There is a modest three-storey building located at Tammsaare tee in Tallinn with its ground floor being occupied by sports stores. On the upper floors, the office space is increasingly used by Guardtime. It is an Estonian company that is engaged in the basic data protection – how to quickly detect hacking and data modifications, Ärileht writes.
A high-level meeting of the European cyber security organisation recently took place at their office, where 40 European cyber security experts were present. President of Guardtime Martin Ruubel is one of the vice-chairmen of the organisation. This shows how important Guardtime has become.
According to Ruubel, there are some crazy times ahead, since many countries want to introduce the blockchain technology in their data systems similarly to Estonia. It is here that Guardtime is the number one in the world. Cyber security is a hot topic in Estonia. Ruubel confirms that we are in good hands. Next time, when he plans to launch a startup, he wants to recruit employees from the public sector.
Martin Ruubel, the Bronze Night in 2007 and the related cyber-attacks had a significant meaning for you.
This was important in the context of technology deployment. The first academic papers of Estonian researchers on the linking system based on hash chains were published already in the late 1990s. Guardtime was born thanks to those papers and researchers, for example Märt Saarepera and Ahto Buldas. It is great to know that all our activities are based on the work of Estonian researchers. And this is really the basic technology. Nonetheless, we have realised how difficult it is to commercialise any of the underlying technologies. It has taken us truly long to achieve something.
The Bronze Night raised a lot of questions about cyber security.
In their own time, these cyber-attacks were massive and had a significant meaning, but in the end, they were not particularly smart. Some important websites were closed, panic was caused – which clearly was the goal. The state, however, raised a question: yes, we have an e-government, but what happens when a system administrator decides to screw up something? The question was not whether we can prevent this, since the answer is the same everywhere: no, we certainly cannot. The question was: is it possible to find out that someone has done something somewhere, and can we react quickly enough? So, we started to test the blockchain technology that we had established in cooperation with the state.
And it took a long time.
Yes. It took about a year to complete something similar to a product. In 2008, it was tested on national registers. We carried out tests for four years, and in 2012, we signed our first contract, which was the succession register. Currently, IBM walks around with a survey, where 90% of the surveyed heads of state and government in the world want to test the blockchain technology to ensure, among other things, and above all, data integrity. Estonia started it nine years ago and we have actually used the technology for five years. This is Estonia’s head start and it means a lot.
Then came Edward Snowden’s affair. What did it provide you with?
Until that time, we visited foreign countries to tell our story, and we were politely listened to and people told us that we were smart guys. And that was just about it. Then this Snowden’s case emerged and it has done us a lot of good. The National Security Agency in the United States of America should have the most secure and resilient networks in the world. However, there was a man there for a year and a half who stole their data. They learned about the identity of this man and the essence of his deeds only when he had contacted a journalist. After that, it is very difficult to say that everything is fine. This gave us the chance to introduce ourselves and explain why and what we do. Suddenly, all leading professionals in the field wanted to come to work with us. It became clear that proving data integrity is a basic need. You cannot do anything trustworthy without this.
You remove the human factor from the processing of critical data?
No, it can never be completely taken away. But we can allow this dependence to be significantly reduced from now on. Our blockchain enables to store a very large number of fingerprints of different data, and you can be certain that nobody can change them. Saved fingerprints can be used to verify the same data. You can also combine and link these fingerprints in various ways, as well as track the data through them. This enables you to check supply chains, for example. For instance, think about the military supply chain. Somewhere on the airfield, there is a plane manufactured by Lockheed Martin (one of the partners of Guardtime). This plane has a number of spare parts and software which is manufactured by different suppliers. There are also people who provide services with regard to the plane. The whole area is extremely sensitive, but different parties have different people, systems and networks. They are not in the same trust environment. But this is created by the blockchain technology. Blockchain enables to inspect the activities of the parties, and track the journey of each individual screw from the supplier of raw material to the mechanic holding the screwdriver on the airfield, if necessary. This is a new level and helps to prevent potentially very unpleasant surprises.
What did Snowden’s case actually show?
Snowden was a system administrator at the National Security Agency (NSA). At some point, he experienced a deep sense of injustice about his employer’s activities. He created another user in the system and removed all traces of its creation. He downloaded files for a year and a half, and also removed all traces of it each time. He acted wisely. Even if they had discovered the false identity, they would not have immediately uncovered Snowden. The National Security Agency knew that something was wrong, but they did not exactly know what. History has repeatedly shown that people cannot always be trusted. In such case, you have no idea what is really happening in the system and with the data. Usually, these cases are not disclosed to public. In fact, there is no reason to rely solely on trusting people while managing the systems and data. Here, technology can help.
It happened so that Director of the National Security Agency Keith Alexander was in Estonia when Snowden’s scandal broke out. We seized the opportunity and spoke to him. (Laughs.)
What would have happened if the National Security Agency had used your blockchain back then? Snowden could not have the chance to act?
Of course, he could have acted. Our technology itself does not prevent anything. It is like a canary bird in a coalmine. Through us, you can find out if something has happened, and usually we also provide you with the information about what has happened and who the participants are. In this particular case, the people at the National Security Agency would have learned about the fact that Snowden removed all traces about creating a false identity. They would have immediately opened an investigation. He would not have been able to take the next step.
What have you managed to achieve in your area?
We are the world’s largest company that develops the blockchain technology – in terms of turnover, the number of employees, and the number of functioning projects. Not many Estonian companies can say that. True, it speaks more about the current situation of blockchain, not about the fact how tough we are. Actual solutions have been very little introduced, and they are all more or less made by us. However, the blockchain technology has been repeatedly compared to the Internet in terms of importance, so there is a bright future in store for this area.
There are hundreds of blockchains as constructions in the world, but we are doing this in a scaling manner, so there are no bottlenecks. At the moment, this is a serious problem in the field of blockchains, the solution of which was fortunately addressed by Estonian researchers who created its architecture.
You have done a lot to Estonia. But it is strange that you do it for free. Is this still so?
In Estonia, we also cooperate with the banks and a number of cool startups, such as Veriff, but the government is, indeed, our main cooperation partner. The fact that we have provided Estonia with our solution for free is probably one of our best business decisions. When we move farther from Latvia and say we have a country here, where almost all registers and information systems are ensured by our technology, this is something big. This immediately opens doors. My sincere suggestion is: provide the state with free stuff and do it so well that the state will speak about you. It helps. Really.
What about your profit?
Of course, we earn profit and there should be profit. We no longer have venture capital, we have bought it out.
Who are those “we”?
After the redemption, the company is owned by the employees of the company. Each year, people are provided with holdings according to their contribution, and we try to keep it that way. The main staff is also there, of course.
Your future looks bright. You said that countries have started to think about blockchain.
Yes. It is going to get pretty crazy soon enough. Among other things, Jean-Claude Juncker’s latest cyber security strategy has listed blockchain as one of the three priority technologies.
You are not afraid of growth.
I went to sleep today at 07:30 [the interview took place at 14:00]. (Laughs.) It is fun to manage a startup at the beginning. I looked at our business plan for 2007. It was awesome. Funny but awesome! Fun times. Then you have nothing to do with reality. You are building what you are dreaming of. But, of course, there are existential concerns all the time. How to pay people? How to survive with all the obligations before the investors? It is not easy. Statistics are not on your side, so you have to have the nerve.
Fortunately, for a long time, we have been in a situation where existential troubles belong to the past and we can focus on actual business. Namely, what to develop, whom to cooperate with to be in the right position when the market is catching up – to actually earn really large amounts of money. Let’s be honest – this is the very idea of the game. We are glad we can play this game.