A new “Free and Safe in Cyberspace – Aims and Backgrounder” is published

We have been updating extensively our event series Backgrounders for each of the FSC Challenges: A, B, C and D.

For your convenience, their full content has been made available, although in a older version of February 23rd 2016, in a single 20-pager Free and Safe in Cyberspace – Aims and Backgrounders, authored by Rufo Guerreschi and Jovan Golic (which updated FSC “original” backgrounder page of EU Edition 2015, published September 23rd 2015).

Authors

Rufo Guerreschi
Exec. Dir.Trustless Computing Association

Jovan Golic
EIT Digital Action Line Leader for Privacy, Security and Trust
Telecom Italia Information Technology

Over the last 2 days both Apple and FBI have called for a “commission” of representative stakeholders to finally discuss constructively on how we can reconcile two crucial rights of citizens, the right of privacy and the right to safety. It has been clear that some kind of structured systematic deliberative discourse and debate is useful to both sides, government and Big IT.

The FBI Director Comey had to said:

We simply want the chance, with a search warrant, to try to guess the terrorist’s passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That’s it. We don’t want to break anyone’s encryption or set a master key loose on the land. I hope thoughtful people will take the time to understand that. Maybe the phone holds the clue to finding more terrorists. Maybe it doesn’t. But we can’t look the survivors in the eye, or ourselves in the mirror, if we don’t follow this lead.

Reflecting the context of this heart-breaking case, I hope folks will take a deep breath and stop saying the world is ending, but instead use that breath to talk to each other. Although this case is about the innocents attacked in San Bernardino, it does highlight that we have awesome new technology that creates a serious tension between two values we all treasure: privacy and safety.

Apple calls even more specifically for a Commission or other panel:

We feel the best way forward would be for the government to withdraw its demands under the All Writs Act and, as some in Congress have proposed, form a commission or other panel of experts on intelligence, technology and civil liberties to discuss the implications for law enforcement, national security, privacy and personal freedoms. Apple would gladly participate in such an effort.

This new calls for commission in the US are fantastic news.

That is exactly the kind of discussions we have started in Brussels last September 2015, with the 1st Edition of Free and Safe in Cyberspace global event series, with speakers including the EU/US IT security/privacy experts and activists, and top EU official relevant agencies. But we’ve chosen to hold them in the form of a open, transparent and democratic deliberative discourse , as it should, and not in the form of back room secret discussion and deals among powerful governmental agencies and huge IT corporations.

We invite Apple and FBI – and other representative stakeholders from EU, US and world-wide – to join the discussion in our next event in New York and in Rome. We hope that this time even more leading e-privacy and digital rights NGOs, and US/EU intelligence agencies, will accept our invitation to publicly discuss this issues.

Given the track record of how in the past the USG was able to force PRISM and possibly other obligations on large IT players, digital rights and e-privacy NGOs, and other bodies representative of citizens’ interests, should be involved. They may finally decide to want to be involved a substantial part of the discussions, as they should, instead of backing way for understandable fear of legitimizing the idea that a substantial win-win solution is even remotely possible, based on the uncritical acceptance of possibly exaggerated technical reports by great experts over the last decades on the complete impossibility of solutions that would not pose “unacceptable risks to civil rights“.

US Government, Big IT companies and US NGOs cannot solve this issues by themselves, without the involvement the relevant EU stakeholders (Commission, Parliament, NGOs), and other global actors, given crucial impact that those solutions will have on EU and World citizens civil rights. Another very practical reason is the fact that any overarching solution would be critical to the ongoing negotiations on Safe Harbour, Umbrella Agreements, and other EU/US e-privacy negotiations, whose failure may impede US IT companies to hold EU citizens data outside EU territory, or possibly at all, given the extra-territorial application of US surveillance laws on US-based companies.

Thanks to the recent ruling by the EU Court of Justice on Safe Harbour, there may now be a large demand, need and opportunity for the aims of our Free and Safe in Cyberspace creation of new international socio-technical standards and certification bodies for IT systems and lawful access schemes that deliver ultra-high and constitutionally– meaningful levels of trustworthiness/assurance, while increasing cyber-investigation capabilities, preventing significant malevolent use and overall increasing public safety. Such new standards and systems would be in full compliance with such ruling.

The establishment and gradual uptake of such certification bodies by an initial set of critical IT private or public IT communications domains, could at least make available to citizens a solutions, in compliance to the Safe Harbour problem that are sector-specific, as suggested by Max Schrems, the Austrian citizen that filed the lawsuit that generated the ruling.

Such certified service providers – within the legislative frameworks of most EU nations – would provide citizens, using sector-specific IT systems, a reasonable assurance that, not only legislations, but also that  socio-technical oversight mechanisms of its operation and lifecycle by public institutions and/or trustworthy third parties would be meaningfully respectful of the EU and US Constitutions and the EU Charter of Fundamental Rights.

Nonetheless, an obvious additional benefit would come to citizens if such new standards/certifications may in the near future be uptaken as a mandatory standard, initially limited only to sector-specific  IT services offered by the state to state agencies, namely the most assurance-sensitive IT systems and services by EU, EU Members state, or even the US. It would be enacted in 12-18 months to give industry time to adapt services to match such standards.

Nations would therefore test on top state employees and officials such ambitious standards, and then  roll them out to citizens when and if they are proven to adequately protect both civil rights and cyber-investigation capabilities.

Such standards could inform a revision of the eIDAS regulation and implementation documents to recognize what is needed and possible to provide high-assurance level in compliance to the EU Charter of Fundamental Rights.

Today, we’ve invited selected speakers of the Free and Safe in Cyberspace event series, or a selected advisors of the Trustless Computing Association to join a tight-knit group of 5-9 people to devote 4-10 hours of your time, over the next 4 weeks, to jointly define – with equal decision making power! – the final text of a TRUSTLESS Computing Certification Proposal v. 2.0 (gdoc), a proposal for a new standardization and certification body for high-enough assurance for end-2-end IT services and for target lawful access systems, within current legislative and constitutional frameworks of at least some nations. It would also include some general some policy recommendations that would not essential to the societal impact of the proposed new certification, and related open target architectures. 

If you are a well-meaning, highly-competent and awesome person – like ourselves of course! – you may want to ask to the sub-committee or  contribute to the drafting process through as a member of a Consultive Group.

Such Proposal will provide the core of 3 extremely synergic aims and initiatives:

1. 1. Provide a coherent proposed answer to both Challenge A and B of the Free and Safe in Cyberspace event series, which can serve as a base of discussions for next FSC Editions, next in New York on June/July 2016. In fact, the first EU Edition sub-title was “The role of new high-assurance IT paradigms and certifications in delivering constitutionally– meaningful e-privacy and e-security to all, while preserving public safety and cyber-investigation capabilities”. 
   2. Constitute the basis a “full standardization plan” which will be one of the main outcomes of a 1M€ Trustless-based Coordination & Support Action (CSA) proposal, that we’ll submit  on April 12th Horizon 2020 DS-01 CSA: Assurance and Certification for Trustworthy and Secure ICT systems”. We’ve set up an initial draft of the proposal: PartB1-3 (gdoc) and PartB4-5 (gdoc). (we’ll also propose a 4M€ proposal to DS-01 RIA to build both the standard and an open target architecture, see our roadmap)
   3. Bring forth of our TRUSTLESS Computing Certification Campaign, centered on the related TRUSTLESS Socio-technical Paradigms (i.e. high-level conceptual standards). These have been bindingly agreed in a MoU ( to date by all the world-class participant to the TRUSTLESS 4-19M€ R&D project proposals, aimed to create a first open target architecture compliant to such standards, and which can be used to validate them.
   4. Work Notes:
      1. The document may want to go through a complete re-write, or re-framing, but I hope to have nailed some of the right content and framing. 
      2. The current draft refers to the “Lawful Hacking” paper as point of reference for high-level socio-technical components of a lawful access scheme with meaningful safeguards. Part of the work would be to expand upon it’s general recommendations.
      3. The current draft version is very similar to the version 1.0 from last July 2015,  which we presented as our OMC core proposal to FSC conference in Brussels, and was in a synthesised version the basis of day 2 panel.
      4. We’ll invite David Chaum to the US Edition of FSC, and possibly the drafting sub-committee, and possibly integrate some of the high-level ideas of its recently proposed cMix and PrivaTegrity proposal, which shares our general approach to the issues and is very complementary to our work (See this 2-page section (gdoc bookmark) of our submitted H2020 FET-Open Proposal).
      5. We may want to consider adding an addendum Backgrounder to the proposal to explain our proposal assumption, which could get inspiration from the FSC EU-Edition Backgrounder.
      6. We’ve set up a Google Group email list for general discussion, set on “daily digest” mode.

Find some initial info on our home page.

Free and Safe in Cyberspace – EU Edition
held on Sept 24-25th 2015
in Brussels, Belgium

WORKSHOP REPORT

Today there are over three billion internet users worldwide. For many, half of their awake life spent online in wide-ranging activities, spanning from personal email to grocery shopping, from political activism to enjoying best cat videos. Privacy seems a far away dream to most. But, is it?! Can’t a limited but truly private sphere created and protected! Can new standards and technologies, supplementary to overly complex mainstream devices, allow ordinary citizens to reach meaningful levels of privacy and security, at least for the most critical and personal parts of their online lives? If so, can these be made user-friendly and affordable for all, and still prevent grave risks for public safety and cyber-investigation capabilities?

These are the urgent challenges being addressed by a new public event series through the launch of the first of such events with the Free and Safe in Cyberspace 2015 workshop, held in Brussels on September 24-25th 2015, a latin american edition to be held next Oct 16th, in Brazil, and a North American version in the works. The Brussels event included: EU and US most recognised IT privacy and security experts, Schneier and Preneel, the father of free software, Richard Stallman, senior officials of leading civilian nd military EU institutions, high-assurance IT executives, and experts in advanced artificial intelligence. The workshop aimed specifically at building consensus on innovative techno-organizational certifications and certification governance models for next generation high-assurance IT services, as well as targeted (endpoint) lawful access systems. Slides and videos of this event are available on the program page.

“Perfect privacy and perfect security are impossible, and most likely will always be so. Nevertheless, it is essential to define some very high and measurable levels of trustworthiness that are compatible with the exercise of civil rights in cyberspace”, said in his introduction Rufo Guerreschi, executive director of Open Media Cluster, a small R&D non-profit based in Rome. Jovan Golic, from the co-organizing EIT Digital Privacy, Security and Trust Action Line, said: “It is frequently said that there is a trade-off between cyber-security and cyber-privacy, but that is misleading and blocking for both cyber-privacy and also for business in this area. In fact, if you don’t have cyber-privacy you cannot have real cyber-security because the data will be vulnerable to cyber attacks“. Golic went on clarifying that: “There is indeed a trade-off between cyber-surveillance and cyber-privacy, but cyber-surveillance is not the same as cyber-security. … So, we would like to have both cyber-security and cyber-privacy and also lawful cyber-surveillance. In order to achieve that, we need secure and trustworthy technologies.”

In his keynote speech, Michael Sieber (European Defence Agency) addressed a hot and controversial topic, particularly after the widespread surveillance programs revealed by Edward Snowden and more recent hacks. “Among EU member states it’s hilarious: they claim digital soverignty but they rely mostly on Chinese hardware, on US American software, and they need a famous Russian to reveal the vulnerabilities”. Most importantly, he envisioned an exciting step forward for the EU: “We can create a joint vision, big in ambition and funding; concentrate on our strengths; effectively combine ‘smart clustering’ and ‘smart regulation‘”.

Bruce Schneier, world-renowned security expert, focused on trust as a key feature to better understand the main challenges laid out for this event (and the entire “Free and Safe in Cyberspace” project). “Trust is essential to human society and we, as a species, are very trusting. But what are the security mechanisms that make this work, particularly in the IT world? Mostly we rely on transparency, oversight, and accountability,” explained Schneier. “And so in order to avoid some mechanism failure, as was the case with the recent Volkswagen cheat, we must integrate them – along with verifiable standards, liability measures and institutional drive to encourage cooperation. We’d strive to apply this formula also to these challenges, aiming at ultimately providing affordable, user-friendly IT-related services for all.”

In his trademark style, Richard Stallman, founder of the Free Software Foundation, proposed a few interesting insights: “We should stop thinking about security as against third parties, we should stop assuming that program developers are on our side. Actually, the programmer can be the enemy, so we must be sure that there is no one with that much control”. More controversially, during Panel 2 on the role of free/open source software, Stallman said that computing trustworthiness is a “practical advantage or convenience” rather an additional requirement for computing freedom. Guerreschi opposed a different opinion by which the lack of meaningful trustworthiness turns inevitably the other four software freedoms into a disutility to their users. According to Michael Hohmuth (CEO at Kernkonzept, Dresden), one obstacle preventing user control is the “complexity of our operating systems…and of course the solution is trying to reduce this complexity, something that we try to address by putting all the components that user cannot trust anymore in its own little compartment“, thus enabling some simpler verification steps.

On the hardware side, Kai Rannenberg (Professor of Business Informatics at Frankfurst’s Goethe University) focused on the importance of “embedding” trust in the same manufacturing process, and “today EU seems to have only a limited capacity to come up with its own value chain to build trust in hardware, and companies should definitely move forward on this direction“. And Stallman highlighted the essential part of “developing free hardware designs for the kind of chips that you need…and people are working on such projects“.

In wrapping up on the hardware security issue, Andreas Wild (executive director of ECSEL JU) insisted on a broader and integrated strategy for a possible solution: “Most widely publicized cyber-attacks happen through unauthorized access and malicious software alterations in inter-connected operational systems. Therefore, a secure system needs robust design methodologies, trustworthy supply chains, controlled manufacturing sites, and safe methodologies in deploying and operating it, and this with regard to both hardware and software”.

On the related topic of IT certifications for safe methodologies, two engaging panels covered the new high-assurance international certifications and governance models (Panel 1) and the prospect voluntary certification procedures for lawful access (Panel 3). The panelists agreed that this is a long-term process, and we’d always stay focused on providing safeguards that are at least good enough to reconcile meaningful personal privacy, effective lawful access and prevention of malevolent use. The leading cryptographers Ivo Desmedt and Jovan Golic presented some broad options for key recovery options, that may enable public or private entities to voluntarily provide compliance to lawful access requests, through independent and offline third-party processes based on decades of experience with secret sharing cryptographic protocols, which can also ensure the so-called forward secrecy. The president of the Brazilian IT agency SERPRO, Mazoni, presented his plans for delivering meaningful privacy and enabling lawful investigations for public employees.

The last panel on Day 1, number four, looked into the role of new high-assurance IT standards to promote the benefits and prevent the risks of advanced AI (Artificial Intelligence), as well as considering its role in state public security activities as both a tool, and threat to freedom and public safety. A concluding panel on the second day attempted to merge the various perspectives emerged in the two-day workshop – insisting, among other things, on the need to broaden the international cooperation on these complex topics, particularly on IT certification procedures.

Finally, Rufo Guerreschi announced that “probably next spring we will have a similar workshop in Washington DC”, and introduced the upcoming Free and Safe in Cyberspace – LatAm Edition event in Iguazu, Brazil (October 16th 2015), as part of LatinoWare 2015, one of the largest free software conferences in the world.

For further information, please contact us at info@free-and-safe.org

Registration for the “Free and Safe in Cybespace” workshop in open!

www.free-and-safe.org

Hurry up and register, since only 70 seats are available.
Lunch on Sept 24th is included.
Click on the link to our Eventbrite page in our event home page (above).

Subscribe to our Twitter feed for upcoming news, and please retweet this to spread the word:
https://twitter.com/freeandsafe/status/636102321294974976

Some updates:

1. Speakers: We’ve gladly received the acceptance of Dr. Andreas Wild, Exec. Dir of ECSEL JU  the main EU public R&D program for micro-electronics.
2. Sponsors: ECSEL JU and AENEAS, major microelectronics industry association, have joined as sponsors.
3. Duration: Although the workshop remains formally a one day, we have booked the same meeting room for the whole 25th morning, hold an optional, to-be-defined  and less-structured follow up to the discussions of the previous day.
4. Updates: For lesser updates, follow us on Twitter: https://twitter.com/freeandsafe 
5. Lodging. We suggest to book at the Thon Residence Parnasse, as it is at close walking and the after-event refreshment will be held nearby. You can benefit for a special event rate of 140€/night.(pedro.corlazzoli@thonhotels.be). But there are many other hotels nearby.
6. Next Steps: Throughout August, we will:
   1. add a references section with documentation relevant documentation to the discussions, as well as activate the discussion forums.
   2. seek further sponsors, in the hope that we can avail of the availability of Bruce Schneier and other relevant non-EU speakers to join in person rather than via conf call.
   3. refine and finalize the program (suggestions are welcome).
   4. revise the workshop backgrounder, based on suggestions from speakers.

As Open Media Cluster, we have created a first draft of our contribution to the discussions of the event, which we will review during the summer.

We have found a great venue for our Sept 24th 2015 event,

check it out at free-and-safe.org/location/

UPDATE: for an updated verison of this event background post, see The Challenges page. 

First, everything is broken. Revelations on systems and programs like NSA Turbine, NSA FoxAcid and Hacking Team, have shown the huge scalability – in terms low of risk and cost – of complete comprimization of end-point devices, by numerous public and private actors, and even more numerous actors that trade or lend such capabilities. It’s become clear that no IT system that assumes need for trust in any one person or organization – and there are none – can be considered meaningfully trustworthy.

What’s being doen? On the first issue, IT security industry create solutions that either are based on or add to systems which are non verifieable in critical parts, and whose complexities are way beyond what can ever be adequately verified; while IT privacy activists push simlarly inadequate existing free-open source privacy tools to the masses, while justincreasing usability, or at best seeking inadequate small grants for very inadequate complexity reduction, and increases in siolation and auditing.

Second, state backdoors are everywhere. State-mandated backdoors – legal hidden or public like the telephone interception systems – or state-sanctioned backdoors -l ike undisclosed critical vulnerabilities created, acquired or discovered, and then legally or illegaly used – are in nearly all IT devices, today.

What’s being done? On the second issue, almost all citizens recognize the benefits of enabling due process lawful access for criminal investigation, but grave incompetence and abuse by states have brought half the population to believe that such access cannot be ensured without unacceptable risks for citizens’ liberty. Over the last decades, democratic nation states have repeatedly proven to be utterly incapable of either socio-technically design, or legally oversee, or set adequate socio-technical requirements for due process lawful access systems and processes.

Everything is broken, easily.

This situation is mostly due to 2 structural, and possibly interlinked, problems:

1. The lack of sufficiently extreme and comprehensive standards for high-assurance IT services that provide meanigful confidence to end-users that the entire life-cycle of its critical components are subject to oversight and auditing processes, that are comprehensive, user-accountable, publicly-assessable, and adequately intensive relative to complexity. According to a recent ENISA report as many other expert reports, highlights: “At the time of writing, there is no single, continuous ‘line of standards’ related to cyber security, but rather a number of discrete areas which are the subject of standardisation”
2. The decisive actions, by state security agencies, to maintain pre-Internet lawful access capabilities– since the popularization of alghorhytmically-unbreakable software encryption in the 90s –  through huge sustained investments in the discovery and creation of critical vulnerabilities, throughout the lifecycle and supply chain of virtually all ordinary and high-assurance IT technologies. Furthermore, the covert nature of such programs has allowed for decades such agencies (and other advanced actors) to remotely and cheaply break into virtually all end-points thought to be safe by their users – with extremely vague accountability – as well as covertly overextend their preventive surveillance capacities.

IT security and privacy is a complete debacle from all points of view. EU citizens, businesses and elected state officials  have no access, even at high cost, to IT and “trust services” that are NOT remotely, undetectably and cheaply compromisable by a large number of medium- and high-threat actors. Criminal entities that are most well-financed avoid accountability through effective use of ultra-secure IT technologies, or by relying mostly on advanced non-digital operational security techniques (OpSec). National defenses are increasingly vulnerable to large scale attacks on “critical infrastructure” by state and non-state actors, increasingly capable of casuing substantial human and economic harm.

EU IT security/privacy businesses are increasingly unable to sustainably compete and innovate as they are unable to differentiate on the basis of meaningful and comprehensive benchmarks. They are also increasingly unable to convince users to investing in fixing vulnerabilities in one part of their systems, when most-surely many other remain in other critical parts, which are known to the same kind of threat actors. In a post-Snowden World, the success of even high-asurance cyber-security systems are increasingly  “security theatre”, because even the highest-assurance systems in the civilian market contain at least one critical vulnerability, accessible in a scalable way by even mid-level threat actors, with very low risk of discoverability and attribution. So therefore it is almost impossible to measure and sustain the actual overall security added value of any new security service, and related risk management strategies, even before assessing the increase in attack surface and vulnerabilities that any new product entails.

All the while – such security agencies’ media success in wildly overstating the “going dark” problem – has enabled them to gather substantial political and public opinion consensus for: (1) unconstitutional surveillance practices gravely affecting non-suspect citizens, and often the granting multiple redundant legal authorities; (2) the possibility to regularly press politicians and public opinion with the need to “outlaw” encryption and/or extend to all digital communications inadequate lawful access mandate traditionally reserver to telephone operators.

State-mandated or state-sanctioned backdoors are nearly everywhere, today.

The critical vulnerabilities that make so that everything is broken are nearly always either state-mandated or state-sanctioned backdoors, because the state has either created, acquired or discovered them, while keeping that knowledge hidden, legally or illegally.

After Snowden, nearly all IT privacy experts and NGOs are up in arms to fight a 2nd version of the 90s’ Crypto Wars to prevent backdoors in IT systems to be mandated by nations, in the wake of “terrorism threats”. Most are mostly focused on (a) pushing existing free-open source privacy tools to the masses, while making them more user friendly and incrementally safer with small grants and (b) going out there to campaign to fight the 2nd Crypto Wars to prevent the government to create official backdoors.

Most IT privacy experts and activists have not noticed, and are fighting on a far away imaginary frontline, when their cities are occupied by the enemy, undefended.

Meanwhile, they propose nothing about what we should do about those the backdoors and/or critical vulnerabilities that already exist everywhere. Almost no-one challenges state security agencies pretence that they are “going dark” to trumpet the dire need to find ways to enable lawful access, when they overwhelmingly are not, not even for scalable targeted attacks.

First off, the 1st Crypto War in the 90’s was not won but lost 3 times over. In fact, while the US and other government backtracked on their proposal for a ill-conceived mandatory  backdoor (such as Clipper Chip), the most powerful states, over the next 2 decade, : (1) state security agencies have have surreptitiously and undetectably place backdoors nearly everywhere, with no or much worse due process oversight, compared to the already terrible lawful interception systems; (2) Tons of valuable targets, even very very up there, have kept using IT devices that they thought lacking backdoors, but which were unknowingly snooped upon for years or decades; (3) They’ve prevented even a demand for meaningful IT devices to be developed, which did away from the need of trust in a tons of untrustworthy actors and individual along the device life-cycle.

What is a backdoor? a state backdoor?

Let’s backtrack, and make some necessary clarity in ill-defined terms.

To clarify what we mean, we necessarily need to try to understand together what a backdoor, a critical vulnerability and  a state-sanctioned backdoor.

A vulnerability is weakness in a software, hardware or human process component of a computing experience or service, for which exploitation means (information, techniques, software and/or hardware) exist or can be built, which gives an attacker the capability to impede expected actions and/or enact unexpected actions.

A backdoor is a critical vulnerability which at a given time is known and actionable to one or more entities, whose existence and/or its exploitation means details are kept hidden to most or all end-users. Such capability can be obtained through engineering subversion, acquisition or discovery. May or may not be legal and illegal. It may allow access to all data or all users, or to targeted selections.

A state-mandated backdoor is a legal and mandatory critical vulnerability and desgin by the state for a specific IT system component. It includes any current mandatory lawful interception system for telephone operators; the 90’s Clipper Chip proposal; but also any critical zero-day vulnerability, which is publicly undisclosed but legally-authorized for certain uses. Mandatory lawful interceptions systems for telephone operators are subject to national regulations – often inspired to international standards such as ETSI or NIST – which specify incredibly incomplete and inadequate technical and organizational to prevent their wide abuse. As telephone moves to IP and LEA access to such functionality is enabled from remote through VPN connections among loosely-specified end-points, the possibility of wide scale undetected abuse increase exponentially. These are gradually being expanded to other IP communications.

A much wider set of state backdoors are state-sanctioned backdoors. These include critical vulnerabilities illegally-used by state agencies, with extremely low level of accountability, due to impunity through pardons, state security claims during legal proceeeding, and more. It has emerged, in fact, that powerful state agencies have surreptitiously implanted – or illegally acquired, fept hidden or utilized – critical vulnerabilities in nearly all IT systems, that can be exploited and managed scalably and undetectably, even for nearly all highest-assurance devices, for hundreds of thousands or millions of devices. And they extensively and widely share, trade or “lend” with other agencies and nations. These are overwhelmingly extremely scalable in terms of cost per user, and risks of discoverability and attribution.
Though illegal, for state-sanctioned backdoors, it has proven to be extremely difficult to demonstrate malevolent intent of any involved parties in their non-disclosure or direct implantation of a critical vulnerability. It’s very easy to just claim to have made an error, or to not have known about it, with plausible deniability. Furthermore, the generally low or inexistent liability of vendors for critical vulnerabilities in their products, drastically reduces the economical risks of their direct involvement in such malevolent actions, which has been demonstrated by Snowden to be very common.
It is in the very definition of backdoor and state-sanctioned backdoor to be disguised as accidental critical vulnerabilities and human errors. These most probably include “errors” such as unencrypted sharing of smart-card master keys (Gemalto); SSH access keys to devices “forgotten” since beta testing phase) SSH access left “erroneously” for access (Cisco), and innumerable others.

Just a minute amount of sophisticated critical vulnerabilities – because of the nature of the target device manager skills and/or target device setup – carry cost in terms of detection, exposure of exploitation techniques and possibly some level of attribution, which are higher than average environmental interception. 

Can new IT paradigms and certifications make a difference?

Maybe, let’s see.

On or more sets of new high-assurance IT paradigms and certification standards, that can support the creation of a wide, open and resilient ecosystsem that can:

• (A) build radically-more trustworthy IT services that are meaningfully and sustainably resistant to both critical vulnerabilities and state-sanctioned backdoors, mostly within current constitutional or legal frameworks;
• (B) seek ways to ensure that existing pubblic state-mandated backdoors, such as telephone lawful interception, be radically improved in their safeguards and oversight;
• (C) Explore ways in which provider-managed socio-technical systems, certified by competent and citizen-accountable independent – which possibly shift as much as possible the risk from technical to human organizational processes –  could provide sufficient safegards for the citizen privacy and state security mandate for investigation.

However, over the last decades, states have repeatedly proven to be utterly incapable to either socio-technically design, legally manage, or issue proper standard requirements for socio-technical systems for due process lawful access. They have also been similarly unable to create voluntary or mandatory IT security standards, that were nearly sufficiently extreme and comprehensive.

Similarly, private initiatives such as Trusted Computing Group or Global Platform (trust services), have proven to align to the interests of the companies and of the states, and never of the liberties of the users, so long as no legal vendor liability for any large scale damage to such liberties, and noone else has been able to offer anything substantially more trustworthy.

So therefore, those standards will have to be primarily independent, international, highly-competent and citizen-accountable, and the role of the state can only be of official recognition of an already established and widely adopted standard, as it has happenend with the World Wide Web Consortium, but with wider user- or citizen-accountability to avoid having companies having too much control.[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]