seeking uncertainty in an uncertain digital world...tech talk 2018: seeking certainty in an...
TRANSCRIPT
Seeking uncertainty in an uncertain digital world
10 May 2017 | London
Seeking certainty in an
uncertain digital world 16 May 2018
Welcome!
Welcome! Tech Talk 2018: Seeking certainty in an
uncertain digital world
Anne-Marie Allgrove Chair, Global TMT
Industry Group
AGENDA FOR TODAY
0915 - 1015 Cyber security – Managing data breach in a
changing regulatory and post-GDPR world
David Halliday London
Adrian Lawrence
Sydney
Brian Hengesbaugh
Chicago
Elisabeth
Dehareng
Brussels
Ian Walden London
1015 - 1035 Pop-up Topic: Big Data Through an
Antitrust Lens
Agapi Patsa Brussels
1035 - 1120 Innovation and regulation in the
technology industry
Emma
Dean
Hanover
Communications
Jacob Ohrvik-Stott
doteveryone.org
Sue
McLean
London
1120 - 1135 Coffee Break
1135 - 1220 Data monetisation - How to overcome the legal issues
to maximise the commercial opportunity
Antonio
Russo
Amsterdam
Agapi
Patsa
Brussels
Ruth
Burstall
London
Steve
Holmes
London
Scott
Fairbairn
Three
1220 - 1240 Pop-up Topic: Tax – What’s in store for the digital
economy
Kate Alexander London
1240 - 1400 Lunch and keynote address
David Nicol
R3
Cyber security
Cyber security – Managing data breach in a changing regulatory and post-GDPR world
You are GC for an online marketplace - the marketplace sells bijou, high value items for special occasions, often personalised, by specialist sellers. You have account details for over 30 million customers - they are in all major markets worldwide. You take the orders and remit payment - the sellers do their own fulfilment.
You run multiple websites but all are based on the same infrastructure which is run on an external cloud platform, based on four clusters, two in the EU, one in the US, one in Asia Pac.
www.foudebijoux.com
Your infosec team has seen some signs of suspicious activity on customer accounts (unusual patterns of access ). Initial investigation has also revealed some unusual malware on the network consistent with packaging data for exfiltration, and some inconclusive evidence of large movements of data out of the network.
They call to ask what we should do at this point? They add they are going to start cleaning up the malware asap.
Cyber security – Managing data breach in a changing regulatory and post-GDPR world (Cont’d.) It’s Friday evening (near the end of May…)
Cyber security – Managing data breach in a changing regulatory and post-GDPR world (Cont’d.)
15
War Room call
Saturday 26 May 2018 18:30 UTC
SOC: Getting somewhere with investigation. Outside providers engaged. Interim report is telling us with confidence that our user
credentials management system on Cloudco was compromised. Mass credentials expert looks like it took place a few days
ago. How this happened not clear. Attribution unclear. We’re in touch with Cloudco now.
Legal: The million dollar question – what do we think threat actor has accessed/exfiltrated from customer accounts?
SOC: Too early to say what was actually exfiltrated. In principle though it is name, home address, DOB, card billing address – but
not card number/expiry date/CVVs. Purchase history and personal preferences also retained. That does include info on
others related to user – birthdays, anniversaries, personalisations on purchases, stuff like that.
Legal: We’re sure card details not accessed?
SOC: Can’t be sure but no evidence of it right now. Depends how the creds database was hit, if they have some privileged admin
credentials in principle they could also hit the separate instance which holds card information. But we would expect to have
seen that flagged by monitoring/logs.
COO: So do we need to be talking to anyone about this right now?
Cyber security – Managing data breach in a changing regulatory and post-GDPR world (Cont’d.) Cloud provider response
Cyber security – Managing data breach in a changing regulatory and post-GDPR world (Cont’d.) WhatsApp feed – Monday 28 May 2018
Hey Brian – you around? Crisis situation
What’s going on?
Data breach. Looks bad. Started Friday night. Time running out on us. Need quick inputs.
Just camping with kids … but shoot
Massive user account hack. Can’t tell how many accounts accessed but we assume its millions.
Countries affected?
Everywhere most likely
Just user accounts? No card data?
Pretty confident but not sure. Could take weeks to know for sure.
Root cause?
Not known. Someone compromised one of our IT admin accounts and used it to access user creds. The account should NOT have had access to user creds, bit it does. Mix up over Cloud access settings. Embarrassing potentially. Cloudco might be to blame.
Cyber security – Managing data breach in a changing regulatory and post-GDPR world (Cont’d.) You are just about to notify when….
Mumsnet @MumsnetTowers
Lots of reports of credit card fraud today. Coincidentally forced password resets from FdB. Connected? Check your accounts!
Pop-up topic: Big Data through an Antitrust Lens
Antitrust Interest in Big Data: A Timeline
2008 2014 2015 2018 2016 2017
March 2008
Commission
Decision on Google/
Doubleclick merger
October 2014
Commission Decision
on Facebook/
Whatsapp merger
June 2015
CMA study on the
Commercial Use
of Consumer Data
May 2016
Joint German-
French report on
Competition and
Big Data November 2016
OECD report on
Big Data –
Bringing
Competition Policy
to the Digital Era
June 2017
Revision of German
law to include merger
control threshold
based on value of
transaction, and
access-to-data
criterion for finding
monopoly power
October 2017
ACM report on
Online Video
Platforms (including
their use of data)
March 2016
Opening of Facebook
abuse of dominance
investigation in Germany
October 2016
Commission consultation on revision
of EU merger control framework
(aiming, inter alia, to capture
acquisitions of data-rich companies)
December 2016
Commission Decision on
Microsoft/LinkedIn merger
October 2017
Commission dawn raids
regarding no data access by
Polish banks to fintech rivals
April 2018
Opening of Commission
in-depth investigation in
Apple/ Shazam merger
What Role for Antitrust Law?
“I don't think we need to look to
competition enforcement to fix privacy
problems. But that doesn't mean I will
ignore genuine competition issues
just because they have a link to
data…[O]ne example…[is] big
data…If [collecting big data] means
companies can cut costs and serve
their customers better, it should be
good news for consumers… But if
just a few companies control the data
you need to satisfy customers and
cut costs, that could give them the
power to drive their rivals out of the
market…[W]e don't need a whole
new competition rulebook for the big
data world”
(DLD 16, 17 January 2016)
“New ways of collecting and working with data have huge potential
to improve our lives...And competition enforcement can make a
difference too. It can help to make sure we have diverse online
markets, where companies compete not just to cut prices, but to
protect our privacy better.”
(Rencontres de Bercy, November 2017)
“Data is increasingly necessary
to compete… [C]ontrolling a lot
of data isn't such a big issue, if
others can easily get hold of
the same information, from
their own customers or simply
by buying it in the market”
(Danish Competition and
Consumers Authority,
March 2018)
22
MERGER CONTROL
Vertical/conglomerate concerns: Foreclosure of rivals from an essential dataset
Facebook/Whatsapp; Apple/Shazam
Horizontal concerns: Increase in market power
Microsoft/LinkedIn
ANTI-COMPETITIVE AGREEMENTS
Agree to refuse data-access to new entrants
Commission investigation in alleged agreements between Polish banks to foreclose fintech rivals (2018)
Theories of Harm
ABUSE OF DOMINANCE
Engaging in exclusionary conduct downstream as a result of vertical integration
Leveraging data as part of a tying/bundling strategy
Data as an essential facility to which access is refused
Discriminatory access to data-set to exclude competitors FCA decision in Cegedim (2014)
Exclusivity in contractual arrangements with third-party data suppliers
Data as a means to price discriminate against customers
Use of contractual terms that impinge upon user privacy Commission decision in Facebook/WhatsApp (2014)
vs. BkA Facebook investigation (2016)
Key Issues to Consider
Theories of harm are conditional on the extent of
the competitive advantage generated by the data collection
“Although data becomes
increasingly important for
online advertising, large
amounts of data are not
an indispensable condition
to enter the video platform
market, since competitors
can start collecting data
for the generation of
advertising revenues after
having entered the video
platform market. However,
the relation between the
collection of data and
market power requires a
case-by-case analysis.”
(ACM report on online
video platforms)
Can the collection and use of data contribute to market power?
Mostly relevant for search engines, social networking, online retailing
Consider: multi-sideness of the market; network effects; multi-homing; market dynamics
Data as a barrier to entry?
“Provided that access to a large volume or variety of data is important in ensuring competitiveness on the market…the collection of data may result in entry barriers when new entrants are unable either to collect the data or to buy access to the same kind of data, in terms of volume and/or variety” (Joint German-French report on Competition and Big Data)
Antitrust authorities may need to reconsider data access in the context of IoT developments: the need for accuracy in product operation makes access to increasing amounts of data more important (European Commission, ABA Antitrust Law 2018 Spring Meeting)
Consider: timeliness; relevance; ease of replicability; uniqueness; importance; scale; scope
Innovation and regulation in the technology industry
Data monetisation
Businesses are re-appraising their business models,
capitalising on big data and the power of analytics
This leads to new strategies, collaborations and
technologies
This session will focus on three key legal issues
which can impact maximising the value of data
TAX
COMPETITION
What risks does data-
related collaboration in a
horizontal relationship carry
(e.g. information exchange;
algorithmic collusion)?
When does leveraging data to create new revenue
streams create market power / foreclosure concerns?
To what extent may exclusivity
arrangements over data be
included in collaborations in a
vertical relationship?
DATA
MONETISATION IP
Can you own data? What IP rights might apply (copyright,
database right, contractual rights, trace secrets, patents)?
What are the challenges / gaps in protection of data?
How do you effectively license data?
How can IP be used to maximise the value in data?
How do we expect the tax regime to develop in the future?
What is the role of data ownership (legal, economic, functional)?
How do you determine "nexus" for tax purposes?
Where and how is value created?
How does the current international tax
framework apply to digital business models?
Pop-up topic: Tax – What’s in store for the digital economy
The Court of public opinion
BEPS
CONCLUSIONS
UK NOVEMBER
PAPER
UK MARCH
PAPER
EU INTERIM
DIRECTIVE
EU LONG
DIRECTIVE OECD
Response so far…
Establishing a new
"significant digital presence" PE
Defined by reference to revenues received
from supply of digital services, number of
online users, or number of business
contracts for digital services, plus new
rules for attributing profits.
Establishing an ‘interim’ Digital
Services Tax (DST)
Imposed at 3% of gross EU
revenues from specific digital services,
due where users are located. ‘Interim’ DST
intended to fall under Art 113 TFEU as an
indirect tax.
Two proposed Directives:
Interim measure? Final solution?
EC Proposed Directives
The importance of politics
The importance of politics
Malta Luxembourg Ireland
Denmark Lithuania Finland
Sweden U.K.
France Poland Portugal
Spain Italy
Germany Belgium Netherlands
Czechia Austria Slovakia Slovenia
Hungary Romania Bulgaria
Greece Croatia
DST estimated to apply
to 60-80% of revenues
resulting in potential
costs between €120 and
€160 million per annum Supporter
Not a supporter
Undeclared
Who are the supporters of an EU-wide measure?
US does not believe that digital businesses are
sufficiently unique to warrant separate treatment
Following the US tax reform, the US argues that
there is no problem to address: “value is created
in the US, and it is now fully taxed there”
Potential US WTO challenge to EU DST?
The role of the US
Unilateral actions: examples
Introduced
advertisement
tax.
Published changes to
income tax and VAT
expanding concept of
the PE.
Introduced
advertisement and
audio visual content tax.
New “web tax”
and conformed
PE definition in
line with BEPS?
Targeted measure,
expanding ‘fixed
place of business’
for certain digital
platforms.
New turnover tax on
the digital economy;
2019 proposal to
introduce own levy
on digital companies?
New nexus based on
concept of significant
economic presence
plus equalisation levy
(6% withholding tax
on fees paid for online
advertising by non-
residents).
2014
HU
NG
AR
Y
11 A
PR
IL 2
016
ISR
AE
L
19 D
EC
EM
BE
R 2
016
FR
AN
CE
1 J
AN
UA
RY
2019
ITA
LY
1 J
AN
UA
RY
2018
SL
OV
AK
IA
Jan
uary
2019
SP
AIN
IND
IA
1 A
PR
IL 2
019
HoC released report
on the subject of e-
commerce and trade,
including
recommendations on
the taxation of the
digital economy.
26 A
PR
IL 2
018
CA
NA
DA
Published update
to position paper,
considering interim
and long term
proposals;
introducing a
diverted profits tax? 1 J
an
uary
2020
UK
Unilateral actions: examples
Several countries have already taken action before international consensus is reached. For example:
SO WHERE NEXT?
1240 - 1400 Lunch and keynote address
David Nicol
R3
37 37
Baker McKenzie Global TMT Tech Talk
David Nicol, R3
Industry Problem
Supplier Customer
We both see the same thing
Apply Credit
Post Invoice
Generate invoice
Do work
Record Work
Confirm credit
Receive Invoice
Input accounts payable
Pay Bill
Acknowledge work
Customer
This is what I think I owe
Supplier
This is what I think I am owed
Apply Credit
Post Invoice
Generate invoice
Do work
Record Work
Confirm credit
Receive Invoice
Key in accounts payable
Pay Bill
Acknowledge work
TODAY TOMORROW
? Shared Truth
Shared business logic
Shared data
Shared network
3
8
DLT / Blockchain has huge potential to drive change
Financial Institutions Regulators Operations Individuals
• KYC / AML
• Derivatives Clearing
• Repo Clearing
• Cross Border
Payments
• Trade Reconciliations
• Margin / Collateral
• Real-Time Settlement
• Client Onboarding
• Real-Time Settlement
• Common Ref Data
• Timestamping
• Account Portability
• Fraud Identification
• OTC Life-Cycles
• Crowdfunding
• Peer-to-Peer Lending
• Virtual Identity
• Credit Scoring
• Cross Border
Payments
• Vault/Escrow Services
• Customer Deposit Cost
• KYC / AML
• Regulatory Reporting
• Compliance Reporting
• Trade Reporting
• Risk Visualization
• Basel III Compliance
• Client Transparency
These four
use cases
alone
could
generate
$60-
80bn in
cost
savings1
(1)Source: McKinsey 2016 Findings From Research Into Distributed Ledger Technology
3
9
• Collaborate and maintain one secure database
• Run software that communicates with their counterparts and
• Keep systems up to date without relying on intermediaries, reconciliation, matching or manual fixes
Blockchain enables competing firms to:
4
0
41
Current State of Blockchain Landscape
The Enterprise Blockchain sector includes firms pursuing, broadly, two fundamentally different strategies:
oOpen & horizontal – e.g. Corda, IBM’s Fabric (Hyperledger), Ethereum
oClosed & vertical – e.g. Digital Asset, Axoni, Symbiont, SETL
R3 is pursuing an open & horizontal approach: Corda
Approaches from firms include a variety of horizontal and vertical solutions
41
Pla
tfo
rm /
Ne
two
rk
Pro
du
ct
/
Fu
ll-S
tac
k
Proprieta ry Open Source
41
The New Operating System for Global Finance
R3 is an enterprise software firm working with a network of over 200 banks, financial institutions, regulators, trade associations, professional services firms and technology companies to develop on Corda, our blockchain
platform designed specifically for businesses.
4
2
Corda
Corda is a distributed ledger platform designed and
built from the ground up to record, manage and
synchronise agreements (legal contracts), designed for
use by regulated financial institutions.
4
3
Corda is the 3rd Generation Blockchain: Open & Interoperable, With Privacy
Corda prioritizes global connectivity + business privacy + asset mobility + network efficiency
G E N E R A T I O N 1
Bitcoin / Ethereum • Public permission-less blockchain • Poor privacy • Network inefficiency
G E N E R A T I O N 2
IBM Fabric / Quorum • Multiple Silo Private Networks • Stranded Assets
G E N E R A T I O N 3
Corda network • Public blockchain + identity • Multiple private business networks • Transferable assets
44 4
4
The Evolution of The Blockchain Landscape
R3 was the first to assemble a true industry-backed consortium for the development of blockchain solutions
45
Corda Open
Source v3.0
Corda EnterpriseAltcoin Rush
Meta Protocols,
Colored Coins,
and Tokenizat ion
Corda
prototype
“M0”
2009
Bitcoin
Release
R3 plat form
experim entat ion
Hyperledger
Project
Linux Open
Source
2015
Ethereum
R3 Consort ium
beginsCorda Open
Source v1.0 & v2.0
TODAY
4
5
Corda
46
Immutability
Records stored in a cryptographic manner
Mutual verification
Shared facts established by consensus
Consistent Shared Facts on Ledger
Records of shared facts are consistent
Smart Contracts
Business Logic executes in a
deterministic, tamper evident manner
Security & Privacy
Transaction information is propagated only
to relevant nodes
Interoperability
Corda retains privacy but allows
interoperability
Easy Integration
Make integration with bank systems easy
and safe
Transparency
Consensus achieved at individual deal
level
The R3 Network
20+
Regulators
and
Central
Banks
90+
Partners
47
The Corda Partner Ecosystem Partner SolutionsDelivery Partners
Infrastructure / Technology Partners Network Service Providers
1
2
Bringing real world business solutions to our clients
49
Enabling the sharing of KYC or
Digital Identity data in a
compliant and efficient way
How blockchain can drive
efficiency, cost saving and risk
reduction across the insurance
landscape
Representing digital cash on
blockchain, domestic and
International payments
systems, including CBDC and
non-CBDC activity
Optimizing the supply chain
across business networks, and
connecting the world’s trade
ecosystem making it more
secure and accessible
Blockchain solutions for
instruments across the full trade
lifecycle
Includes portfolio construction, deal
and order management and
regulatory reporting
Digital Identity Insurance Cash and payments Trade finance Capital markets
CORDAPPS
PARTNERS
4
9
The Corda vision is a global network of Corda nodes sharing standards, frameworks, and governance
Confidential
A single node can operate multiple applications, participating in multiple business networks.
Network
Business Network 1
Business Network 2
Participant A Participant B Participant D
Participant E
Technical Standards Identity Framework
Consensus Pools
Open Governance
Participant C
Participant n
Business Network n
5
0
Project Overview
Cash represented on Corda will support DvP on the Corda Network
Confidential p5
2.
Network
Business Network 1
Business Network 2
Participant A Participant B Participant D
Participant E
Technical Standards Identity Framework
Consensus Pools
Open Governance
Participant C
Participant n
Business Network n
Cash states Issued on Corda
Partners
Commercial Banks
Central Banks Corda Capability
Participant A Participant B
Transactions are paired with transfer of real value for settlement (or netted)
53
Corporate KYC
Vision Corporate ownership of the content and
distribution of a single KYC dataset to many
banks, leveraging the immutability and
decentralized nature of blockchain to drive data
validation efficiencies and guarantee of control
over your data.
Objectives To demonstrate the benefits of Corporate KYC
on Corda and build buy in for continuing towards
an Accelerator phase of the Leia program
Project LEIA2
53
Membership-led projects on Corda
5
4
HQLAx – Tokenisation of liquid assets
Marco Polo – Open account trade finance
Finastra – LenderComm syndicated lending
Calypso - FX trade settlement confirmation
VoltronX – Documentary trade automation
LEIA II – Corporate self sovereign KYC
Maison – Regulatory reporting for mortgages
ECP III – Euro Commercial Paper Issuance
TradeIX and R3 Partnership R3, TradeIX kick off pilots for Marco Polo initiative
“Hopes to onboard in total 20 to 25 banks by the end of 2018. The ambition is to expand the initiative to include third-party service providers, such as credit insurers, software companies and logistics providers. R3 expects to go into production in late-2018 or early-2019. Marco Polo is one out of two trade finance projects that R3 is running simultaneously. Source: GTR
5
5
56
Tokenization of baskets of securities to distribute liquidity more efficiently
Vision A collateral lending solution for
sourcing or providingHigh Quality Liquid
Assets (HQLA) on Corda
Objectives To build an exchange that improves HQLA
upgrade/ downgrades by utilizing
distributed ledger technology for the
tokenization of baskets of securities that
allows for quick, legal transfer of HQLA
and re-hypothecation
Project HQLAx
56
57
Euro Commercial Paper
Vision Deliver a new application and business model
for the issuance, dealing and settlement of
Euro Commercial Paper on Corda.
Objectives To deliver the full ECP trade lifecycle on a
Distributed Ledger into production & scale
across key jurisdictions.
Project Euro Debt
57
DLT-based FX matching pilot from Calypso Technology & R3
“Calypso sees Distributed Ledger Technology as an important component of our innovative offerings to transform the post trade processing operations. We are excited, that after successful completion of the initial PoC, BBVA, BBVA Bancomer and our strategic blockchain partner R3, have engaged in next phase of Calypso FX Matching Distributed Ledger Technology service supported by our Cloud services”, - M. Mayank Shah, Head of Strategy, Marketing and Alliances.
5
8
Finastra and R3 Partnership
The benefits •Seamless collaboration between agent and lenders •Fully automated and secure communication with lenders •Real-time data •Cloud-based technology for quick and easy adoption
Source: finastra
Fusion LenderComm digitizes communication with lenders – driving efficiencies in the process, saving agents time and money, and eliminating operational risk.
Powered by Corda, highly secure nodes on the Fusion LenderComm network maintain all transaction history. This gives every lender a personal view of deals they participate in and a time-stamped audit trail.
5
9
GuildOne Royalty Ledger – First implementation of a smart contract in the oil and gas Royalty Sector.
6
0
“Distributed ledger and Blockchain technology have the potential to greatly minimize and ultimately eliminate resource and royalty-based disputes. The
democratization of these tools to all the stakeholders and communities can increase fair and equitable production of
resources while initiating a more efficient operation model,” -James Graham, CEO of GuildOne
TradeWind Markets: First Production Example of a Digital Asset Backed by Regulated Custodian – all settled via Corda
TradeWind’s Vaultchain Gold, built on top of
Corda, promises to expand gold as an investable
product while reducing costs and friction for all
participants:
• Precious metals investors to execute trades with a
secure and low-cost solution
• Banks to reduce their costs and friction brought
about by trading
• Vaults and refiners to easily interact with customers
and other market participants
• Gold producers to directly access end physical
demand and pricing
• Physical dealers to engage existing customers and
attract new business via a new digital product
Vaultchain Gold, powered by Corda:
• Immutable records of ownership • Direct balance verification on Corda • Flexible account and inventory management • Connectivity by API and Web user interface
6
1
Production Environment Flexibility We can support a myriad of infrastructure models for clients while providing enhanced security, performance and privacy features
• Microsoft and R3 have partnered to not only provide Corda on Azure, but Corda is adding capabilities to take advantage of rich features Azure is developing to support blockchain platforms
• Intel has partnered with R3 to make Corda capabilities availability within Intel’s Software Guard Extensions (SGX) hardware security module
• HPE is building Mission Critical DLT but installing Corda on Nonstop Servers for rapid Blockchain-out-of-a-Box solutions
• Amazon and R3 have partnered together to have Corda available on AWS Marketplace, which allows AWS users to develop CorDapps or deploy example CorDapps from R3 directly from AWS Marketplace.
6
2
p
6
3
.
States are immutable objects that
represent (shared) facts such as an
agreement or contract at a specific point
in time
Confidential
Transactions
• Transactions are proposed updates to the ledger
• Transactions consume 0 or more existing states (the inputs)…
• …To create 0 or more new states (the outputs)
• The newly created output states replace the input states, which are marked
as historic
Confidential
OUTPUT STATE
INPUT STATE
Verification consensus
In Corda, a transaction is only valid if it:
1. is signed by all required peers
2. satisfies the contracts of the input and output states
Confidential
Seeking uncertainty in an uncertain digital world
10 May 2017 | London
Seeking certainty in an
uncertain digital world 16 May 2018