– On Sept 24-25th 2015, the 1st EU Edition 2015 was held in Brussels, with the support of great sponsors. It attracted amazing speakers, including the best IT security experts of Europe and US – including Bruce Schneier, Bart Preneel, Richard Stallman – and the most relevant EU defense, IT security and R&D institutions – such as the Head of Information Superiority of the European Defence Agency, the Deputy European Data Protection Supervisor, Deputy Head of Security & Trust of EU DG Connect, Exec. Dir. of ECSEL-JU, Senior Executive of the Future of Humanity Institute – as you can see from the report and the program with videos.
– On Oct 16th 2015, a smaller 1/2-day Latin American Edition was then held in Iguazu, Brazil, with distinguished guests.
– On July 21st 2016, a 1st US Edition 2016 was held in New York with amazing confrimed speakers, including Joe Cannataci, the UN Special Rapporteur on the Right of Privacy, and Max Schrems, the Austrian privacy activist behind the overhaul of Safe Harbor Agreement.
Recent evidence suggests that nearly all IT devices and services are remotely, undetectably and scalably hackable by several actors, through state-sanctioned or state-mandated backdoors.
As a consequence, EU and US IT companies are struggling to seek ways to offer the levels of trustworthiness that both customers and constitutions require, by differentiating themselves sustainably on the basis of provable and meanigfully-higher levels of trustworthiness.
We are told daily by nearly all privacy experts and government officials that we must to choose between meaningful personal privacy and enabling lawfully authorized cyber-investigations. But both are essential to democracy and freedom. What if it was not a choice of “either or”, a zero-sum game, but instead primarily a “both or neither” challenge, yet to be proven unfeasible?
(This anonymous graffiti NYC poses the question citizens are being posed but find impossible to answer …)
Are key assets and capabilities of nations’ law enforcement, defense and intelligence themselves highly vulnerable to attackers – foreign, domestic and internal – due to the lack of sufficiently comprehensive, translucent and accountable socio-technical standards, such as in IT facility access, device fabrication or assembly? How vulnerable are AI-driven autonomous IT systems, moveable and not, to attacks via their critical socio-technical low-level subsystems?
Can the paradigm “Trust but verify” still be a sufficient when the bribery, threatening or identity theft of a single person (rarely 2), in key role in the lifecyle of a single critical component or process, can enable concurrent compromisation of every instance of a given critical IT system, including communication, state surveillance, or autonoumous moveable devices? Should the paradigm rather be “Trust or verify”, by deepening and extending oversight all the way to CPU designs and fabrication oversight? But how can that be made economical for wide spread adoption and compatible with feature and performance needs?
For more details on the context, see and contribute to our Challenges Backgrounder.