{"id":1400,"date":"2016-03-25T12:00:33","date_gmt":"2016-03-25T11:00:33","guid":{"rendered":"http:\/\/www.free-and-safe.org\/?page_id=1400"},"modified":"2022-08-30T09:34:39","modified_gmt":"2022-08-30T07:34:39","slug":"backgrounder-live","status":"publish","type":"page","link":"https:\/\/www.free-and-safe.org\/backgrounder-live\/","title":{"rendered":"Backgrounder on the 4 Challenges"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t

The Four CHallenges \nfor Freedom and Safety \nin Cybersapce<\/span><\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t

The FSC event series is sharply focused on solving the following 4 Challenges, more or less in a sequence:<\/h4>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t
\"\"<\/figure>

Challenge A:\u200b<\/h3>

How can we build and certify IT systems that are radically more secure than state-of-the-art?\n<\/br>\n\nRead more >><\/a><\/p><\/div><\/div>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t

\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t
\"\"<\/figure>

Challenge B:\u200b<\/h3>

If we can solve Challenge A, how can we concurrently solidly ensure legitimate lawful access?\n<\/br>\nRead more >><\/a><\/p><\/div><\/div>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t
\"\"<\/figure>

Challenge C:\u200b<\/h3>

Can ultra-high assurance IT and related certification governance models radically increase the security, privacy or safety of complex and critical IT, AI and cyber-physical systems, such as for example self-driving cars, robo-advisors, or even Facebook?\n<\/br>\nRead more >><\/a><\/p><\/div><\/div>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t

\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t
\"\"<\/figure>

Challenge D:\u200b<\/h3>

What governance models can best maximize the trustworthiness and resilience of an ultra-high assurance certifications body in critical IT and AI domains?\n<\/br>\nRead more >><\/a><\/p><\/div><\/div>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t

general<\/span> \n\nbackgrounder<\/span><\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t

The World is rapidly turning into a Hacker\u00a0<\/strong>Republic<\/strong>, where economic and political power increasingly accrues to those state and non-state actors with the most informational and hacking superiority<\/strong> in critical political, enterprise, financial\u00a0and autonomous IT systems.<\/p>

The situation is nothing short of catastrophic, with\u00a0even the most secure IT systems can be undetectably compromised by even\u00a0often mid-level attackers and increasingly<\/b> so<\/b> – even those used by top executives<\/span><\/strong>, presidential candidates<\/span><\/strong>, and by critical civilian and military infrastructure<\/span><\/strong>.\u00a0Though cybersecurity spending has grown 30 times in the last 10 years to $120 billion per year, the cost of\u00a0<\/span>cybercrime is skyrocketing accruing to $8 trillion by 2022.<\/span>\u00a0Not to mention the cost to our ordinary and active citizens<\/span><\/strong>\u00a0rights democratic institutions<\/span><\/strong>, which seem held at ransom from state and non-state groups, each accusing the other.<\/span><\/p>

A recent\u00a0PwC<\/span><\/span><\/strong>\u00a0survey highlighted how “investors see cyberthreat as the main obstacle to enterprise growth<\/span>. The CEO of IBM<\/span><\/strong> stated that “Cybersecurity has become the greatest threat to any company in the World<\/i>\u201d.<\/p>

Most\u00a0enterprises<\/span><\/span>\u00a0are spending more and more for the security of their critical IT systems, and awareness is fast emerging \u2013 via scandals like\u00a0Spectre and Meltdown<\/a>\u00a0and\u00a0CIA Vault 7<\/a>\u00a0\u2013 about how their most critical systems are scalably vulnerable to\u00a0even non-state mid-level attackers<\/span>\u00a0that too easily acquire access to state-grade hacking tools. While most internal hacks have remained undisclosed, the new\u00a0GDPR regulation<\/span>\u00a0will mandate from May 28th their disclosure within 72 hours, posing a great reputation and stock quotation damage.<\/p>

Last year, the\u00a0German Minister of Defense\u00a0<\/span>identified cybersecurity as the \u201c<\/span>single greatest threat to global stability<\/i><\/span>\u201d. This is not surprising given the increasing vulnerability, complexity and lack of adequate standards for critical civilian and military systems, which makes their hacking attribution inherently very difficult to attribute. The inadequate standards, obscurity, hyper-complexity, and forensic-unfriendliness of even the most critical systems and processes, in fact, renders\u00a0cyber-incidents very difficult to attribute<\/span>\u00a0in an internationally recognized way as International Atomic Energy Agency and the International Criminal Court have enabled, at least partly, for nuclear and war crimes incidents.<\/p>

Recent rulings of the\u00a0European Court of Justice<\/em>\u00a0have raised substantial doubts<\/a>\u00a0that most current western legislation, even when\u00a0they nominally respect citizens\u2019 rights,\u00a0are not supported\u00a0by implementation regulations or external standards or certification processes (e.g. Common Criteria, SOGIS, eIDAS, ETSI-LI, etc.) that provide\u00a0sufficient transparency, accountability and oversight\u00a0safeguards<\/strong>\u00a0to users with reasonable confidence of their compliance with\u00a0European Charter of Fundamental Rights<\/em>.<\/p>

Meanwhile,\u00a0financial institutions<\/span><\/span>\u00a0are ever more victim of fraud and privacy abuse than their customers, with mounting cash and reputational costs. Their historical role, as providers of core trustworthy financial services, is being gravely threatened by\u00a0cryptocurrencies and blockchains<\/span>\u00a0\u2013 perceived as potentially safer and cheaper long-term stores of value \u2013 and by small and large competitors, unleashed by the EU Directive\u00a0PSD2<\/span>, who will be able to offer e-services \u201cover the top\u201d while claiming as much or higher trustworthiness than banks.<\/p>

Are\u00a0key assets and capabilities of nations\u2019 law enforcement, defense and intelligence<\/span><\/strong>\u00a0themselves highly vulnerable to attackers\u00a0\u2013\u00a0foreign,\u00a0domestic and internal \u2013 due to the lack of sufficiently comprehensive,\u00a0translucent<\/em>\u00a0and accountable socio-technical standards, such as in IT\u00a0facility access<\/a>,\u00a0device\u00a0fabrication<\/a>\u00a0or\u00a0assembly<\/a><\/p>

Our\u00a0democracies and politicians<\/span><\/span>\u00a0appear increasingly held for ransom by the best and most-resourced threat actors. Hacking of\u00a0electoral and primary democratic processes<\/span>, critical autonomous systems, and social media are fast becoming the military weapons of choice of nations willing to\u00a0subvert, subjugate and destabilize other nations<\/span>.\u00a0Military systems\u00a0are often no less vulnerable<\/span>, but less is publicly known since the most serious hacks become state secret when they happen.<\/p>

But then, paradoxically, even though they can remotely compromise any computing device,\u00a0public security agencies<\/span><\/span>\u00a0are often unable to make such evidence stand in court, given for the inherent corruptibility of its means of acquisition —\u00a0as jointly\u00a0declared<\/a>\u00a0by the Ministers of Interior of Germany and France. Furthermore, the tools they use for targeted interception suffered many of the same vulnerabilities of secure enterprise solutions- as highlighted by the\u00a0Hacking Team<\/a>\u00a0and the\u00a0Inslaw Promis<\/a>\u00a0scandals.<\/p>

How vulnerable are systems that\u00a0security-critical Artificial Intelligence system providers<\/span><\/strong> are promising to deploy in large scale in the near future, movable and otherwise, to attacks via their critical socio-technical low-level subsystems?\u00a0We may not\u00a0even have a\u00a0chance of\u00a0achieving\u00a0levels of safety\u00a0and security assurance that are sufficient for a\u00a0sustainable<\/em>\u00a0wide-market deployment of\u00a0advanced and critical AI systems<\/strong>, such as autonomous\u00a0movable vehicles, unless their most\u00a0low-level<\/em>\u00a0critical<\/em>\u00a0components and chips are subject to radically unprecedented levels of assurance.<\/p>

Although, it is increasingly clear that those that will entrench their<\/b> superiority in AI<\/span> will rule the World<\/b>, as Vladimir Putin stated<\/a>, the recent hacking prowess demonstrated of certain nations and groups, and the astonishing vulnerability of the most critical systems and processes of the most powerful nation in the World, leads one to believe that informal control utilising advanced AI systems combined with hackers usage of AI, maybe turn out to be even more relevant than their formal control through ownership and design<\/b><\/span>.<\/p>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t

Root Causes of Cyber-insecurity of Critical Systems<\/span><\/h3>

The root causes of this sorry state are mostly two: (1)\u00a0<\/span>hyper-complexity<\/span>\u00a0due to\u00a0market demand for\u00a0ever richer digital experiences (2) to\u00a0the fact that powerful nations inability\u00a0to prevent\u00a0internal and external abuse of the critical vulnerabilities and\u00a0<\/span>back-doors\u00a0<\/span>that t<\/span>hey insert, discover, purchase, let be, and stockpile.\u00a0<\/span>For starter, the speed of IT for\u00a0everyday computing\u00a0requires\u00a0complexity<\/span>\u00a0that is\u00a0hopelessly incompatible with\u00a0ultra-high assurance*<\/em>\u00a0IT security and privacy. There is\u00a0nothing we can do about it,<\/span>\u00a0democracies will need to adapt their rules around it, but we are ready to accept that for\u00a099%<\/span>\u00a0of our computing. But then again, there is that\u00a0\u00a01%<\/span>\u00a0of\u00a0sensitive or critical<\/em>\u00a0computing whereby we all have a\u00a0great need and demand for ultra-high\u00a0constitutionally-meaningful<\/i>\u00a0levels of\u00a0trustworthiness<\/span><\/span>, even if it requires a great sacrifice in speed, features, and cost.<\/p>

Powerful nations understandably felt the\u00a0need that every IT system should be promptly hackable at all times\u00a0<\/b><\/span>\u2013 in an era of\u00a0rampant terrorism, algorithmically unbreakable encryption and lack\u00a0of\u00a0formal<\/em>\u00a0back-doors, i.e. built-in mandated remote access mechanisms. These nations have resorted to stockpiling discovered vulnerabilities instead of fixing them, promoting inadequate and flawed standards, and outright inserting\u00a0back-doors all the way down to CPU and chip fabrication<\/span>.<\/p>

The combination of market forces driving the increasing\u00a0complexity of IT systems and life-cycles<\/u>\u00a0\u2013\u00a0<\/strong>far beyond any meaningful verifiability \u2013 and the huge investments being made by states to ensure\u00a0access to all IT systems for cyber-investigations\u00a0<\/u>at all costs<\/strong>,\u00a0have caused nearly all IT systems to become remotely and scalably exploitable by many\u00a0nations and other actors. All the while, a lucky few have access to technologies that are impregnable, or nearly so, resulting in a huge asymmetry of informational power, and therefore of societal and economic power<\/span>.<\/p>

While\u00a0\u201csecurity through obscurity<\/em>\u201d and related private and cozy certification processes have time and again proven to be inadequate,\u00a0some critical components of every IT system are still not available in the market that are publicly verifiable, let alone verified extremely enough<\/strong>. A\u00a0general-purpose CPU does not even exist\u00a0in the EU, and arguably in the US, that is publicly verifiable in both HW and SW.<\/p>

\u201cTrust cannot be added to integrated circuits after fabrication<\/em>\u201c, wrote the US Defence Science Board back in 2005. Nonetheless, even the US Department of Defense\u00a0is forced to renounce\u00a0to\u00a0<\/span>sufficiently\u00a0comprehensive\u00a0fabrication process oversight<\/em>\u00a0when they\u00a0procure their typically low amounts\u00a0of\u00a0medium- and high-performance chips since they are available today only in foreign\u00a0<\/span>megafabs<\/em>. This would not be the case if in the near future ultra-high assurance fabrication oversight processes\u00a0were required\u00a0by mass-market civilian chips in diverse sub-domains in the tens of millions of units, or more. But then,\u00a0for that to become a reality, prevention of the malevolent use of such chips will need to be ensured.<\/span><\/p>

Since Snowden, all mainstream commercial ICT providers \u2013 like\u00a0Apple, Samsung, Google, IBM<\/strong>\u00a0\u2013 are under increasing\u00a0market pressures to provide\u00a0levels of assurance that are simply impossible<\/strong>\u00a0for chips\u00a0with modern\u00a0performance and richness of features<\/strong>. A possible future\u00a0wide-market availability of ICT with\u00a0constitutionally-meaningful<\/em>\u00a0levels of assurance \u2013 that are necessarily minimally-featured and low-performance, but highly\u00a0user-friendly \u2013 could let off of such pressure\u00a0to deliver the impossible and create huge new market opportunities for\u00a0them and others to satisfy a huge unmet demand.<\/p>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t

Widespread misinformation<\/span><\/h3>

Enterprises<\/b><\/span>\u00a0and\u00a0citizens<\/b>\u00a0alike are drowning in a sea of disinformation, hypocrisy, confusion, Utopian cyber-libertarianism, and much of outright deception. It is often hard to distinguish friend from foe.<\/p>

There is a\u00a0vast natural uncoordinated alignment of interests to\u00a0<\/span><\/span>wildly overstating of the security of\u00a0secure<\/em><\/span>\u00a0apps\u00a0and devices,<\/span><\/span>\u00a0even on the face of incredible revelations. This includes secure\u00a0IT providers (from Apple, to defense contractors, to open-source\u00a0Signal\u00a0<\/span>and\u00a0Tor)<\/span>;\u00a0 journalists looking for new\u00a0security agencies\u00a0very<\/span>\u00a0<\/span>happy<\/span>\u00a0to push less expert criminals to use broken techs.\u00a0<\/span>Military technologies are often just as broken, but failure mostly by default becomes state secret.<\/span><\/p>

On one side, a club of leading digital rights NGOs and self-appointed\u00a0Big Tech<\/i>\u00a0“privacy crusaders” (like Apple) are fighting against the\u00a0introduction\u00a0of\u00a0state-mandated back-doors\u00a0<\/span>–\u00a0<\/span>a very implausible, socio-technically infeasible solution, that would reduce both civil freedoms and public safety, and mostly bait by LEAs.<\/p>

On the other side, paradoxically, all computing devices –\u00a0including those developed or promoted by such crusaders, perhaps hypocritically or delusionally<\/span>\u00a0–\u00a0are scalably hackable through\u00a0state-sanctioned back-doors,<\/span>\u00a0i.e. critical vulnerabilities beyond the point of encryption – down to OS, CPU, fabrication and standard setting – that nations develop, discover, purchase, rent, let be and stockpile. And\u00a0most importantly, they keep\u00a0<\/span>failing to keep these hands of large numbers of even non-state mid-level attackers<\/span>.<\/p>

Back-doors are already everywhere<\/b>. We have nothing to protect, no meaningful capability to preserve. Everything was taken away a long time ago. Soon after algorithmically unbreakable encryption was made widely available in 90s and nations had to resort to breaking everything beyond it in the lower technical stacks.<\/span><\/p>

So what have those crusaders proposed to solve this much bigger and present problem?<\/em><\/span>\u00a0Big Tech<\/em>\u00a0and new startups rip great profits by riding the wild overstatements of most nations claiming their “going dark” because of end-to-end apps or Tor. Meanwhile leading NGOs to propose virtually nothing to solve this, except paradoxically to intensify and regulate their lawful hacking (“Going Bright” proposal) to bypass secure apps and anonymization tools.<\/p>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t

Towards Solutions or Meaningful Advances<\/span><\/h3>

We are told daily by\u00a0nearly all privacy experts and government officials that we must\u00a0to choose between\u00a0meaningful personal privacy\u00a0and legitimately authorized cyber-investigations.\u00a0But both are essential to democracy and freedom.\u00a0What\u00a0if it was not\u00a0a choice of\u00a0\u201ceither or\u201d, a zero-sum game, but instead primarily a\u00a0\u201cboth or neither\u201d challenge, yet to be proven unfeasible?<\/b><\/p>

So the real challenge is: can we build the World 1st IT systems that can be plausibly expected to be\u00a0without\u00a0back-doors”!?\u00a0<\/span>Can we then create technologies and certifications –\u00a0for at least some IT systems –\u00a0that\u00a0radically increase by orders of the magnitude expected resistance against such state-sanctioned back-doors? But then, even if we succeed, these would, of course, be used to facilitate grave crimes unless democratic nations could cyber-investigate designated suspects? So is it an “either-or” choice or a “both-or-neither” challenge?<\/p>

Is meaningful personal\u00a0freedom<\/span>\u00a0and\u00a0effective\u00a0public\u00a0safety<\/span>\u00a0in cyberspace an\u00a0\u201ceither-or<\/em>\u201d choice<\/span>? Or is it not instead a\u00a0\u201cboth-or-neither<\/em>\u201d challenge<\/span>, that can be overcome by applying to the security of IT and lawful access processes the same\u00a0uncompromisingly<\/span>\u00a0<\/span>Trustless<\/em>\u00a0certification and oversight governance models<\/span>\u00a0that proved so successful in safeguarding paper-based democratic elections, nuclear sites safety, and commercial aviation?<\/p>

Can<\/span>\u00a0ultra-high assurance<\/em>\u00a0IT be transparently reconciled with lawful access,<\/span>\u00a0so that it can be made available to our institutions, enterprises, and citizens without creating a public safety risk? Can we be both\u00a0free<\/span>\u00a0and safe<\/span>\u00a0in Cyberspace? or do we have to choose? Can we even choose,\u00a0really, or is it a \u201cboth or neither\u201d challenge???<\/p>

Can\u00a0<\/span>new cybersecurity standards, certifications, and\u00a0compliant open comprehensive ecosystems<\/span>\u00a0– that are\u00a0radically uncompromising\u00a0<\/span>down to the CPU, fabrication oversight and standard setting,<\/span>\u00a0and complementary to ENISA, SOGIS and eIDAS initiatives –\u00a0deliver both of freedom and safety in critical IT and AI and, therefore become the basis of\u00a0<\/span>wide economic competitive advantage<\/span>\u00a0and\u00a0<\/span>ethical leadership<\/span>\u00a0for a group of leading stakeholders?<\/span><\/p>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t

CHALLENGE A:<\/span><\/strong><\/h3>

How can we build and certify IT systems that are radically more secure than state-of-the-art?<\/span><\/strong><\/h4>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t

Can new voluntary\u00a0international standards and certifications\u00a0\u00a0\u2013 within the EU Charter and most constitutional frameworks \u2013 provide\u00a0ordinary citizens access to\u00a0affordable\u00a0and\u00a0user-friendly\u00a0end-to-end IT with\u00a0constitutionally-meaningful* levels of trustworthiness, data security and privacy, as a\u00a0supplement\u00a0to their every-day computing services?<\/p>

No standards or certifications exist today that are comprehensive enough to even remotely allow a user to meaningfully assess the trustworthiness of a given end-to-end IT service. Nor any end-to-end IT service or system is available that does not contain multiple \u201cblack boxes\u201d, i.e. critical technical or organizational components which require blind trust in something or someone.<\/p>

Constitutionally-meaningful?!\u00a0\u201cWhile perfect assurance is impossible, we will say that a given end-to-end IT service and its related life-cycle has constitutionally-meaningful levels of trustworthiness when its levels of confidentiality, authenticity, integrity and non-repudiation are sufficiently high to make its use, in ordinary user scenarios, rationally compatible to the full and effective Internet-connected exercise of their core civil rights, except for voting in governmental elections.\u00a0 In more concrete terms, it is the end-to-end ICT service and life-cycle that warrants extremely well-placed confidence that an attacker aiming at continuous or pervasive compromising would incur costs and risks that exceed the following: (1) for the compromising of the entire life-cycle, tens of millions of euros, significant discoverability\u00a0and unlikely liability, that are typically sustained by well-financed and advanced public and private actors, for high-value supply chains, through legal and illegal subversions of all kinds, including economic pressures; or (2) for the compromisation of a single user, tens of thousands of euros,\u00a0and a significant discoverability, such as those associated with enacting similar levels of abuse through on-site, proximity-based user surveillance, or non-scalable remote endpoint techniques, such as NSA TAO\u201d.<\/p>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t

State of Security for commercial and high-assurance IT systems<\/span><\/h3>

Nowadays, IT security and privacy are a\u00a0complete debacle\u00a0from all points of view, from the ordinary citizen to the prime minister, from baby monitors to critical infrastructure, to connected cars and drones.<\/p>

A\u00a0<\/span>lack of sufficiently extreme and comprehensive standards<\/b>\u00a0for critical computing, and the decisive covert action of states to preserve pre-internet lawful access capabilities, have made so that, while unbreakable encryption is everywhere, nearly everything is broken; and while state-mandated or state-sanctioned back-doors are nearly everywhere\u00a0<\/span>1<\/sup><\/a>, the most skilled or well-financed criminals communicate unchecked.<\/span><\/p>

Nearly all endpoints, both ordinary commercial systems and high-trustworthiness IT systems, are broken beyond point of encryption, and exploitable at scale by powerful nations and a relatively large number of other mid- and high-level threat actors.<\/span><\/p>

EU citizens, businesses and elected state officials\u00a0<\/b>do no access, even at high cost, to IT and \u201ctrust services\u201d that are NOT remotely, undetectable and cheaply compromising by a large number of medium- and high-threat actors.\u00a0Criminal entities\u00a0that are most well-financed avoid accountability through effective use of ultra-secure IT technologies, or by relying mostly on advanced non-digital operational security techniques (OpSec).\u00a0National defenses\u00a0are increasingly vulnerable to large-scale attacks on \u201ccritical infrastructure\u201d by state and non-state actors, increasingly capable of causing substantial human and economic harm.<\/span><\/p>

The critical vulnerabilities that make nearly everything broken are mostly always either state-mandated or state-sanctioned back-doors<\/b>, because the state has either created, acquired or discovered them, while keeping that knowledge hidden, legally or illegally.<\/span><\/p>

Nearly all critical computing services include at least some critical components whose\u00a0<\/span>complexity is way beyond adequate verifiability<\/b>. Design or fabrication of critical components or processes (CPU, SoC fabrication, etc.) are not publicly verifiable, and there are\u00a0<\/span>no reasons to trust providers\u2019 carefulness and intent,\u00a0when plausible deniability is very easy, liability is almost non-existent, and state pressures to accidentally leave a door open are extremely high.<\/b><\/p>

Everything is broken<\/b> mostly because of two structural, and highly interlinked, problems:<\/span><\/p>

The lack of sufficiently extreme and comprehensive standards<\/b> for high-assurance IT services\u00a0that provide meaningful confidence to end-users that the entire life-cycles of their critical components are subject to oversight and auditing processes that are comprehensive, user-accountable, publicly assessed, and adequately intensive relative to complexity.<\/span><\/p>

The decisive actions taken by state security agencies to maintain pre-internet lawful access capabilities<\/b> \u2013\u00a0since the popularization of algorithmically-unbreakable software encryption in the 1990s \u2013 through huge sustained investments in the discovery and creation of critical vulnerabilities, permeate the life-cycle and supply chain of virtually all ordinary and high-assurance IT technologies. Furthermore, the covert nature of such programs has allowed such agencies (and other advanced actors) for decades to remotely and cheaply break into virtually all end-points thought to be safe by their users \u2013 with extremely vague accountability \u2013 as well as covertly overextend their preventive surveillance capacities.<\/span><\/p>

After Snowden, nearly all IT privacy activists are up in arms to fight what they see as a 2nd version of the 1990s\u2019 Crypto Wars to prevent back-doors in IT systems from being mandated by nations in the wake of \u201cterrorism threats\u201d. Meanwhile, they overwhelmingly refrain from proposing anything about what we should do about those state back-doors and critical vulnerabilities that already exist everywhere. Almost no-one challenges state security agencies pretense that they are \u201cgoing dark\u201d to trumpet how much they are missing capabilities to enable lawful access, when they overwhelmingly are not, not even for scalable targeted attacks. Most activists are focused on:<\/span><\/p>

pushing existing Free\/Open Source Software privacy tools to the masses, while making them more user-friendly and incrementally safer with small grants (no matter if from USG) and<\/span><\/p>

going full-out there to fight a 2nd Crypto War to prevent the government to create a state backdoor.<\/span><\/p>

First off, the\u00a0Crypto Wars in the 1990\u2019s were won in appearance, but utterly lost in essence<\/b>. In fact, while the US and other governments backtracked on their proposal for an ill-conceived mandatory backdoor (such as the Clipper Chip) and algorithmically-unbreakable encryption became accessible to anyone, the most powerful states security agencies won many times over. In fact, over the following two decades:<\/span><\/p>

powerful state security agencies have surreptitiously and undetectably placed back-doors nearly everywhere, with nonexistent or very insufficient due process oversight, compared to the already inadequate oversight lawful interception systems;<\/span><\/p>

Tons of valuable targets, even very \u201cup there\u201d, have kept using IT devices that they thought lacked back-doors, but which had been snooped upon for years or decades without their knowledge;<\/span><\/p>

The general perception that \u201cfree crypto for all\u201d had won prevented even a demand for meaningful IT devices to be developed, which could minimize, isolate, simplify and do away with the need of trust in very many of\u00a0untrustworthy<\/a>\u00a0actors<\/a>\u00a0<\/span>along critical phases of the device life-cycle.<\/span><\/p>

A mix of government self-serving disinformation and self-interested over-representation of the strength of current FLOSS solutions has brought many to believe that endpoint exploitation of well-configured FLOSS device setup is not scalably exploitable by advanced attackers.<\/span><\/p>

Many of such IT privacy activists and experts over-rely on NSA documents\u2019 reference to the fact that some advanced attackers take care not to overuse certain exploitation techniques to avoid burning them. But careful analysis of the capabilities of NSA Turbine, NSA FoxAcid, Hacking Team RCS document shows how advanced endpoint exploitation techniques allow them to scale highly and prevent such \u201cburning\u201d risk by using exploits that are beyond the ability of the target to discover, and other techniques. More recently, one leader of such activists, Jacob Appelbaum, said\u00a0clearly<\/a>\u00a0<\/span>(min 37.15-38.15): \u201cIt does seem to indicate to me that cryptography does stop them \u2026 I have seen that the Tor browser stops them from doing passive monitoring, and they have to switch to targeted. And that\u2019s good. We want them to go from bulk, or mass, surveillance to targeted stuff.\u00a0Now, the targeted stuff, because it is automated, is not different in scale but just different in methodology, .. actually. And usually they work together<\/u>\u201c<\/em><\/span><\/p>

All the while, the media success of such security agencies in wildly overstating the \u201cgoing dark\u201d problem has enabled them to gather substantial political and public opinion consensus for:<\/span><\/p>

unconstitutional surveillance practices gravely affecting non-suspect citizens, and often setting up multiple redundant legal authorities;<\/span><\/p>

convincing politicians and the public opinion of the need to \u201coutlaw\u201d encryption and\/or extend inadequate lawful access mandate, traditionally reserved to telephone operators, to all digital communications.<\/span><\/p>

All the while, by breaking everything, they expose US government, US private interests, and law enforcement and intelligence to grave damage for state security and espionage by foreign states and non-state actors.<\/span><\/p>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t

IMPACT ON IT SECURITY BUSINESS<\/span><\/h3>

EU IT security\/privacy service\/systems providers are increasingly unable to sustainably compete and innovate as they are\u00a0unable to differentiate on the basis of meaningful and comprehensive benchmarks<\/b>. They are also increasingly unable to convince users to investing in fixing vulnerabilities in one part of their systems, when most-surely many vulnerabilities remain in other critical parts, which are known to the same kind of threat actors. In a post-Snowden world, the success of even high-assurance cyber-security systems is increasingly \u201csecurity theatre<\/b>\u201d, because even the highest-assurance systems in the civilian market contain at least one critical vulnerability, accessible in a scalable way by even mid-level threat actors, with very low risk of discoverability and attribution.<\/span><\/p>

So therefore it is almost impossible to measure and sustain the current overall security added value of any new security service, and related risk management strategies, even before assessing the increase in attack surface and vulnerabilities that any new product entails. The only reliable measure of the effectiveness of an high-assurance IT security provider, private and public, relies on its \u201ccloseness\u201d to major stockpiles of vulnerabilities, mostly few large powerful states, creating pervasive intelligence network effects\u00a02<\/sup><\/a>, gravely undermining society sovereignty, freedoms and competitiveness.<\/span><\/p>

As blogger Quinn Norton\u00a0said<\/a><\/span>, everything is broken. Revelations about systems and programs like NSA Turbine, NSA\u2019S FoxAcid and Hacking Team, have shown the huge scalability \u2013 in terms of low risk and cost \u2013 of completely compromising of endpoint devices, by numerous public and private actors, and even more numerous actors that do or could trade, lend or steal such capabilities. It\u2019s become clear that no IT system that assumes need for trust in any one person or organization \u2013 and there are none today \u2013 can be considered meaningfully trustworthy.<\/span><\/p>

The exception to this rule is that there are some people in the world \u2013\u00a0top criminals, billionaires, or highest state official \u2013 who do have access to devices that are most likely not compromised by external entities<\/b>. This results in a huge asymmetry of power between them and all others, i.e. two sets of citizens.<\/span><\/p>

This situation will not be changed by a nation\u2019s law, or international treaty. Stockpiling of zero day vulnerabilities, through investment in discovery, creation and purchase by powerful state and non-state actors will keep accelerating, and\u00a0there is no chance any law or international treaty can significantly slow an acceleration of stockpiling of 0-days. Non proliferation of IT weapons is very different from other weapons like biological and nuclear, as their nature makes them easier to hide and reproduce, and they are used and spread daily by powerful actors to pursue their cyber-investigation goals.<\/span><\/p>

In summary,\u00a0there is a wide unavailability, for both citizens and for\u00a0lawful access<\/em>\u00a0schemes, of end-2-end\u00a0IT services of meaningfully high-trustworthiness levels.<\/em><\/u><\/span><\/p>

THE PROBLEM WITH CURRENT CERTIFICATIONS AND CERTIFICATIONS GOVERNANCE<\/span><\/h4>

Over the last decades, in addition to sanctioning back-doors everywhere, states have repeatedly proven to be utterly incapable of either socio-technically designing, or legally managing, or issuing proper technical and organizational certification requirements for lawful access compliance. Fittingly, states have been similarly unable to create voluntary or mandatory IT security standards that would be anything like sufficiently extreme and comprehensive.<\/span><\/p>

A recent\u00a0ENISA<\/a>\u00a0report<\/a>,<\/span> highlights: \u201cAt the time of writing, there is no single, continuous \u2018line of standards\u2019 related to cyber security, but rather a number of discrete areas which are the subject of standardisation<\/em>\u201d. The current\u00a0EU<\/a>\u00a0Cybersecurity<\/a>\u00a0Strategy<\/a><\/span>\u00a0(2013) calls for new standards and certification schemes \u2013 including supply chains and hardware \u2013 and calling for \u201ca renewed emphasis on dialogue with third countries, with a special focus on like-minded partners that share EU values<\/em>\u201d, \u201cpossibly establish voluntary EU-wide certification schemes building on existing schemes in the EU and internationally<\/em>\u201d. Recognizes \u201cthe need for requirements for transparency, accountability and security is becoming more and more prominent<\/em>\u201d. Nonetheless, ECSEL and EDA no \u201cEU computing base\u201d exist in most IT domains that is even publicly verifiable in all its critical parts.<\/span><\/p>

Consensus-based decision making processes at the core of EU institutions \u2013 and international public and mixed standard-setting bodies (such as ETSI) \u2013 have made it impossible to resist the firm will of even a single powerful country to corrupt or dilute-to-meaninglessness the standard setting process.<\/span><\/p>

Industry-driven standards are no better; standards bodies like\u00a0Trusted Computing Group<\/em>\u00a0and\u00a0Global Platform<\/em>\u00a0have focused on increasing user convenience, interoperability and reducing overall costs of violations to content copyright and integrity of financial transactions, while playing lip service to the security and privacy demands of end-users that were at odds with state security agencies.<\/span><\/p>

Therefore, the governance of such paradigms and certifications may need to be primarily independent, international, highly-competent and citizen-accountable, and the role of the national, and international governmental institutions (EU, UN, etc) \u2013 and major global IT industry players \u2013 can only be that of recognizers, adopters, and minority stakeholders. A process similar to that of the World Wide Web Consortium could be followed, but with much wider user- or citizen-accountability to keep companies from having too much control.<\/span><\/p>

What is the role of the Free\/Open Source Software movement for the prospects of wide availability of computing with meaningful user control.<\/span><\/h4>

Over the last thirty years, a huge amount of volunteer and paid work has been devoted to developing Free Software with the aim of promoting users\u2019 civil freedom in computing.<\/span><\/p>

Why then, to date, is no end-user computing device available at any cost which would give the user meaningful confidence that its computing is not completely compromised undetectably at insignificant cost and risk?<\/span><\/p>

Why is no end-user device available today that does NOT contain at least some \u201ccritical\u201d software\/firmware components that (a) are not sufficiently verified relative to complexity? or (b) are non-verifiable in its source code (without NDA) or even proprietary?<\/span><\/p>

What should be the priorities of the free software community and short and long-term objectives in a Post-Snowden World?<\/span><\/p>

Free\/Open Source Software, while providing important civil freedom, does not\u00a0directly<\/em>\u00a0improve trustworthiness of a software application or stack, in comparison to that whose source code is merely publicly-verifiable without NDA. At times, on the contrary, it has constrained available business models in ways that prevented the sustainable attraction of the very large resources necessary to guarantee a sufficiently-extreme auditing relative to complexity.<\/span><\/p>

Nonetheless, an adequate new standard may need to\u00a0very strictly mandate Free\/Open Source Software and firmware, with few and\/or temporary exceptions for non-critical parts, because it strongly promotes incentives for open innovation communities, volunteer expert auditing and overall ecosystem governance decentralisation.<\/span><\/p>

These, in turn, substantially contribute to actual and perceived security of IT, and promotes an\u00a0ecosystem that is highly-resilient to very strong economic pressures, as well as short- and long-term changing technological, legislative and societal contexts.<\/span><\/p>

Most importantly, without a highly active and well-meaning participation (paid and not paid) of many of the world\u2019s best IT security experts and \u201ccommunities\u201d, it would not be possible to achieve a sufficiently-extreme\u00a0necessary auditing intensity and quality, relative to the complexity\u00a0that is needed to achieve the project aims. Without such participation, it would be unlikely that a project even with a budget of over hundreds of millions of Euros could have reasonable expectations to prevent successful remote attacks from the numerous and varied entities, which have access to remote vulnerabilities that are regularly devised, commissioned, acquired, purchased or discovered, by entities that are extremely well-financed, have unprecedented accumulated skill-sets and often low or nonexistent actual liability.<\/span><\/p>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t

CHALLENGE B: <\/span><\/strong><\/h1>

If we can solve Challenge A, how can we concurrently solidly ensure legitimate lawful access?<\/span><\/h4>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t

(B.1) Can new\u00a0international non-governmental certification processes for end-to-end\u00a0IT service providers \u2013 with sufficiently-extreme\u00a0transparency, accountability, and oversight\u00a0safeguards, such as\u00a0multi-jurisdiction offline\u00a0oversight processes\u00a0based on peer-jury or peer-witness\u00a0\u2013 ensure unprecedented and\u00a0constitutionally-meaningful*\u00a0levels of trustworthiness, effective\u00a0onsite in-person\u00a0lawful access, and prevent malevolent use?<\/p>

(B.2) Similarly, can extreme third-party safeguards \u2013 forcibly adopted by states for their use of\u00a0remote\u00a0endpoint\u00a0lawful access schemes (i.e.,\u00a0lawful hacking) \u2013\u00a0reduce, to acceptable levels, the risk of both grave\u00a0compromises of investigative processes and of highly-scalable abuse of\u00a0innocent citizens?<\/p>

Answers to both of these challenges mostly fall in two classes:<\/p>

NO, It is impossible or nearly impossible. It is safer not to discuss or substantially research or discuss the option. Here is in detail why: \u2026<\/p>

YES, It is largely or substantially probable. Very extensive joint discussions, research, and concrete proposals are direly needed. Here are the binding high-level requirements of such standard-setting and certification processes.<\/p>

Citizens are continuously asked by states and by digital rights activists: \u201cWould you rather be free or safe?\u201d.\u00a0We suspect digital privacy and public safety are not an \u2018either-or\u2019 question, but instead a \u2018both or neither\u2019 challenge. Albeit acknowledging that solving one or both of the challenges may not be possible, we believe extensive intellectual and monetary\u00a0resources should be devoted to such attempts. Refusing to make counter-proposals that acknowledge the crucial need for constitutional lawful access and attempt to take it into account \u2013 as most digital rights activist organizations have done to date \u2013 is backfiring for digital civil rights by ensuring that governments go ahead maintaining the status quo or implement \u201csub-optimal\u201d standards and laws.<\/p>

EU Cybersecurity Strategy (2013) calls for \u201cThe same laws and norms that apply in other areas of our day-to-day lives apply also in the cyber domain.\u201d. \u201cFundamental rights, democracy and the rule of law need to be protected in cyberspace.\u00a0But freedom online requires safety and security too\u201d<\/p>

ASSURANCE OF CURRENT LAWFUL ACCESS SCHEMES<\/span><\/strong><\/h4>

Today,\u00a0state-mandated back-doors\u00a0\u2013 hidden or public like the telephone interception systems \u2013 or\u00a0state-sanctioned back-doors<\/em>\u00a0\u2013 such as undisclosed critical vulnerabilities created, acquired, discovered or used, legally or illegally \u2013 exist in nearly all IT devices.<\/p>

Over the last decade, in addition to sanctioning back-doors everywhere, individual nations states have repeatedly proven to be utterly incapable in designing, legislating or\u00a0setting\u00a0adequate technical and organizational standards\u00a0for state lawful access. Nonetheless, the dire need to reconcile privacy and cyber-investigation remains as crucial as ever.<\/span><\/p>

US and most western states have already in place plenty of legislations, and legally-authorized intelligence programs, that enable them to access a suspect\u2019s communications following a legal due process authorization, including: mandatory key disclosure, lawful hacking laws, national security letters, and other laws.<\/span><\/p>

Powerful states invest tens of millions of dollars every year in pressure of all kinds in order to ensure that\u00a0IT systems of meaningfully high-trustworthiness levels<\/em>\u00a0are not available to the civilian market and, indirectly, to nearly all of the internal intelligence, military and lawful access systems markets. Such pressures are in the form of creation and discovery of symmetrical backdoor, onsite subversion of various kinds, economic (CIA venture capital, procurement pressures, etc), patenting (NSA secret patents), legal (crypto export)\u00a0 pressures, and strong pressures to establish high-trustworthiness IT standards, that are incomplete (Common Criteria, FIPS, etc.) and compromised (Dual_EC_DRBG). That is in addition to similar activities by other powerful states, and tens of millions of Euros of investments by zero market companies.<\/span><\/p>

Nonetheless, a few of the most knowledgeable and well-funded criminals, state and non-state, regularly do use and could use custom-made end-to-end IT infrastructures that manage to avoid the use of components where critical vulnerabilities are known by powerful states. On the other hand, commercial vendors like Apple \u2013 having uniquely full control of their life-cycle, and not being mandated to store a master key \u2013 are in theory positioned to render their future systems inaccessible to lawful access. However that is very unlikely because of: the huge relative complexity of their systems and life-cycle, which inherently makes the creation of weakness via subversion, legal or illegal, by powerful state actors, as well as to independent discovery of vulnerabilities; and high-level of plausible deniability in a scenario in which Apple may be purposely leaving highly-safeguarded and asymmetrical back-doors for a few states. The same arguments are valid for current high-assurance IT systems, which in all known cases add the lack of control of a number of critical life-cycle phases.<\/span><\/p>

CURRENT BEST PRACTICES, APPROACHES AND PROPOSALS<\/span><\/h4>

Dominant strategy of mainstream digital civil rights activists<\/span><\/h4>

Almost all citizens and many activists recognize the benefits of enabling due process lawful access for criminal investigation, but the grave incompetence and abuse by states have brought most experts to believe that such access cannot be ensured without unacceptable risks for citizens\u2019 liberty.<\/span><\/p>

The IT security industry is creating solutions that either are based on or add to systems which are non verifiable in critical parts, and whose complexity is way beyond what can ever be sufficiently audited. Meanwhile, IT privacy activists push similarly inadequate existing Free and Open source privacy tools to the masses, while just increasing usability, or at best seeking inadequate small grants for very inadequate complexity reduction, and increases in isolation and auditing.<\/span><\/p>

Proposals \u201chinted at\u201d by US\/UK governments<\/span><\/h4>

In recent statements, NSA, Europol, UK Cameron, Obama, US Dept of Justice, and FBI have proposed to solve the \u201cgoing dark\u201d problem by mandating a some kind of backdoor into all IT systems. The FBI has more specifically proposed a \u201clegislation that will assure that when we get the appropriate court order . . . companies . . . served . . . have the capability and the capacity to respond\u201d<\/em>, while the NSA has been generically referring to organization or technical safeguards ensuring backdoor access authorization approval by multiple state agencies\u00a05<\/sup><\/a>, and Obama referring to a possible safeguard role of non-state entities\u00a06<\/sup><\/a>.<\/span><\/p>

From Snowden and Hacking Team revelations, it has become clear that \u2013 in addition to covertly introducing, purchasing and sanctioning symmetric back-doors everywhere \u2013 most western nations have consistently proven incapable or unwilling to design, standardize, legally oversee or certifying\u00a0lawful access<\/em>, by LEA or intelligence agencies, both for traditional phone wiretaps and for IT systems. Current schemes and systems have very poor or no citizen or legislative-branch accountability, because of lack of legal mechanisms as well as adequately accountable socio-technical systems.<\/span><\/p>

Such precedents and a number of technical facts make so that such solution would most likely turn out to be ineffective towards the most serious criminals and causing great risks for civil liberties abuse\u00a07<\/sup><\/a>. Among the infeasibilities is the fact that \u2013 short of mandating a complete and impossibly draconian control over any connected IT devices through unbreakable remote attestation \u2013 how can any master-key for\u00a0lawful access<\/em>\u00a0in IT products prevent a suspect to encrypt its messages a second time, possibly through steganography, rendering the master-key useless in reading the plain text or audio, and even hard to prove the suspect has sent an unlawfully encrypted message?<\/span><\/p>

Proposals for recommendations by EU Parliament<\/span><\/h4>

A new\u00a0report<\/a>\u00a0has been commissioned by the EU Parliament which seems to advice that \u201clawful cracking\u201d lawful access systems\u00a0\u201cwhen they are used in Europe with the appropriate oversight and safeguards could have legitimate purposes\u201d. Although, currently such systems appear to unconstitutional in Italy and Germany (except for intelligence purposes) for example, though they are legal in the US.<\/span><\/p>

\u201cNo new state-mandated backdoor\u201d proposal, by 14 leading US\/UK IT security experts (1997-2014)<\/h4>

In an open letter published last July 6th 2015,\u00a0Keys<\/a>\u00a0under<\/a>\u00a0Doormats<\/a>\u00a0\u2013 14 among the most renowned US computer security experts have made a detailed case against the introduction of new national legislations in the US and elsewhere, and possibly part of international agreements. They also list questions that any such proposal should answer in order for the public and experts to assess the foreseeable risks of grave civil liberties abuses. The document follows is intended as an upgrade to recent development of a very extensive and influential similar proposal from the 1990\u2019s,\u00a0The<\/a>\u00a0Risks<\/a>\u00a0of<\/a>\u00a0Key<\/a>\u00a0Recovery, Key<\/a>\u00a0Escrow, and\u00a0<\/a>Trusted<\/a>\u00a0Third-Party<\/a>\u00a0Encryption<\/a>.<\/p>

Proposal for formalization and regulation of \u201clawful cracking\u201d by Bellovin, Maze, Landau and Clark<\/h4>

Even some IT security experts that have been the most staunch opposers to lawful access solutions for IP communications for decades, have acknowledge that some \u201cgoing dark\u201d problems exist or could potentially exist and \u2013 regardless of quite varying opinions about its gravity \u2013 a solution will need to be found as political pressures will keep mounting\u00a08<\/sup><\/a>.<\/p>

Three of the most prominent among the 14 experts mentioned above, and Sandy Clark, have proposed<\/p>[through\u00a0Going<\/a>\u00a0Bright<\/a>, 2013, and\u00a0Lawful<\/em><\/a>\u00a0Hacking: Using<\/em><\/a>\u00a0Existing<\/em><\/a>\u00a0Vulnerabilities<\/em><\/a>\u00a0for<\/em><\/a>\u00a0Wiretapping<\/em><\/a>\u00a0on<\/em><\/a>\u00a0the<\/em><\/a>\u00a0Internet<\/em><\/a>, 2014] an alternative solution to the problem that requires the state to\u00a0\u201cexploit the rich supply of security vulnerabilities already existing in virtually every operating system and application to obtain access to communications of the targets of wiretap orders\u201d,\u00a0<\/em>and properly regulate it. It basically proposes to formalize and strictly regulates the state\u2019s ability to hack citizens pursuant a court order. It proposes very extensive measures and safeguards to mitigate the consequent negative effects, including:<\/p>

Creation of new vulnerabilities is not allowed, but only discovery and creation of exploit for existing vulnerabilities.<\/u><\/span><\/p>

Mandatory reporting of vulnerabilities to IT vendors on discovery or acquisition<\/u>, with some exceptions. It counts on the fact that new will be found and that it takes time for vulnerabilities to be patched;<\/span><\/p>

Limitation of lawful access software to only authorized access actions<\/u>\u00a0(whether intercept, search, or else).<\/span><\/p>

They propose to formalize and regulate the use of \u201clawful cracking\u201d techniques as a way to enable the state to pursue cyber-investigation:<\/span><\/p>

\u201cWe propose an alternative to the FBI\u2019s proposal: Instead of building wiretapping capabilities into communications infrastructure and applications, government wiretappers can behave like the bad guys. That is, they can exploit the rich supply of security vulnerabilities already existing in virtually every operating system and application to obtain access to communications of the targets of wiretap orders.<\/em><\/span><\/p>

We are not advocating the creation of new security holes, but rather observing that exploiting those that already exist represents a viable\u2014and significantly better\u2014alternative to the FBI\u2019s proposals for mandating infrastructure insecurity. Put simply, the choice is between formalizing (and thereby constraining) the ability of law enforcement to occasionally use existing security vulnerabilities\u2014something the FBI and other law enforcement agencies already do when necessary without much public or legal scrutiny or living with those vulnerabilities and intentionally and systematically creating a set of predictable new vulnerabilities that despite best efforts will be exploitable by everyone.\u201d<\/em><\/span><\/p>

Some emerging innovative solutions and\u00a0best practices<\/h4>

The Brazilian state IT agency SERPRO has internal regulations that\u00a0intrinsically<\/a>\u00a0requires 4 state<\/a>\u00a0officials<\/a>\u00a0of 4 different<\/a>\u00a0public\u00a0<\/a>agencies<\/a>\u00a0need<\/a>\u00a0to<\/a>\u00a0be<\/a>\u00a0physically<\/a>\u00a0present at a specific hosting room and consent in order to allow access to the emails of a state employee based on a court order. \u00a0More recently, they are\u00a0increasing<\/a>\u00a0the<\/a>\u00a0assurance<\/a>\u00a0of<\/a>\u00a0their<\/a>\u00a0solution<\/a>\u00a0for both citizens and law enforcement on the server side with additional safeguards, through Kryptus solutions.\u00a0Leading Brazilian IT security expert Roberto Gallo, CEO of Kryptus,\u00a0suggests<\/a>\u00a0similar solutions.<\/p>

Another best practice is\u00a0the\u00a0law enforcement access to a user\u2019s keys in\u00a0Austria<\/a>\u00a0for<\/a>\u00a0digital<\/a>\u00a0passports<\/a>, which currently require 3 officials from different state agencies in in-person secret-sharing and \u201cthreshold secret\u201d processes.<\/p>

Such an approaches, however, still does not deal adequately with the assurance of several other potential vulnerabilities in the life-cycle, such as: client devices HW-SW, other critical SW and HW stack on the server side, the systems use by law enforcement to manipulate and store the acquired info, hardware fabrication of critical HW components.<\/p>

In addition to much higher and more comprehensive assurance requirements \u2013 given the low level of citizen\u00a0trust in government \u2013 citizen-witnesses or citizen-juries may want to be added to the officials from different state agencies, in order to add an additional layer of guarantee.<\/p>

Related questions:<\/span><\/p>

What are the effects on public safety and well being of the current unavailability of IT devices that are reliably resistant to undetected remote compromises by mid- or high-threat entities, legal or illegal?<\/span><\/p>

What are the foreseeable effects on public safety and well being of the wide availability of such IT devices, therefore resistant even to remote access by public security agencies with legal due process?<\/span><\/p>

Could new lawful access schemes for high-assurance IT services and systems rely, not on states, but on provider-managed voluntary \u201ckey recovery\u201d schemes certified by \u201ctrustworthy 3rd parties\u201d, such as radically citizen-accountable, independent and competent international bodies?<\/span><\/p>

Could the inevitable added risk be essentially shifted from technical systems to on-site organizational processes?<\/span><\/p>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t

CHALLENGE C: <\/span><\/strong><\/h1>

Can ultra-high assurance IT and related certification governance models radically increase the security, privacy or safety of complex and critical IT, AI and cyber-physical systems, such as for example self-driving cars, robo-advisors, or even Facebook?<\/span><\/h4>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t

Can the early adoption by EU or a critical mass of nations of\u00a0ultra-high assurance low-level IT certifications and related governance models\u00a0jump-start an\u00a0<\/b>actionable path<\/em>, from the short to the long-term, to:
<\/b><\/p>

  1. restore meaningful\u00a0digital sovereignty\u00a0<\/span>to citizens, businesses and institutions, <\/li>
  2. cement their economic and civil\u00a0leadership<\/span>\u00a0in the most security-critical IT and narrow Artificial Intelligence sectors, and <\/li>
  3. substantially increase the chances of utopian\u00a0rather than dystopian long-term artificial intelligence prospects?<\/li><\/ol>

    In recent years, rapid developments in AI specific components and applications, theoretical research advances, high-profile acquisitions from hegemonic global IT giants, and heart-felt declarations about the dangers of future AI advances from leading global scientists and entrepreneurs, have brought AI to the fore as both (A) the\u00a0key to private and public economic dominance in IT, and other sectors<\/b>, in the short-to-medium term, as well as (B) the leading\u00a0long-term existential risk (and opportunity) for humanity<\/b>, due to the likely-inevitable \u201cmachine-intelligence explosion\u201d once an AI project will reach human-level general intelligence.<\/p>

    Google, in its largest EU acquisition this year acquired for 400M\u20ac a global AI leader, DeepMind; already invested by Facebook primary initial investors Peter Thiel and by Elon Musk.\u00a0Private investment in AI has been increasing 62% a year<\/b>, while the level of secret investments by multiple secretive agencies of powerful nations, such as the NSA, is not known \u2013 but presumably very large and fast increasing \u2013 in\u00a0a winner-take-all race to machine super-intelligence among public and private actors, which may well already have started<\/b>.<\/p>

    A recent survey of AI experts estimates that there is a 50% chance of achieving human-level general intelligence by 2040 or 2050, while not excluding significant possibilities that it could be reached sooner. Such estimates may even be biased towards later dates because: (A) there is an intrinsic interest in those that are by far the largest investors in AI \u2013 global IT giants and USG \u2013 to avoid risking a major public opinion backlash on AI that could curtail their grand solo plans; (B) it plausible or even probable that substantial advancements in AI capabilities and programs may have already happened but have successfully kept hidden for many years and decades, even while involving large numbers of people; as it has happened for surveillance programs and technologies of NSA and Five Eyes countries.<\/p>

    Some of the world\u2019s most recognized scientists, and most successful technological entrepreneurs believe that progress beyond such point may become extremely rapid, in a sort of \u201cintelligence explosion\u201d, posing grave questions on humans\u2019 ability to control it at all. (See Nick Bostrom TED presentation). Very clear and repeated statements by Stephen Hawking (the most famous scientist alive), by Bill Gates, by Elon Musk (main global icon of enlightened tech entrepreneurship), by Steve Wozniak (co-founder of Apple), agree on the exceptionally grave risks posed by uncontrolled machine super-intelligence.<\/p>

    Elon Musk, shortly after having invested in DeepMind, even declared, in an erased but not retracted comment:<\/p>

    \u201cThe pace of progress in artificial intelligence (I\u2019m not referring to narrow AI) is incredibly fast. Unless you have direct exposure to groups like Deepmind, you have no idea how fast-it is growing at a pace close to exponential. The risk of something seriously dangerous happening is in the five-year timeframe. 10 years at most. This is not a case of crying wolf about something I don\u2019t understand.I am not alone in thinking we should be worried. The leading AI companies have taken great steps to ensure safety. They recognise the danger, but believe that they can shape and control the digital super-intelligences and prevent bad ones from escaping into the Internet. That remains to be seen\u2026\u201d<\/i><\/p>

    Some may argue why extreme IT security to support AI safety is needed now if its consequences may be far away. One clear and imminent danger is posed by self-driving and autonomous vehicles (aerial and terrestrial) \u2013 which utilize increasingly wider narrow AI systems \u2013 and\u00a0the ease with which they can be \u201cweaponized\u201d at scale<\/b>. Hijacking the control of a large number of drones or vehicles could potentially cause hundreds of death or more, or cause hardly attributable hacks that can cause grave unjustified military confrontation escalations.<\/p>

    Richard Hawkings summarised it most clearly when he said\u00a0\u201cWhereas the short-term impact of AI depends on who controls it, the long-term impact depends on whether it can be controlled at all\u201d.\u00a0<\/b>Control relies on with IT assurance to ensure that who formally controls it is also who actually controls it, and possibly with international IT assurance certification governance that may provide a governance model for international efforts to regulate advanced AI projects or better to guide international democracy projects to develop \u201cfriendly AI\u201d before unfriendly AI gets to human-level general intelligence.<\/p>

    On Jan 23rd 2015, nearly the entire \u201cwho\u2019s who\u201d of artificial intelligence, including the leading researchers, research centers, companies, IT entrepreneurs \u2013 in addition to what are possibly the leading world scientists and IT entrepreneurs \u2013 signed Open Letter \u201cResearch\u00a0<\/a>priorities<\/a>\u00a0for<\/a>\u00a0robust<\/a>\u00a0and<\/a>\u00a0beneficial<\/a>\u00a0artificial<\/a>\u00a0intelligence<\/a><\/u>\u201d<\/em> with an attached detailed paper.<\/p>

    Such an open letter, although it is a greatly welcome and needed general document, overestimates the levels of trustworthiness and comparability of existing and planned high-assurance IT standards, as well as the at-scale costs of \u201chigh-enough for AI\u201d assurance levels, and focuses on security research as a way to make AI \u201cmore robust\u201d.<\/p>

    Such an open letter emphasizes the need for \u201cmore robust AI\u201d. A\u00a0very insufficiently-secure AI system may be greatly \u201crobust\u201d in the sense of business continuity, business risk management and resilience<\/b>, but still be extremely weak in safety or reliability of control. This outcome may sometimes be aligned with the AI sponsor\/owner goals \u2013 and those of other third parties such as state security agencies, publicly or covertly involved \u2013 but be gravely misaligned to chances to maintain a meaningful democratic and transparent control, i.e. having transparent reliability about what the system, in actuality, is set out to do and who, in actuality, controls it.
    More important than \u201crobustness\u201d, sufficiently-extreme security assurance levels may comprise the most crucial foundation for AI safety in the short and long terms, and serve to increase\u00a0transparency of who is\u00a0<\/b>actually<\/b><\/i>\u00a0in control<\/b>, as well as a precondition for verification and validity.<\/p>

    As AI systems are used in an increasing number of critical roles, they will take up an increasing proportion of cyber-attack surface area. It is also virtually certain that AI and machine learning techniques will themselves be used in cyber-attacks. There is a large amount of evidence that many advanced AI techniques have long been and are currently being used by the most powerful states intelligence agencies, to attack \u2013 often in contrast with national or international norms \u2013 end-users and IT systems, including IT systems using AI. As said above \u2013<\/u>while the levels of\u00a0investment of public agencies of powerful nations, such as the NSA, is not known \u2013 it is presumably very large and fast increasing<\/b>, in a possibly already started race among public and private actors. A race that could in the near future accelerate into a winner-take-all race. The distribution of such funding by secretive state agencies, among offensive R&D rather than defensive R&D (i.e. AI safety), will most likely follow the current ratio of tens of times more resources for offensive R&D.<\/p>

    The above Open letter states that\u00a0\u201cRobustness against exploitation at the low-level is closely tied to verifiability and freedom from bugs\u201d<\/u><\/i>.\u00a0<\/i>This is correct; but may be only partially so, especially for use in critical and ultra-critical use cases, which will become more and more dominant. It is better to talk about auditability in order not get confused with (formal) IT verification. It is crucial and unavoidable to have complete auditability and extremely diverse, competent and well-meaning actual auditing of all critical HW, SW and procedural components involved in an AI system\u2019s life-cycle, from certification standards setting, to CPU design, to fabrication oversight. (Such auditing may need to happen in secrecy, because public auditability of SW and HWs design may pose a problem in so far as project pursuing \u201cunfriendly Super-intelligence\u201d could get advantage in a winner-take-all race). Since 2005 the US Defense Science Board has highlighted how \u201cTrust cannot be added to integrated circuits after fabrication\u201d as vulnerabilities introduced during fabrication can be impossible to verify afterwards. Bruce Schneier, Steve Blank, and Adi Shamir, among others, have clearly said there is no reason to trust CPUs and SoCs (design and fabrication phases). No end-2-end IT system or standards exist today that provide such complete auditability of critical components.<\/p>

    It is\u00a0impossible, and most probably will remain so, to ensure perfectly against critical vulnerabilities<\/b>\u00a0\u2013 given the socio-technical complexity of IT socio-technical systems \u2013 even if they were to be simplified by 10 or 100 times, and with radically higher levels of auditing relative to complexity.<\/p>

    Nonetheless, it remains extremely crucial and fundamental that adequate research\u00a0could devise ways to achieve sufficiently-extreme level confidence about \u201cfreedom from critical vulnerabilities\u201d through new paradigms.\u00a0<\/b>We may need to achieve sufficient user-trustworthiness that sufficient intensity and competency of engineering and \u201cauditing efforts relative to complexity\u201d have been applied, for all critical software and hardware component.\u00a0No system or standard exist today to systematically and comparatively assess<\/b>\u00a0\u2013 for such target levels of assurance for a given end-2-end computing service, and its related life-cycle and supply-chain.<\/p>

    As stated above, all AI systems in critical use cases \u2013 and even more crucially those in advanced AI system that will soon be increasingly approaching machine super-intelligence \u2013 will need to be so robust in terms of security to such an extent that they are\u00a0resistant against multiple extremely-skilled attackers willing to devote cumulatively even tens or hundreds of millions of Euros to compromise at least one critical components of the supply chain or life-cycle<\/b>, through legal and illegal subversion of all kinds, including economic pressures; while having high-level of plausible deniability, low risk of attribution, and (for some state actors) minimal risk of legal consequences if caught.<\/p>

    In order to\u00a0reduce substantially these enormous pressures<\/b>, it may be very useful to research socio-technical paradigms by which sufficiently-extreme level of AI systems user-trustworthiness can be achieved,\u00a0while at the same time transparently enabling due legal process cyber-investigation and crime prevention<\/b>. The possible solution of such dichotomy would reduce the level of pressure by states to subvert secure high-assurance IT systems in general, and possibly \u2013 through mandatory or voluntary standards international lawful access standards \u2013 improve the ability of humanity to conduct cyber-investigations on the most advanced private and public AI R&D programs.\u00a0Cyber-investigation may be crucial to investigate some criminal activities that aimed at jeopardizing AI safety efforts.<\/b><\/p>

    There is a need to\u00a0avoid the risk of relying for guidance on high-assurance low-level systems standard\/platform projects from defense agencies of powerful nations<\/b>, such as the mentioned DARPA SAFE, NIST, NSA Trusted Foundry Program, DARPA Trust in Integrated Circuits Program, when it is widely proven that their intelligence agencies (such as NSA) have gone to great lengths to\u00a0surreptitiously corrupt technologies and standards<\/b>, even those that are overwhelmingly used internally in relatively high-assurance scenarios.<\/p>

    The\u00a0cost of radically more trustworthy low-level systems for AI could be made very comparable to commercial systems\u00a0<\/b>mostly used as standard in AI systems development. Those cost differentials could possibly be reduced to being insignificant through production at scale, and open innovation models to drive down royalty costs. For example, hardware parallelization of secure systems and lower unit costs (due to lower royalties), could make so that adequately secure systems could compete or even out-compete in cost and performance those other generic systems.<\/p>

    There is a lot of evidence to show that R&D investment on solutions to defend devices from the inside (that assume inevitable failure in intrusion prevention) could end up increasing the attack surface if those systems life-cycle are not themselves subject to the same extreme security standards as the low level system on which they rely. Much like antivirus tools, password storing application and other security tools are often used as ways to get directly to a user or end-point most crucial data. The recent scandals of NSA, Hacking Team, JPMorgan show the ability of hackers to move inside extremely crucial system without being detected, possibly for years. DARPA high-assurance program highlight how about 30% of vulnerabilities in high-assurance systems are introduced by internally security products.<\/p>

    Ultimately, it may be argued that IT assurance that is high enough for critical scenarios like advanced AI is about the competency and citizen-accountability of the organizational processes critically involved in the entire life-cycle, and the intrinsic constraints and incentives bearing on critically-involved individuals within such organizations.<\/p>

    Maybe, the dire short-term societal need and market demand for radically more trustworthy IT systems for citizens privacy and security and societal critical assets protection can be aligned in a grand strategic vision for EU cyberspace to satisfy \u2013 in the medium and long-term \u2013 both the huge societal need and great economic opportunity of creating large-scale ecosystems able to produce AI systems that will be high-performing, low-cost and still provide adequately-extreme levels of security for AI most critical usage scenarios.<\/p>

    It is worth considering if short-term and long-term R&D needs of artificial intelligence \u201c(\u201cAI\u201d) and information technology (\u201cIT\u201d) \u2013 in terms of security for all critical scenarios \u2013 may become synergistic elements of a common \u201cshort to long term\u201d vision, producing huge societal benefits and shared business opportunities. The dire short-term societal need and market demand for radically more trustworthy IT systems for citizens\u2019 privacy and security and societal critical assets protection, can very much align \u2013 in a grand strategic cyberspace EU vision for AI and IT \u2013 with the medium-term market demand and societal need of large-scale ecosystems capable to produce AI systems that will be high-performing, low-cost and still provide adequately-extreme levels of security for AI critical scenarios.<\/p>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

    \n\t\t\t\t
    \n\t\t\t\t\t
    \n\t\t\t
    <\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t
    \n\t\t\t\t\t
    \n\t\t\t
    \n\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t
    <\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t
    \n\t\t\t
    <\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t
    \n\t\t\t\t

    CHALLENGE D: <\/span><\/strong><\/h1>

    What governance models can best maximize the trustworthiness and resilience of an ultra-high assurance certifications body in critical IT and AI domains? Can such certifications and their governance models provide the basis for\u00a0 radically more trustworthy, trusted, resilient and enforceable national policies and international treaties?<\/span><\/h4>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t
    \n\t\t\t\t

    Although the creation of new or improved international standardization and certification\u00a0bodies for\u00a0<\/span>critical\u00a0end-2-end societal ICT systems<\/strong>\u00a0can\u00a0be highly effective within current legislative and constitutional frameworks and treaties \u2013 i.e.\u00a0without government\u00a0recognition\u00a0or legislative changes \u2013 they could provide the crucial socio-technical basis of the oversight, standardization and certification to ensure\u00a0the\u00a0<\/span>meaningful\u00a0enforceability<\/strong>\u00a0<\/span>of their recognition or adoption,<\/strong>\u00a0for certain classes of services,\u00a0single nations, or\u00a0by\u00a0intergovernmental\u00a0agreements and treaties.<\/span><\/p>

    Examples of\u00a0such international agreements or treaties could be the\u00a0Geneva-Convention like treaty\u00a0proposed<\/a>\u00a0by the\u00a0UN Special Rapporteur on the Right of Privacy<\/em>, the proposed\u00a0Snowden Treaty<\/em>, or standard bodies\u00a0called for<\/a>\u00a0by Bruce Schneier for the\u00a0\u201cso-called\u201d\u00a0World-Sized Web<\/em>.\u00a0Constituent processes for the creation of such\u00a0intergovernmental treaties could\u00a0get inspiration from those of the\u00a0<\/span>Coalition for International Criminal Court<\/a>,\u00a0<\/em>successfully co-lead lead by the\u00a0<\/span>World Federalist Movement,<\/em>\u00a0or a proposed constituent process\u00a0based on UN Caucuses,\u00a0which was approved by the<\/span>\u00a0World Federalist Movement 2008 Congress (post<\/a>).<\/span><\/p>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

    \n\t\t\t\t
    \n\t\t\t\t\t
    \n\t\t\t
    <\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t
    \n\t\t\t\t\t
    \n\t\t\t
    \n\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t
    \n\t\t\t
    <\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t\t\t\t
    \n\t\t\t\t\t
    \n\t\t\t
    \n\t\t\t\t\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t
    \n\t\t\t
    <\/div>\n\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

    The Four CHallenges for Freedom and Safety in Cybersapce The FSC event series is sharply focused on solving the following 4 Challenges, more or less in a sequence: Challenge A:\u200b How can we build and certify IT systems that are radically more secure than state-of-the-art? Read more >> Challenge B:\u200b If we can solve Challenge […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_mi_skip_tracking":false,"footnotes":""},"class_list":["post-1400","page","type-page","status-publish","hentry"],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/P6pluH-mA","_links":{"self":[{"href":"https:\/\/www.free-and-safe.org\/wp-json\/wp\/v2\/pages\/1400"}],"collection":[{"href":"https:\/\/www.free-and-safe.org\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.free-and-safe.org\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.free-and-safe.org\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.free-and-safe.org\/wp-json\/wp\/v2\/comments?post=1400"}],"version-history":[{"count":30,"href":"https:\/\/www.free-and-safe.org\/wp-json\/wp\/v2\/pages\/1400\/revisions"}],"predecessor-version":[{"id":13621,"href":"https:\/\/www.free-and-safe.org\/wp-json\/wp\/v2\/pages\/1400\/revisions\/13621"}],"wp:attachment":[{"href":"https:\/\/www.free-and-safe.org\/wp-json\/wp\/v2\/media?parent=1400"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}