After editions in Brussels, New York, Iguaçu, Berlin, the 6th edition of the Free and Safe in Cyberspace conference series was held last April 9th and 10th 2019 in Geneva, at the Fintech Fusion accelerator in 50 Avenue de la Praille, new home of the organizer Trustless Computing Association and its spin-off startup TRUSTLESS.AI.
IT security and banking experts discussed how we can define new paradigms and build a new international non-governmental standards setting and certification body – and a 1st complaint open ecosystem and target architecture – that can certify end-2-end IT services with radically-unprecedented levels of trustworthiness, while concurrently ensuring offline legitimate lawful access, all the way down to extreme CPU design review and fabrication oversight. Initially targeted at the confidentiality and integrity of human communications and financial transactions, it plans to be extended to other society-critical IT systems, such 5G networks, critical AIs, and large social media.
As in previous editions, we sought the solution to 4 Challenges that we have identified since 2015 as key to achieve the IT and AI security that we need as a society, and to spur great economic opportunities.
Day 1. During Challenge A, we tried to answer the question “What new IT paradigms and certification governance models can deliver human communications and financial transactions that are radically-more-secure than today state-of-the-art?“. Then, in Challenge B, we asked: “If we can solve Challenge A, how can we concurrently solidly ensure legitimate lawful access to prevent grave crimes and enable its sustainable adoption?“. We explored the possibility that Challenge A and B are one and the same, solvable by uncompromising apply the best time-proven socio-technical paradigm. During Panel 1 and Panel 2, we explored how such new technologies, certifications and ecosystems can provide great economic opportunities for early adopters, such as banks, wealth management firms, and local governments.
Day 2. During Challenges C and Challenge D, we analyzed the application of such new technologies and certifications in other society-critical IT systems, such as artificial intelligence, social networks and 5G networks. During Panel 3 to Panel 4, we explored how such new IT and certifications can provide the basis of national policies and international treaties that can contribute to peace, democracy, freedom, and even improve chances of rational human control over the future of AI.
Theme for FSC 6th edition:
Cybersecurity: From a threat to a ket competitive advantage for the private banking industry?
Our networks are broken. Monitoring of 3G, 4G and 5G networks is essential for nations’ ability to combat crime. But their lack of certified security and international accountability leads to major privacy and security risks for all citizens, and distrust among nations.
Our devices are broken. When even Bezos and Trump communications with their closest associates appear to be easily hackable even by mid-level hackers, what hope is there for the rest of us for?
Our digital banking is broken. Network tracking and lack of confidentiality, fast increasing identity thefts and financials frauds via spear-phishing and even voice cloning are eroding trust in financial transactions.
Key problem is that technologies are getting ever more complex and more obscure and hackers ever more resourceful. Current attempts to radically increase the trustworthiness of IT sensitive system – especially in communications and transactions – are centered on the pursuit of scientific breakthroughs in the area of artificial intelligence, on quantum computing, and innovative encryption protocols, such as quantum-resistant, blockchains, zero-proof, end-2-end and homomorphic. Meanwhile, a few security-by-design or blockchain initiatives are taking a more holistic, short-term and trustless approach, which is centered on open, time-proven, battle-tested – yet future-proof – technologies and processes; transparent oversight down to critical hardware design and fabrication; a transparent resolution of the lawful access needs; and radically more accountable and resilient certification and ecosystem governance models.
But is it really a technological problem? Or is it instead that all IT is broken – by design, at birth – to satisfy legitimate needs of law enforcement? Can we have both meaningful freedom and public safety in cyberspace?
Most believe that meaningful digital freedoms and public safety are an inevitable “either-or” choice, a sort of “zero-sum game“. We discovered it may well be instead a “both-or-neither” challenge, solvable primarily through the same zero-trust socio-technical paradigms and international certification governance models. This is all the more urgent as the breaking of all IT at birth by powerful nations, to retain investigative access, has placed the safety and freedom of nearly all citizens, and the very integrity of their democratic systems, in the hands of the most powerful hacking entities.
Can a new international standards setting and certification body – and complaint open ecosystem – achieve radically-unprecedented levels of confidentiality and integrity – for our most sensitive human computing, and then other critical systems – while concurrently ensuring offline legitimate lawful access?
Can a few leading wealth management firms, enterprises, public institutions and NGOs can leverage such an innovation to turn client-side cybersecurity from a threat into a fundamental competitive advantage in their respective markets.
Former Chief Information Security Officer and Head of Information Security Services of UNISYS. Senior Advisor at TRUSTLESS.AI.
Juan Carlos Lara
Wouter ’t Hoen
April 9th, Tuesday
12:00 pm – Registration & light lunch
01:00 pm – Welcome by Laurent Bischof, Managing Director of Fusion and Polytech Ventures. Video Link
01:10 pm – Welcome by Michael Kleiner, Head of Department of Economic Development, Directorate General for Economic Development, Research and Innovation, Republic and State of Geneva.
“Economic opportunities for Geneva in the area of IT security”. Video Link
01:20 pm – Keynote by Marco Obiso, Head of Cybersecurity Division at UN International Communication Union. “Paths towards next- generation international IT security standards and certifications for sensitive human communications and transactions” Video Link
01:30 pm – Introduction by Rufo Guerreschi, Exec. Dir. of Trustless Computing Association and CEO of TRUSTLESS.AI.
“The 4 Challenges of Free and Safe in Cyberspace.“. Video Link
- Video Link
- Moderator: Gerhard Knecht –— Panelists: Marco Obiso, Luca Benini, Manuela Troncoso, Reinhard Posch, Solange Ghernaouti.
- How can we provide ordinary citizens access to affordable and user-friendly IT services with levels of trustworthiness that are radically-unprecedented (i.e. ultra-high assurance*) and meaningfully-abiding to the UN Universal Declaration of Human Rights, at least for their most sensitive computing?
Can we re-create in cyberspace a meaningful private sphere? What are the key paradigms needed to achieve this goal? What is the role of uncompromisingly “zero trust” security-by-design paradigms, via transparent and extreme review and oversight of all critical lifecycle components and processes? Can we realistically secure enough CPU design and chip fabrication oversight? What are the advantages, disadvantages and limitations of free/open source software? What is the role of formal verification? What is the role of public security-review by “ethical” experts? How about Blockchains, Quantum Computing, Artificial Intelligence? Can citizen-witness and citizen-jury processes help secure the supply-chain? What is the role of certification and oversight governance? What scale of investments are needed? Can we imagine a parallel hardware and software ultra-secure computing universe, as a user-friendly supplement to every-day computing devices? Read more
02:40pm – Coffee break
02:50 pm – Keynote by Gerhard Knecht “Towards ultra-high assurance IT for human computing”
03:00 pm – Intro to Challenge B by the Trustless Computing Association. Video Link
- Video Link
- Moderator: Rufo Guerreschi
Panel 1: Michel Jaccard, Hoten t’ Wouter, Caroline Portal, Antoine Clerget, Bernard Tavernier.
- Can providers of ultra-high assurance* IT reliably offer compliance mechanisms to legitimate lawful access requests – voluntarily (i.e. in addition to what’s required by selected jurisdictions) – while overall reducing both resulting risks for the privacy of users and for public safety? If so, how?What are the core paradigms of such certification processes?
Can the same extreme technical and human safeguards that are needed to deliver ultra-high assurance also enable voluntary compliance to lawful access request – at least in some EU states – that overall reduce the risk of privacy rights abuse of end-users by anyone to levels that are radically or substantially lower than any of the other alternative secure IT systems which do not offer such voluntary processing? Could or should such processes rely on a provider-managed voluntary data and/or key recovery scheme that is certified and overseen by primarily-non-governmental radically citizen-accountable, independent and competent international body? Could the inevitable added risk be essentially shifted from technical systems to resilient in-person organizational processes? Read more
04:10 pm – Coffee break
04:30 pm – Keynote & QA by Rufo Guerreschi: Case for a Trustless Computing Certification Body. Ongoing initiative for a standard setting and certification body suitable to certify ultra-high levels of trustworthiness for IT systems and their voluntary offline compliance to legitimate lawful access requests. Initially for human communications and transactions, and then for society-critical and complex IT systems. Video Link
05:10 pm – Coffee break
05:30 pm – Keynote by Daniel Haudenschild, President of the Crypto Valley Association:
“Core challenge to raise the actual and perceived trustlessness and trustworthiness of blockchains in the banking sector” Video Link
05:40 pm – Keynote by Roman Yampolskiy (Video Link)
“Challenges of AI safety and resilience: the role of technical and socio-technical technical breakthroughs, of adequate certification bodies and transnational governance” Video Link
05:50 pm – Intro by Rufo Guerreschi, Exec. Dir. Trustless Computing Association
“Introduction to Panels 1 and 2: wealth management and client-side cybersecurity” Video Link
06.00 pm – Keynote by Stephen Wall of Wealth Mosaic
“Trends and developments in the global WealthTech landscape and the relative importance and focus on their security”. Video Link
- Video Link
- Moderator: Tony Zeiger — Panelists: Eldo Mabiala, Stephen Wall, Tony Zeiger, Solange Gherbouti,
- Hackers and data breaches are part of the daily news. But bulk of cybercrime is unreported or unnoticed, with behind the scene financial frauds, extortion and theft of personal and business secrets. Wealth management clients are ever more concerned about the confidentiality of their advisory and security of their financial transactions, and this in turn increases friction to client relationship where client will just trust face-to-face meeting for confidential matters. Even the best and most secure apps, expensive devices, authentication methods are vulnerable to confidentiality, integrity and authentication breaches even by mid-level hackers. Will the “call back” transaction verification be enough when voice cloning and deep fakes technologies are constantly improving? Meanwhile, IT giants like are rapidly moving into banking, and increasingly taking control of the client user interface and trust relationship like WeChat or WhatsApp, and being able to offer better security by controlling the underlying software and hardware like Apple.
06:40 pm – Aperitif session
06.50 pm – Spephane Nappo, Group Chief Information Security Officer at OVH:
“Threats and opportunities of client-side security in the banking sector”
- Video Link
- Moderator: Steven Meyer — Panelists: Eldo Mabiala, Emmanuelle Tzanos, Rufo Guerreschi, Tony Zeiger.
- Cyber in the financial World done correctly can open doors to new and amazing opportunity; but done wrong, it can bring us back to the age of pen & paper. Both ease of use and security of digital financial advisory are critical to retain, deepen and expand client relationship in the digital age.
How can financial institutions become the digital trust partner of their clients? How can this be done and what advantage would the leaders gain compared to the followers? Can a group of leading enterprises, wealth management firms, banks, NGOs and nations gain a fundamental competitive advantage in digital trust by leading the creation and adoption of next-generation IT security paradigms and certifications?
08:00 pm – Aperitif, snack and networking
09:00 pm – End
*Definition of “ultra-high assurance”: In civilian and military IT security, it is used to refer to systems of the highest level of trustworthiness in confidentiality, integrity, and/or availability. Perfect trustworthiness will never exist, but we have learned that even current “high assurance” technologies, standards, and certifications are radically inadequate for the needs of citizens, enterprises, democratic institutions, critical societal systems, and autonomous systems.
April 10th, Tuesday
08:30 am – Registration & Coffee
09:10 am – Welcome by Rufo Guerreschi
“Introduction to Free and Safe in Cyberspace – Challenges C and D”
- Video Link
- Moderator: Troy Davis — Speakers: Stuart Armstrong, Leila Delarive, Lennig Pedron, Rufo Guerreschi.
- Recent calls for international treaties or new ethics for the trustworthiness of IT or AI systems – such as Tech Accord, Charter of Trust, Call of Paris or a Digital Geneva Convention – are crucial to raise awareness. Yet, none of them tackles head on the need for trustworthy cybersecurity certifications to enforce the oversight of treaties or enact the principles of such declarations.
How can such certification bodies increase the resilience and “forensic friendliness”, to radically improve resistance against attacks and confidence about attacks attribution? — What constituent processes can ensure a timely, effective and democratically-efficient implementation – by a critical mass of actors – of meaningfully-enforceable national policies or international treaties for ultra-high assurance IT standards setting and certification processes?
10:40 am – Keynote by Kolain
“Novel risk-based instruments of the GDPR – How to create trust through legal informatics” Video Link
10:50 am – Coffee Break
11.10 am – Keynote by Stuart Armstrong: “How can a coalition of actors promote the establishment of adequate global AI governance by exiting the current semi-anarchic default condition.” Video Link
11.20 am – Keynote by Troy Davis:
“The history of the fight for a federal global government: from Garry Davis in 1945 all the way to the needs of global AI regulation” (trailer video on Garry Davis) Video Link
11.35 am – “Skype-Side Chat” with Jaan Talliin (recorded video interview)
“Need, challenges and scenarios of global governance of AI ” Video Link
- Video Link
- Moderator: Christian Wirth — Speakers: Paul Wang, Philippe Thevoz, Michael Kolain, Jorn Erbguth.
- A large majority of IT security experts and prospective blockchain institutional users are still highly sceptical of the security claims of even the most securely-architected or time-tested blockchains. Many challenges remains to be addressed. How can the blockchain benefit from ultra-high assurance IT systems (for example, on the client -side) and their certification models? How can blockchains, in turn, measurably improve the assurance of high-assurance systems?
- Moderator: Rufo Guerreschi — Speakers: Christian Wirth, Leila Delarive, Stuart Armstrong, Tim Llewellynn.
- Current attempts to radically increase the trustworthiness of critical IT systems are often centered on the pursuit of scientific breakthroughs in the area of artificial intelligence, quantum computing and cryptography, blockchains, and new protocols, such as zero-knowledge proof, and end-2-end and homomorphic encryption. Meanwhile, a few security-by-design or blockchain initiatives are taking a more holistic, short-term and trustless approach, centered on open, time-proven, battle-tested – yet future-aware – technologies and processes; transparent oversight down to critical hardware design and fabrication; a transparent resolution with extreme safeguards of the lawful access needs; and more accountable and resilient certification and ecosystem governance models.
12:20 pm – Coffee Break
- Video Link
- Moderator: Rufo Guerreschi
Panelist: Troy Davis, Stuart Armstrong, Jean-Marc Rickly, Leila Delarive, Lennig Pedron
- Can the all-powerful threats of AI and cybersecurity provide the needed motivation to build adequate open federal transnational democratic institutions, as the nuclear threat nearly did in 1945? Can the threats (and opportunities) of the accelerating pace AI and the destabilizing effect of cyber-warfare constitute a unique opportunity to radically empower and democratize our transnational governance institutions?
13:00 pm – Light Lunch and Networking
02:00 pm – End
The Trustless Computing Association is a non-profit organization, based in Zurich, that has aggregated World-class partners and advisors to build open IT technologies, certifications and ecosystems that can deliver levels of trustworthiness that are radically higher than state-of-the-art.Together with its spin-off startup TRUSTLESS.AI – based in Zurich – the associaiton has been building (1) Trustless Computing Certification Body, a new IT security standards-setting, certification body, aimed at radically-unprecedented levels of trustworthiness, while at once solidly enabling legit lawful access and (2) building the Seevik Pod and Net, an initial open computing base, ecosystem and IT device, compliant to such new certifications.