Free and Safe in Cyberspace is a global event series aims to catalyse a constructive dialogue and a wide informed consensus on new international standards and certification governance bodies for ultra-high assurance IT systems and life-cycle – for communications, constitutional lawful access and autonomous systems – to deliver access to unprecedented and constitutionally– meaningful* e-privacy and e-security to all, while increasing public safety and cyber-investigation capabilities.
On September 22nd-23rd 2016, the 2nd EU Edition 2016 was held in Brussels, with the participation of an amazing set of speakers, including the CIO of Austria, the Vice-Chair of the EU Parliament LIBE Committee, the Head of R&D of the Italian Banking Association; the Head of R&D of the France Nuclear Agency; Paul Nemitz, Director of Fundamental Rights and Union citizenship in the DG Justice of the European Commission; Maris Koen, CTO of Cybersecuirty at ATOS.
On Sept 24-25th 2015, the 1st EU Edition 2015 was held in Brussels, with amazing speakers, including the most recognized IT security experts of Europe and the US – including Bruce Schneier, Bart Preneel, Richard Stallman, Steven Bellovin – and the most relevant EU defense, IT security and R&D institutions – such as the Head of Information Superiority of the European Defence Agency, the Deputy European Data Protection Supervisor, the Deputy Head of Security & Trust of EU DG Connect, Exec. Dir. of ECSEL-JU, Senior Executive of the Future of Humanity Institute, and Melle Van Den Berg of CapGemini Netherlands. See the report and the program with videos.
On Oct 16th 2015, a 1/2-day Latin American Edition was held in Iguazu, Brazil, with distinguished the minister of IT of Brazil, Marcos Mazoni, and a high-ranking official of the Brazilian Cyber Command, and the CEO of the most advanced crypto company in Brazil, Kryptus.
On July 21st 2016, a 1st US Edition 2016 was held in New York with amazing confirmed speakers, including Joe Cannataci, the UN Special Rapporteur on the Right of Privacy, and Max Schrems, the Austrian privacy activist behind the overhaul of Safe Harbor Agreement.
THE 4 CHALLENGES TO ACHIEVE THE MISSION
Since the 1st edition in 2015, the conference series revolves around finding answers to The 4 Challenges of Free and Safe in Cyberspace , detailed in an extensive backgrounder, and summarized below:
CHALLENGE A: How can we achieve ultra-high assurance ICT?!
Can new voluntary international standards and certifications – within the EU Charter and most constitutional frameworks – provide ordinary citizens access to affordable and user-friendly end-2-end IT with constitutionally-meaningful* levels of trustworthiness, data security and privacy, as a supplement to their every-day computing services? (MORE DETAILS)
CHALLENGE B: Can ultra-high assurance ICT services comply to lawful access requests while meaningfully protecting civil rights?
(B.1) Can new international non-governmental certification processes for end-2-end IT service providers – with sufficiently-extreme transparency, accountability, and oversight safeguards, such as multi-jurisdiction offline oversight processes based on peer-jury or peer-witness – ensure unprecedented and constitutionally-meaningful* levels of trustworthiness, effective onsite in-person lawful access, and prevent malevolent use?
(B.2) Similarly, can extreme third-party safeguards – enforceably adopted by states for their use of remote endpoint lawful access schemes (i.e., lawful hacking) – reduce, to acceptable levels, the risk of both grave compromisation of investigative processes and of highly-scalable abuse of innocent citizens? (MORE DETAILS)
CHALLENGE C: What’s the role of ultra-high assurance ICT for the future of AI?
Can their early sector-specific adoption, by a critical mass of nations and companies, jump start an actionable path, from the short to the long-term, to (1) restore meaningful digital sovereignty to citizens, businesses and institutions, (2) cement their economic and civil leadership in the most security-critical IT and narrow Artificial Intelligence sectors, and (3) substantially increase the chances of utopian rather than dystopian long-term artificial intelligence prospects? (MORE DETAILS)
CHALLENGE D: What are the national policy or international treaty options for ultra-high assurance ICT standards in critical societal domains?
What constituent processes can ensure a timely, effective and democratically-efficient implementation – by a critical mass of actors – of meaningfully enforceable international policies or treaties for ultra-high assurance IT standards setting and certification processes?! (MORE DETAILS)
OUTCOMES SO FAR
- Some of the speakers – including Bart Preneel, CapGemini Netherlands, Jovan Golic, Tecnalia – have started since early 2016 working on a 50-pager draft Proposal for Trustless Computing Certification Body (gdoc) and a 6-pager Manifesto of Trustless Coomputing (gdoc). The Open Media Cluster (i.e. Trustless Computing Initiative, CapGemini Netherlands and Tecnalia) have engaged in a binding agreement to jointly bid for new tenders from EU LIBE Committee or STOA to further investigate policy and certification options to promote high-assurance IT while respecting civil rights.
- In May 2016, partners and advisors of the Trustless Computing Initiative and speakers of the Free and Safe in Cyberspace event series, have spun-off TRUSTLESS.AI, a startup based in Menlo Park, California, aimed at solving initially Challenge A and B, by radically exceeding the state-of-the-art in both security and user experience of communication and financial transactions, and then C and D in its scaleup phase.
- We have been invited to hold 2hr+ special keynote events in Silicon Valley on the Trustless Computing Initiative and Trustless Computing Certification Body by the Symbolic Systems Program, Stanford University post-graduate program with the most PhDs in in Artificial Intelligence, and at the by SVSA at the headquarters of SEMI, the World largest semiconductor association,.
A PRIMER ON THE CHALLENGES
Recent evidence suggests that nearly all IT devices and services are remotely, undetectably and scalably hackable by several actors, through state-sanctioned or state-mandated backdoors.
As a consequence, EU and US IT companies are struggling to seek ways to offer the levels of trustworthiness that both customers and constitutions require, by differentiating themselves sustainably on the basis of provable and meanigfully-higher levels of trustworthiness.
We are told daily by nearly all privacy experts and government officials that we must to choose between meaningful personal privacy and enabling lawfully authorized cyber-investigations. But both are essential to democracy and freedom. What if it was not a choice of “either or”, a zero-sum game, but instead primarily a “both or neither” challenge, yet to be proven unfeasible?
Are key assets and capabilities of nations’ law enforcement, defense and intelligence themselves highly vulnerable to attackers – foreign, domestic and internal – due to the lack of sufficiently comprehensive, translucent and accountable socio-technical standards, such as in IT facility access, device fabrication or assembly? How vulnerable are AI-driven autonomous IT systems, moveable and not, to attacks via their critical socio-technical low-level subsystems?
Can the paradigm “Trust but verify” still be a sufficient when the bribery, threatening or identity theft of a single person (rarely 2), in key role in the lifecyle of a single critical component or process, can enable concurrent compromisation of every instance of a given critical IT system, including communication, state surveillance, or autonoumous moveable devices? Should the paradigm rather be “Trust or verify”, by deepening and extending oversight all the way to CPU designs and fabrication oversight? But how can that be made economical for wide spread adoption and compatible with feature and performance needs?
For more details on the context, see our Challenges Backgrounder.