Image: © aerial-drone/Stock.adobe.com
Zama’s Prof Nigel Smart spoke to Prof Florian Kerschbaum about the challenges of harnessing data to make supply chains more efficient while protecting privacy.
When most people think of supply chains, they rarely associate them with data sets and advanced technology: such a term is more likely to conjure up images of steel containers, cargo ships and warehouses packed to the ceiling with goods.
However, in the digital era, these elements play a crucial role in the modern supply chain management, which has become so much more than simple logistics and moving products.
Now more than ever, managing the end-to-end flow of goods is a complex matter that involves a number of actors and functions, from infrastructures to human resources; people have to constantly communicate, sharing information about the items from production to final delivery.
The same way large data sets are proving important with cutting-edge technologies such as AI and machine learning, they are also impacting the complex network of entities involved in the supply chain.
In this context, the quality and quantity of information available becomes crucial to ensure efficient completion of the supply chain cycle, which contributes significantly to the production costs and, ultimately, the price for consumers.
The value of data
According to Prof Florian Kerschbaum, the increasing weight of data has the potential to overcome some of the most common setbacks in the sector.
“Managing supply chains is one of the most complicated tasks in business management. It requires the collaboration of many parties which often have diverging interests,” explained Kerschbaum, who is a professor at the David R Cheriton School of Computer Science, University of Waterloo.
“Supply chains can be a major source of inefficiencies.
“However, often the sources of the inefficiencies are not well known. This is one area where data collection across the supply chain can help: collecting information for the analysis of inefficiencies.”
Being able to collect and analyse accurate data can help with aspects that have become increasingly important in recent years, not just for the companies producing and trading goods but also for the end consumers.
Kerschbaum identifies three key areas: traceability is now a basic requirement for most foods, produce and beverages, potentially preventing risk of contamination as well as counterfeiting; most companies have developed a keen interest for sustainability, something that has become a selling point and seal of commitment beyond business for many organisations; finally, compliance is another key factor, essential from start to finish to avoid failures throughout the process.
“Tracking of sustainability goals across the supply chain requires parties to share data. Ethical sourcing of materials is becoming a major differentiator.
“Compliance, for example, in the medical supply chain, similarly requires tracing each product throughout its entire life cycle,” Kerschbaum notes.
“Much data needs to be exchanged between the parties and delivered in a reliable manner to the customer. In the case of compliance, such data exchange must fulfil a legal objective, but what and how data is shared can vary on the technical implementation.”
Data collection is obviously not new for supply chain management; however, this was previously limited by the equipment required and the technology available.
Kerschbaum highlights the main difficulties in updating the practice as cost to replace the equipment and the relative delay on amortising the investment.
“However,” he notes, “due to the lower costs of scanning equipment, essentially mobile phones, and the success of barcodes, many manufacturing and transportation facilities are now better equipped to collect this valuable data along the supply chain.”
Protecting your data
Where there is data, there is inevitably the risk of exposing information you’d rather keep private.
This might be a familiar concern for private citizens, used as they are to the daily trade-off of sharing personal information to access services, entertainment platforms and to buy products.
As seen so far, in the supply-chain-management world data has a very specific weight and requires matching levels of infrastructure and skills to be collected, stored and managed efficiently. But efficiency is only one side of the coin; one aspect that should be driving any activity related to the big volume of sensitive data is privacy.
Privacy is not just about data ownership or security; it’s about being able to selectively disclose what you want to whom you want, especially when not given a choice.
Since the introduction of regulations such as GDPR, users have been given more power over what happens with their personal information; they can limit the collection, have a say in the way information is stored and for what purpose they can be used and even request for data to be deleted.
However, as the power of data increases and is applied to more and more industries and sectors, it becomes vital to raise awareness on the privacy risks related to this particular resource. Thus, the controls you now expect for personal data, are becoming increasingly important for corporate data as well.
Kerschbaum says the confidentiality of the information in the supply chain can be cut in many different ways.
“While the economic benefits of supply chain data are obvious to the outside expert, sharing this data can come with many risks to the parties involved. As mentioned at the outset, the parties may have diverging interests, often maximising their own profit.
“What if this data reveals that one’s company is the major source of an inefficiency? Will one be able to ask for the same price in a future negotiation? Will one even be invited to the next negotiation?
“Even data that is collected for the purposes of compliance or sustainability goals may inadvertently reveal inefficiencies if shared in plain. The finer-grained the data, the more analyses it enables, for the good and for observing your supplier.”
Finding the right key
These dilemmas naturally lead to a simple yet rather direct question: how can the supply chain sector as a whole enjoy the assets provided by data without compromising the privacy and resources of the individual actors involved?
An efficient solution already exists, provided by cryptography. This might seem an odd pairing, but cryptography is at the core of most of the technologies commonly applied to protect data privacy.
And while there are many options available for developers to choose from – multi-party computation, zero knowledge proof, data anonymisation and federated learning to name a few – most of them present a downside that limits their widespread adoption, whether because of the speed, the risk of data leaks or the use of external servers.
There is however an encryption technique capable of providing the desired balance between the privacy of data and the need to elaborate these without putting that at risk.
What is fully homomorphic encryption?
Fully homomorphic encryption (FHE) enables data to be processed blindly without having to decrypt it; this means that different actors can execute operations on a set of data without accessing the complete set.
In supply chain management, the use of FHE-based tools would allow companies to encrypt and securely share data about the movement and authenticity of goods. Businesses can collaborate and share information to track goods from production to delivery without revealing proprietary information or business secrets; this is particularly valuable in combating counterfeit products and ensuring the integrity of the supply chain, enhancing transparency and trust among supply chain partners while protecting competitive advantages.
This also enables more economically and environmentally efficient supply chains.
Imagine a container ship owner who wants to sell their spare capacity, and a manufacturer or supplier of goods who wants to purchase this capacity; if the precise supply was known to be very large, then the purchaser may try to enforce a lower price, but on the flip side, if the precise demand was known to be large, then the supplier may try to enforce a higher price.
This allocation of resources problem is much like an auction. We wish to allocate the resource (the shipping capacity) between the supplier and the purchaser at a fair price. We also want all the capacity to be used, to reduce greenhouse gas emissions, for example. A technology such as FHE enables private auctions to be carried out; as we have seen, such auctions are not only important in areas where one traditionally associates auctions (eg in finance), but also in areas such as supply chain management.
Another application could be to keep only certain data private in a siloed approach, for example by selectively revealing only certain parts of the information related to a shipment to the necessary people. Not all parties in the entire supply chain for an item need to know the final destination or original source of an item, or even the specific hops which a shipment has made.
By using FHE, we can process data securely, and selectively reveal sensitive data to parties as and when required.
Prof Nigel Smart is chief academic officer at Zama. He is a cryptography researcher and entrepreneur. From 2000 to 2017, he founded and ran the cryptology research group at the University of Bristol, before joining COSIC at KU Leuven in 2018. In parallel, he founded several successful companies, including Identum (acquired by Trend Micro) and Unbound Security (acquired by Coinbase). He is also the co-founder of the popular crypto conference, Real World Crypto.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
