The Digital Lighthouse: Digital privacy, blockchain and the future of finance

In this episode of The Digital Lighthouse, host Zoe Cunningham is joined by Richard G Brown, Founding CTO and Advisor to the CEO at R3. 

Together, they explore the practical applications of enterprise blockchain, digital currencies, and confidential computing. Richard shares invaluable insights on how businesses can evaluate and integrate blockchain solutions for maximum value.

Join them to discuss:

• The future of blockchain
• The potentials and challenges of Central Bank Digital Currency (CBDC)
• How confidential computing is transforming data privacy

About our guests

Transcript

[Zoe Cunningham] (0:01 – 1:44)

Hello, and welcome to the Digital Lighthouse. I’m Zoe Cunningham. On The Digital Lighthouse, we get inspiration from tech leaders to help us to shine a light through turbulent times, so that we can learn, act, and change as a result for the benefit of our businesses.

We believe that if you have a lighthouse, you can harness the power of the storm. Today, I’m thrilled to be joined by Richard G. Brown, a true innovator in enterprise, blockchain, and digital privacy.

Richard was the founding CTO of R3, where he led the development of Corda, one of the world’s most widely adopted enterprise blockchain platforms. He also played a key role in launching Conclave, a groundbreaking confidential computing solution. On top of that, he’s a trusted advisor to the Bank of England’s CBDC Technology Forum, helping to shape the future of digital currencies.

In this episode, we’ll be exploring the real-world impact of blockchain beyond the hype, where it’s actually making a difference, and where it still faces challenges, and how digital currencies could transform financial systems. We’ll also dive into the rise of confidential computing, and how it’s reshaping the way businesses think about data privacy and security. And, of course, we’ll be tapping into Richard’s experience building and scaling high-performance tech teams, and what today’s digital leaders need to know about adopting emerging technologies.

So, if you’re curious about the future of blockchain, enterprise digital transformation, and privacy-first technology, then this is the episode for you. So, let’s get started. Richard, welcome to Digital Lighthouse.

[Richard G Brown] (1:44 – 1:46)

Thanks, Zoe. Thanks so much for having me.

[Zoe] (1:46 – 2:01)

So, Richard, you’ve been at the forefront of enterprise blockchain, leading the development of Corda, and then later Conclave R3. Before we dive in, could you start by telling us a bit about your journey? So, what drew you into blockchain, and what keeps you passionate about it today?

[Richard] (2:01 – 4:51)

Yes, I guess it was kind of serendipitous. So, my background is, I guess, fairly traditional as a technologist. I studied mathematics at university. I then did a postgraduate diploma in computer science, and then joined IBM when I graduated in a software development laboratory. So, I thought my career would be perhaps a traditional sort of technologist’s career, maybe become a programmer and work my way up from there. But I had a couple of really early opportunities to spend time with customers in my first couple of years at IBM.

I really specialized in one area of the product that I was working on, and then just serendipitously, that was the area that a really high-profile customer had a problem with. So, suddenly I was exposed to the world of customers and support and more senior management. And then I realized there was a world beyond solely software engineering, but there was the context in which software was sold and deployed.

So, over several years, I got experience pretty much of the entire enterprise software world. So, software development and QA, consulting, sales. I spent a lot of time in the field supporting sales teams.

So, I got that quite rich education quite early on. And it had given me this interest in not just in technology, but in business. And then it must have been in about 2012, 2013, somewhere around there, I just happened to see this little, very, very short article in The Economist of all places, talking about this thing called Bitcoin.

But it kind of tipped all the boxes. There was a technical aspect, there was a business aspect, and being honest, there was a slight political libertarian aspect. So, I went down the rabbit hole.

And the more and more I learned about how it worked, clearly it was super exciting as this permissionless way of sending money around the internet without third parties, and I’m sure we’ll get into that. But I really got into the detail of how it worked. And this idea began to take root, that you’ve got this system that is deployed around the world, and multiple people are running these nodes.

They’re all somehow in sync, and yet there’s nobody in charge. And there are people actively trying to break into it and steal the money and make it fail. And yet somehow this system keeps going, and everybody’s in sync.

And my entire career at IBM to that date had been integration software, helping banks connect things together. And the light bulb that went off, and maybe this is the where the stepping off point was, well hang on, all these banks that are trying to communicate, which is the area I was focused in, they’re invariably out of sync, they can never agree on details, everybody’s computer says something different. If the Bitcoin community can solve this data synchronization issue at scale across the internet, why can’t the financial system?

So I just started thinking about it, writing about it. I had a blog at the time, so I started talking about finance, targeted at the Bitcoin community. I talked about Bitcoin to the finance community, and it kind of just grew and grew, and I kind of became sort of like the enterprise blockchain person.

But it was just that confluence of the business aspect, the technology, the slight political overtones, and the relevance to my work. It was just like catnip, it was hard to avoid.

[Zoe] (4:51 – 5:29)

Right, yeah, exactly. I think that’s been true for a lot of people, hasn’t it? It’s just so exciting, and it’s such a different technology.

So although, as I feel is kind of implicit in what you said as well, it has gone through multiple kind of hype cycles. And particularly on the enterprise side, there have been a lot of initiatives that, particularly, you know, maybe five, ten years ago, there were lots of people saying, oh, we’ll use it for this, we’ll use it for this. And those initiatives kind of never really went anywhere.

What’s different about Corda, and how has Corda managed to grow to be such a big player? And were there turning points? Did you have to pivot or change your approach at all?

[Richard] (5:30 – 9:24)

Yeah, we’ve tossed many, many iterations. I guess the fundamental difference perhaps, or the starting off point is, and I don’t put this down to any kind of cleverness on my part, it was pure good fortune, that because I’d become quite visible whilst working at IBM, as this person who understood both finance and also the potential applications of blockchain technology to it, I came to the attention of the people who became the founders of R3, who were trying to assemble this consortium of the world’s banks. So the insight they’d had was, if this technology is going to have any relevance or any impact in the financial sector, it’s probably going to be at the level of the entire market. This isn’t software to be deployed within a firm, this is all about internet scale, world scale technology.

And so it kind of made no sense back in 2014-15 for each of these banks to be running their own projects and doing their own proofs of concept. So the big idea behind R3 was, why can’t we assemble the talent, if you like, some technologists such as me, some business people, and assemble them with the world’s banks and then collaboratively figure out what the opportunity could be. That gave us one or two advantages, because it meant that we had the support from day one, and then my original job was a one-year fixed-term contractor when I joined R3.

It was literally to run an architecture working group. So I had access to literally hundreds of senior technologists from dozens and dozens of the world’s banks, and we worked through these questions about, what is unique about this technology, if we were to deploy it in finance, where might it make sense, where might it not make sense, and of critical importance, what are the defining characteristics. And it was already obvious back then that the reason for which the permissionless crypto platforms, Bitcoin for example, had been created, censorship-resistant digital cash, that wasn’t something the banks back then could interact with.

Ten years later it might be, but back then it wasn’t. So it was already clear we were going to diverge a bit, but this idea of a system that can operate amongst and between multiple firms, and yet remain in sync and allow them to transact, that felt new, and it felt like something that could solve some problems in finance. So the reason I think why Corda is different is, is that we identified what was different about the technology, but we then went back to the requirements and said, okay, so if I needed to build a platform that could allow banks to be in sync about facts, contracts, deals, trades, whatever it is, things they care about, how would I build a system that does that?

Well it would need to have messaging, one bank would need to be able to message the other, it would need to be reliable, I’d need identity, I’d need security, I’d need digital signatures, I’d need a workflow engine, I’d need an application server. You just build up the requirements, what would I need to build to do that? And the answer was Corda.

So today Corda looks very different to some of the public blockchains, and we often have a debate about, is it really a blockchain or not? I mean it is, it’s just one that’s very targeted for finance. But we went through multiple iterations, so if I just give one example, and this is something that’s right at the top of mind now, if you look at the public blockchains, many of your listeners and viewers will be familiar with platforms such as, say, Ethereum, there’s one large Ethereum network, huge numbers of applications are deployed to it, different stable coins, mean coins, whatever it is, but there’s one network, lots of different contracts and assets deployed to it. We thought that’s how the private blockchain world, the enterprise blockchain world would work, but that isn’t how it played out. Each of our customers deployed their own network, so Euroclear, one of the biggest securities depositories in the world, they have their network, there’s a startup called HQLAX, and they’re doing some really innovative stuff in Europe, they have their own network.

And it’s kind of obvious why, because they need control, they’ve got to show the regulators that they are in control and that they’re compliant, and it gives them freedom to act and they can move at their own speed. But it now creates the problem which we’re solving right now, which is, how do you now integrate all these things and allow them to interoperate so they don’t remain their own little silos? But that was one big difference, and once we realized these networks were being deployed separately, it had lots of implications for the design of the product.

Bluntly, it allowed us to simplify it quite considerably, because we added a lot of code and complexity to allow multiple things to be deployed at once, and it turned out that wasn’t required. So that’s just one small example of something that changed.

[Zoe] (9:24 – 10:03)

That was the first thing I thought, as soon as you said, oh, you know, it was all separated out, I was like, well, that’s going to reduce the complexity, you know. And what strikes me about everything you’ve just said is how these are common technical challenges for enterprise solutions. It actually is very much about starting, like you say, with the use case, with how’s the technology being deployed, rather than starting with, I’ve got some blockchain, how am I going to use it?

That’s really interesting to see that that’s what’s underpinning the success of Corda. Do you think there’s more to come from blockchain? Do you think that we now know where blockchain fits in the ecosystem, or is there more to come?

[Richard] (10:04 – 12:09)

I think so. One of the things I often think has happened is, our being the public and private worlds, worlds diverged in 2015. So the public crypto world went through the ICO boom and the meme coins and NFTs and now Trump and Melania coin, all those waves of interesting things and the stable coins and real world assets, they went in one direction.

And the enterprise blockchain world went in a different direction, which is all about the way I describe it, is you’re building market level applications, you’re building applications to solve a problem for a market where that application is deployed amongst and between all the participants in that market. But what I now think is about to happen is the reconvergence. Because if I look just say across the R3 ecosystem, we did an inventory just a few weeks ago in fact, there’s about 20, 25 high quality, live, regulated, fully integrated networks running.

So as in fully integrated into the financial system for the problem they solve. And across them all are billions and billions of dollars of assets. They’re managing significant amounts of money.

And you then look across the permissionless world, they’re doing something similar. There’s this wave of things now called real world assets and stable coins, both sort of converging on the same place but through two completely different directions. And there’s potential synergy in the permissions in my world needs is a way to integrate and interoperate.

And what the unregulated permissionless world needs is access to these high quality assets and access to the regulated ecosystem. So I think we may begin to see a convergence of the two where all the separate R3 networks begin to converge and maybe they converge in a way that actually allows them to interoperate in a controlled way with the permissionless world. So I think there’s a lot more to come.

But it’s also the case that I don’t think the market necessarily on the permission side is as big as perhaps we thought it was 10 years ago. This is a very interesting and quite sophisticated technology to solve problems that come down to integration between firms who need to be in sync. It’s an important problem.

It’s a valuable and lucrative problem. But it’s not necessarily the technology that will by itself change everything in the world. It’s more nuanced than that.

[Zoe] (12:09 – 12:13)

It’s a very specialized application and a very specialized solution.

[Richard] (12:13 – 12:14)

Yeah, I think so.

[Zoe] (12:14 – 12:43)

Yeah, okay, cool. Well, I do want to jump into talking about digital money and the future of digital money, and particularly the idea of, perhaps along the lines you were saying, the idea of central bank digital currencies, where you’re seeing the overlap between the digital currencies that are out there and the kind of established financial institutions. What are going to be the biggest hurdles for central banks launching digital currencies at scale?

[Richard] (12:43 – 15:21)

There’s probably a couple.I guess one way to get into this is to go back to the original idea. I didn’t realize at the time, but I’m pretty sure that I was the person who coined the term central bank digital currency back in 2013 or 14 on my blog. I hadn’t realized.

So I went back a few months ago and re-read the piece to remind myself what was it I was thinking about when I used that phrase. And I didn’t invent the concept, but I came up with the term. And the problem I was thinking about back then had nothing really to do with central banks or payments.

It was actually a very crypto-orientated problem. So I imagined a future where the entirety of the economy runs on, in quotes, the blockchain. So perhaps we’ve got these decentralized contracts.

Perhaps there’s an insurance contract where people can pay their premiums into the policy and maybe it’s something to do with weather or buildings insurance or something. And then if you can get a digitally signed piece of evidence that said, yes, there was a storm and maybe your roof fell off, then you can get money out of the contract. So kind of like an automated underwriting and claims handling process.

And then you just do the thought experiments and say, well, if I’m paying in, say, Bitcoin and you’re paying in Barclays pounds and somebody else is paying in dollars issued by Citi, that contract’s now got all these different types of money it’s got to manage, and then when it pays out, well, maybe I want Barclays pounds, but it’s only got HSBC pounds. It just sounded ridiculously complex. So the thought was, what if we had a currency on the internet or a real-world currency on the blockchain that everybody was willing to accept?

And then the chain of thought says, well, what is everybody willing to accept is probably the currency issued by the central bank. But of course, the idea has then since moved on and it’s moved on in two distinct directions. So in some countries, and primarily the Gulf region is one where this is happening because our firm is working there, there are some, I think, quite far-seeing governments who see this as a way to drive innovation into their ecosystem.

There’s almost a leapfrog opportunity here to deploy a new form of payments that could unlock a whole bunch of new use cases. And in those countries where you’ve got a very powerful and, I guess, rich state, I suspect they will roll out a CBDC within a few years. In the Western liberal democracies, I think it’s going to take a lot longer.

If you take, for example, I think the US, I think just recently with Trump’s inauguration, I think CBDC has actually been banned there. And there’s a lot of people who fear that, is this a surveillance tool for the state? Is this something that will result in the elimination of physical cash and therefore the freedom that goes with that?

So I think we may see sort of a bifurcation where countries that see the benefits of the innovation, they’ll drive ahead, whereas some of the countries that are more worried about the downsides, it will happen a lot more slowly. So I think we will see that bifurcation.

[Zoe] (15:21 – 15:58)

I mean, I think, given that we’re already seeing this kind of backlash against just, you know, shops that will only accept credit cards, you know, that’s kind of seen as a threat to, I guess, the original anonymous currency that many people are used to using. So I can see that anything more, and particularly when people don’t understand it, I guess that, you know, the more involved you are with technology, the more you’re like, oh, okay, well, it just, you know, it just works like this. Whereas if it’s just something you’ve only heard about with the word scam next to it, or hype, or it’s hard then to trust it, and finance is all about trust.

[Richard] (15:59 – 17:12)

Just on that brief, I do think some of the Western countries are missing a trick. So I was invited to give evidence to a House of Lords committee on this a couple of years ago. I don’t think I did a good enough job of getting across what I was saying, but the point I was trying to make was that, you know, right now, physical cash is, as you say, is something that exists, and is remarkably useful for people, you know, people without much money sometimes use it for budgeting.

But there are also people who use physical cash because the privacy or the anonymity it gives them is extraordinarily important. It’s very easy to think of examples of where that might be the case if somebody’s in a coercive relationship and they don’t want to leave a paper trail or whatever it is. If there are some genuine benefits from the freedom of privacy that comes from cash, and as you say, as cash declines potentially to irrelevance, I think there’s a societal question we can ask, which is, you know, does the state, does the central bank have an obligation here, almost a moral obligation to make available something that’s digital, that has those same properties?

Now, of course, you need limits, because otherwise it would just become a, you know, sort of like, you know, something of high attractiveness to criminals, but being able to spend small amounts of money, use certain amounts of time in a way that can’t be tracked, you know, there are people who genuinely need that, and it’s only the state that could provide it. So I think there is a case for CBDC in the West that someone has to make the case for that privacy aspect, I think.

[Zoe] (17:12 – 17:44)

And then they have to fight through the kind of organisational change issues, which again are not specific to blockchain or digital currency, they’re just to implement something in a large organisation. All right, fantastic. Let’s follow up a bit on data privacy, because that’s obviously one of the biggest concerns in finance and digital transactions.

And you’ve been working on something that I’ve not heard of before called confidential computing with your product Conclave. So could you explain what confidential computing is and why it’s of interest to businesses?

[Richard] (17:44 – 21:06)

Yeah, sure. So the first thing I should say is, and I guess there’s probably a really interesting story and I guess leadership lesson in this as well, which is Conclave is a product that my team developed and which we subsequently discontinued. And the reason we discontinued it and this will become obvious in a moment, is I think the market is just not quite ready.

So confidential computing is, I think it’s going to be huge and I’ll explain why, but it hasn’t happened just yet. So we were too early as a startup that you have to decide where to place your bets. But the idea is as follows.

And when I first came across it, it was kind of mind-blowing, but it also could be so powerful. So the starting point is to point out that if you are running a computer, if you’re in control of a computer, if you have full control over it, it may not feel like that when your iPhone doesn’t work or your laptop crashes, but if you’ve got the computer, you could get an electron microscope out, you could go to the hard disk. Possession of the computer is control of it.

The operating system isn’t going to keep you out, you can get around it. So that therefore causes a problem in the cloud because if you send data to somebody else’s computer, all you have is their word for what they’re doing with it. So they might promise that they’re not, they’re not training their AI algorithms on it, they might promise that they’re not using it to generate ads, but you’ve only got their word or what the contract says, because once the data is on their computer, they can do what they like with it.

Now it turns out that the Intel of all people, AMD has this as well, Intel of all people, for entirely different reasons 10, 15 years ago, invented a technology or implemented a technology called SGX, and this is on all their server chips, and it has this remarkable property. It allows you to deploy code on your own computer and then lock yourself out. So if you’re the cloud operator, you can deploy some code and some data, you can lock yourself out so that the computer will only do what the program says and nothing else, and you the operator can’t see it, and then you can remotely prove, you can cryptographically prove to the user that this is the case.

So if you now spin that around, I’m somebody with sensitive data, I want it to be processed by somebody else, perhaps in the cloud. With this technology, I can now get what’s known as an attestation from that server which says, yeah, I promise I am running this program, you can inspect the code and find out what it does and what it doesn’t do. You’ve got this cryptographic attestation that provided you trust Intel, gives you confidence that the operator cannot do anything else, and now you feel confident sending your data.

So just to give one concrete example of how that could be useful, imagine in financial markets, in the stock exchange, often in any kind of trading environment, there’s a central computer that’s managing the orders, so I’ll send in an order, I want to buy so many shares for this price, so many shares for that price. Whoever runs that computer, sees everything, they know what the demand is, they could potentially reorder them, they could perhaps front-run you, that’s a very, very trusted position. If you ran that inside this technology, inside an enclave as they call it, that the operator of that computer could absolutely convince the users that the algorithm was fair, could not be subverted, and they didn’t get an advantage.

So once you realize that, you think actually there’s a whole bunch of cloud workloads that today are not possible or too risky that this would unlock, and it’s all based on this key idea of attestation, this remotely convincing the user that this is what will happen to your information. That and nothing else, and being able to convince them about beyond all doubt, it’s a super powerful primitive if you like, but it’s also quite hard to get one’s head around when one first hears about it, and as I discovered when we were trying to sell it, it’s even harder trying to get people to pay for it.

[Zoe] (21:07 – 21:35)

Right, because it sounds like it must be quite an expensive solution because of the inflexibility, right? So actually, it’s all very well while you’ve got a process that doesn’t change, but all of us who’ve worked in agile software development environments, we know that that’s just not really how the world works. So I guess it’s going to have specialists, limited specialist applications, but for those applications where your only other alternative is a physical server that you control, then maybe it will be big.

[Richard] (21:35 – 22:42)

I think you’re right. I mean, there are kind of like, there are nuances around it that might get past that rigidity, but you’re quite right. And then you think about, say, on the non-functional side, the operational side, so you’re running a cloud service, your customer phones up and says something’s gone wrong. And you say sorry can’t help you, it’s a black box, I don’t know what’s happening.

So there’s all those kinds of issues, but exactly as you say, if you’re in a situation where sharing data with somebody would otherwise be impossible, this is a way to protect it whilst it’s being operated on someone else’s computer. And to bring it full circle, which is kind of ironic, there are now some blockchain projects that are using this technology because, of course, they’ve got that problem over on the permissionless ecosystem. There’s often problems of people getting front-run, so somebody sees an opportunity to make some money from a small contract, they submit their transaction, and then the miners and validators whose job it is to decide which transactions get processed, they look at it and say, oh, that’s a good trading idea.

I’m not processing your transaction, I’m going to put mine in instead, and I’m going to make the money instead, thanks for the idea. Whereas if the validation of transactions happened in this world, they couldn’t do that, and therefore it would avoid that abuse. So it’s quite possible the first wide-scale deployment of this might actually be in blockchain, which is kind of bringing everything back full circle.

[Zoe] (22:43 – 23:15)

It’s very exciting. And actually, I could talk about this all day because there’s so much to cover. This world is so deep, really, with so many different applications and also just angles and facets to explore.

But let’s just round up. I think what people listening, you know, CTOs listening, what they really want to know when they’re evaluating blockchain or confidential computing or digital currency, what’s your advice for how to integrate them and actually drive business value?

[Richard] (23:16 – 24:56)

So I sometimes get accused of being too simplistic or too reductive because my view on this is that the answer invariably is to think like an architect or to think like an engineer and to say, well, okay, what problem are we trying to solve? So if I’ve got a problem which is, you know, I need to share data with somebody but I don’t trust them to process it honestly or I don’t trust them to look at it, then one of the candidate technologies to help me address that problem might be confidential computing. For enterprise blockchain, the problem statement I’d be looking for would be something like, I’m involved in a market, I have some financial market infrastructure and I run an entire market, so I’ve got multiple participants and stakeholders who need to communicate and share data.

And the problem is they need to be in sync and to know they’re in sync and to be sure that nobody gets out of sync. So if I’ve got that problem and I’m trying to build an orderly automated market or market level application, then enterprise blockchain might be appropriate for that. The third use case might be, and this is, I guess, the crossover between enterprise blockchain and regular blockchain, is this is specifically in financial markets, I’m trying to make it quicker to settle asset trades. So I’ve bought some shares from you and I’d like them to be mine and absolutely locked down for me instantly rather than two or three days later. Then tokenizing those assets rather than leaving them inside the securities depository might be valuable and blockchain can help with that.

But it’s exactly what you said earlier, rather than, as you said, don’t start with the technology, start with the problem. And then I always try to think, okay, well, if you’ve got this problem, this is a candidate technology that could solve it. I’m always very suspicious if someone says, right, we’ve got a blockchain program or we’ve got an AI program.

Well, you know, does Google have someone running around saying I’m doing AI projects? No, no, they invented the transformer architecture because they needed to make Google Translate work. The technology is don’t let the tail wag the dog in effect.

[Zoe] (24:57 – 25:05)

Yeah, fantastic. Well, what a great place to finish. Where can listeners go to follow your work and stay updated on what’s happening at R3?

[Richard] (25:06 – 25:19)

Yep, so if you’re interested in anything to do with R3, it’s really easy. It’s r3.com and I have a fairly irregularly updated blog at gendal.me. So Gendal, my middle name, G-E-N-D-A-L, gendal.me. 

[Zoe] (25:19 – 25:26)

Amazing. Well, thank you so much, Richard. That’s been absolutely fascinating. And hopefully we can chat again soon and cover off all the things we didn’t manage to cover this time.

[Richard] (25:26 – 25:27)

It would be great. Thanks, Zoe.