Interview #5 Henry Rõigas

Henry Rõigas works for the Estonian company Guardtime and is leading their research, development and innovation cooperation in developing advanced data security solutions based on its KSI Blockchain technology.

Can you tell us a little bit about your current job?

I work for Guardtime where I’m leading our research, development and innovation cooperation. Guardtime - created in Estonia in 2007 - is developing advanced data security solutions based on its KSI Blockchain technology. KSI provides massive-scale data authentication without reliance on centralized trust authorities. Unlike traditional approaches that depend on asymmetric key cryptography, KSI uses only hash-function cryptography, allowing verification to rely only on the security of hash functions and the availability of a public ledger. With this Guardtime guarantees data integrity without the need to keep secrets. Instead of putting all of the data up in the blockchain, we ensure privacy by operating only with the so-called cryptographical fingerprints of the data.

I’ve been at the company for about two and a half years and it has been a great experience as the company is rather unique in the blockchain space. When the company was created in 2007, the term “blockchain” did not exist. Once it became “the next big thing” and world-renowned, Guardtime was ahead of the curve as we had already deployed solutions based on our KSI blockchain in production with many governmental, military and enterprise clients. My team’s objective is to boost research, development and innovation cooperation with the EU, European Space Agency and other European research organisations.

I’m also a member of the board of directors of INATBA: The International Association for Trusted Blockchain Applications. INATBA is a multistakeholder organisation based in Brussels, bringing together all the relevant players in the distributed ledger technologies (DLT) community. INATBA has really grown to be one of the main organisations in the blockchain ecosystem with close to 200 companies that are developing or are interested in DLT and with very representative Governmental and Academic Advisory Bodies. My focus as a Board member is to enable and stimulate INATBA’s collaboration with research organisations.

2007 Is indeed quite some time ago. Why did it start then, and why in Estonia?

It is indeed! Guardtime’s core technology – the KSI blockchain – has its roots in the research of a few brilliant Estonian data scientists who worked – already before the creation of the company – with different questions related to cryptography, and more precisely, with linked timestamping. And in 2007, as you may know, Estonia was faced with one of the world’s first politically motivated large-scale cyber-attack. This functioned as a wakeup call to Estonia and, actually, to the world. It was clear that novel technologies were needed to mitigate the growing risks that come with raising dependencies on information technologies. So, the academic advances, living in the world’s most advanced digital society and the looming cyberthreat – these can be seen as the factors behind the creation of the company.

And as I said, back then, the term “blockchain” didn’t exist. Guardtime was initially created to solve a quite specific cyber security issue: ensuring data integrity. Our focus was on how to make tampering with data impossible and being able to prove the integrity of data without depending on any third parties or central authorities. In a state such as Estonia, and in our modern digital world as a whole, data has essentially become the “fuel” of the 21st century – ensuring its authenticity and integrity is a basic need. In this sense, Guardtime has taken a very pragmatic, problem-oriented approach to solve very fundamental data-security related issues.

By the way, since we were in the business of “blockchain” already from 2007, there are even some highly creative people who claimed that the founder of Bitcoin – the mysterious Satoshi Nakamoto – also is likely from Guardtime. J Chuckles.

How did you get involved in blockchain? And why are you excited about blockchain?
Henry thinks for a bit.

Well, I guess part of it was mere chance, as it usually is the case with many things in life. Before Guardtime and getting involved in the topic of DLTs, I worked as a researcher for the NATO Cooperative Cyber Defence Centre of Excellence - a NATO-affiliated think-tank and competence centre where I did policy research on cyber defence and security. At some point, I wanted to move away from research to more practical matters. That is, I wanted to be involved in the development of innovative and potentially breakthrough technologies that have a more direct impact. And this is what really excites me: new technologies, solutions that solve serious, fundamental problems.

Although I am not a so-called religious believer in blockchain, the technology holds this promise. Henry smiles.

I see that there are some legitimate, and potentially highly impactful, use cases for blockchain, e.g. for cryptocurrencies, sovereign identity or specific cyber security solutions. But there has also been a lot of hype and ideas that really do not appear as realistic or useful. In some cases, during the peak of the hype, it almost felt as if people and organisations were devoting their efforts to ask themselves what they can do for blockchain. Those investing in blockchain should rather devote efforts to ask what blockchain can do for us.

On the other hand, looking at today’s developments, it is also clear that we are past the hype now. In 2019, the commercial investments into blockchain dropped drastically and with the current pandemic, this overall trend is bound to continue. Public funds are usually a bit slower to follow, due to the complex decision-making and longer budgetary processes. So public investments are still relatively high, even raising. Although I don’t always see a clear end goal in terms of the targeted use-cases in these public programmes… This is how innovation works… you take risks, and then you find out what works and what not. But organisations need to find a balance between unquestionable optimism and realistic pessimism. Easy to say, difficult to execute.

Do you have any advice for government officials and policy makers?
My main recommendation to governments is related to the methodology or approach they apply when they want to develop or invest into blockchain technologies. As the very basic first step, one should define the problem that needs attention and can possibly be solved with a DLT-based solution. And then, only after this, one needs to analyse whether a blockchain-based solution is the most reasonable in comparison to other “non-blockchain” alternatives. The latter point is highly important – one needs to conduct a thorough comparative analysis of all different technological solutions before creating pre-set technological dependencies that have a long-term impact.

Another aspect to keep in mind is the lack of sufficient technical competences within public institutions. Blockchain-related technologies are itself quite complex to sufficiently understand, but this relates to a more general issue. In the labour market, the public sector – with its inflexibilities and particularities – often cannot compete for high-level technical specialists who are bombarded with lucrative and interesting opportunities in the private sector, especially in the field of IT. Being a non-techie by training myself, I find it best to acknowledge the limitations of my own knowledge and try to first and foremost learn how to ask the right questions, and establish access to a pool of experts who can answer those questions. On the level of governments, this requires acknowledging individual or organisational limitations and establishing cooperation mechanisms with the private sector and the academia.

Can you give a few examples of blockchain or distributed ledger technology that has been used or is being used by government?

I can speak about what we have achieved with Guardtime in Estonia, which, in 2012 with an integration with the national Succession Registry, became the world’s first nation state to deploy a blockchain-backed solution in production. Today, several national registries are backed by Guardtime’s KSI blockchain technology. For example, we have integrations with the Healthcare Registry, Property Registry, Business Registry, Succession Registry, the Digital Court System and the State Gazette. Estonia uses the KSI blockchain to enforce the integrity of government data and systems. The solution – integrated to the existing infrastructure and ensuring privacy by not storing any data on the blockchain – makes it impossible for malicious insider (e.g. officials abusing their powers) or hackers to make changes to the highly sensitive data stored in these registries. It essentially provides blockchain-grade trust for the citizens about the processing of data, renders data immutable and allows for independently verification of the integrity of that data. That is, if there’s a question about trust or malicious actions, organisations hosting, and processing data can mathematically prove who and when has accessed a certain piece of data.

Take electronic medical records for example. Citizens need to be absolutely sure that, first, their medical data – such as one’s blood type – is not changed somehow, and, second, that the data is accessed, viewed and processed only by those who have the authority to do so. Every health record – and their access logs – is protected in such a way in Estonia.

We talk about blockchain in general and the remarkable enthusiasm it has generated in the last few years. Is it blockchain that got people excited, or is it the philosophy and ideal of a decentralised world?

Oh, yes, the discourse on blockchain does get confusing. There are different definitions, but also very different general understandings among the stakeholders. Indeed, often blockchain carries a ‘power to the people’ message. This in itself sometimes generates a useful enthusiasm and allows individuals and institutions to ask questions about existing business and governance models. And opening oneself to such fundamental questions is the most useful, I think, for policymakers and governments.

In addition, there is this interesting dichotomy when it comes to the vision of decentralization in the context of governments who aim to develop and integrate blockchain technologies. To put it very simply, blockchain often adds value only when there are trust issues. How should governments position themselves here? Aren’t governments actually the main trusted “middle-men” in our societies? Should governments then rather look at the specific technological benefits that may be provided by the solutions? Such as increased security? Or should the focus be on ensuring more take-up through increased trust by the users, criticizes? These are broad and simplified questions, but I just wanted to highlight that there is a tension between the promise of decentralization and public, state-provided services.

So far, it seems there are not a lot of blockchain use cases up and running in government. Why do you think that is?

As I have not been involved in many government-backed blockchain use-case developments, I can only make some guesses on the possible reasons. It may be that some DLT-backed services are just too expensive to integrate and/or comparatively inefficient compared to existing or alternative solutions. Also, implementing and putting blockchain-based tech into actual use can simply be a very costly or a lengthy process. We also might be in a point where the technology is simply not mature enough. A lot of investments by public institutions have gone to research and development, and we can hope that these yields results in a few years. There are also specific technical complexities related to scalability, privacy and governance. In addition, the issues mentioned in my prior answers have their effect as well: the lack of experts involved in the technological decision-making, the lack of a brutally honest and comprehensive analysis of reasonable use-cases for the tech, and the decentralization versus control question. But – this is just to point out the possible reasons and these are certainly not universally applicable – and there are always problems that can be pointed out when it comes to complex processes and issues. Time will tell.

What role do you see for INATBA in the future?

I see a very important role for INATBA. The association has the potential to become the key player in bringing together the blockchain community to present a necessary unified voice for the industry and the community at large, be it involvement in policymaking, agreeing on definitions, providing input to standardisation activities or fostering collaboration with governments and the academia.

As many questions remain unanswered or open, INATBA acts as a collaboration hub and is becoming very useful for all the stakeholders in the blockchain ecosystem. Governments who have blockchain-related projects or are planning to invest more in the technology, should certainly contact the organisation and get involved. INATBA is one of the tools to address the aforementioned questions and issues that governments face when trying to innovate.