Unchained - SXSW Episode: Amber Baldet, Blockchain Program Lead at JPMorgan, on the Potential Clash Between Blockchains and the Right to Be Forgotten
Episode Date: March 15, 2018Amber Baldet, JPMorgan Chase blockchain program lead, talks about what she was discussing at SXSW with Hyperledger executive director Brian Behlendorf and what themes she heard at the Ethereum Communi...ty Conference in Paris. She talks about privacy in financial transactions, how "immutable" blockchains might conflict with a new EU privacy law granting people the "right to be forgotten." And we briefly touch on her work with Jalak Jobanputra's new diversity-focused group Collective Future. Privacy on Ethereum: https://www.coindesk.com/progress-hot-ethereum-privacy-projects-cooling-off/ The Collective Future: https://www.wired.com/story/for-women-in-cryptocurrency-a-new-effort-to-grow-their-ranks/ https://iapp.org/news/a/blockchain-technology-is-on-a-collision-course-with-eu-privacy-law/ Thank you to our sponsors: Preciate https://preciate.org/ which is seeking suggestions for who to appreciate at https://preciate.org/recognize/ and Quantstamp: https://quantstamp.com/ Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
Hey everyone, here is a special South by Southwest episode from my new podcast, Unconfirmed, insights
and analysis from the top minds and crypto. In case you haven't had a chance to listen or subscribe already,
you can check it out here on the unchained feed. My guest for the special South by Southwest episode
is Amber Baldett, blockchain program lead at JPMorgan Chase. We discuss her chat with Brian Bellendorf
at South by Southwest, what themes she saw emerge at the Ethereum Community Conference,
how blockchains might collide with the new EU privacy law, and her views on diversity in crypto.
We cover a lot of thought-provving ground in 20 minutes.
If you like the episode, be sure to go to the feed for Unconfirmed.
Insights and Analysis from the Top Minds in Crypto and subscribe today.
Hi, everyone.
Welcome to Unconfirmed.
The podcast that reveals how the marquee names and crypto are reacting to the week's top headlines
and gets the inside scoop on what they see on the horizon.
I'm your host, Laura Shin.
This special South by Southwest episode of Unconfirmed is brought to you by Appreciate.
Founded by Ed Stevens, Prichate is building the most valuable relationships on Earth.
Today, Prcate is recognized.
an individual for their achievements in the crypto space.
Who will be recognized today?
Stay tuned to find out.
This special South by Southwest episode of Unconfirms is also brought to you by Kwanstamp.
Kwanstamp is building the first smart contract security auditing protocol designed to secure
all smart contracts in a cost-effective and scalable manner.
Being developed by a team of PhDs with over 500 dual scholar citations, they're about to
finish Y Combinators winter 18 batch.
To learn more or request an audit, visit Kwanstamp.com.
My guest for today's special South by Southwest episode is Amber Baldet, the blockchain program lead at JPMorgan Chase and chair of the financial industry working group at the Enterprise Ethereum Alliance. Welcome, Amber.
Hi, thanks for having me.
And thanks for letting me record in your hotel room.
Absolutely.
So what are you here at South by Southwest for?
I was here doing a keynote presentation with Brian Bellendorf from the Hyperledger Foundation.
And we were talking about what it's going to be like to do business at the,
global scale on the blockchain someday. And so what did you guys say? Well, we tried to take it in kind of a
rapid fire back and forth manner that was kind of dispelling some myths that people might have
heard out there and talking about generally big concepts in the space. So we talked a little bit
about, you know, level setting, what is a blockchain? What's a blockchain versus a distributed
ledger? What are smart contracts just to get everyone up to speed? And actually just let's stop there.
So what is the difference between a blockchain and a distributed ledger?
Sure.
I mean, well, this is, you know, Brian and I were actually disagreeing a little bit at the time.
But my view is that a blockchain is a specific type of a data structure
and that we can use it to transfer cryptographically unique assets.
And that generally, as they're deployed in the public space,
they tend to be censorship resistant and can support anonymous participants.
When we talk about distributed ledgers, we're generally talking about information sharing amongst
participants who know each other.
And so you also don't necessarily need to use something like proof of work or mining.
There's other algorithms that help you form consensus.
And so we tend to find those within businesses that fully intend to follow existing legal
and regulatory frameworks.
And once you know other participants in the network, it really changes kind of how you transact
what trust looks like in those networks.
And it's a little bit more about mutualization of infrastructure
than it is about just anonymous censorship-resistant transactions.
And so what was the audience like?
What were their questions?
And, yeah, how did the session go?
It went great.
The room was packed.
I was a little scared that a lot of people at South by Southwest
with so many cool talks out there to go hear about how, you know,
AI is going to change the face of everything,
weren't going to want to come hear about boring business on the blockchain.
But yeah, the room was packed and there were great questions, lots of nodding heads.
And I think we managed to cover a lot of topics, not just about, you know, business on a known distributed ledger with known participants, you know, that can sound a little dry.
But we got to talk about what the impacts are to privacy, what the impacts are when these things scale to the point where you might have millions of participants in a permissioned ledger and does it really just start to look like a public ledger impacts to cybersecurity.
Yeah, we kind of covered the gamut of topics there.
Great.
So I also know that you flew in from the Ethereum Community Conference.
What were some of the major things people there were talking about?
Sure.
So SCC was in Paris.
It was definitely a different crowd.
I mean, you're talking about people there who are in the weeds of Ethereum development every day.
And so the conversations there were great.
It was amazing.
I think they had four concurrent tracks for three straight days.
So a lot, a lot of topics and a lot of ground covered.
I wish I would have gotten to be there more days.
I had to come here and I had just come from another from a J.P. Morgan event.
So it was kind of back to back for me.
But there were some great conversations about just getting a lot of people that are
core Ethereum thinkers or magicians, quote unquote, together.
And making sure that there's paths towards collective governance and dispute resolution
and getting people on the same page.
There were some conversations about what privacy is supposed to look like
on a public ledger that were pretty interesting.
And then I gave my talk on enterprise Ethereum and a little bit about quorum,
but really go in the other direction where I spend a lot of time doing things
like I did here at South by Southwest,
where I explain both public blockchains,
but also how the financial industry is thinking about the technology out to kind of lay people
or the general public.
Like, in this case, I was kind of going the other direction and trying to explain how we're thinking through, quote, unquote, enterprise blockchain and why that should even be a thing back to people who are deeply invested in the public Ethereum community.
So it was a new challenge.
Questions there. Yeah. Why should these enterprise blockchain exist? Like, what were you saying at the ECC conference?
Yeah, well, it really comes down to, I think that the distance between these communities,
isn't as far as people necessarily think that it is.
And that the challenges that we have to deploying this technology
or making it really work for regular people or work, you know,
I hate the word at scale because scale is not defined,
but to work globally.
You know, they're really the same between businesses and public blockchain.
So challenges with privacy, challenges with confidentiality,
not necessarily the same thing, challenges with scaling,
challenges with governance of the network.
It's the same problem set, but it's just that businesses will approach the solutions differently than public blockchain communities are.
And so we can really learn from each other.
If you're working in a public blockchain that's under a hostile environment every day,
and you end up with different sorts of solutions to those challenges,
than you do if you're thinking that you're going to be running these things in an enterprise data center
with a proper disaster recovery model and power 24 hours,
hours a day. But ultimately, I think that if we're trying to create something that looks like an
internet of value, that you shouldn't have those communities be bifurcated. You need to have not just
business-to-business kind of applications and transactions and not just consumer-to-peer payments
or applications, but we need to kind of bring these things together to create this kind of real
marketplace that involves everybody globally. And for that, we need to do a lot more work
on both low-level protocol engineering collectively, which isn't just top-down-imposed standards,
but is thinking through what problems we're trying to solve and finding more kind of commonality
than differences in how we try to solve them. Well, one thing in what you were describing,
sort of this kind of intersection of the two areas, it just made me wonder, like, what kinds
of assets would trade between them? Because here we have a lot of banks saying, like, hey, don't
touch Bitcoin and stuff like that. And so if you are imagining some world in which these
different chains intersect, then what assets would they be trading?
in? Sure. I mean, when we say assets, I think it's easy to think of just kind of existing financial
assets, but much like if you think of the internet of information and you might send an email
to your bank or you might, I mean, you might send an email to a non-bank, but just, you know,
anywhere that you're kind of doing business, it's more, the information that you're transmitting
is just standardized. So you could imagine a situation where you want to open your bank account,
but your identity might be held or you might have information about your
identity sourced from a variety of places around the world that's accessible through a public
blockchain. Or you might be opening a mortgage and perhaps municipally publicly available records
about the underlying land title. That's publicly available information. That might be on a public
blockchain. But your mortgage might be constructed from that. And hopefully that the information
about your mortgage payments remains private. If you were to take that mortgage and then it
underlies some sort of securitized product down the line, you know, that probably doesn't trade in the
retail market, so there's no reason for individuals to access it. But you might want to be able to
trace the provenance of the health of that, the underlying asset all the way back to the public chain.
So I think that these hybrid networks of networks that will evolve will simply just be a pragmatic
function of where information is best stored in the long term. Oh, I like that. In a way, that's
sort of like a way of thinking of, oh, here's something we can do to
prevent the next financial crisis where people don't know where the bad mortgages are or something like that.
Absolutely. There's been a kind of a lot of discussion. It's one of the reasons that while regulators
have been somewhat skeptical of what's happening out with the public crypto assets in ICOs recently,
they're really interested in how blockchain technology could be used within financial markets to
provide real-time transparency into systemic risk. Absolutely. In the past, they've had to go to various
counterparties and get information from disparate sources and compile it together and that necessitates
a lag and insight. But instead, you don't have to get everyone to contribute information to a centralized
source in order to do that regulatory reporting. They can access a decentralized source,
but still get the same kind of single point of reporting. And that's really compelling for them.
So one other thing that you've touched on a few times is privacy, and you talk about how that's a priority
in financial services. I know you guys are building on the Ethereum source.
and there's been some issues, I think, on scaling Ethereum with privacy functionality built in.
So how are you managing that at JP Morgan Chase?
Sure.
So privacy is a non-trivial technical challenge, right?
I mean, within public Ethereum, you have anonymous participants, or at least suit anonymous participants,
but a visible transaction history, a visible log of these state changes.
And that's standard public blockchain parlance.
It works great for public blockchain.
it does not work so great for not just financial institutions,
but really any business that has an obligation to keep customer data private.
And so the challenge that we were trying to solve initially
was could we create a permission network where you have known participants
but where the information on the network remains private?
So the first challenge was around private smart contracts.
And the piece within quorum that provides that privacy is called Constellation.
It's a way to address smart contracts around the network by simply addressing a smart contract
to the public key of another note on the network, just like you would address an email, basically.
That means that those smart contracts are held off the chain.
The main change that we implemented to the Go-Eetherium client is what's called a private
state try.
So in addition to the public state try that underpins the shared blockchain, now whenever you issue
a private smart contract, it's added to your private state tribe. So that works great for addressing
just smart contracts, but we realized in doing that that unless you were to architect your application
in very specific ways, you basically, you're likely to lose the concept of mass preservation that you
would have on a public blockchain. And so we worked with the folks from the Zcash company
to take some of the technology that underpins Zcash itself out in the public marketplace,
which they're using to make a fungible version of Bitcoin, if you ask them what their kind of goal is there.
And we took the privacy technology and we created essentially cryptographically shielded ERC20 tokens
that sit on the shared quorum Ethereum blockchain.
So it really takes both pieces to create this hybrid privacy.
model. And that means that you can have your business logic private in private smart contracts,
which is important to businesses, but they're very quickly executed. It's very fast. And then when you
need to really move an asset from person A to person B or wallet A to wallet B, then you call out to actually
move this shielded token from one place to another. And that allows us to do some really interesting
things, namely in the real world, let's say that you had a loan and you might have a private smart
contract that originates that loan. You don't want the world to know that the loan exists. It's
not really anybody else's business who's created that loan. But you can have that private smart contract
issue those shielded tokens and then move around their on the shared chain. When you sell forward
a piece of a loan, it's very important that the last person that sold it doesn't know who the new
person is. The provenance that's really such a benefit or that people like on the public chain
actually it really just doesn't work for the way that private business works.
Yeah.
And just to reference earlier when you were talking about how the ZCalbino is working on
what they call the fungible Bitcoin, it's because obviously with Bitcoins, you can see
what activity has been done with them before.
And so if some are tainted by like illicit activity, then that is what makes, you know,
some not as pristine or as wanted as others.
So we're going to talk more about privacy and also get into some other issues.
but first a quick word from one of our fabulous sponsors,
Appreciate. Founded by Ed Stevens,
Appreciate is building the most valuable relationships on Earth.
Today, Prishate is recognizing an individual
for achievements in the crypto space.
Jalak, Jogon Prutra is the founder of Future Perfect Ventures,
a startup investment group.
Jalak recently has been very active promoting the advancement of women in crypto.
Her above and beyond effort is worth a shout out.
Thanks, Jaluk.
Listeners, if you know someone in crypto who should be recognized,
take action and go to appreciate.org slash recognize.
That's appreciate.org slash recognize.
This special South by Southwest episode of Unconfirmed is also brought to you by Kwanstamp.
Founded in the aftermath of the Dow Hack, Kwanstamp is building the first smart contract security auditing protocol designed to secure all smart contracts in a cost-effective and scalable manner.
Relying on humans to audit smart contracts is expensive and error-prone.
And with the exploding growth of smart contracts, that solution won't scale.
The team at Kwan-stamp is developing a solution to audit smart contracts on the Ethereum network in an automated and decentralized way that can scale with growing demand.
being built by a team of PhDs who collectively have over 500 Google Scholar citations,
Quant Stamp is paving the way for safer and more reliable smart contracts that will power the decentralized world.
To learn more or request in audit, visit Quantstamp.com.
I'm talking with Amber Baldett, the blockchain program lead at JPMorgan Chase.
So one of their privacy issue wanted to ask you about was GDPR.
Some people are saying this is, so this is the new EU privacy law.
And some people are saying that this could be on a collision course with Block.
technology. And just to explain more for the listeners, I think that is the one where people talk
about the right to quote unquote be forgotten, which obviously if you have a blockchain that's immutable,
then the data could be there forever. So what is GDPR? Why do you think it might conflict with
blockchains? With Amex Platinum, $400 in annual credits for travel and dining means you not only
satisfy your travel bug, but your taste buds too. That's the powerful backing of Amex. Conditions apply.
When McDonald's partnered with Franks Redhot, they said they could put that
on everything. So that's exactly what McDonald's did. They put it on your McChrispy. They put it in your hot honey macnuckets dip. They even put it in the creamy garlic sauce on your McMuffin.
The McDonald's Frank's Red Hot menu. They put that shit on everything.
Breakfast available until 11 a.m. at participating Canadian restaurants for a limited time. Franks Red Hot is a registered trademark of the French's Food Company LLC.
Sure. The GDPR challenges, I think we've been thinking about them in doing blockchain architecture for at least two years. It's not like these things are coming as a surprise, probably longer than that. But it's really a challenge. But in architecting your system, for example, there's other precedents, something like in-country storage of data laws within financial services that already place limits around how you're able.
to transmit encrypted data around the world. And those kind of requirements informed some of the
ways that we were initially designing quorum such that you're only transmitting that encrypted data
point to point and storing it privately off, quote unquote, off chain, although committing some
sort of hash of that encrypted blob to the shared chain. So you have this kind of veracity of
information, but not actually putting it on chain. And I think really that's the answer is you just,
you don't put encrypted data on chain. You don't put personal.
identifiable information on chain. It's probably, I often get asked, in fact, just at the
South by Southwest panel, you know, someone had asked about quantum computing and deanonomizing
all the information on the blockchain, and Brian and I were going back and forth about saying,
which is going to be more difficult satisfying GDPR or quantum computing or quantum resistant
computing. And I think it might be GDPR, but that's partially because, I mean, if you just
understand how the internet works, it's really impossible to,
verify that anything has not ever been, you know, network sniffed on its way to its final destination
or that a website isn't mirrored. I mean, I'm sure we're all familiar with the way back machine
and that once data is out there, it's out there. So I think that regulation like GDPR is relying
on this idea that you can go to some central owner and just say, wipe this and you hope for the
best that when they delete it, it's that the primary record is somehow gone forever. But that's not
necessarily the reality of how the internet works today, and blockchain seems to have a target
on its back simply because the information might be more decentralized, but is just a further
impetus to focus on credible privacy technology and change ultimately the way that we,
that application creators collect personally identifiable information or PII in the first
place. If you don't collect it, it can't be exposed. And we have the
these data-hungry applications right now, whether it's because we're just collecting data for
better user customization, quote-unquote, or because we're training machine learning models,
or there's always historically been this trend towards a centralized data aggregation
and get the data now and we'll figure out whether or not we can use it later.
And maybe this will change the way that people design applications.
That might not be a bad thing.
There's so much more to discuss there, but we're actually running out of time.
And I want to ask you one last thing before we go, which is, as you heard today's ad spot
appreciation was for Jollash, Open Patricia.
She actually was on the podcast earlier talking about her diversity initiative, the collective
future.
And I know you joined it.
And I just wanted to get your take on, you know, the diversity that we are seeing or
not seeing in the crypto space and why you decided to join.
You know, it's the diversity in the crypto space, I think, is, it's not bad.
It's probably on par with other kind of web and technology and information security communities that I've been in over the years.
So it's not particularly worse than those.
I don't think it's particularly better either.
The idea that I think the 5% number that gets thrown around occasionally, I think that's just not accurate.
I think that there's been some debunking of that that it's pulled from Google Analytics.
And oddly, this is like a data science problem that if you research things like Bitcoin,
or like cryptocurrency that you will be labeled as masculine, and therefore, it's a self-perpetuating
kind of auriboros of data that's not really true. But it looks like about the same kind of 20 to 30 percent
that you see in general technical spaces. There should certainly be more. That's one of the reasons
that we all kind of got together and said, what is it in a concrete way that we can do,
what can we do to add to the pipeline and change that going forward?
and just keep the focus on doing better.
I don't think it's just about women.
It's certainly about raising intersectional awareness
amongst all kind of underrepresented populations.
But if we're rebuilding this concept of the internet,
one thing that I harp on is, like,
what could we have done better around security?
If we knew now about how the internet evolved,
over the last 30 years,
what would we do different this time around?
We can say the same thing about diversity.
If we're rebuilding fundamental identity systems
and the way we treat metadata,
it's not just about being,
warm and fuzzy and inclusive, it's about making sure that the systems work for the people that use
them. And we want to support all these social good projects, but maybe the most socially
beneficial thing that we can do is just make our technology more human. Great. Well, it's been so
fabulous having you on Unconfirmed. Thanks for coming on Unconfirmed. Thank you. Thanks so much for joining
us today. To learn more about the topics we discussed, be sure to check out the links in the show notes
of your podcast episode. New episodes of Unconfirmed come out every Friday. If you have an
ready, rate review and subscribe on Apple Podcasts. If you like this episode, share it with your
friends on Facebook, Twitter, or LinkedIn. Unconfirmed is produced by me, Laura's Jen,
with help from Elaine Zelvie and Fractual Recording. Thanks for listening.