Maria Grazia Vigliotti is the founder of Sandblocks Consulting, a boutique consultancy specialising in blockchain technology and cybersecurity. She is CEO of Gradbase a company that secures academic and professional qualifications on blockchain.
Her career in computing spans more than twenty years, many as an academic at Imperial College London specialising in writing AI algorithms to aid in cybersecurity and formal code verification. She convened and led the development of the cybersecurity strategy for the entire British railway industry and worked on prevention of cryptographic attacks on the European Railway Traffic Management Systems (ERTMS). She has also advised most of the major players in the UK nuclear industry on smart device security. She is a member of the Blockchain committee of the International Standards Organisation. She is also Chief Editor for the Journal Frontiers in Blockchain, the first peer-reviewed academic journal in the field.
Maria holds an honorary visiting fellowship at the Department of Computing at Imperial College London.
What’s your background and how did you get involved in blockchain?
I have worked in technology all my life. I used to be an academic at Imperial College in the Department of Computing, so I have worked mostly in computing, programming languages and programmes related to security. Consensus algorithms, used in blockchain, was an area of research for my PhD so working in technical environments has always been very familiar to me. I went into blockchain when I was working for a start-up and they asked me to investigate Ethereum and see what they could do with it. So, I went away and investigated cryptocurrencies. And I thought, wow, this is fantastic. I fulfilled my job and then I handed in my resignation, and I thought, you know, there are not enough women in technology. As women, you know, we don’t always tend to take a lot of risks and I wanted to change that at that particular point. I set up my own company and I have been doing consultancy ever since. I have also worked with a lot of fantastic, competitive start-ups as often happens in this space. But it was very difficult to make people appreciate how great this technology was because we were focusing on the technical side, when we needed to focus on the benefits side. I realised that I fundamentally lacked the ability to communicate the fantastic things that we had made and how they would be translated into some genuine business benefit.
What prompted you to write a book explaining to executives how to use blockchain?
What I really wanted to do was to realise this dream of being able to talk to people who were not technical. I was already very successful with my company with some great clients and big projects. And I really wanted to test this a little bit further with the book so when this wonderful opportunity came up with Palgrave, I grabbed it with both hands. The purpose was not to use technical language and to really get away from jargon. I do a bit of training as part of my company’s activities and people come along and they’re often mystified by the amount of jargon that goes into using blockchain. And for me, if you really understand something you should be able to explain it in plain language.
Jargon-free explanations of blockchain and related-terms are so needed. What’s the best way for non-technical executives to understand something like smart contracts?
I think that the first thing to do is always to start with an example. One way of doing this is to make people realise that smart contracts are already very familiar to them and we are already using them. Then you can explain why this is different from how smart contracts are used on the blockchain. Let me start with an example like smart bikes. I love them! They are a fantastic way to move around in London. It’s effectively like you’re using a smart contract because there is a contractual obligation between yourself and the bike provider. You are paying for a service, they’re providing a service, and there is no intermediary there. And it’s completely automatic. You insert your card, and then depending on the time you spend on the bike that amount of money will be deducted from your card.
But, in that particular example, if there is a problem with a payment or you feel you have been overcharged, you can raise a complaint. Your complaint is supported by law that protects consumers. The difference in the blockchain is that you have a contract that is made in code. And then you can decide whether this type of automated contract is useful to you and if there is a risk of overcharging. You trust the contract to do something for you so that your relationship with the other party becomes more direct.
How legal is a smart contract on the blockchain? It’s a question that varies from country to country. In the book, we argue that in English law, without wanting to go too much into detail, a contract written in computer code could be considered a legal valid contract provided it meets the legal conditions of the contract. There’s been a recent publication from the Law Society that confirms that. But in my home country, Italy, the contract has to have a specific form and to change that you need an Act of Parliament. And then you have a much longer process to make a smart contract really legal because Parliament will need to issue a piece of law that says that contracts written in code could be legally binding. And we can imagine that in different jurisdictions in Europe or around the world, that will differ again. So, what does it mean for businesses? That means there’s a risk.
Given all its potential benefits, why do you think blockchain is not taking off faster?
Blockchain is actually taking off quite a lot in various areas. Probably not as much as was predicted a few years ago but I think to some extent that these were over-enthusiastic predictions. I was recently speaking on a panel at the Italian Embassy and I heard about all the fantastic work done by IBM, for example, around the world. The real point is that if you would like to have a proper blockchain deployed in a way that is efficient and useful, you need a number of parties and not that many small and medium businesses really work in that way. For now, the real players are the big companies that actually can attract many other partners and work in that manner.
I often get asked where blockchain is being used right now and by how many people. What real-world examples do you give when you get asked that question?
I have always maintained that blockchain (outside of cryptocurrencies) will have a big impact on supply chains and I always enjoyed your Unblocked events on supply chains because I think there are really big efficiencies to be gained there. Also, there are use cases in areas where you need to certify unique pieces, whether they are collectibles, such as art. We are currently working in the UK with the Design and Artists Copyright Society (DACS) to see what we can build for them. If you talk to stakeholders, they’re really excited and interested because then they start to see how you can solve genuine problems.
It is an opportunity to track the provenance of goods and it is the opportunity to have a certificate of authenticity that works so that once it’s there, you can truly consider it authentic and it cannot be changed. One of the really important points when we look at this kind of application is how we connect the digital piece to the physical piece.
What practical steps do you advise business leaders to follow if they want to create a blockchain project?
The first thing I do when people say, “Oh, we would like to use blockchain” is to ask what your problem is first. It is fantastic to want to use innovative technology but ultimately, if you’re not solving the problem, you’re going to get into a lot of trouble. In the book, we give a very clear strategy about that. First of all, you actually have to think about your problem.
Many people think that they know their problem when very often what they know about is the possible solution, but they have never really deeply explored the problem and it takes a lot of time and courage to do that right. And then once you have done that, what you have to think about is what would be your ideal world? What is a solution without thinking about the technology? And then after that, once you have the solution, what are the benefits? And then you can ask yourself, is this a blockchain or not? In the book, we have devised a test if you need a blockchain. It amounts to you can ask yourself, do you just need to digitalize systems, how many parties are going to be involved, and what is their role. This determines which particular blockchain you are going to need.
There is a whole movement whereby I think that digital education will be part of creating the leaders of tomorrow. And this is really the point of the book, that we have this wrong-headed idea that we distinguish between the technology and the human element. I think it’s going to need to be updated if you really want to get change. As a technologist I need to think about the human element of what I am creating – and vice versa as a business leader, I would like to know about the technology. You’d be surprised how many times people say, “Oh, you know, that’s the technology, it’s not for me to decide, it’s for you, guys” Essentially, that’s the message and I always thought, you would never say that if we were talking about financial transactions. You may not be an accountant, but you know all about the company budget and its implications. Why is technology any different? We need to be able to know how technologies work in order to use them to our advantage as opposed to “being used” by the technology.
Do you think there is a current market leader in the enterprise blockchain marketplace and is that likely to change?
We are an independent company so we don’t endorse any particular blockchain platform and our strength is that we can really give impartial advice. Both IBM and R3 Corda may well be market leaders, by the sheer volume of their own efforts and influence as companies. I’m pretty confident that a lot of people are using those two solutions around the world. In terms of blockchain as a service, I’m always a little bit worried about that because the blockchain requires really thinking about how many people are working with you, if you’re using the blockchain just to timestamp documents you don’t need a really expensive solution. You can pretty much do it on the Bitcoin or Ethereum blockchain. There are a lot of services out there as more companies are starting to provide these products. SAP is also getting into the enterprise field alongside companies like IBM. Those 3 companies will be significant but there are also new contenders coming along such as Elixxir, created by David Chaum, one of the earliest proponents of the idea of e-cash and Algorand, a secure, scalable solution developed by Turing prize winner Silvio Micali. These may be the next generation blockchains to look out for. In terms of cryptocurrencies, I would put the money for the future on those two. But the future is hard to predict so it’s just my wild guess.
What are the biggest risks for businesses looking to adopt blockchain at the present moment?
For me, the legal and regulatory challenge is one of the biggest risks because when you’re managing the blockchain element, you have also got to deal with the part about legislation not just the technical elements. Take GDPR – there has been a huge discussion about whether even permissioned blockchains can be GDPR-compliant and how you go about that. There are ways we have implemented them, for example, which are cloud-based but you have to be very careful in how you manage those things.
The biggest risk, especially when we talk about enterprise blockchains, is really to set up intelligent governance because without those rules how are you going actually to manage people who could potentially misbehave? If we look at for example, the Bitcoin blockchain, the opportunity to misbehave is pretty limited, but that type of public blockchain does also very limited things which is transfer bitcoin from one partner to another.
In blockchain, you have to carefully think about what your consensus algorithm is and do how you prevent people from cheating. If the number of people that are working with you is not big enough, maybe you have to think about how you can minimise the risk or detect opportunities of cheating. Some of it will still require that you actually have a contract so that you can somehow legally punish whoever misbehave. There is no other way out. The idea of the consensus algorithm around federated blockchain is not very much explored. I mean, and typically people don’t use it, which is a real shame. In the book, I give some examples of what you can do using a sort of permissioned blockchain with moderately robust consensus algorithms. But for some reason, that’s not really picked up and I wonder whether it’s because we go back to the idea of business leaders and technical people needing to work together more.
The technology is not necessarily sufficient to solve this kind of problem. You need actually to create some governance rules around all the stakeholders who actually manage the risk because the technology does not provide the full framework. It provides some ways in which you can make governance better in relationship to how you connect the physical piece to the digital piece. You need to have some very clear rules and there are various techniques that you can apply. Sometimes we put too much faith in technology and not enough effort into actually thinking about how we humans are going to use the technology and how we need to mitigate the risks that cannot be addressed by that technology.
We recently celebrated International Women’s Day – are there still too few women in blockchain and, if so, what can we do to change that?
Just think about your skills and what can be transferable, then you can start to participate in new activities like blockchain. Sometimes some of those new topics may be a little bit overwhelming or maybe you don’t feel you can simply jump into it immediately. I think, overall, we as women need to be more confident in ourselves, in who we are, and in how we can transfer our skills. There is this idea of being perfect, which can be great, because it means that when women start something new, we do it very well in it. But it also has a disadvantage in that then we don’t take as many risks because we cannot see exactly how things will pan out and maybe we don’t really like going into an unknown situation. What I have been doing in the last few years, including whilst mentoring people, is really sending a simple message, which is asking women to take more risks.
If you are a woman and you are interested in some mentoring, please get in touch. I do require people to write 800 words about what they want from the mentoring because, typically, that’s an opportunity to understand whether I can help you. And remember most successful people didn’t get there in one step. They put one step after the other and that’s really an important message: don’t be intimidated, just put one step after the other and you will go somewhere.