Protecting importers’ information while improving Customs controlsBy Jeff Rittener, Chief Trade Officer, Intel Corporation
Customs administrations and trade operators both want to reduce the complexity of compiling and exchanging data. However, there can be tension between the Customs administration’s need to access data and the company’s need to protect confidential information. This article presents two solutions for analysing and reporting data which ensure strong data protection by allowing access to the data without the need to move them around.
In today’s digital economy, success is measured by how well data-based insights are generated at the right time. Innovations such as optical character recognition (OCR) to read container numbers, radio-frequency identification (RFID) and QR codes to identify and trace shipments, and the digitization of trade documents have improved the reliability and efficiency of international trade. At the same time, the global trade system – characterized by trade agreements written before the emergence of digital commerce, transactions accompanied by large amounts of paperwork and trade financing that still depends on traditional banking methods – continues to fall short of fully embracing cutting-edge technologies that could make trade more efficient, more inclusive and less costly.
The good news is that we are on the brink of change. Different technologies, when combined, could fundamentally improve the allocation of resources and the adoption, operation and execution of what we call “intelligent international trade”. For us as manufacturers, intelligent means based on streamlined and secured processes and solutions for collecting and communicating information.
SFML: developing analytical algorithms without exchanging data
As an example, let us consider the case of secure federated machine learning (SFML), a machine-learning technique that trains an algorithm across multiple decentralized servers holding local data samples, without exchanging them.
The technology allows us to address a significant challenge: how to harvest data which are stored across numerous source systems, within various platforms and data repositories, and in many formats, resulting in data silos. While an optimal solution would be to consolidate and house these oceans of data within a single location, doing so would be impractical and demand the consumption of vast amounts of resources.
SFML brings processing mechanisms to the data source for training and inferencing as opposed to requiring that agencies migrate data to a single location. Such data federation ensures the privacy and security of both data and machine-learning models. SFML ensures that (i) the data remain in place and the processing mechanism moves to the data, and (ii) both the processing mechanism and the data are protected at the hardware level. Such assurances are especially important when the required data relate to the most intimate information or the manufacturing bill of materials defining the components that are required in order to produce a product.
Numerous studies have illustrated the effectiveness of SFML, highlighting advantages such as fast deployment and testing of analytical models, low latency and low power consumption compared to other analytical tools. SFML employs a combination of privacy-by-design techniques to ensure data de-identification (the process used to prevent someone’s personal identity from being revealed), data protection and insights security. It ensures that the business interest of those providing data for algorithmic expression(s) is protected through security techniques ingrained at the lowest level of hardware – silicon!
Software Guard Extensions (SGX): exchanging Customs data with accuracy and privacy
The exchange of data between Customs and their trading partners can be a complex and cumbersome process for both parties. For example, some Customs administrations require that companies located in bonded zones provide access to detailed manufacturing data, including confidential bills of materials (BoMs), in order to perform tax calculations. This process is generally complex and can be error-prone, as it involves on-site visits and manual reviews of reports. As a result, Customs might more easily miss duty fees that they are entitled to collect.
Conversely, companies that interact with Customs administrations for the import/export of materials spend hours creating reports and preparing for manual audits, or ensuring that the components they import for assembly into finished goods receive all available duty exemptions.
Both parties want to reduce the complexity of compiling and exchanging data. However, tensions can exist over the Customs administration’s requirement to provide fully transparent and auditable records and the company’s obligation to protect confidential information.
Commonly available electronic reporting solutions typically fall short of meeting these challenges because they often fail to implement sufficient data security measures. Potential outcomes include possibly exposing companies to security threats and intellectual property right (IPR) violations. Additionally, many solutions leave gaps in required functionality that can add to manual effort and result in additional hours being spent on reporting.
To ensure the security of data reporting, Intel has developed a solution called Software Guard Extensions which are a set of instructions that create trusted zones in different data sources, increasing the security of application code and data, giving them more protection from disclosure or modification. When built in a blockchain-based environment and in federated learning solutions, they help improve data accuracy, transparency and security.
Kim Huat Ooi, Vice President of Manufacturing and Operations and General Manager of Intel Products Vietnam explained that, “such solutions have the potential to eliminate up to 5,000 person-hours previously spent by the operations team preparing manual reports and audits.” They also assist private-sector actors in meeting compliance requirements, and avoiding costs and penalties incurred as a result of inadvertent errors. This is especially important for Authorized Economic Operators (AEOs) who risk losing their authorized status.
Vietnam Customs use case
In Vietnam, material used for export production can be imported duty-free. Material import and consumption are controlled by the General Department of Vietnam Customs (GDVC) to ensure that there is no duty-free material leakage. To validate duty-free material consumption, the GDVC requires all companies to submit manufacturing BoMs.
Recently, GDVC explored the feasibility of a data reporting solution, enabling its access to detailed manufacturing data from companies, including confidential manufacturing BoMs, while responding to their confidentiality concerns.
Intel was well-positioned to develop and help drive the discovery phase of GDVC’s exploration because Intel ships components to Vietnam, where the components are assembled into goods that are later exported. As a result, the company is both a technology provider for the solution and a beneficiary of its adoption by the GDVC.
The objective of the solution to be developed was to help:
- Automate processes to reduce errors and decrease lost revenue from data inaccuracies;
- Use near-real-time reporting to prevent the misuse of tax breaks and leaking of raw materials into local markets; and
- Protect confidential information for companies operating in Vietnam.
The following components were considered during the project:
- An integrated platform to develop applications and orchestrate cross-systems integrations to provide analytical capabilities;
- Open-source Hyperledger Fabric for the blockchain data path;
- A confidential data reporting solution that consists of:
- Hyperledger Avalon to offload blockchain processing from the main blockchain to dedicated computing resources;
- Software Guard Extensions to encrypt data in motion with a view to protecting the confidentiality and integrity of sensitive IPRs;
- Scalable processors to help ensure high levels of performance and support for Software Guard Extensions in what is known as a “trusted execution environment” (TEE).
As Figure 1 illustrates, confidential BoM data, including material components and finished goods transactions, is encrypted and stored in an off-chain database, shown in red. Only hashes of the BoM data are processed on the Customs administration’s blockchain. When a transaction control request requires BoM data, the request is forwarded to the off-chain reporting solution running on servers built with scalable processors and Software Guard Extensions. The BoM data are then decrypted, and hashes of the BoM data are matched to the manufacturer blockchain data that include material data and finished goods data.
In this solution, Secure federated machine learning technology helps to ensure data security and privacy protection and Software Guard Extensions is used for building trustworthy hardware environments. For example, through compute processor instructions, Software Guard Extensions creates trusted zones in different data sources for data access (which is the goal of SFML). This helps us enhance the training effect of AI models with multiple sources of disparately locate data by further improving data security.
The solution demonstrated that Intel was able to maintain confidentiality for the list of components in its manufacturing BOMs. Meanwhile, the GDVC and Intel are currently partnering to review and propose new business processes to simplify and accelerate duty-free reporting.
Automating processes while protecting confidential information
The above-mentioned confidential data reporting solution helps resolve a number of challenges for both Customs agencies and the private businesses with which they interact.
For Customs agencies, this same type of solution can help streamline reporting through automation; increase the overall efficiency of processes; improve the transparency, auditability, security and accuracy of the data the agencies collect; enhance fraud-detection capabilities; and improve the ability of agencies to collect tariff revenues that often go unclaimed due to reporting errors.
For captains of industry, the solution simplifies the accurate sharing of required information while helping to protect sensitive data. These private-sector actors can also more easily assess compliance gaps with a view to remediating errors quickly. This is of particular importance to Authorized Economic Operators. In Vietnam, for example, the penalties for not meeting AEO status are high: non-compliance results in significant financial penalties and delays, increasing Customs clearance times from nearly instantaneous to as long as two days. In addition, businesses can eliminate thousands of costly person-hours spent preparing reports and avoiding costly penalties for inadvertent errors.
For both the agencies and trading partners, the solution speeds up the overall process by enabling instantaneous report filing. In addition, report data are reconciled automatically. The moment a report is submitted, any errors are detected and reported, which helps reduce discrepancies and the ensuing back-and-forth interaction.
Building trusted technologies for all participants
Data related to import and export transactions can be securely reused by trade officials and relevant private sector actors to eliminate unnecessary duplication, delays and costs Data related to import and export transactions can be securely reused by trade officials and relevant private sector actors to eliminate unnecessary duplication, delays and costs. Thus, ongoing collaboration between public-sector regimes and captains of industry in this area should go beyond the smart and secure trade lane (SSTL) pilot projects that have been launched.
In closing, the technology described herein provides an enormous opportunity to address some of the world’s biggest challenges and is an important catalyst for economic opportunity, especially as it relates to the facilitation of trade. By empowering customs regimes to modernize their trade facilitation infrastructures with solutions and innovations previously thought beyond reach, we will continue to push the boundaries of possibility.
 Federated Learning through Revolutionary Technology, https://www.intel.com/content/www/us/en/financial-services-it/federated-learning-solution.html
 The term “privacy by design” means data protection through technology design.
 Silicon is the basis of all current computer processors.
 Relentless Attention to Security Innovation, https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/overview.html.
 General Department of Vietnam Customs – Intel – SAP cooperate to experiment on information exchange, https://vietreader.com/business/finance/22410-general-department-of-vietnam-Customs-intel-sap-coorporate-to-experiment-on-information-exchange.html.