After editions in Brussels, New York and Brazil, our 5th Free and Safe in Cyberspace conference will be held on May 4th 2018 in Berlin (Betahaus) in the heart of EU digital civil rights activist scene, to see how we can radically improve safety and freedom in cyberspace, by challenging the status quo and deeply ingrained misconception.
As we have since our 1st edition with amazing speakers, we’ll sharply focus on a dialogue and critical mass around the solutions to the most important challenges of this Digital Age: (A) Can we create a new IT and AI security certification body, and widely available compliant systems, that radically exceed the security and accountability of current military and civilian state-of-the-art systems, (B) while at once increasing public safety and preserving legitimate and constitutional lawful access capabilities.
Speakers will include current and former top cybersecurity officials of Deutsche Telekom Labs, FBI Cyber Division, German Armed Forces, US National Security Council, Austrian CIO, as well as IT, blockchain and GDPR experts, and digital civil rights activists.
Can we solve Challenge (A)? if so how? What are the key paradigms? How do we maximize the accountability, proficiency and morality of the governance of the certification and oversight? Should such certifications governance be international and primarily non-governmental? What scale of investments are needed? The role of uncompromising “zero trust” security-by-design paradigms? The role of transparent and extreme review and oversight of all critical lifecycle components and human processes?What is the role citizen-witness and citizen-jury processes? Is it realistic to secure enough CPUs and chip fabrication oversight? The role of free/open source software and testing by expert “ethical” hackers? The role of blockchains, quantum computing, artificial intelligence?
If we can solve (A), do we necessarily also need to solve (B) in order to avoid major public security issues and/or its outlawing? If YES, can we solve (B) and how? Can the same radically unprecedented technical and organizational safeguards needed for (A) also – within current laws – mitigate the inevitable added risks of voluntarily providing such lawful access (B) so as to still radically exceed the security of the best IT solutions that do not provide such access? While German and EU banks, enterprises and military seem to understand the dire need for (B), nearly all German think tanks, civil rights organizations, and some politicians think that solving (B) is either not needed and/or not possible, are they right?
Can compliant ITs radically mitigate the risks and costs of cybercrime and GDPR? What are the economic opportunities for public and private organizations that are pioneering such new ecosystems? Can we imagine a parallel ultra-secure hardware and software computing universe, as a user-friendly supplement to every-day computing devices? Can mandating adoption of such new certifications for state bulk and targeted cyber-investigations programs radically increase their effectiveness, integrity and resilience from abuse? Can mandatory adoption for elected officials – and critical military and civilian IT – increase both citizens’ and state sovereignty and safety?
(The event is subject to confidentiality terms of the Chatam House Rule, but anyone can apply to be participant/delegate by registering)
Recent Intel, AMD and Ledger hacks reveal how critical vulnerabilities and state-sanctioned backdoors run deep, down to CPU and chip fabrication, and their certifications. Meanwhile, Shadow Brokers and CIA Vault 7 revelations further show how these state-grade hacks are ever more widely available to criminals. Recent cybersecurity problems with blockchains have demonstrated the need for adequate critical software certifications and governance. Cybercrime costs for citizens, enterprise and governments are exploding, reaching 2$ trillion per year in 2020, all before accounting for the erosion of our democratic institutions.
Need for a whole new level of security is increasing in enterprises, banks, governments and citizens for their communications and transactions, and more recently for the enforcement of algorithmic transparency and security for AI and social media, and to tackle the security challenges of blockchains. And more so with GDPR mandatory disclosure requirements.
But market demand remains almost entirely latent because current cybersecurity certifications are proven ever more inadequate in depth, comprehensiveness, and independence to deliver the security needed for critical scenarios and enabling users to even compare high-security solutions, except based on reputation.
The Head of ENISA agency, former President of German BSI, recently highlighted the centrality of deeper certifications: “From a certification perspective, a regulation perspective, it would be a good idea to look into these kinds of hardware products, protocols, and think about how to do a certification scheme for these… If you start in hardware from the beginning, you build on top of it. Everything is secure from the beginning”.
However, the slow progress of new certifications plans in EU and the unresolved NSA efforts to undermine NIST standards add up to other evidence that this state of affairs is not a “by accident” but “by design”. It is primarily due to the need of nations to prevent “at all costs” criminals to use IT devices that are resistant to a duly authorized lawful access order. Soon after algorithmically unbreakable encryption was made widely available in 90s and nations felt the need to resort to breaking everything below it in the lower technical and lifecycle stacks.
The EU and EU members states invest in R&D and centers to promote strong encryption, with one hand, while they increasingly invest and share to break those same technologies, with the another. In fact, although overall state security agencies have not “gone dark” nor are “going dark“, the availability of the proposed new certifications and IT systems would by definition create a “could be going dark” problem.
Prospects for a wide availability of meaningfully-secure IT may, therefore, be inextricably linked to ensuring that a legitimate privacy-respecting lawful access to such systems is somehow granted.
Managing Director & Head of Cybersecurity at FTI Consulting. From 2015-2017 he was Director of Cyber-incident Response & Director of Cybersecurity Policy at the US National Security Council of President Barack Obama. Formerly Chief of Staff of the Cyber Division of the FBI (2014-2015). (LinkedIn)
Director of the BAAINBw of the German Armed Forces (the Federal Office for Equipment, Information Technology and Use). Formerly Head of Information Superiority of the European Defence Agency. (2014-2016), and Assistant Director Research & Technology (2010-2013). (Linkedin)
Scientific Director of Master in Scientific Intelligence and Head of Security and Investigation Dept. at Link Campus, Rome, Italy. Behavioral Analyst for Intelligence and Security. Current candidate and “shadow minister” of Interiors for
the 5-Star-Movement, Italy’s largest political party. (LinkedIn)
Head of the Telekom Innovation Laboratories (T-Labs). Developing and leading innovation topics Deutsche Telekom and its partners including for blockchain. Also Vice President of The Blockchain Group and the Co-lead. Formerly, founder and COO of startup software firms in the Seattle area. (Linkedin)
CEO at Berlin-based Least Authority, a leading open source cloud service based on highly-audited open source and advanced cryptographic protocols. Formerly, senior program manager at the Open Technology Fund (2013-2015) (LinkedIn)
(Phd) Cofounder at TRUSTLESS.AI and Kryptus. Designer of the SCuP, the World’s 1st secure CPU with publicly inspectable HW designs and free/open source SW. Designed security architecture of the 400,000 Brazilian voting machines & the ASI-HSM of the Brazilian PKI-root CA. (LinkedIn)
Founder & Managing Partner at Anchor Point. Formerly Senior Research Fellow at Brandenburg Institute for Society & Security. Technology writer, analyst & consultant. Formerly, tech reporter for the Wall Street Journal. (LinkedIn)
Carlo von Lynx
Founder of Secushare.org, a free software distributed social network that runs on users’ devices with end-to-end encryption and anonymization. Formerly head of symlynX multicast, and tech lead at STERN magazine. Inventor of URL shortening and prototype content delivery networks. Contributor to IRC, XMPP. Main author of PSYC. (Online CV)
Exec. Dir. of Trustless Computing Association, and CEO of TRUSTLESS.AI startup spin-off, which promote a solution to the 4 Challenges of the Free and Safe in Cyberspace. Previously lead senior management role in several startup and NGOs, mostly in pursuit of promotion of digital civil rights. (LinkedIn)
May 3rd, 2018
- 18:00-21:00 Aperitif at TBD location for speakers, media, and guests.
May 4th, 2018
- 08:30 – Coffee
- 09:00 – Introduction by Organizers: Rufo Guerreschi
- 09:20 – Keynote by Anthony J. Ferrante
- 09:35 – Keynote by Reinhard Posch
- 09:50 – Keynote by Michael Sieber “Prospects for dual-use pan-European initiatives to create ultra-high assurance IT and ecosystems for critical societal domains”
- 10:00 – CHALLENGE A: What paradigms and certifications can validate IT devices and services that provide security and privacy that are radically more secure than state-of-the-art (ultra-high assurance*) ?! What are the key paradigms? What is the role of uncompromising“zero trust” security-by-design paradigms, via transparent and extreme review and oversight of all critical lifecycle components and processes? the role of free/open source software and ethical hackers? the role of certification and oversight governance? How about Blockchains, Quantum Computing, Artificial Intelligence? what about citizen-witness and citizen-jury processes? Can we realistically secure enough CPU design and chi fabrication oversight? What scale of investments are needed? Can we imagine a parallel hardware and software computing universe, as a user-friendly supplement to every-day computing devices?
- Moderator: TBD
- Panelists: Ferrante, Sieber, Posch, Guerreschi, Heyer, Gallo, TBD
- 10:50 – Coffee Break
- 11:00 – Keynote by Anthony J. Ferrante
- 11.15 – CHALLENGE B: How can we achieve such ultra-high assurance IT while enabling legitimate and constitutional – no more, no less – lawful access? so it does not get abused or outlawed? Can the same extreme technical and human processes safeguards that are need to deliver ultra-high assurance enable voluntary compliance to lawful access request – at least in some EU states – that overall reduce the risk of privacy rights abuse of end-users by anyone to levels that are radically or substantially lower than any of the other alternative secure IT systems which do not offer such voluntary processing?
Could or should such processes rely, not primarily on nations, but on a provider-managed voluntary data and/or key recovery scheme that is certified and overseen by radically citizen-accountable, independent and competent international bodies? Could the inevitable added risk be essentially shifted from technical systems to on-site organizational processes?
- Moderator: Guerreschi
- Panelists: Ferrante, Sieber, Posch, Chiesa, Gallo, TBD
- 12.15 – SOLUTION TO CHALLENGE A and B: “Shark-Tank-style” QA
- Intro to Trustless Computing Certification Body by Rufo Guerreschi, Trustless Computing Association.
Since 2013, leading public and private partners, and spin-off startup, have been building a new certification body, and an initial compliant open computing base, ecosystem, and service, CivicNet. Consistently enforces ultra-high levels of transparency, accountability and oversight of all critical technical, human, socio-technical and governance components; including “ultra-high ethical expert public security-review in relation to complexity”; advanced citizen-witness and citizen-jury-like oversight processes; and online and in-person multi-jurisdictional secret-sharing techniques. Radical minimization of features and performance, effective compartmentation, and use of only open source time-proven critical technical stacks ensure economic feasibility and deep involvement of the expert ethical hacking community.
- Intro to Trustless Computing Certification Body by Rufo Guerreschi, Trustless Computing Association.
- 13:00 – LUNCH BREAK
- 14:00 – Keynote by TBD
- 14:15 – GDPR PANEL: GDPR mandatory disclosure requirements & the increased costs of breaches of critical enterprise and bank data.
Most enterprises are by ready for basic GDPR compliance, in terms of diligent human processes and”best effort” technological setups. But the Regulation also mandates, at a hefty cost, the reporting of breaches, not only of customers’ data but also of the communications, negotiations, and transactions of executives, boards or partners. This adds substantially to traditional costs associated with those breaches, in terms of reputation, lost competitive advantage, blackmail, and more. What are new emerging technologies, certification, approaches, and processes that can substantially or radically mitigate such costs and risk?
- Moderator: Jongerius
- Panelists: Calian, Gummer, Weyer, Ferrante, TBD
- 14.45 – Keynote by TBD
- 15:00 – ECONOMICS PANEL: Can we create economic development and profit opportunities for pioneering public and private entities around the creation highest-grade cybersecurity certifications and complaint ecosystems?
Could a new transparent international certification, downward-compatible with a “Security made in Germany” label, and lead by Germany, Austria and Italy, lead to extensive economic development? Can we envision the development in Berlin of a lively open general-purpose computing platform and ecosystem around such new cybersecurity certifications? Can we merge the most secure open source providers of blockchains and uncompromising endpoint security (and other techs) to develop a sort of Arduino ecosystem and platform, but ultra-secure?!
- Moderator: Chase Gummer
- Panelists: Heyer, Sieber, Steininger, Quintarelli, TBD
- 15:45 – Guest Presentation by Ludmila Morozova-Buss “Cybersecurity: A “no woman’s land” yet dominated by minorities?!”.
- 15:55 – Coffee Break
- 16:05 – Keynote by Roman Yampolskiy (Videoconference) “Role of global standards, certifications and governance for the future of AI security, accountability and control”
- 16.20 – CHALLENGE C: What’s the role of ultra-high assurance ITs in the present and future of AI? Can certifications for radically more trustworthy IT define a European actionable path, from the short to the long-term, to: (1) cement a EU leadership in the most security-sensitive Artificial Intelligence sectors (such as autonomous vehicles, surveillance, digital assistants etc.), and (2) substantially increase the chances of utopian rather than dystopian long-term artificial intelligence prospects?
- Moderator: TBD
- Panelists: Roman Yampolskiy, Michael Sieber, Guerreschi, TBD
- 17:10 – Closing Keynote by Anthony J. Ferrante
- 17:25 – Closing Keynote by Michael Sieber
- 17:40 – Closing by organizers.
- 18:00-21:00 – Dinner for panelists, media, speakers and special guests.
President of Security Brokers.The most famous hacker in Italy for the last 30 years. Head of Community relations and Board Member of the Italian AIIC – Associazione Italiana Esperti in Infrastructure Critiche. Formerly consultant and advisor to ENISA, Nato, Italian Ministry of Defense, United Nations UNICRI. (LinkedIn)
CEO at techGDPR, an emerging consultancy for consulting in GDPR compliance, cybersecurity and risk management. VP marketing/sales Europe for DLT Labs, an established Toronto-based blockchain development house (LinkedIn)
Chief Technology Officer and Head of Research at Adaptant Labs, managing research for cutting-edge cloud security systems. Co-founder and ex-Director of the Australian chapter of the Internet Society. Formerly he deployed military-grade encrypted mobile VoIP systems, emergency broadcast radio networks in Syria and Africa, and secure Enterprise WiFi systems. (LinkedIn)
Co-founder & CEO at Statice which helps companies to leverage private customer data in a privacy-preserving manner by using synthetic data to foster a variety of collaborations with external data owners and data experts. (LinkedIn)
Free Software expert, activist, and lawyer. Freelance IP and free software license consultant. Formerly Network coordinator for a major NGO for the promotion of free software. Master in International and Comparative Law from Trento University. (LinkedIn)
Chairman of Steering Board of Italian Digital Agency. Former Deputy of the Italian Republic. First signer of the 2014 national legislative proposal of “technological sovereignty and documented hardware”(url). Co-founder of the Italian IT security associations CLUSIT and AIPSI. Formerly professor of Computer Security. Formerly head of IT Section of the Italian main financial newspaper (Linkedin)