Blockchains and Transparency in Food Retail
At a time when higher levels of transparency are expected by governments and much of the public, blockchain technology provides an attractive solution for food retail enterprises with global reach to account for their many suppliers and the potential impacts of related dealings. When effectively harnessed, this technology can create an accessible, comprehensive record of the conditions in which products have been sourced. Such a record can also facilitate timely remedial action by highlighting cases in which safety, the public good, or the health of the enterprise itself have been compromised. Additionally, mechanisms known as smart contracts can potentially be incorporated into blockchains to facilitate the enforcement of an enterprise’s requirements of other supply chain participants.
Blockchains were conceived by the architects of modern cryptocurrency as a solution to the problem of “double spending.” This term refers to the potential for a participant in a cryptocurrency system to reuse a unit of currency after relinquishing it through an exchange. To avoid such a scenario and inspire trust, it was reasoned that a cryptocurrency system would need to register transactions in a tamper-proof, transparent manner. In the paper providing the blueprint for Bitcoin, a methodology was proposed for creating a unique, traceable record for each transaction of a cryptocurrency unit. As outlined by the author, select details of transactions occurring within a brief, timestamped period are “hashed”—algorithmically converted to a numerical value of fixed length. This “block” of hashed data is then hashed again with the data of transactions falling within a subsequent time-stamped period, creating a new block. When repeated, this process generates a “chain” of sequentially-linked blocks that allows system participants to view the full ownership history of a crypto asset and verify that none of its owners (represented by unique addresses or “wallets”) have spent the asset more than once while holding it. (Other information is included in cryptocurrency data blocks but is of less relevance in understanding the broader applicability of blockchains.)
A hash cannot be reversed once executed, but the algorithm for that hash will always produce the same numeric value from a given data set. Accordingly, any one block in a blockchain can be validated by running a hash of the transactions in the current and previous blocks. Conversely, any attempt to alter transaction data will create a discrepancy with the hashes of all subsequent blocks and alert the blockchain’s participants.
Another core component of blockchains is that the information they hold is distributed rather than centralized. Instead of providing each participant access to a centralized database and server, all information is shared among the configured hosts of the blockchain’s participants. All entries are viewable at any time by all participants, providing an additional level of transparency to all transactions.1
Blockchains in Food Safety and Supply Chain Management
The viability of various cryptocurrencies remains a matter of debate. The architecture of the blockchains originally designed for their exchange, however, has demonstrated value in tracking the movement of a wide variety of assets. Documenting the sourcing and transport of food products is one prominent area in which blockchain protocols have been successfully adapted. As all recorded events on a blockchain are digitally and sequentially linked, a properly-engineered blockchain platform can enable a user to identify the source and subsequent suppliers of a product rapidly. This capability has important implications for large food retailers, for whom complex global supply chains present a unique challenge when attempting to identify the source of a contaminant or fraudulent product.
In a famous proof-of-concept conducted by a large multinational organization in 2017 in cooperation with IBM, a blockchain with vendor inputs at each stage of the supply chain made it possible to fully-trace the harvesting, processing, and shipment history behind a package of sliced mangoes in 2.2 seconds. The information obtained covered a 30-day period and involved 16 farms, two packing houses, three brokers, two import warehouses, and one processing facility.2 In a previous exercise unaided by blockchain technology, it took seven days to reach the same result.3 Subsequently, there was a collaboration to develop a high-capacity IBM’s platform allows for significant granularity in tracing food products and the processes they have undergone. Each event in the handling of a product may be classified within the six categories of the international standard known as EPCIS (Electronic Product Code Information Services): Commission, Decommission, Transformation, Aggregation, Disaggregation, and Observation. A retailer or supplier may require vendors to add documentation to the blockchain for each category at corresponding stages. The use of IBM Food Trust has since been expanded to trace 100 products, including produce, meat, poultry, and dairy. Some multi-ingredient products with more complex sourcing histories (packaged salads, baby foods) are traced as well. An additional 500 enterprises are also currently using IBM Food Trust beyond the initial POC that started in 2017. They include grocery retailers, which adopted the platform to trace Romaine lettuce and organic products. Deploying blockchain-obtained information on organic products has also been added for direct marketing to customers. QR codes are placed on organic items that, when scanned with a smartphone, link to sites naming the farms, processors, and distributors from which they originated and describing their humane, safe, or environmentally-sound practices.
IBM’s platform allows for significant granularity in tracing food products and the processes they have undergone. Each event in the handling of a product may be classified within the six categories of the international standard known as EPCIS (Electronic Product Code Information Services4): Commission, Decommission, Transformation, Aggregation, Disaggregation, and Observation. A retailer or supplier may require vendors to add documentation to the blockchain for each category at corresponding stages. The use of IBM Food Trust has since been expanded to trace 100 products, including produce, meat, poultry, and dairy. Some multi-ingredient products with more complex sourcing histories (packaged salads, baby foods) are traced as well.5 An additional 500 enterprises are also currently using IBM Food Trust beyond the initial POC that started in 2017. They include grocery retailers, which adopted the platform to trace Romaine lettuce6 and organic products.7 Deploying blockchain-obtained information on organic products has also been added for direct marketing to customers. QR codes are placed on organic items that, when scanned with a smartphone, link to sites naming the farms, processors, and distributors from which they originated and describing their humane, safe, or environmentally-sound practices.8
IBM Food Trust is marketed as a “private” blockchain platform. In contrast to cryptocurrency blockchains in which anyone may participate and all information is publicly accessible, Food Trust users are given access on a permissions basis by administrators.10 Although all data entered through the platform is recorded on the same infrastructure, each accountholder’s information remains private by default and viewable through a “sidechain” segmented from the larger blockchain.11 However, consortia can be formed within the IBM Food Trust platform, enabling participants to consensually view each other’s information.
FoodLogIQ, whose clients include major grocers and food producers, also provides private blockchain services. A notable feature of the FoodLogIQ Connect platform is its incorporation of internet-of-things (IoT) data collection, which enables real-time reporting on safety concerns such as cooling. 12
Platforms with the capabilities of IBM Food Trust and FoodLogIQ also have the potential to aid in complying with regulatory requirements such as the Food Safety Modernization Act (FSMA). A retailer can mandate that suppliers enter Key Data Elements (KDEs) into a blockchain platform at each stage of a product’s journey to a grocery shelf. Information mandated by the FSMA, such as locations, shipping dates, and cooling times, is then cryptographically-linked across a series of data blocks. 13
Because each block contains a hash of the data from all previous blocks, the information added to any given block cannot be altered without “breaking” the chain and alerting the blockchain’s participants. In a compliance context, this immutability confers a high level of credibility to blockchain data.
This enhanced visibility into a supply chain also equips retailers to respond expeditiously to disruptions. In a hypothetical example, a grocery retailer that sources shallots from both Florida and southern Louisiana may observe through blockchain data a slowdown in shipments traceable to the latter area. The retailer is then able to take remedial actions to minimize the impact, such as increasing orders from Florida. 14
Public Blockchains, Tokenization, and Transparency for Consumers
A number of grocery suppliers have begun sharing provenance information acquired through blockchains with consumers. One organization places QR codes linking to supply chain information on products containing dairy and palm oil, and another organization does so for its pork seasonings. These organizations do so anticipating that greater transparency for certain products (e.g., those containing sustainably-sourced palm oil) will provide a competitive advantage. Other organizations have ventured outside IBM Food Trust and are utilizing “public” blockchains OpenSC15 and ScanTrust,16 both of which are transparent by design.
OpenSC is a joint venture between the nonprofit WWF-Australia and BCG Digital Ventures, the “business-building” arm of the Boston Consulting Group. The stated goal of OpenSC’s blockchain platform is to facilitate consumer choices that are favorable to the environment and human rights. To that end, information captured on food suppliers and retailers in the OpenSC platform is accessible to the public at-large. The platform is notable for its inclusion of fishing enterprises such as Austral, which has plans to launch a shrimp line through Woolworths and seeks to highlight that its catches all originate outside protected marine areas.18
ScanTrust, which began as a QR code provider focused on anti-fraud, entered the food retail industry in 2018. Working with an international coffeemaker, whose fair trade and renewable materials commitments are central to its marketing,19 ScanTrust developed a blockchain with a built-in “transaction processor” that enabled Cambio’s supply chain validators to document events pertaining to roasting, harvesting, shipping, farming, and certifications. As with OpenSC, information captured through ScanTrust’s blockchain service is publicly accessible and intended to inspire consumer confidence in the products tracked.
An international consumer goods organization has availed itself of another feature of blockchain technology for the enterprise’s palm oil tracing—tokenization. Tokenization refers to creating a digital asset that represents another asset. The GreenToken blockchain developed by SAP issues a token representing a unit of material sourced by an enterprise. That token is modified as it passes from one supply chain participant to another, taking on attributes related to each participant’s practices. A token generated for a unit of palm oil, for example, will bear a record of the cultivator’s deforestation impact and will take on additional records concerning the sustainability of products with which it is aggregated or the legality of supply chain members’ labor practices. In its final form, the token provides a unique, immutable record of a palm oil product’s accumulated characteristics.21 This record can then be presented to regulators, consumers, or business partners assessing the product from the standpoint of environmental, social, and corporate governance (ESG).
Smart Contracts, Automated Transactions, and ESG Monitoring
Smart contracts are a byproduct of cryptocurrency exchanges conducted through blockchains. To provide a method of exchange that minimized the risk of nonpayment, software contracts were written that placed cryptocurrency submitted for exchange under their control. The cryptocurrency was only transferred from one wallet to another when triggered for execution by the contract after terms were met (i.e., the seller receiving payment).
Smart contracts have since been implemented for a wide range of transaction types. For non-digital asset transactions, information is generally received by the purchasing party as a condition specified in a smart contract for transferring value to a seller. Value is automatically approved for transfer when this information meets the terms of the smart contract. This automated method of entering and enforcing agreements has cost benefits for industries with a high volume and frequency of exchange, such as financial services.23
Like tokenization, smart contracts can also serve a compliance function when used in tandem with blockchains, particularly in meeting ESG requirements. Blockchains can be configured to collect data relevant to concerns such as emissions, labor conditions, et cetera, or suppliers can be required to enter such information. Entered at each node in a supply chain, this data provides a cumulative record of a company’s adherence to defined ESG standards.24 For sensitive transactions, smart contracts can be designed to generate alerts when aberrations are reported. 25
At present, smart contracts’ potential as ESG enforcement mechanisms have yet to be fully realized in commercial blockchain offerings. Data Gumbo incorporates IoT technology into its blockchain infrastructure that automates reporting on greenhouse gas emissions, water usage, and other metrics. Smart contract technology is paired with this capability, registering whether monitored business partners comply with an enterprise’s ESG standards. However, Data Gumbo does not indicate that smart contracts used in this way would potentially govern the initiation or cancellation of a transaction. 26 27
By enabling the cryptographic linking of transaction details for all products at various phases, blockchain technology can provide a record of a food retailer’s dealings that is at once accessible, immutable, and transparent. In addition to streamlining an enterprise’s own business processes, such a record can inspire heightened trust from regulators and consumers.
ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 5:00 PM (EST) on January 3, 2023; per cyber hygiene best practices, caution is advised when clicking on any third-party links.
 Nakamoto, Satoshi. 2008. Bitcoin: A Peer-to-Peer Electronic Cash System. Accessed November 8, 2022. hXXps://bitcoin[.]org/bitcoin.pdf
 Blockchain Fundamentals Study Guide (Schaumburg, IL: ISACA, 2021), 57, Accessed December 22, 2022. hXXps://platform.virdocs[.]com/read/1889913/3/#/4/2/4,/1:0,/1:0
 Blockchain Fundamentals Study Guide (Schaumburg, IL: ISACA, 2021), 34-37,Accessed November 1, 2022. hXXps://platform.virdocs[.]com/read/1889913/3/#/4/2/4,/1:0,/1:0