The world’s greatest IT security and civil rights experts, including Bruce Schneier, Richard Stallman, and Bart Preneel, engaged in intense panel sessions and “micro TED-style” keynotes, brain-stormed and found common grounds with leading organizations and EU institutions, including DG Connect, ECSEL JU, EDPS, European Defence Agency.
Main ambition of the workshop is therefore to jointly define innovative techno-organizational certifications and certification governance models – within at least some current national legislative frameworks – for next generation high-assurance IT services, as well as constitutional “endpoint” lawful access systems.
Necessarily, after Snowden and recent hacks, these new paradigms will need to assume that highly-skilled state and non-state attackers, with very limited actual liability risk, are willing to devote tens of million of euros to sustainably compromise its supply chain. They will therefore renounce to the need or assumption of trust in anything and anyone that is critically involved in any critical IT service life-cycle component, from certifications governance to hardware fabrication oversight; except on the assurance quality of the overall organizational governance of all intrinsic socio-technical constrains and (dis)incentives bearing on all entities critically involved in the entire life-cycle.
We have identified the solution of two core challenges, Challenges A and Challenge B, as crucial to jump-start such opportunities, as you can see our program and the in detail in the our backgrounder.
- CHALLENGE A: Is it feasible to provide ordinary citizens access to affordable and user-friendly end-2-end IT services with constitutionally-meaningful* levels of user-trustworthiness, as a supplement to their every-day computing devices? If so, how? What scale of investments are needed? What standards/certifications can enable a user to reliably distinguish them from other services?
- CHALLENGE B: Provided that Challenge A can be met, can new voluntary international IT certifications – within some nations’ current legislative frameworks – provide safeguards that are sufficiently-extreme to reconcile meaningful personal privacy, effective lawful access and prevention of malevolent use? If so, what are the core paradigms of such certification processes?
On the medium and long term term, it is hoped that the envisioned certifications can spur substantial R&D projects and open ecosystems in a solid actionable path to participating actors and nations with: a renewed digital sovereignty of the communications of citizens and public institutions; a global business leadership in the most strategic security-sensitive IT sectors (such as autonomous vehicles, advanced narrow-AI, critical infrastructure, intelligence and lawful access systems); a reference for a “trustworthy computing base” for the defense of critical assets and infrastructures and strategic defense communication; a sound low-level technological basis and governance model for ever wider AI systems in critical societal scenarios, including autonomous and semi-autonomous moving devices.
The workshop was conceived by the non-profit R&D and innovation institute Open Media Cluster (now called Trustless Computing Association), led by Rufo Guerreschi, and co-organized with EIT Digital Action Line for Privacy, Security & Trust, led by Jovan Golic, internationally renowned cryptographer and IT security expert.
The event aims at fostering a proactive approach deploying trustworthy and transparent innovative technologies bridging the gaps between available techniques and practice. This is seen as necessary to sustain a further growth of the data-driven economy. To this end, it is also crucial to break out of the “privacy vs safety” zero-sum game mindset and, instead, decisively converge on win-win approaches and standards that will substantially reconcile basic human rights and needs to protect and control sensitive data, not only personal, on one side, with legitimate needs for cyber-investigation to get more effective protection against crimes in cyberspace and the physical world, on the other. The resolution of this apparent dichotomy is seen as necessary if meaningfully-secure high-assurance IT is to be let legally available in the market.
* Definitions. While perfect assurance is impossible we found crucial to arbitrarily define, as concretely as “possible, an high enough” target level of trustworthiness, to set a base for discussions. Therefore, for the purpose of this event, we’ll adopt the following definition: “An IT service has constitutionally-meaningful levels of trustworthiness when his levels of confidentiality, authenticity, integrity and non-repudiation are sufficiently high to make its use, in ordinary user scenarios, rationally compatible to the full and effective Internet-connected exercise of their core civil rights, except for voting in governmental elections. In more concrete terms, it defines an end-2-end computing service that warrants extremely well-placed confidence that an extremely skilled attacker – willing to perform continuous or pervasive comprimization – would incur costs and risks that exceed the following: (1) for the comprimization of the lifecycle including the supply chain, the tens of millions of euros, and significant discoverability (albeit with unlikely actual liability), that are typically sustained by well-financed and advanced public and private actors, for high-value supply chains, through legal and illegal subversions of all kinds, including economic pressures; or (2) for comprimization of a single user, the tens of thousands of euros, and a significant discoverability, such as those associated with enacting such level of abuse through on-site, proximity-based user surveillance, or non-scalable remote endpoint techniques, such as NSA TAO”.
Board member at Electronic Frontier Foundation, Open Technology Institute and EPIC. Fellow at Harvard Law School. CTO at Resilient Systems. Arguably the world’s most-renowned and recognized IT security expert.
Director at COSIC TU Leuven. President at International Association for Cryptologic Research. Arguably EU’s most peer-recognized IT security expert and researcher.
President of the Free Software Foundation. Founder of the Free Software movement. Inventor of the Free/Open Source Software licenses. Creator of the GNU/Linux OS, basis a majority of mobile and server computing devices.
Executive Director of ECSEL JU, the largest EU R&D public funding program for microelectronics, with projects exceeding 150M€ per year.
Deputy European Data Protection Supervisor. Previuosly served as Inspector General for the Protection of Personal Data at the Polish Data Protection Authority.
Marcos Vinicius Mazoni
President of SERPRO. Main Brazilian IT public agency, delegated by President Roussef to develop state-surveillance-proof email systems for government officials.
Privacy, Security and Trust Action Line Leader of EIT Digital. Privacy, Security and Trust Action Line Leader of EIT Digital. Renowned cryptanalyst and cryptographer. EIT Digital manages, through Innovation and Education action lines, about 80M€ yearly of EU funds for close-to-market IT innovation, research and education co-funding.
Executive Director at Trustless Computing Association. Project Lead at the User Verified Social Telematicsproject and the Trustless Computing Initiative. Long-time activist for the promotion of democracy within and through the use of IT.
A pioneer of threshold cryptography. Fellow of the IACR. Jonsson Distinguished Professor at University of University of Texasat Dallas, USA and Chair of ICT at University College London, UK.
Chair at Deutsche Telekom Chair of Multilateral Security at Goethe Univeristy; Privacy, Security & Civilisation AoI leader at EU NIS Platform. Member at ENISA Permanent Stakeholder Group.
Melle Van Den Berg
CapGeminiCyberSecurity Consulting. Co-author of the “Mass Surveillance Part 2 – Technology foresight, options for longer-term security and privacy improvements” commissioned in 2014 by EU Parl STOA.
Senior Policy Analysts at EU Parliament Science and Technology Options Assessment unit (STOA) and the EU Parliament LIBE Committee Secretariat.
Swiss-based attorney at corporate and tech boutique firm Id Est Avocats, specialized in open innovation, data privacy and security, free and open source licenses, and “crypto law”.
CEO of GSMK Cryptophone, mobile end-to-end encryption and mobile device security pioneer. GSMK makes the only cryptophone whose SW stack is publicly verifieable withouth NDA.
Senior Policy Analysts at EU Parliament Science and Technology Options Assessment unit (STOA) and the EU Parliament LIBE Committee Secretariat.
World-renowned AI superintelligence safety expert and professor. Author of Artificial Superintelligence. Focused on AI Containment (isolation). Active in popular media channels.
Senior Visiting Fellow at the Oxford Martin School, Oxford University, and a researcher and Internal Advisor to the Future of Humanity Institute (FHI), led by Prof. Nick Bostrom. A pioneer of nanotechnology. Member of FHI’s Oxford Martin Programme on the Impacts of Future Technology.
A widely recognized IT cracker, hacker and IT security expert. President of Security Brokers. Formerly consultant and advisor to ENISA, Nato, Italian MoD,UNICRI.
As Dir. of the Singularity Weblog he conducted over 160 interviews with the world’s best known AI experts. Graduate in economics, philosophy, and Singularity University. Has written over 800 articles and papers on the subject.
Today there are over three billion internet users worldwide. For many, half of their awake life spent online in wide-ranging activities, spanning from a personal email to grocery shopping, from political activism to enjoying best cat videos. Privacy seems a far away dream to most. But, is it?! Can’t a limited but truly private sphere created and protected! Can new standards and technologies, supplementary to overly complex mainstream devices, allow ordinary citizens to reach meaningful levels of privacy and security, at least for the most critical and personal parts of their online lives? If so, can these be made user-friendly and affordable for all, and still prevent grave risks for public safety and cyber-investigation capabilities?
These are the urgent challenges being addressed by a new public event series through the launch of the first of such events with the Free and Safe in Cyberspace 2015 workshop, held in Brussels on September 24-25th 2015, a Latin America edition to be held next Oct 16th, in Brazil, and a North American version in the works. The Brussels event included: EU and US most recognized IT privacy and security experts, Schneier and Preneel, the father of free software, Richard Stallman, senior officials of leading civilian and military EU institutions, high-assurance IT executives, and experts in advanced artificial intelligence. The workshop aimed specifically at building consensus on innovative techno-organizational certifications and certification governance models for next-generation high-assurance IT services, as well as targeted (endpoint) lawful access systems. Slides and videos of this event are available on the program page.
“Perfect privacy and perfect security are impossible, and most likely will always be so. Nevertheless, it is essential to define some very high and measurable levels of trustworthiness that are compatible with the exercise of civil rights in cyberspace”, said in his introduction Rufo Guerreschi, executive director of Open Media Cluster (now called Trustless Computing Association), a small R&D non-profit based in Rome. Jovan Golic, from the co-organizing EIT Digital Privacy, Security and Trust Action Line, said: “It is frequently said that there is a trade-off between cyber-security and cyber-privacy, but that is misleading and blocking for both cyber-privacy and also for business in this area. In fact, if you don’t have cyber-privacy you cannot have real cyber-security because the data will be vulnerable to cyber attacks“. Golic went on clarifying that: “There is indeed a trade-off between cyber-surveillance and cyber-privacy, but cyber-surveillance is not the same as cyber-security. … So, we would like to have both cyber-security and cyber-privacy and also lawful cyber-surveillance. In order to achieve that, we need secure and trustworthy technologies.”
In his keynote speech, Michael Sieber (European Defence Agency) addressed a hot and controversial topic, particularly after the widespread surveillance programs revealed by Edward Snowden and more recent hacks. “Among EU member states it’s hilarious: they claim digital sovereignty but they rely mostly on Chinese hardware, on US American software, and they need a famous Russian to reveal the vulnerabilities”. Most importantly, he envisioned an exciting step forward for the EU: “We can create a joint vision, big in ambition and funding; concentrate on our strengths; effectively combine ‘smart clustering’ and ‘smart regulation‘”.
Bruce Schneier, the world-renowned security expert, focused on trust as a key feature to better understand the main challenges laid out for this event (and the entire “Free and Safe in Cyberspace” project). “Trust is essential to human society and we, as a species, are very trusting. But what are the security mechanisms that make this work, particularly in the IT world? Mostly we rely on transparency, oversight, and accountability,” explained Schneier. “And so in order to avoid some mechanism failure, as was the case with the recent Volkswagen cheat, we must integrate them – along with verifiable standards, liability measures, and institutional drive to encourage cooperation. We’d strive to apply this formula also to these challenges, aiming at ultimately providing affordable, user-friendly IT-related services for all.”
In his trademark style, Richard Stallman, founder of the Free Software Foundation, proposed a few interesting insights: “We should stop thinking about security as against third parties, we should stop assuming that program developers are on our side. Actually, the programmer can be the enemy, so we must be sure that there is no one with that much control”. More controversially, during Panel 2 on the role of free/open source software, Stallman said that computing trustworthiness is a “practical advantage or convenience” rather an additional requirement for computing freedom. Guerreschi opposed a different opinion by which the lack of meaningful trustworthiness turns inevitably the other four software freedoms into a disutility to their users. According to Michael Hohmuth (CEO at Kernkonzept, Dresden), one obstacle preventing user control is the “complexity of our operating systems…and of course the solution is trying to reduce this complexity, something that we try to address by putting all the components that user cannot trust any more in its own little compartment“, thus enabling some simpler verification steps.
On the hardware side, Kai Rannenberg (Professor of Business Informatics at Frankfurt’s Goethe University) focused on the importance of “embedding” trust in the same manufacturing process, and “today EU seems to have only a limited capacity to come up with its own value chain to build trust in hardware, and companies should definitely move forward in this direction“. And Stallman highlighted the essential part of “developing free hardware designs for the kind of chips that you need…and people are working on such projects“.
In wrapping up on the hardware security issue, Andreas Wild (executive director of ECSEL JU) insisted on a broader and integrated strategy for a possible solution: “Most widely publicized cyber-attacks happen through unauthorized access and malicious software alterations in inter-connected operational systems. Therefore, a secure system needs robust design methodologies, trustworthy supply chains, controlled manufacturing sites, and safe methodologies in deploying and operating it, and this with regard to both hardware and software”.
On the related topic of IT certifications for safe methodologies, two engaging panels covered the new high-assurance international certifications and governance models (Panel 1) and the prospect voluntary certification procedures for lawful access (Panel 3). The panelists agreed that this is a long-term process, and we’d always stay focused on providing safeguards that are at least good enough to reconcile meaningful personal privacy, effective lawful access and prevention of malevolent use. The leading cryptographers Ivo Desmedt and Jovan Golic presented some broad options for key recovery options, that may enable public or private entities to voluntarily provide compliance to lawful access requests, through independent and offline third-party processes based on decades of experience with secret sharing cryptographic protocols, which can also ensure the so-called forward secrecy. The president of the Brazilian IT agency SERPRO, Mazoni, presented his plans for delivering meaningful privacy and enabling lawful investigations for public employees.
The last panel on Day 1, number four, looked into the role of new high-assurance IT standards to promote the benefits and prevent the risks of advanced AI (Artificial Intelligence), as well as considering its role in state public security activities as both a tool and threat to freedom and public safety. A concluding panel on the second day attempted to merge the various perspectives emerged in the two-day workshop – insisting, among other things, on the need to broaden the international cooperation on these complex topics, particularly on IT certification procedures.
Finally, Rufo Guerreschi announced that “probably next spring we will have a similar workshop in Washington DC”, and introduced the upcoming Free and Safe in Cyberspace – LatAm Edition event in Iguazu, Brazil (October 16th 2015), as part of LatinoWare 2015, one of the largest free software conferences in the world.