Debunking the Zero-Sum Game
The World is quickly turning into a Hacker Republic whereby those with the most informational and hacking superiority accrue all the power. We believe this is not inevitable.
Root causes are hypercomplexity, paradigms based on unverified trust and, ultimately, the unresolved apparent dichotomy between citizens’ right of privacy and nations’ duty of preserve cyber-investigation capabilities.
At TCA, we discovered that meaningful digital freedom and public safety are not an “either or” choice but a “both or neither” challenge, which can largely be solved by reconceptualizing IT security as a governance problem.
Radically increase IT and AI trustworthiness
Since 2013, we promoting the creation and wide adoption of new IT security standard setting and certification body – and a compliant open computing base and ecosystem – that radically-exceeds the state-of-the-art in trustworthiness of critical human computing IT and AI systems, while concurrently solidly enabling legitimate lawful access. Initially for mass-market human computing scenarios in the private sector, and then in critical governmental and AI. The new Certification Body, while free-standing as a voluntary public-private initiative, will also be proposed as a “schema” within the EU Cybersecurity Certification Framework and as a new initiative under UN International Telecommunication Union (ITU-T) processes.
Our Unique Paradigms
Cybersecurity is a governance problem
All and every software, hardware and processes that are critically involved in an IT service provisioning or lifecycle – from CPU design to fabrication, from hosting room access to standard setting – are subject to extreme verification relative to complexity, or to extremely resilient cyber-social oversight, based on offline citizen-witness or citizen-jury processes. We reconceptualize the cybersecurity of any given critical IT system/experience as the by-product of the intrinsic resilience, accountability, and competency of organizational and cyber-social processes.
Why do we need a new Certification Body?
Even the most secure IT certifications and technologies available today offer levels of trustworthiness – and trustworthiness measurability – that are radically-lower than what is required by many narrow- or wide-market critical societal use cases. This problem extends to critical AI systems, which must rely on such IT for their most critical “root-of-trust” sub-systems.
Extreme accountability and competency
The statute of the Trustless Computing Association and its planned Trustless Computing Certification Body are conceived to ensure they will sustainably remain extremely user-accountable, citizens-accountable, ethical and technically-proficient. By statute, it’s decision-making power will be transferred to a mix of end-users, informed random-sampled citizens, democratic nations, and top ethical cybersecurity experts.
A Quest for Freedom within & through IT
Trustless Computing Association and its spin-off startup TRUSTLESS.AI are primarily the fruit of 17 years of the single-minded quest by Rufo Guerreschi to realize the potential of ICT to radically improve individual civil freedoms and democratic participation, by founding multiple NGOs and startups in the areas of e-participation, free software, and bleeding-edge privacy-enhancing technologies and standards. In 2013, he crossed path with Roberto Gallo, on a similar quest with similar determination – and highly complementary skills – creating a steel bond that lasts to this day. Since 2015, it has accrued top governance, technical and end-user partners.
Trustless Computing Certification Body & CivicNet
Since 2014, the Trustless Computing Association has been promoting and building the Trustless Computing Certification Body, a new IT security certification body and schema, aimed at ultra-high, radically-unprecedented levels of trustworthiness; while at once solidly enabling legit lawful access. Both such goals are achieved primarily through (1) extreme levels of ethical and public security-review in relation to complexity of all tech and processes critically-involved in the entire lifecycle, down to CPU design and chip fabrication oversight; and through (2) extreme levels of citizen-accountability, independence, and technical proficiency of the governance and socio-technical process, including the wide utilisation of citizen-witness and citizen-jury based oversight processes.
In parallel, our public and private partners, our spin-off startup TRUSTLESS.AI, and our 15-25M€ TRUSTLESS Dual-Use Initiave are building SeeVik Net: a Trustless-Computing-compliant low-royalty open computing base, ecosystem and IT service. While initially offering high-level certifications targeted at the confidentiality, integrity and non-repudiability of the most critical civilian and governmental transactions and communications, TCCB will expand to other sub-domains, and to ultra-high availability use cases. It aims to be complementary, synergic and inspirational for existing and upcoming cybersecurity certifications. It will strongly promote downward compatibility in respect to EU Secret, eIDAS Qualified, Common Criteria EAL4, SOG-IS, and inspire future certification schemas within the new European Cybersecurity Certification Framework.