On The Brink with Castle Island - Nicos Vekiarides (Attestiv) on Commercial Uses for Blockchain Timestamping (EP.53)
Episode Date: March 18, 2020Nicos Vekiarides, the cofounder and CEO of Attestiv joins the show. Attestiv is a company that builds software to prove the authenticity of photos and videos using public blockchains to timestamp thes...e records. In this podcast we discuss: - The benefits of public blockchains as public notary systems - Use cases for deep fake detection in the insurance industry - Tooling and user experience building on public blockchains Learn more about Attestiv at www.attestiv.com
Transcript
Discussion (0)
This week on the podcast, we had Nikos Vecchia Rides, the co-founder of Attestive.
Attestive is a company based right here in our backyard in Natick, Massachusetts.
Nikos and his co-founder, John Bates, are serial entrepreneurs, and this is actually their
third company that they've built together.
A testive is relevant to this conversation on a podcast like ours because it's a company
that's using public blockchains in a new and an interesting way.
So they've built a software that proves the authenticity of digital photos and videos.
And so you might immediately jump to deep-fills.
is a potential use case for this, and that certainly is a potential use case. But there are a range
of applications that attest of is pursuing in the realms of insurance, public safety, internet of
things, and a variety of other industries. The interesting thing for this conversation is that
public blockchains provide for the ability to have an audit log that can be notarized.
And this gives a further guarantee that doesn't rely on trusting a central authority. So this was
a lot of fun. It was a conversation that really took us outside of a lot of the use cases that we
talk about on this podcast around traditional financial market infrastructure. So this is a business
that uses public blockchains in order to make their products better. Full disclosure,
Castle Island is an investor in a testive. Without further ado, here's our conversation with
Nikos Vecchio Rides of a testive. Brought down by bad mortgage investments, Lehman, which has
25,000 employees will be liquidated. The federal government loans American international group,
AIG, 85 billion dollars. This is a different kind of market. And the Fed is asleep. The
The federal government is stepping it to stabilize Fannie Mae and Freddie Mac, the two mortgage giants that have been threatened by the housing crisis.
The Bank of England has pumped 75 billion pounds more into Britain's ailing economy with a new round of quantitative easing.
You print a couple trillion dollars and all of a sudden people start to worry. So out of this worry, we have something called a Bitcoin. Bitcoin.
Nikos, thanks for joining the podcast. Thanks for having me today, Matt.
So we'd love to start with just a background on your career history. What led you to start a testive?
My career has been largely in the IT space.
So I've been an entrepreneur.
I've started a couple of companies along with my co-founder here at a test of John Bates,
primarily in the IT networking and data storage realm.
So we've been working on better, faster ways to store data all of these years.
And one of the problems that we never quite got around to solving is sort of the problem of,
I guess you could call it garbage in, garbage out, right? If you store bad data, then you have
bad data there forever. And with a testive, we saw that the technology that was available to us in the
market enabled us to help solve this new problem. And it's turned out it's a growing problem,
particularly in an age where deepfakes have started to become a household word. And a lot of people
are questioning the authenticity of media files and digital data.
I definitely want to get into that.
What was the insight that first led you to start the company?
What was the kind of burning platform that you decided to jump off and found this company
to tackle this problem?
Well, the insight was really, it was a time when fake news became a common phrase.
And it really kind of a sign of the times that people had less trust in media, whether
it's particularly social media, but also the traditional news media.
And it was interesting.
I would find myself chatting with friends after we sold our last startup,
just chatting with friends, and they would tell me things like,
well, I don't really know what to believe, especially if it's online.
And that sort of gave us the thought, John and I, the thought of saying,
well, maybe if we could start a company that can help people discern what's real from what's
fake and just starting with digital media because it's just become, we've seen the tools that can
modify digital media become more and more prevalent. And now you have tools that can use AI
enhancements to modify media files, which are extremely difficult to detect. So that was really
our goal as we said, hey, there could be a real social cause behind this as well, and that we're
helping people to discern what's real and what's fiction.
So I think a lot of people have probably heard about deep fakes in the context of Nancy Pelosi
having a doctored video on Twitter, maybe Mark Zuckerberg incident where his voice was doctored.
What are the practical use cases for technology like this?
What types of customers are actually paying for a service like this?
That's a great question because as we started the company, we always, and deep fakes became
more and more prevalent. We said, well, that's the obvious use case. But on the other hand,
there's a lot of different views around deep fakes, particularly in the social sense, where they're
not always perceived as a threat. So maybe they're used for satire. There was a case where they were
being used in an Indian election where a candidate created a video of himself speaking in a different
language. So I suppose some people view that positive. Some people may view that negative. Some people may view that
negatively. But again, it's really hard to figure out whether there's a real market for stopping
deepfakes from a social side. And you see social media companies changing their policies almost on a
daily basis now regarding that. So we think that there is an opportunity there as these policies
settle and they sort of become hardened. But in the meantime, we started looking at businesses that
rely on photos and videos to make actionable decisions. And that's where there's a real need and a real
threat. So, for instance, we'll take the insurance industry. The insurance industry in the U.S.
alone has $30 to $40 billion worth of fraud every year in claims. And not all of that is a result
of tampered media, but a substantial amount of that is a result of claims that.
have been exaggerated, claims that have been faked. And what I would call missed opportunities,
well, what's a missed opportunity? It could be something very simple, like the fact that you just
registered a used car and there's a crack on the windshield and nobody sent an inspector to take a look
at it. Well, why is that? Because, well, these automobile lines are relatively low margin and
it doesn't make sense to send an inspector. So there are a lot of areas where,
fraud sort of seeps into the system. Some of it almost seems innocent or soft, but in reality,
it's still fraud. And there's a big need and a lot of dollars at stake for insurance companies.
So that's where we started. And then it started moving into other related categories.
So if you look at insurance, some of them use technology such as dash cams.
What happens if the dash cam video is somehow modified or altered, that
would be very bad in terms of deciding what happened during the course of an accident. So that
has pushed us into other spaces such as IoT and also into other spaces such as video surveillance,
where you have a lot of autonomous video surveillance out there and perhaps no human being actually
looking at these pictures. So when these types of assets get subpoenaed into court or they get used
in court as evidence, sometimes there's no human being to testify that that was an accurate
depiction of what happened, and they get called into question. I'd imagine this is a big issue
in the public safety context where you have potentially a police camera or a surveillance video,
and you're calling into question whether or not it's been doctored. Is this a type of technology
that could help there? Very much so. So preventing these videos from getting doctored,
So utilizing our technology, which essentially fingerprints these photos and videos to a blockchain
at the point of capture, can effectively tell you whether they're authentic or not.
And it also solves a problem for chain of custody.
So in the law enforcement community, typically it's very important that you track a chain of custody for these assets.
And if you have authenticity from the point of capture and you can go back any time in the future and validate that that asset has not changed, that's very powerful.
So we've made it this far in the conversation without touching on blockchain.
But I'm curious at what point in your journey of starting a testive did you realize that a blockchain made sense to integrate?
Was this something that you're building outside of a blockchain context and you just realized that a public blockchain would make this a better product?
How did you come to kind of integrate with the blockchain?
We certainly saw the trend that was up and coming on the fintech side of cryptocurrency,
and we thought that as we looked at it, it appeared to be a very interesting technology.
Although there's various use cases around payments in fintech,
we just saw the underlying core is very interesting,
because it allows you to do something that you couldn't do before.
And we kind of saw this blockchain mini-revolution that's still sort of happening.
And even though the revolution was considered to be its blockchain, it's Bitcoin, it's Ethereum,
but we were intrigued by the fact that you can essentially create trust through a system that's
decentralized.
And that's really where we put it all together and we applied it.
And we said, wow, we can create trust without actually having it.
having a central authority. This is very powerful for ecosystems, such as insurance, where there's
just a lot of players. It's not just the insurance carrier. It's multiple insurance carriers.
You have independent adjusters. You have agencies and brokers. You have repair shops. And somewhere
even law enforcement fits into all of this. So how do you create trust without centralizing the
system. Well, it just seemed like a natural fit for blockchain. And that's what really inspired us to
move forward with this project. So, Nicos, which blockchains you currently able to use or which ones
you currently active with? So we started off with Ethereum. And again, we're looking for a ledger
that's sort of less focused on being a payment system. And Ethereum was the obvious one.
But some of the challenges that we saw there were around the scale and the economics that Ethereum brought.
So in our use case, we could be doing thousands of transactions per second, and the goal is to scale well beyond that.
So if you look at a chain that's quite limited, sure, there's ways to go batch your transactions and so forth.
But that sort of expanded our horizons as we looked at that, particularly the dawn of CryptoKitties there where we said, wow, we really don't want our system to be brought down by CryptoKitties.
So we started looking at other ledgers. So public blockchain made a lot of sense to us simply because we work across a whole ecosystem.
And most of the customers we service, at least initially the smaller customers, really have no idea how to implement a blockchain or really don't have much of an opinion of what type of blockchain.
So public blockchain makes sense.
Sort of the same way the public cloud made sense in my previous life.
A lot of companies were saying, no, we don't need public cloud.
We'll go do it ourselves.
But then finally the point comes where you ask the question, well,
why should we do it ourselves? When it's available, it's working. So we started off with Ethereum.
We started looking at Factam. We started looking at others like Algarand, Hedera, and others.
So we've developed an architecture that's effectively blockchain agnostic.
We can work with hyperledger if somebody wants to. And of course, the consensus models are different for all of these.
If a customer comes to us and says, use your default ledger, we would pick a public ledger simply because we believe in the consensus model.
So a strong consensus model is very important to a ledger.
If an enterprise customer insists, well, we have a consortium of 40 companies, and this is the ledger that we're using, then our answer is, well, we can work with that because we've developed the compatibility layer.
And for the various public blockchains, do you conduct an assessment?
of what you feel are the kind of the pros and cons of the specific security models.
I mean, because they can be quite idiosyncratic in terms of some public blockchains,
have a different amount of security expenditure, some of proof work, proof of stake,
delegate proof of stake, or is that something that you just leave up to the discretion of the client?
We typically leave that to the discretion of the client.
We certainly have our opinions there.
When we commit data to the blockchain, typically there's no personal identifiable information that we commit there.
So when we work with fingerprints of media assets, photos, and videos, these are typically encrypted, their hashes.
They capture the contents of the photo or video, timestamp, location stamp, and potentially a user.
But we try to build a system so that it doesn't have to.
to rely on the security of the ledger. And of course, some of these are more secure than others.
So if you look at this use case around just timestamping and notarization and proving chain of
custody, it seems to me that whatever the largest and most secure public blockchain would make
the most sense as an anchor for something like this. But if I look at a lot of the clients that you're
onboarding, they kind of remind me of where the banks were in 2015 or 16, where they're saying,
I want to be doing blockchain, but I want to be doing my own private blockchain, which
to some degree completely defeats the purpose of a public notary system.
You're still trusting this small group.
Do you think that this is just a phase that we're in in certain industries that will grow out of
and eventually we'll have these trust layers built on top of public chains and people will come to
appreciate that?
Or do you see this being a parallel development cycle will always have private chains
and always have the segregation there?
I think we're still early in the cycle.
And I think that is part of what we're seeing.
I think we're hearing more of an admission that multiple chains will exist concurrently and will be part of enterprise strategies.
So it's not just a single blockchain.
So I think we're moving in that direction, but it's going to take a while.
I think just I've been in the enterprise IT space for a long time, and there are still companies where we go and talk and nothing can leave the four walls of this building.
But I think the adoption is happening and people are recognizing the value.
And the biggest thing there is so long as there is no increase in exposure for data breaches, right?
So when we're talking to regulated industries, that's always the biggest concern is can my data be breached.
And of course, if used correctly, blockchain can actually reduce the exposure.
So you have a business that doesn't necessarily rely on blockchain.
So you could very well use this platform in the context of a private database.
It happens to be a lot better if you anchor it to a blockchain.
What does the sales cycle look like when you introduce the word blockchain to some of these enterprises?
Does that just put you on a detour that you have to spend a half an hour explaining what cryptocurrency is?
What's the general sales process there?
Sometimes it extends the sales process.
You're absolutely right there, particularly if an enterprise has their own blockchain initiatives.
and sometimes the blockchain initiative may be going out to 2030.
So that's a trajectory we would rather not be on.
So the way that we work with that is by having this interoperability is when you bring online your consortium,
your ledger, maybe a proof of stake-based ledger, then we can work with that.
So I think that's what typically avoids the problem.
Ultimately, at the end of the day, it's sort of.
of, I guess a good analogy is 20 years ago when we're talking about the internet boom, people
were not talking about, this TCPIP is a great, this is the best thing. Instead, they were saying,
wow, e-commerce has changed the world. So it's really the applications that sit on top of it that are
going to make the difference and that actually have the impact. So when you go in and you say,
well, hey, we can help reduce fraud, we can prevent fraud, and we can detect fraud, that's a
great starting point for a conversation. We come in and we say, well, hey, we've got all of this
plumbing, which is incredible stuff. And we want to talk about because it's so intellectually
stimulating to talk about it. Typically, at that point, we kind of get all the scientists in the room
and they tell us about how they plan to do the ledger better. And it tends to slow things down.
So in general, I feel like it's the applications ultimately that you gain from having blockchain.
And there's just a lot of benefits.
The fact that an insider threat can also be stopped is if you have a private database, you still have that insider threat.
So someone within the organization can change all of your data overnight.
Whereas if you have a ledger with a consensus model and multiple organizations or minors or whatever the case may be,
that you would actually have to get a consensus to change anything, it's much more powerful.
I think the TCPIP example that you bring up is really interesting, because if you think back
towards the competing protocols that were competing with TCPIP, so you had OSI and you had
quite a few companies that were on that. I think AT&T and the Department of Defense had really thrown
their lot in with OSI. And of course, it ends up being TCPIP that wins. It's not necessarily better,
but it has a network effect. I look at blockchains as being almost just categorically worse in terms of the
competition that we're seeing around being the protocol because there's this financial incentive
to be that base layer. So you have hundreds of cryptocurrency networks that are potentially competing
here to be the soundest public blockchain. And of course, we have our bias on the ones that are
emerging here. But how do you see this playing out just given the fact that this is a financially
incentivized protocol development as opposed to the internet, which was financially incentivized to some
degree, but perhaps not at the token level with some of these things.
There's a lot more players there today than there will be five years from now. So clearly,
I would expect a consolidation. I think we saw a similar thing in my last company when I
started Twin Strata. We were in the cloud space, and we saw a ton of cloud providers.
emerged. And at some point, we had a cloud compatibility layer. So that was kind of the strategy
that we carried there. And there was a point where we were just adding cloud after cloud after cloud,
and then we finally said, what are we doing? There's really only going to be a handful of winners
in the end. And I think that's typically the way this space will consolidate. There will be some
winners and there will be some losers. But it still doesn't take away from the capabilities that
blockchain brings to the table. So, Nicos, you have a few enterprise clients that are live in production
right now, specifically probably the biggest industry for you is in the insurance industry.
Can you talk us through what it looks like for an end user to engage and interact with your
solution? What does that actually look like for an end user? Well, the biggest difference is we can
use a lot more self-service. So again, when we talk to insurance, we,
We talk about fraud reduction, but sometimes a lot of the fraud prevention comes from being more proactive.
And, well, what does that mean?
It's sort of going back to the lost opportunity is, hey, everybody has a mobile phone,
and everybody has a pretty darn good camera on that mobile phone.
So why not use this so that we can help understand the condition of an asset you're ensuring?
So even at the level of quoting, so I want to quote for my car insurance, why not have a mobile
workflow that takes a few photos? And that's exactly what we've done, is we can accelerate the rest of
the workflow by taking photos of other assets like your license registration, extracting all of the
data. So you don't have to type as much. And then we say, well, take a few photos of the vehicle,
take four photos of the vehicle. And now you have a baseline condition. So in some senses,
you're seeing a lot more self-service, but we present it in a way so that effectively we're
reducing the number of steps that you would normally do for a quote. You'll see this carrying on
into self-service inspections. It costs money for an insurance company to send an inspector to your
house, but they do have to do these random home inspections every once in a while. It's a lot cheaper
to have somebody do this self-service.
And a lot of insurance companies have done the self-service model,
but they simply trust the users to import their own photos.
With our platform as a basis,
what you now get is photos that are validated at the point of capture.
So it really helps with digital...
What we're seeing is more and quicker digital transformation of these industries
because now you have ways to do trusted self-service,
to work with third parties,
to work with drone operators and others,
where there may have been a trust issue in the past.
So by making user-contributed digital content more credible,
you make life significantly easier for insurance companies.
They don't have to shoulder that cost of sending inspectors out all the time.
That's exactly right.
So if we go beyond insurance, obviously there are applications. Really, I guess the surface area of design for this would be anywhere that you have a photo or a video or maybe even a file that you need to attest to and prove that it's authentic. Just from the periphery, it seems like this is just getting a lot worse with some of the deep fakes. They're getting better, more sophisticated. How do you see this playing out? I mean, is this a major threat that is destabilizing on a global level here?
It could very well be, and the IT threat is also real.
So you may have heard recently of deep fake audio.
The CEO of a company calls their head of finance and says,
why are some money over here?
It appears to be the CEO's voice,
and people are not used to the fact that, hey, this person I'm talking to on the phone
who sounds exactly like my CEO may not be my CEO.
So it is kind of expanding into multiple areas.
So the threat of voice, there's certainly video, there's more reliance on video.
And I think people have started to look at video a little bit more critically in terms of,
hey, is this real or not?
But the voice, in some sense, it's going to happen.
And maybe there's some good applications of this.
Maybe because I conduct a lot of briefings when we release products,
I'll just create an AI-based deepfake bot of myself who speaks in my voice.
In fact, this could be an AI bot right now.
Maybe you need to take some attestive pictures here or videos.
How did those audio deepfakes work?
So they'll record an analyst call or something like that,
and they'll get the CEO's voice and try to manipulate it?
Exactly.
They'll take a podcast like this.
And as long as you have a few minutes of our voices,
essentially you can recreate them.
So sort of the social thread,
goes pretty far. And it can be transformed into effectively an IT threat. And I think we're just
scratching the surface right now. So when you look at a testive as a platform, it really becomes a
general purpose platform that you're building your audio and video and any digital data
application on top of to prevent this from happening. And I guess there's a sliding scale of grading
or not something is suspicious at the end of the day? Can you ever be a hundred percent sure?
How do you think about the gradients of, hey, this might be a fake or this is definitely a fake?
That is always a little bit of a problem, and particularly when you look at sort of how social
media looks at deep fakes, right? If something is intended as satire, then, well, we have to
protect the comedians, of course. And then there's the cases where maybe this wasn't really, this was
meant to be more of a something humorous as opposed, again, it's back to the satire. But there are
various gradients of this. And even as you look at sort of the fake media, there's sort of a lot of
other things that can be done. It's not just the bits in the photo. It's the time, date, and
location, it's the context. If you do not have the correct context, and we've seen this,
You can actually pull a video out of context and put it into a current setting and people will say,
wow, what was that person talking about?
Or why is this person making comments like that?
It's almost the cheapfakes, if you will, where people may take something out of context.
You can sort of take a video and put a pause in the middle, as we saw from a recent political debate.
And suddenly it changes the way people perceive of that.
There's a lot of ways that altered media can achieve a desired effect.
So unless you get down to the actual authentic media as it was in its original state, number one,
it's difficult to discern some of these subtle changes.
And then really you need a system that can help you discern without necessarily resorting to a forensic analysis.
So I guess from your perspective, it's hard or potentially impossible, especially the sophistication of these things grows, to determine whether something is a forgery just from inspecting the file.
So your proposed solution involves attesting to some original piece of content and clammy it as your own and saying, well, I can tell you for a fact that this is genuine.
So I guess it doesn't strictly solve the whole universe of deepfakes existing, but at the very least, if you have an interest in your content, you can strongly claim that it's your own in a credible way. Is that right?
That's correct. So again, as you look at the different levels of, let's call it, authenticity for the sake of argument, there's certainly a photo that was captured.
and at that instant of capture, you've committed a fingerprint to the blockchain.
Then you have an extremely high confidence that that represents reality.
Let's take a video that was produced for a political campaign that was highly edited.
But at the end of the edit, the candidate wants to sign it and put it on a blockchain as endorsed.
Well, that also has some validity, but it's a different level of,
validity. And one of the things we've designed into our system is to be able to distinguish between
these levels of validity because someone can very well endorse a deep fake. But if you can at least
ascertain that they've put their name on it and you have a high confidence that they have,
then at least you know it may match their words or their thinking. So interestingly enough in
the future, there are some use cases of that as well as the idea of importing it from a
trusted source. If I get a podcast from you guys, I have a level of trust that this is of a certain
quality. So if I took it from your server and I fingerprinted it to blockchain at that point,
then it has a certain level of trust and traceability. I guess this kind of reminds me of people
using PGP keys back in the day, which has become less popular, I guess. Would you say that
people are more open to the notion of signing content, a cryptographic way,
since cryptocurrency emerged and then subsequently since the notion of blockchain was popularized,
is that something that has changed in the last 10 years?
It's made people more open to this?
I think so.
And as you see more and more fake content out there, it kind of almost becomes a requirement in some senses.
You need that digital signature that essentially authorizes this particular piece of media.
So I would think we would see a resurgence of that.
And in the future, do you think that virtually every photo you take will have metadata associated with it,
tying it to your identity and to your device, maybe your biometrics even?
I think for people who care, that will become the standard,
I think there will always be media that sort of circumvents that standard,
because if anybody, certainly anybody is trying to,
create fake media, they will try to circumvent that standard or not use it. But yes, I could see this
one day being part of a standard digital photo process, whether it be embedded in a cell phone
or elsewhere. Yeah, you can sort of imagine a lot of these phones now have wallets for cryptographic
assets natively built into them. I think Samsung might have that. I know HTC has a blockchain
phone. Obviously, most of them have HSMs in them to securely sign things. You can certainly see how
some of the manufacturers might even adopt a standard of doing biometric authentication when you take a
photo and tying it to your identity, maybe on an opt-in basis, because I guess you may not want
that to be the default. Ultimately, it comes down to the economics as well. So certainly if it can be
made cheap enough and it can scale to the level. I mean, you're talking about trillions of photos
being taken or over a trillion photos being taken by mobile phone these days. So it has to have
massive scale and some massive economies behind it to work. Now in the context of some of these
blockchins, they're claimed to have this nice quality of immutability, but there's a bit of a
trade-off in that full nodes have to store the data content and perpetuity, at least as far as public
blockchains are concerned. There's a view out there that we might ultimately have to prune data
out of the chain in order to retain the ability for a full note to verify the whole history.
And so that maybe some of these chains are recklessly adding data, which will eventually be
pruned. So it might be the case that there's like a guess a tradeoff between the growth in the
chain state and the immutability qualities. Is that something that you thought about at all?
It certainly has crossed our minds. When we store data on the blockchain, it tends to be fingerprints. So they tend to be very small. We don't store entire media files on the blockchain. So although the data would accumulate over time, we don't necessarily see this as a problem from our side. Having been in the storage technology field, we always see a growth in storage capacities. And the price per gigabyte per terabyte is always.
going down. So we don't really see this as an economic problem that hits simply because of the
trajectory of the technology. So as long as you're using hashes or fingerprints and you're being
relatively parsimonious and as long as something like Moore's law or the equivalent for storage
continues to hold, you know, anticipate that that'd be too much a problem. No, we really don't
at this point. It continues to hold, I suppose, if the equivalent of Moore's Law starts failing,
then I guess there would be something to consider. And then when it comes down to pruning,
when we look at regulated industries, they tend to have their own time periods during which
they can prune their data as well. Sometimes it's a period of 10 years. Sometimes I know in the
health industries it can be even longer than that. But sometimes it might even make sense.
to prune the data after a certain period of time.
But I don't really see that as becoming a problem given where we are today.
Niko, so this has been fascinating,
and it's a great example of a company that leverages a public blockchain in a unique way,
and also in a way that doesn't rely on public blockchain is doing more than what they do right now,
which is fascinating.
Where can people learn more about a testive?
Well, you can visit our website at www.atatestive.com.
We tend to be on the circuit quite a bit.
We're doing a lot of insuretech shows. We're going to be at one next week. But that's certainly
a great place to start. Great. Well, thanks for joining Pod. Thanks for having me here today.
This has been another episode of On the Brink with Castle Island Ventures. To learn more or to subscribe
to our newsletter, please visit castlelisland.vc. And a big thank you to all of our listeners,
except those of you who believe in the underlying blockchain technology, but not cryptocurrency.
You know who you are.
Thank you.
