Photo by Giorgio GaleottiOwn work, CC BY 4.0, Link

The role of new high-assurance IT paradigms and certifications in delivering constitutionally meaningful e-privacy and e-security to all, while preserving public safety and cyber-investigation capabilities.

EVENT SUMMARY

The world’s greatest IT security and civil rights experts, including Bruce Schneier, Richard Stallman, and Bart Preneel, engaged in intense panel sessions and “micro TED-style” keynotes, brain-stormed and found common grounds with leading organizations and EU institutions, including DG Connect, ECSEL JU, EDPSEuropean Defence Agency.

Main ambition of the workshop is therefore to jointly define innovative techno-organizational certifications and certification governance models – within at least some current national legislative frameworks – for next generation high-assurance IT services, as well as constitutional “endpoint” lawful access systems.

Necessarily, after Snowden and recent hacks, these new paradigms will need to assume that highly-skilled state and non-state attackers, with very limited actual liability risk, are willing to devote tens of million of euros to sustainably compromise its supply chain. They will therefore renounce to the need or assumption of trust in anything and anyone that is critically involved in any critical IT service life-cycle component, from certifications governance to hardware fabrication oversight; except on the assurance quality of the overall organizational governance of all intrinsic socio-technical constrains and (dis)incentives bearing on all entities critically involved in the entire life-cycle.

We have identified the solution of two core challenges, Challenges A and Challenge B, as crucial to jump-start such opportunities, as you can see our program and the in detail in the our backgrounder.

  • CHALLENGE A: Is it feasible to provide ordinary citizens access to affordable and user-friendly end-2-end IT services with constitutionally-meaningful* levels of user-trustworthiness, as a supplement to their every-day computing devices? If so, how? What scale of investments are needed? What standards/certifications can enable a user to reliably distinguish them from other services?
  • CHALLENGE B: Provided that Challenge A can be met, can new voluntary international IT certifications – within some nations’ current legislative frameworks – provide safeguards that are sufficiently-extreme to reconcile meaningful personal privacy, effective lawful access and prevention of malevolent use? If so, what are the core paradigms of such certification processes?

On the medium and long term term, it is hoped that the envisioned certifications can spur substantial R&D projects and open ecosystems in a solid actionable path to participating actors and nations with: a renewed digital sovereignty of the communications of citizens and public institutions; a global business leadership in the most strategic security-sensitive IT sectors (such as autonomous vehicles, advanced narrow-AI, critical infrastructure, intelligence and lawful access systems); a reference for a “trustworthy computing base” for the defense of critical assets and infrastructures and strategic defense communication; a sound low-level technological basis and governance model for ever wider AI systems in critical societal scenarios, including autonomous and semi-autonomous moving devices.

The workshop was conceived by the non-profit R&D and innovation institute Open Media Cluster (now called Trustless Computing Association), led by Rufo Guerreschi, and co-organized with EIT Digital Action Line for Privacy, Security & Trust, led by Jovan Golic, internationally renowned cryptographer and IT security expert.

safety_or_freedom_by_ali_radicali-d4ee0sj Art by Alexander Ariese

The event aims at fostering a proactive approach deploying trustworthy and transparent innovative technologies bridging the gaps between available techniques and practice. This is seen as necessary to sustain a further growth of the data-driven economy. To this end, it is also crucial to break out of the “privacy vs safety” zero-sum game mindset and, instead, decisively converge on win-win approaches and standards that will substantially reconcile basic human rights and needs to protect and control sensitive data, not only personal, on one side, with legitimate needs for cyber-investigation to get more effective protection against crimes in cyberspace and the physical world, on the other. The resolution of this apparent dichotomy is seen as necessary if meaningfully-secure high-assurance IT is to be let legally available in the market.

—————————————–

* Definitions. While perfect assurance is impossible we found crucial to arbitrarily define, as concretely as “possible, an high enough” target level of trustworthiness, to set a base for discussions. Therefore, for the purpose of this event, we’ll adopt the following definitionAn IT service has constitutionally-meaningful levels of trustworthiness when his levels of confidentiality, authenticity, integrity and non-repudiation are sufficiently high to make its use, in ordinary user scenarios, rationally compatible to the full and effective Internet-connected exercise of their core civil rights, except for voting in governmental elections. In more concrete terms, it defines an end-2-end computing service that warrants extremely well-placed confidence that an extremely skilled attacker – willing to perform continuous or pervasive comprimization – would incur costs and risks that exceed the following: (1) for the comprimization of the lifecycle including the supply chain, the tens of millions of euros, and significant discoverability (albeit with unlikely actual liability), that are typically sustained by well-financed and advanced public and private actors, for high-value supply chains, through legal and illegal subversions of all kinds, including economic pressures; or (2) for comprimization of a single user, the tens of thousands of euros, and a significant discoverability, such as those associated with enacting such level of abuse through on-site, proximity-based user surveillance, or non-scalable remote endpoint techniques, such as NSA TAO”.

speakers

Bruce Schneier

Board member at Electronic Frontier Foundation, Open Technology Institute and EPIC. Fellow at Harvard Law School. CTO at Resilient Systems. Arguably the world’s most-renowned and recognized IT security expert.

Bart Preneel

Director at COSIC TU Leuven. President at International Association for Cryptologic Research. Arguably EU’s most peer-recognized IT security expert and researcher.

Richard Stallman

President of the Free Software Foundation. Founder of the Free Software movement. Inventor of the Free/Open Source Software licenses. Creator of the GNU/Linux OS, basis a majority of mobile and server computing devices.

Andreas Wild

Executive Director of ECSEL JU, the largest EU R&D public funding program for microelectronics, with projects exceeding 150M€ per year.

Michel Sieber

Head of Information Superiority at the European Defence Agency. (2012-2016)

Wojciech Wiewiórowski

Deputy European Data Protection Supervisor. Previuosly served as Inspector General for the Protection of Personal Data at the Polish Data Protection Authority.

Marcos Vinicius Mazoni

President of SERPRO. Main Brazilian IT public agency, delegated by President Roussef to develop state-surveillance-proof email systems for government officials.

Jovan Golic

Privacy, Security and Trust Action Line Leader of EIT Digital. Privacy, Security and Trust Action Line Leader of EIT Digital. Renowned cryptanalyst and cryptographer. EIT Digital manages, through Innovation and Education action lines, about 80M€ yearly of EU funds for close-to-market IT innovation, research and education co-funding.

Rufo Guerreschi

Executive Director at Trustless Computing Association. Project Lead at the User Verified Social Telematicsproject and the Trustless Computing Initiative. Long-time activist for the promotion of democracy within and through the use of IT.

Yvo Desmedt

A pioneer of threshold cryptography. Fellow of the IACR. Jonsson Distinguished Professor at University of University of Texasat Dallas, USA and Chair of ICT at University College London, UK.

Steven Bellovin

Prof. at Columbia University. Co-author of foundational papers on state attempts to reconcile cyber-investigation and privacy (19972013) (via conf call from New York)

Kai Rannenberg

Chair at Deutsche Telekom Chair of Multilateral Security at Goethe Univeristy; Privacy, Security & Civilisation AoI leader at EU NIS Platform. Member at ENISA Permanent Stakeholder Group.

Melle Van Den Berg

ManagingConsultantat
CapGeminiCyberSecurity Consulting. Co-author of the Mass Surveillance Part 2 – Technology foresight, options for longer-term security and privacy improvements commissioned in 2014 by  EU Parl STOA.

Peter Ide-Kostic

Senior Policy Analysts at EU Parliament Science and Technology Options Assessment unit (STOA) and the EU Parliament LIBE Committee Secretariat.

Michel Jaccard

Swiss-based attorney at corporate and tech boutique firm Id Est Avocats, specialized in open innovation, data privacy and security, free and open source licenses, and “crypto law”.

Bjoern Rupp

CEO of GSMK Cryptophone, mobile end-to-end encryption and mobile device security pioneer. GSMK makes the only cryptophone whose SW stack is publicly verifieable withouth NDA.

Pierre Chastanet

Senior Policy Analysts at EU Parliament Science and Technology Options Assessment unit (STOA) and the EU Parliament LIBE Committee Secretariat.

Alberto Pelliccione

CEO of ReaQta, endoint defense against advanced threats. Previously senior researcher at Hacking Team, a world leader in lawful access systems.

Roman Yampolskiy

World-renowned AI superintelligence safety expert and professor. Author of Artificial Superintelligence. Focused on AI Containment (isolation). Active in popular media channels.

Eric Drexler

Senior Visiting Fellow at the Oxford Martin School, Oxford University, and a researcher and Internal Advisor to the Future of Humanity Institute (FHI), led by Prof. Nick Bostrom. A pioneer of nanotechnology. Member of FHI’s Oxford Martin Programme on the Impacts of Future Technology.

Raoul Chiesa

A widely recognized IT cracker, hacker and IT security expert. President of Security Brokers. Formerly consultant and advisor to ENISA, Nato, Italian MoD,UNICRI.

Nikola Danaylov

As Dir. of the  Singularity Weblog he conducted over 160 interviews with the world’s best known AI experts. Graduate in economics, philosophy, and Singularity University. Has written over 800 articles and papers on the subject.

video

WORKSHOP REPORT

Today there are over three billion internet users worldwide. For many, half of their awake life spent online in wide-ranging activities, spanning from a personal email to grocery shopping, from political activism to enjoying best cat videos. Privacy seems a far away dream to most. But, is it?! Can’t a limited but truly private sphere created and protected! Can new standards and technologies, supplementary to overly complex mainstream devices, allow ordinary citizens to reach meaningful levels of privacy and security, at least for the most critical and personal parts of their online lives? If so, can these be made user-friendly and affordable for all, and still prevent grave risks for public safety and cyber-investigation capabilities?

These are the urgent challenges being addressed by a new public event series through the launch of the first of such events with the Free and Safe in Cyberspace 2015 workshop, held in Brussels on September 24-25th 2015, a Latin America edition to be held next Oct 16th, in Brazil, and a North American version in the works. The Brussels event included: EU and US most recognized IT privacy and security experts, Schneier and Preneel, the father of free software, Richard Stallman, senior officials of leading civilian and military EU institutions, high-assurance IT executives, and experts in advanced artificial intelligence. The workshop aimed specifically at building consensus on innovative techno-organizational certifications and certification governance models for next-generation high-assurance IT services, as well as targeted (endpoint) lawful access systems. Slides and videos of this event are available on the program page.

Perfect privacy and perfect security are impossible, and most likely will always be so. Nevertheless, it is essential to define some very high and measurable levels of trustworthiness that are compatible with the exercise of civil rights in cyberspace”, said in his introduction Rufo Guerreschi, executive director of Open Media Cluster (now called Trustless Computing Association), a small R&D non-profit based in Rome. Jovan Golic, from the co-organizing EIT Digital Privacy, Security and Trust Action Line, said: “It is frequently said that there is a trade-off between cyber-security and cyber-privacy, but that is misleading and blocking for both cyber-privacy and also for business in this area. In fact, if you don’t have cyber-privacy you cannot have real cyber-security because the data will be vulnerable to cyber attacks“. Golic went on clarifying that: “There is indeed a trade-off between cyber-surveillance and cyber-privacy, but cyber-surveillance is not the same as cyber-security. … So, we would like to have both cyber-security and cyber-privacy and also lawful cyber-surveillance. In order to achieve that, we need secure and trustworthy technologies.”

In his keynote speech, Michael Sieber (European Defence Agency) addressed a hot and controversial topic, particularly after the widespread surveillance programs revealed by Edward Snowden and more recent hacks. Among EU member states it’s hilarious: they claim digital sovereignty but they rely mostly on Chinese hardware, on US American software, and they need a famous Russian to reveal the vulnerabilities”. Most importantly, he envisioned an exciting step forward for the EU: “We can create a joint vision, big in ambition and funding; concentrate on our strengths; effectively combine ‘smart clustering’ and ‘smart regulation‘”.

Bruce Schneier, the world-renowned security expert, focused on trust as a key feature to better understand the main challenges laid out for this event (and the entire “Free and Safe in Cyberspace” project). “Trust is essential to human society and we, as a species, are very trusting. But what are the security mechanisms that make this work, particularly in the IT world? Mostly we rely on transparency, oversight, and accountability,” explained Schneier. “And so in order to avoid some mechanism failure, as was the case with the recent Volkswagen cheat, we must integrate them – along with verifiable standards, liability measures, and institutional drive to encourage cooperation. We’d strive to apply this formula also to these challenges, aiming at ultimately providing affordable, user-friendly IT-related services for all.

In his trademark style, Richard Stallman, founder of the Free Software Foundation, proposed a few interesting insights: “We should stop thinking about security as against third parties, we should stop assuming that program developers are on our side. Actually, the programmer can be the enemy, so we must be sure that there is no one with that much control”. More controversially, during Panel 2 on the role of free/open source software, Stallman said that computing trustworthiness is a “practical advantage or convenience” rather an additional requirement for computing freedom. Guerreschi opposed a different opinion by which the lack of meaningful trustworthiness turns inevitably the other four software freedoms into a disutility to their users. According to Michael Hohmuth (CEO at Kernkonzept, Dresden), one obstacle preventing user control is the “complexity of our operating systems…and of course the solution is trying to reduce this complexity, something that we try to address by putting all the components that user cannot trust any more in its own little compartment“, thus enabling some simpler verification steps.

On the hardware side, Kai Rannenberg (Professor of Business Informatics at Frankfurt’s Goethe University) focused on the importance of “embedding” trust in the same manufacturing process, and “today EU seems to have only a limited capacity to come up with its own value chain to build trust in hardware, and companies should definitely move forward in this direction“. And Stallman highlighted the essential part of “developing free hardware designs for the kind of chips that you need…and people are working on such projects“.

In wrapping up on the hardware security issue, Andreas Wild (executive director of ECSEL JU) insisted on a broader and integrated strategy for a possible solution: “Most widely publicized cyber-attacks happen through unauthorized access and malicious software alterations in inter-connected operational systems. Therefore, a secure system needs robust design methodologies, trustworthy supply chains, controlled manufacturing sites, and safe methodologies in deploying and operating it, and this with regard to both hardware and software”.

On the related topic of IT certifications for safe methodologies, two engaging panels covered the new high-assurance international certifications and governance models (Panel 1) and the prospect voluntary certification procedures for lawful access (Panel 3). The panelists agreed that this is a long-term process, and we’d always stay focused on providing safeguards that are at least good enough to reconcile meaningful personal privacy, effective lawful access and prevention of malevolent use. The leading cryptographers Ivo Desmedt and Jovan Golic presented some broad options for key recovery options, that may enable public or private entities to voluntarily provide compliance to lawful access requests, through independent and offline third-party processes based on decades of experience with secret sharing cryptographic protocols, which can also ensure the so-called forward secrecy. The president of the Brazilian IT agency SERPRO, Mazoni, presented his plans for delivering meaningful privacy and enabling lawful investigations for public employees.

The last panel on Day 1, number four, looked into the role of new high-assurance IT standards to promote the benefits and prevent the risks of advanced AI (Artificial Intelligence), as well as considering its role in state public security activities as both a tool and threat to freedom and public safety. A concluding panel on the second day attempted to merge the various perspectives emerged in the two-day workshop – insisting, among other things, on the need to broaden the international cooperation on these complex topics, particularly on IT certification procedures.

Finally, Rufo Guerreschi announced that “probably next spring we will have a similar workshop in Washington DC”, and introduced the upcoming Free and Safe in Cyberspace – LatAm Edition event in Iguazu, Brazil (October 16th 2015), as part of LatinoWare 2015, one of the largest free software conferences in the world.

organizer

The Trustless Computing Association is a non-profit organization, based in Zurich, that has aggregated World-class partners and advisors to build open IT technologies, certifications and ecosystems that can deliver levels of trustworthiness that are radically higher than state-of-the-art. Together with its spin-off startup TRUSTLESS.AI – based in Zurich – the associaiton has been building (1) Trustless Computing Certification Body, a new IT security standards-setting, certification body, aimed at radically-unprecedented levels of trustworthiness, while at once solidly enabling legit lawful access and (2) building the Seevik Pod and Net, an initial open computing base, ecosystem and IT device, compliant to such new certifications.

Sponsors

eit-sdigital
logo-aeneas-color
1345

Bruce Schneier

Board member at Electronic Frontier Foundation, Open Technology Institute and EPIC. Fellow at Harvard Law School. CTO at Resilient Systems.

Bruce Schneier is an American cryptographer, computer security professional, privacy specialist and writer. He is the author of several books on general security topics, computer security and cryptography. Schneier is a fellow at the Berkman Center for Internet & Society at Harvard Law School, a program fellow at the New America Foundation’s Open Technology Institute. He has been working for IBM since they acquired Resilient Systems where Schneier was CTO. He is also a contributing writer for The Guardian news organization. After receiving a physics bachelor’s degree from the University of Rochester in 1984, he went to American University in Washington, D.C. and got his master’s degree in computer science in 1988. He was awarded an honorary Ph.D from the University of Westminster in London, England in November 2011. The award was made by the Department of Electronics and Computer Science in recognition of Schneier’s ‘hard work and contribution to industry and public life’. Schneier was also a founder and chief technology officer of BT Managed Security Solutions, formerly Counterpane Internet Security, Inc.

Bart Preneel

Director at COSIC TU Leven.

Bart Preneel is the Director at COSIC TU Leuven, and the president at International Association for Cryptologic Research. He received the Electrical Engineering degree and the Doctorate in Applied Sciences from the Katholieke Universiteit Leuven (Belgium). He is currently full professor (gewoon hoogleraar) at the Katholieke Universiteit Leuven. He has been visiting professors at the Technical University of Denmark (2007), Graz University of Technology in Austria (1997-2006), the University of Bergen in Norway (1997-2001), Ruhr-Universitaet Bochum in Germany (2001-2002) and at the University of Ghent (1994-2002). He is a scientific advisor of Philips Research (the Netherlands). During the academic year 1993-1994, he was a research fellow of the EECS Department of the University of California at Berkeley. His main research interests are cryptology and information security. He has authored and co-authored more than 200 scientific publications and is inventor of two patents. He was president of the IACR (International Association for Cryptologic Research) and he is a member of the Editorial Board of the Journal of Cryptology, the IEEE Transactions on Information Foresnsics and Security, and the International Journal of Information and Computer Security. He is also a Member of the Accreditation Board of the Computer and Communications Security Reviews (ANBAR, UK). He has participated to more than 20 research projects sponsored by the European Commission, for four of these as project manager. He is currently project manager of the European Network of Excellence ECRYPT, which groups more than 250 researchers in the area of cryptology and watermarking

Richard Stallman

President of the Free Software Foundation. Founder of the Free Software movement. Inventor of the Free/Open Source Software licenses. Creator of the GNU/Linux OS,

Richard Stallman is an American free software movement activist and programmer. He campaigns for software to be distributed in a manner such that its users receive the freedoms to use, study, distribute and modify that software.  Software that ensures these freedoms is termed free software. Stallman launched the GNU Project, founded the Free Software Foundation, developed the GNU Compiler Collection and GNU Emacs, and wrote the GNU General Public License. Stallman launched the GNU Project in September 1983 to create a Unix-like computer operating system composed entirely of free software. With this, he also launched the free software movement. He has been the GNU project’s lead architect and organizer, and developed a number of pieces of widely used GNU software including, among others, the GNU Compiler Collection, the GNU Debugger and the GNU Emacs text editor. In October 1985 he founded the Free Software foundation . Stallman pioneered the concept of copyleft, which uses the principles of copyright law to preserve the right to use, modify and distribute free software, and is the main author of free software licenses which describe those terms, most notably the GNU General Public License (GPL), the most widely used free software license. In 1989, he co-founded the League for Programming Freedom. Since the mid-1990s, Stallman had spent most of his time advocating for free software, as well as campaigning against software patents, digital rights management (which he referred to as digital restrictions management, calling the more common term misleading), and other legal and technical systems which he sees as taking away users’ freedoms. This has included software license agreements, non-disclosure agreements, activation keys, dongles, copy restriction, proprietary formats and binary executables without source code.

Andreas Wild

Executive Director of ECSEL JU

Dr. Andreas Wild is the Executive Director of the ECSEL Joint Undertaking, a public-private partnership on nanoelectronics, embedded software and smart system integration established as an autonomous European Union body through the merger of ENIAC and ARTEMIS JUs. Prior to joining ECSEL JU, Andreas Wild was the European R&D Director for Freescale Semiconductor and Motorola Semiconductor Products Sector. In his career, he managed Motorola R&D laboratories in U.S.A., Latin America, and Germany. He has an MS degree from the University “Politehnica” Bucharest, and a Ph.D. from the Institute of Atomic Physics in Bucharest, Romania, authored 28 patents and more than 50 technical publications. His specialties include International management in semiconductor components and systems, negotiation and management of alliances and partnerships, including public-private partnerships, program management. 28 patents, more than 50 technical publications, and can speak seven languages.

Michael Sieber

Director at the BAAINB of the German Armed Forces (the Federal Office for Equipment, Information Technology and Use). Formerly Head of Information Superiority of the European Defence Agency. (2014-2016), and Assistant Director Research & Technology (2010-2013).

Michael Sieber has a Diploma in Electrical Engineering. During his military and civil service in the German Armed Forces he assumed various responsibilities in operational, technical and international domains. This included munitions, vehicles, robotics, communications, modelling & simulation, radio frequency/electro-optical sensors, reconnaissance technology, electronic warfare. He led larger international projects with the US, Singapore and Chile. During his assignments abroad he worked with NATO in The Hague (Netherlands), and the Canadian Department of National Defence in Ottawa. In the German Ministry of Defence he was Senior International Armaments Affairs Officer, before he joined the European Defence Agency (EDA) as Assistant Research & Technology Director in 2010. Within the new EDA structure effective from 2014 he assumed the position as Head of the Information Superiority Unit.

Wojciech Wiewiórowski

Deputy European Data Protection Supervisor.

Dr. Wojciech Wiewiórowski graduated from the Faculty of Law and Administration of the University of Gdańsk, and in 2000, he was awarded the academic degree of Doctor in constitutional law. After graduation he was editor and then publisher in legal publishing houses. In 2002, he began to work as lecturer at Gdańsk College of Administration, and since 2003 he was assistant professor and head of Legal IT Department at the Faculty of Law and Administration of the University of Gdańsk, with which he has been associated since 1995. Since 2006, he has been working for public administration. He was among others adviser in the field of e-government and information society for the Minister of Interior and Administration, as well as Vice-president of the Regulatory Commission of the Polish Autocephalous Orthodox Church. In 2008, he took over the post of the Director of the Informatisation Department at the Ministry of Interior and Administration. He also represented Poland in committee on Interoperability Solutions for European Public Administrations (the ISA Committee) assisting the European Commission. He was also the member of the Archives Council to the Ministry of Culture and National Heritage. He is a member of the Polish Association for European Law. In 2010, he was elected by Polish Parliament for the post of the Inspector General for the Protection of Personal Data (Polish Data Protection Commissioner), which he served by November 2014 being re-elected for the second term. In that capacity, he was also Vice-Chair of the Working Party Art. 29 from February until November 2014. In December 2014, he was appointed Assistant European Data Protection Supervisor.

Marcos Vinicius Mazoni

President of SERPRO. Main Brazilian IT public agency, delegated by President Roussef to develop state-surveillance-proof email systems for government officials.

Marcos Vincius Mazoni is the CEO of Serpro. An enthusiast in free software, he was one of the precursors of the branch in Brazil, having coordinated the I FISL. He has a degree in business administration and a postgraduate degree in information technology from FGV, and business management from UFRGS. He worked for 20 years at Companhia Riograndense de Telecomunicações. He also worked at the Porto Alegre City Hall, at Procempa , and at ASBEMI and ABEP, and he was president of Procergs , from 1999 to 2002; director, from Celepar, Paraná state computer company, from 2003 to 2006; and president and CEO of Serpro , from 2007 to 2016.

Jovan Golic

Privacy, Security and Trust Action Line Leader of EIT Digital.

Jovan Golic has been working in the field of information security for more than three decades, both in academic and industrial world. In his current position at the Security Lab of Telecom Italia Group, he has been working on a number of projects related to data anonymization and pseudonymization, format-preserving and syntax-preserving encryption, pseudorandom number generation and stream ciphers, true random number generation in hardware, secure hardware implementations, secret sharing and key agreement protocols, intrusion detection, statistical anomaly detection, biometric authentication, authentication in ad hoc networks, security in information-centric networks, and embedded SIM protocols. He has been also involved in startup creation and delivering services and products to the market.

Rufo Guerreschi

Executive Director of the Trustless Computing AssociationCEO of its spin-off TRUSTLESS.AIFounder of the Free and Safe in Cyberspace conference series.

Executive Director of the Trustless Computing Association. CEO of  TRUSTLESS.AI Founder of the Free and Safe in Cyberspace conference series. IT security entrepreneur, expert and activist with 20 years of experience. Founded and exited e-democracy startup Participatory Technologies. At 4thpass, acquired by Motorola, he sold +$10M java mobile app stores, including to Telefonica. Founder of the Trustless Computing Association. Launched the Free and Safe in Cyberspace event series.As CEO at Open Media Park, he brought the valuation of the planned EU’s 2nd largest IT/media park from €3m to €21m.

Yvo Desmedt

World-renowned cryptographer, and pioneer of threshold cryptography.

Yvo Desmedt received his Ph.D. (Summa cum Laude) from the University of Leuven, Belgium (1984). He was program chair of ICITS 2007, co-program chair of CANS 2005, program chair of PKC 2003, the 2002 ACM Workshop on Scientific Aspects of Cyber Terrorism and Crypto ’94. He has authored over 200 refereed papers. He has given invited lectures at several conferences and workshops in 6 different continents. His first Assistant Professor position was at the Universite de Montreal (Canada). Other positions include: University of Wisconsin (Milwaukee), Florida State University and University College London. He declined an offer of Vice President of Citibank (New York, New York), and has held visiting appointments at Technion (Israel), Tokyo Institute of Technology (Japan), University of Karlsruhe (Germany), AIST (Japan), Macquarie University (Australia), etc. He also went on research visits to AT&T Research, Certicom, ETH, IBM Yorktown Heights, Philips Research Laboratory, Technical University Eindhoven (TU/e), University of Waterloo, and others.

Steven Bellovin

Prof. at Columbia University. Co-author of foundational papers on state attempts to reconcile cyber-investigation and privacy (19972013)

Steven M. Bellovin is a researcher on computer networking and security. He is currently a Professor in the Computer Science department at Columbia University, having previously been a Fellow at AT&T Labs Research in Florham Park, New Jersey. In September 2012, Bellovin was appointed Chief Technologist for the United States Federal Trade Commission, replacing Edward W. Felten, who returned to Princeton University. In February 2016, Bellovin became the first technology scholar for the Privacy and Civil Liberties Oversight Board.

Kai Schramm

Vice President of Security Architecture of CREDIT SUISSE.

Vice President of Security Architecture of Credit Suisse. Security Expert with over 15 years of experience. He started his caree as a specialist in Smart Card Security and Side Channel attacks and subsequenttly worked on topics such as cyber risk management, development of the security strategies and taget reference architectures driving strategic investment decisions. Holds a Phd in Electrical engineering with a focus on embedded systems security.  Holds CISSP, CCSP, CISA certifications. Has worked in Germany, Switzerland, UK, USA and Japan, in large and small corporate environment and in the banking sector for the last ten years.

Melle Van Den Berg

ManagingConsultantat
CapGeminiCyberSecurity Consulting. Co-author of the “Mass Surveillance Part 2 – Technology foresight, options for longer-term security & privacy improvements” 

Trained in political science and administration, practical experience in the government consultancy and project management. I am the founder and business director at De Speld, Holland’s main satirical website. Specialties: Cyber Security, Crisis Management, Security Management, Privacy, Cultural Entrepreneurship 

Peter Ide-Kostic

Senior Policy Analysts at EU Parliament Science and Technology Options Assessment unit (STOA) and the EU Parliament LIBE Committee Secretariat.

Administrator, policy analyst within the Secretariat of the Committee on Civil Liberties, Justice and Home Affairs of the European Parliament.
Specialties: Parliamentary research, Security Management, Project and Program management, Technology Assessment (TA), Physical Security, Information Security, Technical security, IT security, Personal data Protection, Travel Security, Personal Security, Risk Management, Contingency Planning, Business Continuity Management, Disaster Recovery Management, Crisis Management, Security Investigations, Threat Assessment, People management, Financial and Budget management, emerging TIC and security technologies, Program and Project management 

Michel Jaccard

Founder and CEO of Id Est Avocats, Swiss law firm specialized in digital privacy and open innovation.

Michel is the Founder of Id Est avocats, an award winning boutique law firm located in Switzerland focusing on delivering strategic and expert advice to successful startups, innovative companies and global brands in the fields of technology, media, intellectual property, privacy and cybersecurity. Michel is also a widely respected corporate law specialist and has acted with his team on some of the most significant rounds of financing, strategic investments, acquisitions and divestitures in the technology sector in recent years in Western Switzerland, including several exits to major US buyers. Michel graduated with honors from Lausanne University (J.D.’93, Ph.D.’96) and Columbia University (LL.M.’97, Fulbright Grantee and Harlan Fiske Stone Scholar). He has practiced law for more than 15 years in Switzerland and abroad in leading business law firms, including as head of practice. He is admitted to the Swiss and New York bars and worked in 2003-2004 in the IP/IT department of White & Case LLP in New York. He has been active in open source matters since 2005, and is a founding member of the International Free and Open Source Law Review (IFOSSLR) editorial committee. Michel was listed among the “300 most influential personalities” in Switzerland by Bilan Magazine and has received top rankings in tech | media | IT | IP and corporate | M&A by leading guides such as Chambers, Legal500 and Best Lawyers.

Bjoern Rupp

CEO of GSMK Cryptophone, mobile end-to-end encryption and mobile device security pioneer. GSMK makes the only cryptophone whose SW stack is publicly verifieable withouth NDA.

Dr. Rupp ist Geschäftsführer der GSMK Gesellschaft für Sichere Mobile Kommunikation mbH mit Sitz in Berlin und verfügt über mehr als 20 Jahre Erfahrung in der Telekommunikationsbranche, davon über 14 Jahre im Bereich Telekommunikations- und IT-Sicherheit. Nach vorangegangener Tätigkeit für eine internationale Unternehmensberatung im Geschäftsbereich Telekommunikation, Informationstechnologie, Medien und Elektronik (TIME) übernahm er 2003 Aufbau und Geschäftsführung der GSMK, die heute in über 50 Ländern weltweit mit hochsicheren Mobiltelefonen und Produkten für die Kommunikations- und Endgerätesicherheit präsent ist.

Pierre Chastanet

Senior Policy Analysts at EU Parliament Science and Technology Options Assessment unit (STOA) and the EU Parliament LIBE Committee Secretariat.

Pierre is Head of Unit Cloud & Software at the European Commission and is notably in charge of the European regulation on the free flow of non-personal data and the implementation of cloud policies. He has been working for 12 years at the European Commission in various management and policy development assignments, in the area of cybersecurity, digital privacy, ICT for societal challenges, green ICT and telecom innovation. Prior to that, Pierre acquired over 10 years of ICT experience, mostly in various IT management positions at Procter & Gamble. Pierre holds an M.S. in Telecommunication Engineering from Telecom ParisTech, an M.A. in International Politics from the Free University of Brussels and a B.Sc in Economics from the London School of Economics and Political Science.

Alberto Pelliccione

CEO of ReaQta

Alberto Pelliccione has been active in the field of malware analysis since 1998, he’s been a cybersecurity trainer for governmental institutions and a researcher at the National Council of Research on Artificial Intelligence and Autonomous Collaborative Agents. He later moved on to the intelligence sector, where he led a team of high profile cybersecurity experts to develop attack tools, used by governmental agencies worldwide to conduct cyber intelligence operations. Since 2014 he’s Founder and CEO at ReaQta and he is now on a journey to create a next-generation intelligent cybersecurity solution capable of addressing the most sophisticated threats.

Roman Yampolskiy

Long-term AI and IT security expert, author and professor. Director of the Cyber Security Lab. Author of “Artificial Superintelligence: a Futuristic Approach

Dr Roman V. Yampolskiy is a Tenured Associate Professor in the Department of Computer Engineering and Computer Science at the Speed School of Engineering, University of Louisville. He is the founding and current director of the Cyber Security Lab and an author of many books including Artificial Superintelligence: a Futuristic Approach. During his tenure at UofL, Dr. Yampolskiy has been recognized as: Distinguished Teaching Professor, Professor of the Year, Faculty Favorite, Top 4 Faculty, Leader in Engineering Education, Top 10 of Online College Professor of the Year, and Outstanding Early Career in Education award winner among many other honours and distinctions. Yampolskiy is a Senior Member of IEEE and AGI, Member of Kentucky Academy of Science, and Research Advisor for MIRI and Associate of GCRI. Roman Yampolskiy holds a PhD degree from the Department of Computer Science and Engineering at the University at Buffalo. He was a recipient of a four year NSF (National Science Foundation) IGERT (Integrative Graduate Education and Research Traineeship) fellowship. Dr Yampolskiy’s main areas of interest are AI Safety, Artificial Intelligence, Behavioral Biometrics, Cybersecurity, Digital Forensics, Games, Genetic Algorithms, and Pattern Recognition. Dr Yampolskiy is an author of over 100 publications including multiple journal articles and books. His research has been cited by 1000+ scientists and profiled in popular magazines both American and foreign.

Eric Drexler

Senior Visiting Fellow at the Oxford Martin School, Oxford University.

Eric Drexler is an American engineer best known for popularizing the potential of molecular nanotechnology (MNT), from the 1970s and 1980s. His 1991 doctoral thesis at Massachusetts Institute of Technology was revised and published in 1992 as the book “Nanosystems: Molecular Machinery Manufacturing and Computation”, which received the Association of American Publishers award for Best Computer Science Book of 1992. Drexler holds three degrees from MIT. He received his B.S. in Interdisciplinary Sciences in 1977 and his M.S. in 1979 in Astro/Aerospace Engineering with a Master’s thesis titled “Design of a High Performance Solar Sail System.”

Raoul Chiesa

President of Security Brokers. Formerly consultant and advisor to ENISA, Nato, Italian MoD,UNICRI.

Known as “The Most Famous Italian Hacker”, Raoul Chiesa starts his web adventure at the age of twelve. He first sneaked into military and government institutions and banks. Internationally famous, he affirms his role and shows his skills by sneaking into Banca d’Italia in 1995. Shortly after, SCO (Central Operative Section of the Italian Police), on a FBI hint, arrests him with thirteen different charges. After persuading the enquirers of his good faith, he spends four months in house detention. Finally, this event forced him out of the dark web and start working on cybersecurity. He defines himself as an “ethical hacker” and becomes the European leader in cybersecurity helping several governments facing web-related issues.