community, but obviously not acceptable for enterprises. It’s the same in the world of blockchain. If you use Ethereum, or Bitcoin in its native architecture, you have no privacy. If you’re one consumer among millions you have a degree of pseudonymity, but if you’re an enterprise and you start buying a lot of stuff, I can sit down with analytics and I can start to infer all kinds of information about you. I can know who you are, with whom you are transacting, and what you’re doing, and none of that is acceptable to enterprises, nor is it attractive to have to build an entire blockchain, just for your suppliers.
And if you’re a supplier, I used to use this as an example: Let’s say the world’s largest retailer comes to you and says: “Would you like to join my blockchain?” They’re not really asking, they’re politely telling you that they’re politely imposing a cost upon you. And of course, you’ll more than likely have to say “yes.” And then the second, or the third, or the fourth company come along, all saying the same thing, it starts to become really burdensome. And it compares very poorly to the internet or the telephone system, or even the fax machine because we can all use the same network for those. The simple straightforward purpose of Nightfall is to enable privacy on public blockchains. So that direct competitors, their suppliers, and their business partners can all use the same network right in front of each other with full privacy and security, thus, helping mitigate the costs and complications of implementing private chains. It’s that simple.
(Cale) Excellent. So the EY website explains that Nightfall is contingent on a series of smart contracts, microservices, and a ZK-snarks toolkit. For our readers who may not be the most technical, how do these components come together to produce address encryption on a public network?
(Paul Brody) So the fundamental idea is, let’s say I have a particular asset, and I want to move or transfer that asset. The way that we do this is two steps. First, I put that asset into what’s called a shield contract. So we pile a bunch of assets, some of them real, some of them fake into a giant field contract, and then we transact with the shield contract using the zero-knowledge proofs (ZK-Snarks). The idea is that although you might be able to see somebody has transacted, or they have issued a proof, you can’t tell from whom, nor can you tell to whom that proof is going, nor how much is being transferred. So you’re enabling a very, very high degree of privacy. The mathematical proofs allow you to prove access ownership, and the right to a certain asset without having to reveal your ownership directly.
The best explanation and the cleverest one I’ve heard is the following: If I have two balls, both a red and a green ball, and you are colorblind, and I show them to you, you say well, I can’t tell the difference between those balls. If I hand those balls to you and ask you to put them behind your back and, and swap them around and I’ll prove to you that they’re different. You bring them back out front. I’ll tell you if you swapped them or not. Do that four or five times nice statistically proven that those two balls are different colors, even though you still don’t know which one is green, or red, or even if they are green or red, you just know for sure I’m telling the truth when I say that they’re different. That would be an example of a zero-knowledge proof.
(Cale) Okay, that’s definitely a better example than many I’ve read.
(Paul Brody) I shamelessly ripped that one off from Wikipedia. So I didn’t come up with myself. I will certainly say we have hired some of the smartest people I’ve ever met to work on our team here at EY. We’ve got nuclear physicists, mathematicians, cryptographers working on our team and any explanation I can give you, it’s going to be in the end, pretty inadequate. What we do know is this math is about 20 years old. It works very well, it’s maturing very nicely. And it allows for two really amazing things. Not only can I do private transfers and payments on the public blockchain, but we have gone one step further, and we can now do private business logic. And, of course, in the Ethereum model. If I can conceal my transfer payments, that’s great. But if the contract logic that we have together is out there in the open and I really haven’t spared myself, I really haven’t saved myself a lot of privacy.
(Cale) That makes sense. So you’ve mentioned that an important part of Nightfall is adding a layer of privacy for the sender of a transaction. And we sort of briefly discuss smart contracts and the toolkit. In addition to encrypting the message contents, with such a convenient technology, what kind of future do you see for widespread adoption of this sort of anonymity beyond the supply chain?
(Paul Brody) I want to be super clear: our goal is privacy, not anonymity. We want enterprises to be able to transact with each other under privacy, but we’re not interested in facilitating anonymity or concealing your business information from regulators. So for example, the newest version of Nightfall is really cool because you can set up and run whitelists and blacklists to make sure that even though the transactional data you have is private, your assets can only be transferred to other parties with whom you have full control over the list of parties with whom you can transact. So regulatory compliance is a high priority for us and this whole system isn’t designed as consumer privacy or a consumer anonymity tool. Our goal is enterprise privacy with full regulatory compliance.
My goal is really, that any kind of business contract that you can think of, can be done on the blockchain under zero knowledge. I personally believe that the ROI for doing this is just enormous. Because the problem that exists in enterprises is, let’s say, I’m buying something from you. You ship it to me, I receive it, and then you send me an invoice and I cut you a check. Before I cut you a check, I’m going to do a lot of verification to make sure that I got what I ordered, and that your invoice matches the terms and conditions of the contract. I need to confirm it matches exactly what I ordered in terms of the purchase order. Well, that process, the average American company costs something in the range of $50-$75 and takes like 30 to 45 days. On a blockchain, I can do it for a few dollars, and I can do it in about a minute and a half or less. We know this because we’ve done this with Microsoft with the Xbox video game system. I think it has an absolutely revolutionary impact on the administration of enterprises. And that’s just the first and the easy impact. There’s far, far more coming in that direction.
(Cale) In one of your videos, a colleague mentioned allowing purchasers of high valued medical goods to examine goods’ provenance without revealing the purchasers’ identity. Given ongoing issues around consumer supply chains, do you see this extending to other areas where supply chains are an issue?
(Paul Brody) I do, I mean generally supply chain traceability is going to become a pretty standard and widespread in the feature. Not so much because enormous numbers of consumers really, really, care about this, but more because enterprises want to know where their product came from. They want to manage counterfeiting and so-called shadow supply chains. Over time it will just become a routine part of the process that you can trace your product back to the point of origin. It’s going to have some very particular high-value applications because what’s going to happen is enterprises are going to start investing in use cases such as unique and customizable cancer care for individuals. Imagine this requires our blood, for example, be used as the origin or the foundation of creating a medical treatment. In that case, it’s going to be very important that the medicine that’s customized for you is the medicine you get for your treatment. This is where I see a huge impact, personalized medicine and personalized supply chain over time utilizing blockchain to ensure the provenance of these goods.
(Cale) Let’s talk about a different type of provenance, that of funds people are holding. We’ve seen your technology Dye Pack, firstly could you explain a little what it does? Then could we discuss the impetus behind its development and it being open source?
(Paul Brody) Dye Pack came from this original issue, that if you think about the things companies are worried about one of them is theft of digital assets and tokens. This happens unfortunately with depressing regularity in the blockchain world. With non-fungible tokens, unique assets, it’s possible using zero-knowledge proofs to invalidate and re-issue tokens for people who have been robbed. So that is the purpose of Dye Pack.
Hopefully, over the next few months, we’ll get to the first commercial deployment. We’ve proven that the math works and that we know how to implement it. Our goal is to enable clients who are selling or deploying non-fungible tokens to make use of this.
One thing we struggled with is giving away such huge amounts of IP with Nightfall and Dye Pack. Is there a path to a freemium model we can add on top of this? We’re keen to avoid an issue with our auditor independence whilst still providing value-add services. I’m hopeful that Dye Pack will meet that test and we’ll be able to offer it as a service. One that gives enterprise customers more of a feeling of confidence and security as they embark upon business transactions upon the blockchain.
I see EY’s blockchain security testing suite in the same way. Companies would never deploy a laptop without antivirus and I see a future where they feel the same way about our security testing system.
(Cale) It definitely seems to address one of the chief causes of anxiety with this technology. Could we explain a little of the tech behind Dye Pack, particularly how the different components of it work together to ensure stolen coins aren’t spent?
(Paul Brody) Yes, basically the principle is we can cryptographically tag those coins with a zero-knowledge proof showing that they’re stolen. The way it works is by checking a registry of stolen coins before usage. The principle is simple. The twist is that it’s zero-knowledge and this means it all runs silently in the background. You can implement the entire technology without exposing who was robbed or what was lost or any of that. But I’ll not get into the deep math because I’m not clever enough.
It could definitely be a topic for a math podcast. I’m in awe of my colleagues. Two years ago we created a prototype of zero-knowledge proof transactions on the Ethereum blockchain (the first to ever do so). We’ve gone from a prototype using $100 of gas per transaction to a production system that costs $0.05 a transaction or less. That’s unbelievable. That’s Moore’s law quality. That’s with a team of basically four hardcore engineers/mathematicians and it’s an amazing feat in my opinion.
(Cale) Speaking of maths, what was the sort of risk calculus behind you giving away all this IP?
(Paul Brody) It wasn’t all that complicated. If you want widespread adoption you have to give it away. Otherwise, you have to control who’s using it and how they’re using it, so you don’t end up with a self-audit issue. At the end of the day, I believe that the big competitive battle isn’t between EY and our competition. I believe that the big battle that exists is between public and private blockchains. If you want to use private blockchain there are lots of choices out there, but if you want to use a public chain, EY is by far the leader there. So my take is if we convince the world to go to public blockchains then we’re the winner here, taking the long view. One of the things I’m immensely grateful for with the senior leadership at EY is that they take the long view. We have to show them we’re running the business seriously and properly, but they’re incredibly supportive. We’ve told them the way to win this battle is by giving away some IP and they’re very much on board.
(Trent) So something we’re looking to understand more is what helped shape the people behind these projects. With that in mind, we’re going to shift away from the projects EY is working on to learn more about you. Seeing your background of 20 years now, working as a technical innovator, what specifically drew you to blockchain?
(Paul Brody) Well, I got into blockchain at IBM. Back in 2010–14 I was the VP Global Industry Leader of Electronics at IBM. One of my great luxuries at IBM as an industry leader was getting to steer research into an area that interested me. Annually I got to pick a topic that I thought would drive growth in this area and do real research on it. This meant access to experts in this area.
In 2013 we settled on the internet of things. I believe this is going to be a colossal business opportunity, but I observed we were really struggling with the idea of making the tech persistent. One of the things remarkable about the underlying economics is that the server infrastructure required is shockingly expensive. This is one of the reasons you see companies bricking products long before they need to because they can’t afford to support these devices. I had this Eureka moment in late 2013, I was at an appliance company and they were telling me how the cost to make a ‘dumb’ appliance is about $5 for the processor. Then I went to Taiwan and I visited TSMC, they told me they’re about to manufacture smartphone class processors at around $5-$10. So I realized that in short order it’d be about as cheap to make a device smart as to make it stupid. If a device is really smart, i.e. a smartphone-esque refrigerator, the processor will be mostly idle. So that being the case, why do we need so much server infrastructure? So I decided to explore distributed computing because there’s much less need for servers. So, being IBM, we decided it sounded cool and went and built a prototype. We looked at different distributed computing architectures.
We had many debates because blockchain is by far not the most mature technology. We settled on blockchain, however, because we don’t know how IoT will make money. What we do know however is that one day the data will be worth money. One reason we built on the blockchain (on an alpha version of Ethereum) is because it comes with an inbuilt ledger of payment and accounts. This is different from a lot of other paradigms for distributed computing. So we built Adept with Samsung. It was an immense amount of fun and I was crushed when IBM decided against moving forward with it. As such when I learned there was a keen interest in blockchain at EY, it seemed like an ideal opportunity for me. I couldn’t be more delighted with the support and leadership here.
(Trent) Let’s say there’s a student right now or someone who wants to make a career change and is interested in what you’re doing at EY. What are the qualities you look for in potential candidates to work in blockchain at EY, and what can potential candidates do to stand out?
(Paul Brody) The most compelling people are the self-starters who want to do something, not just check the resume box. They’ve demonstrated that they’re willing to roll up their sleeves. I’ll give you two examples of some of those people in our research team. First, our head of research, Dr. Duncan Westland. He was talking to me about how he was heavily involved in the release of RFID passports in the UK. He was so interested in the technology, he built his own RFID reader for the android phone, we went around the office looking for RFIDs to try it. That’s it, he was hired. If you see your work as play I want you on my team.
The second example is a lady who is part of our research team Chaitanya Konda. She contacted me from within EY, saying “I’m working on a financial services project, we’re not using blockchain, but I’m really interested in it and I’ve taught myself solidity”. She’s since become one of the best people on our team with the underlying math of zero-knowledge proof contracts. She’s taught it all to herself.
It’s the roll-up-your-sleeves passion about what you’re doing that’s incredibly important. The other thing I’d note is that there are lots of what I call hobbyists out there. People who are super excited about blockchain, but have no engineering or coding skills. If you want to differentiate yourself, develop these skills to at least a basic level. To be clear, you don’t need to be at a rockstar level, but even some basic knowledge makes non-developer people better. Again and again, we see non-technical people come up with infeasible ideas, a month of basic coding reduces this.
In the same way on the engineering side, learning about the business side doesn’t mean you’ll become a business person. It does mean however that you’ll become a better engineer because you’ll gain an understanding of how value is created and how companies make money. So yes deep skills are good but don’t be one dimensional.
(Trent) Perfect, so we have one last question for you Paul. If you were to go back five years from today, and you could master one skill that would be beneficial to you at EY, what would that skill be and why?
(Paul Brody) It would be more self-control. I’m a super impatient guy and I’ve struggled with the challenges of navigating a large tradition driven organization. Things that have looked obvious to me have received pushback, and I’ve allowed my frustration to be visible. I should never be allowed to play poker, I’m a terrible liar, I have no poker face and I can’t bluff. People are like “Paul is that vein on your forehead pulsing?” They know when I’m upset and how frustrated I get. I didn’t initially have a very good understanding of the rules and complexity of working in a heavily regulated financial services area. I may have caused some issues by directly expressing how I felt about it. I did myself and our cause some harm by expressing myself bluntly. I’ve tried to learn from that and I’ve tried to surround myself with nice and decent people who are significantly more patient than I am.
Really, I shouldn’t have been so frustrated, because we always get to the right place, we always do the right thing and I always have the support of the senior leadership. If we got to a place where I was more self-confident, less insecure and had better self-control I could take a deep breath and not stress, but that’s not me. I’m a tightly wound type A personality and it’s been a long road. Career-wise I can remember being taken aside at my first job in McKinsey, “Paul, I know the client’s idea is stupid and you know that the client’s idea is stupid, but that doesn’t mean you should blurt out this is stupid when you first meet their CEO.” It’s a long time thing for me working on this, to other people with this level of impatience, you’ve got to work on it and know that there are more people on your side than you think. I’ve always found that after the fact and I’ve wished that I had more confidence going into these challenging situations. I’m 48 years old and that’s just ancient in this field, but I’m still learning how to deal with these issues.
(Trent) That feels like a great place to finish the interview, thank you for your time and insight, we really appreciate it.
If you would like to read our other interviews please follow the links to the following:
