Certification Body & CivicNet
Since 2013, the Trustless Computing Association has been building a new Trustless Computing Certification Body (TCCB) which will constitute a new high-level cybersecurity certification body and schema. aimed at ultra-high, radically-unprecedented levels of trustworthiness. The latter is primarily achieved (1) through extreme levels of ethical public security-review in relation to complexity of all tech and processes critically-involved in the entire lifecycle, down to CPU and chip fabrication oversight and (2) through governance and socio-technical process with extreme levels of citizen-accountability, independence, and technical proficiency, including the wide utilisation of citizen-witness and citizen-jury oversight processes.
In parallel, our R&D and governance partners and spin-off startup TRUSTLESS.AI are building CivicNet: a 1st compliant low-royalty open computing base, ecosystem and IT service.
While initially targeted at the confidentiality, integrity and non-repudiability of the most critical civilian and governmental transactions and communications, TCCB will expand to other sub-domains, to ultra-high availability use cases. It aims to be complementary, synergic and inspirational for existing and upcoming cybersecurity certifications.
It will strongly promote downward compatibility in respect to EU Secret, eIDAS Qualified, Common Criteria EAL4, SOG-IS, and the inspire future certification schemes produced by the European Cybersecurity Certification Framework.
Radically increase IT and AI trustworthiness
Promote the creation and wide adoption of new multi-stakeholder cybersecurity certification body, and an compliant open computing base and ecosystem, that radically-exceed state-of-the-art in user-trustworthiness of IT and AI systems, while increasing public safety, cyber-investigation capabilities and economic growth.
Cybersecurity is a governance problem
All and every software, hardware and processes that are critically involved in an IT service provisioning or lifecycle – from CPU design to fabrication, from hosting room access to standard setting – are subject to extreme verification relative to complexity, or to extremely resilient cyber-social oversight, based on offline citizen-witness or citizen-jury processes. We reconceptualize the cybersecurity of a given critical IT system as the by-product of the intrinsic resilience, accountability, and competency of organizational and cyber-social processes.
Why a new Certification Body and open ecosystem?
Even the most secure IT certifications and technologies available today offer levels of trustworthiness – and trustworthiness measurability – that are radically-lower than what is required by many narrow- or wide-market critical societal use cases. This problem extends to critical AI systems, which rely on such IT for their most critical sub-systems.
Extreme accountability and competency
The statute of the Trustless Computing Association and its planned Trustless Computing Certification Body are conceived to ensure they will sustainably remain extremely user-accountable, citizens-accountable, ethical and technically-proficient. By statute, it’s decision-making power will be transferred to a mix of end-users, informed random-sampled citizens, democratic nations, and top ethical cybersecurity experts.
A Quest for Freedom within & through IT
Trustless Computing Association and its spin-off startup TRUSTLESS.AI are primarily the fruit of 17 years of the single-minded quest by Rufo Guerreschi to realize the potential of ICT to radically improve individual civil freedoms and democratic participation, by founding multiple NGOs and startups in the areas of e-participation, free software, and bleeding-edge privacy-enhancing technologies and standards. In 2013, he crossed path with Roberto Gallo, on a similar quest with similar determination – and highly complementary skills – creating a steel bond that lasts to this day.
5 Action Lines
1.Case & plans
Business Plan (PDF)
Makes a case for economic feasibility, profit and growth potential and market positioning of Trustless Computing Certification Body and an initial complaint CivicNet service, developed with our partners and startup-spinoff TRUSTLESS.AI.
Includes a 10-pager Executive Summary.
A global event series, ongoing since 2015, it has been held already in Brussels, New York, and Brazil, and has attracted amazing world-class speakers. Its sole stated purpose has been to create a wide consensus on the need, feasibility, and nature of a new cybersecurity certification body, with the characteristics of the Trustless Computing Certification Body. Next edition will be held in Berlin on May 4th 2018. Join us as audience, panelist or sponsor!
Its the startup spinoff of the Association – based in Luxembourg, Berlin and Rome. It is building (a) a TC-compliant open computing base, (b) a resilient TC-compliant Supply Chain, (b) and an initial compliant IT services, called CivicNet and CivicChain, that includes a 2mm-thin Wifi handheld device, called CivicPod, aimed initially at the most critical communication, negotiations and transactions of high-profile enterprises and individuals. It is pursuing fundraising of $6M in equity and/or $6-35M via token sale.
It is is a proposed public-private initiative – co-funded by EU, local and nations public funding – to jump start in the Rome, Berlin and Vienna regions, the World’s leading research and competence centre for leading-edge cybersecurity security for communication, cyber-physical and artificial intelligence systems, by offering an unmatched array of scientific, quality of life and economic incentives to the very best talents, researchers, startups, accelerators and companies in such sectors.
5. PublicationS & Research initiatives
- On 5/2018, we will submit H2020 SU-ICT-03-2018, a proposal based on our Cluster and Campus proposal, see above.
- On 4/2016, we submitted a 4M€ proposal to H2020 DS-01-2016 RIA (113-pager PDF) titled “TRUSTLESS socio-technical systems for ultra-high assurance ICT certifications, and a compliant open target architecture, life-cycle and ecosystem, for critical societal use cases and consumer adoption“. Included an ultra-resilient binding conditional MoU among key R&D partners including licensing, patenting and non-compete under Swiss law.
- On 4/2016, we submitted a 1M€ proposal to H2020 DS-01-2016 CSA (80-pager PDF) to build the Certification Body, titled: “TRUSTLESS: Facilitating the evolution to uniquely comprehensive and comparable certification of ICT services and lifecycles“.
- On 2/2016, a 2nd version of “Free and Safe in Cyberspace – Aims and Backgrounder” was published by Rufo Guerreschi and Jovan Golic (PDF)
- On 9/2015, we submitted a 4M€ proposal to H2020 FET-Open (44-pager PDF): “ Trustless sociotechnical systems for trustworthy critical computing and organizations”
- On 7/2015, in advance of our 1st Free and Safe in Cyberspace edition we published the 1st version of the Position Paper for a Trustless Computing Certification Body, in the form of a long blog post titled “Trustless Computing: a proposal for an international certification body for highest-assurance IT and lawful access systems (1st draft)” (link)
The Trustless Computing Association, is an Italian non-profit organization, based in Rome and Berlin. Founded by Rufo Guerreschi in 2011, it is has aggregated an amazing team, advisors, and public and private partners and to pursue the goals through a set of 5 Action Lines.
Rufo Guerreschi – Executive Director
Single-mindedly pursued for the last 17 years the meaningful enactment of civil rights in cyberspace. Aggregated world-class firms, r&d centers,
industry associations and public entities in the Trustless Computing Association. Conceived and lead a global leading-edge event series in IT security, Free and Safe in Cyberspace. Formerly brought valuation of EU 2nd largest IT/media tech park project from 3€ to 21M€. Formerly lead open source e-voting/e-democracy startup, that sold in 3 continents. Formerly lead EU sales of J2ME provisioning system till a 10M€+ 2001 sale to Telefonica.
Roberto Gallo – Chief Scientist
He designed: (i) the hardware security architecture of the Brazilian voting machines (T-DRE, Urna Eletrônica), with more than
400.000 devices manufactured, (ii) the development of the ASI-HSM, the HSM of the Brazilian PKI-root CA and the sole device with the highest Brazilian certification level (NSF2-NSH3, FIPS 140-2 Level 4 compatible), (iii) the first Secure Microprocessor of the southern hemisphere, the SCuP.
Udit Dhawan – Technical Writing
Previously Technical Lead ay Samsung Research & Development Institute, Senior Scientist at Intel Labs, Lead Student
Architect on the US DARPA CRASH/SAFE project at University of Pennsylvania aimed at a clean-slate co-design of the entire computing stack for secure computation (now being commercialized by Dover Microsystems USA).
Keshaw Singh – Communications.
Hardcore 3D animation and graphics designer. Digital Artist background with animation, web,
game, VR, 3D. Highly talented, passionate, young and dedicated video creative.
World renowned cryptology expert and researcher. Former president (2008-2013) of the International Association for Cryptologic Research.
which organizes the leading EU crypto conference Eurocrypt. Project manager of the Network of Excellence ECRYPT II (Cryptology) (2008-2013), of ECRYPT-NET (2015-2019) and ECRYPT CSA (2015-2017). Member of the Advisory Board of multiple projects, companies and organizations. Winner of the 2014 RSA Security Award for Excellence in the Field of Mathematics.
Since 2001 he is the Chief Information Officer of Austria. Since 2003, he is Chairman of the Austria SIC (Stiftung Secure Information and Communication Technologies)
which controls A-SIT, which sets the standards for state secret for Austria and represents Austria in SOGIS. As CIO he is responsible for strategic coordination of activities in the field of ICT including all levels of government. From 2007 to 2011 he was Chairman of the Management Board of ENISA, the European Network and Information Security Agency (ENISA). (online cv)
President of Security Brokers. Arguably, the most famous hacker in Italy for the last 30 years. Formerly consultant and advisor to ENISA, Nato, Italian Ministry of Defense, United Nations, UNICRI.
Director of Fundamental rights and Union citizenship in the Directorate-General Justice of the European Commission.
Also Principal Advisor of the European Commission’s Directorate-General for Justice and Consumers. Responsible for leading work on the GDPR and the EU – US Privacy Shield; data protection and privacy in the law enforcement and national security context. (LinkedIn)
Acting Associate Director of Stanford University – Symbolic Systems Program (SSP), the largest post-graduate department at Stanford University
in the area of Artificial Intelligence, with over 90 professors and over 300 graduate students. His publications and research have previously focused on the use of online technologies to promote democratic organizing, collective negotiations and decision making.(Profile)
Founder and Executive Director of the Center for Information and Society, Bangalore, India. CIS is the most recognized, cited and active digital civil
rights association of india, spanning from privacy, security, literacy, surveillance, etc. Between June 2004 and June 2007, Sunil also managed the International Open Source Network, a project of United Nations Development Programme’s Asia-Pacific Development Information Programme serving 42 countries in the Asia-Pacific region.
JAMES S. FISHKIN.(Phd)
He holds the Janet M. Peck Chair in International Communication at Stanford University. Professor of Communication, Professor of Political Science
(by courtesy) and Director of the Center for Deliberative Democracy at Stanford University. His work focuses on deliberative democracy and democratic theory in books such as When the People Speak (2009), Deliberation Day (2004 with Bruce Ackerman) and Democracy and Deliberation (1991). He originated Deliberative Polling as a method of public consultation in 1988. He began to apply it in collaboration with Robert C. Luskin in 1994 and has since spread it, various collaborators, to projects in 23 countries.
Head of the Chair of Deutsche Telekom Mobile Business and Multilateral Security at Goethe University. Member of ENISA Permanent
JOVAN GOLIC (Phd)
World-renowned cryptographer. Senior IT security research manager at Telecom Italia. Former Action Line Leader of the Privacy, EIT Digital Privacy
Security and Trust Action Line of one of 6 action lines of the 3BN€ EIT Digital, that brings leading close-to-market innovations to market through 8 specialized territorial nodes throughout the EU.
JON SHAMAH (Phd)
Principal Consultant at EJ Consultants and Chairman of EEMA, is the leading independent, not for profit, European Think Tank including topics on identification, authentication,
privacy, risk management, cyber security, the Internet of Things, Artificial Intelligence and mobile applications. pecialising in maximising the technology and operational value chain of very large scale Trust programmes. Former co-chair of ITU-T SG17 JCA IDM.
Vice-President Cyber Security & Privacy, Global Public Affairs Huawei Technologies. Previously Vise-President, Government Relations and Business Development, SSH Communication Security.
Lead for SSH its initiative for a secure mobile OS with Jolla OS. Member of ENISA (European Network and Information Security Agency) PSG (2009 – ). Management Member of Leuven University European Crypto Task Force (2014-). EU ENISA – Europol working group (2014-). Member of EU Commission NIS (Network and Information Security) platform (2013 – ). Founding Member and Board Member of TDL (Trust In Digital Life) (2010 – 2013). Member of EU government security advisory board (RISEPTIS, reporting to Commissar Redding), (2007-2009). Member of Finnish government ICT security advisory board. (2007 – 2010). (LinkedIn
Assessor and Head of IT at Barcelona Municipality. Francesca Bria was a Nesta Senior Adviser and Senior Project Lead in the Nesta Innovation Lab. She is the EU Coordinator of the DCENT project on
open democracy and social digital currencies and she is the principal Investigator of the DSI project on digital social innovation in Europe.
DANIELE ARCHIBUGI (Phd)
Research Director at the Italian National Research Council (CNR) in Rome, affiliated at the Institute on Population and Social Policy (IRPPS), and
Professor of Innovation, Governance and Public Policy at the University of London, Birkbeck College, School of Business, Economics and Informatics. He is a world renowned expert in global governance and constituent processes towards accountable global institutions.
CTO at CYBSEC Enterprise SpA. Formerly CISO at Bit4D, a leading cSPID/eIDAS) solutions provider. Member of ENISA Permanent Stakeholder Group. Editor at Securityaffairs.co.
Formerly with ST-Microelectronics. Founder of the security blog “Security Affairs”. Author of the “The Deep Dark Web” and “Digital Virtual Currency and Bitcoin”.
Long-time IT security hacker, activist and professional. Since 2011 Technical Director of the Trustless Computing Association, and previously at Telematics
Freedom Foundation. Giovanni Franza, after the first experiences in the field of SIGINT in the mid-70s, he turned to informatics, dealing with network security, secure embedded systems, hardened operating systems on CD / CF, signal processing, combining various skills to build complex architectures on different civil projects.. Long-time IT security hacker, activist and professional. Since 2011 Technical Director of the Open Media Cluster, and previously at Telematics Freedom Foundation. Has regularly contributed pro-bono many tens of hours to Trustless Computing project since its first inception in 2006.
PAOLO GIORGINI (Phd)
Professor at Information Engineering and Computer Science Department (DISI) University of Trento. a world-renowned expert in socio-technical IT security.
system trust. Co-author of Socio-technical Trust: An Architectural Approach and the founder of the Socio-Technical Security (STS) methodology, a social and organizational approach to security engineering. STS extends and builds on his previous work on security requirements engineering that recently has been awarded as the ten years most influential paper. He is co-author of the forthcoming MIT Press book: Security Requirements Engineering–Designing Secure Socio-Technical systems. (Profile)
We are actively seeking for additional great partners, and especially new Associate and Founding Pilot Partners for our first Trustless Computing compliant device and service, being developed with TRUSTLESS.AI.
If interested out to us at: email@example.com
CORE R&D & TECHNICAL PARTNERS
It designed the 400.000 voting machines of Brazil, fighter to fighter communications systems, and the HSM of core Root CA of the main Brazilian PKI. Role: CPU and SoC design
KU Leuven – COSIC Group. (Belgium) Research group COSIC (Computer Security and Industrial Cryptography) of the Dept. of Electrical Engineering ESAT Dept. Lead by Prof. Bart Preneel, President of the International Association for Cryptologic Research.
Provides world-leading expertise in digital security and strives for innovative security solutions, in a broad range of application domains.Role: Crypto
DFKI – German Research Centre for Artificial Intelligence (Germany) is currently the largest research center worldwide in the area of Artificial Intelligence and its applications, in terms of number of employees and the volume of external funds. DFKI shareholders include
Deutsche Post, Deutsche Telekom, Google, Microsoft, SAP, BMW, Intel and Daimler. Role: Fabrication oversight processes (CivicFab/Site)
TRUSTLESS.AI (US/Luxembourg). TRUSTLESS.AI is a spin-off of the Open Media Cluster, founders of the Trustless Computing Association. It is building the first trustless Cpmputing complaint IT servoce, CivicNet, including a a 2mm-thin touch-screen device – attachable through a case to the
back of any phone – that enables top enterprises, top banks, and mission-critical NGOs to radically exceed the state-of-the-art in the confidentiality and integrity of lawful communications and financial transactions. Role: app and middle-ware layers; service, life-cycle and supply-chain architecture; socio-technical and organizational components. Role: Architectural and Supply Chain Mgmt and Integration
Lfoundry (Italy) Leading EU-located and EU-owned foundry with a 200mm plant, with over 1700 staff and with capacity of 40,000 wafers per month. The only independent and economically-viable EU foundry with in the 60nm and 160nm capabilities. It is suitable for high-assurance low-
Deutsche Post, Deutsche Telekom, Google, Microsoft, SAP, BMW, Intel and Daimler. Role: Fabrication oversight processes (CivicFab/Site)
European Organisation for Security. (Belgium) A member-supported research, dissemination and strategic organization it is the largest industry association of large European IT security providers, researcher entities, universities, clusters and associations. Shareholders include: Thales,
Almaviva, Atos, CEA, Fraunhofer, Engineering, Airbus, Indra, Saab, STM.
Federal Chief Information Officer of Austria.(Austria) Represented by Reinhard Posch, since 2001, it reports directly to the Austrian Chancellor and direct all Digital Austria and e-government activities in Austria. Lead the Digital Austria ICT Board”, responsible for creating the legal and
technical requirements as well as coordinating the planning and development of eGovernment solutions between the Federal Government, the provinces, and local authorities. It acts as Director general of A-SIT and therefore coordinate Austria role in SO-GIS and most relevant cybersecurity standardization and certification activities.
Italian Ministry of Economic Development – Istituto Superiore delle Comunicazioni e delle Tecnologie dell’Informazione (ISCOM) (Italy). ISCOM is a General Direction of the Italian Ministry of Economic Development and it runs OCSI, the Italian Scheme for ICT Security
Almaviva, Atos, CEA, Fraunhofer, Engineering, Airbus, Indra, Saab, STM.
Data Protection Authority of the State of Schleswig-Holstein of the Federal Republic of Germany (Germany). Unabhängiges Landeszentrum für Datenschutz (ULD, Engl. Independent Centre for Privacy Protection) is the Data Protection Authority of Schleswig-Holstein,
the northernmost Federal State of Germany. Its office with 40 employees is located in Kiel, Germany. The Privacy Commissioner of Schleswig-Holstein, Marit Hansen, is head of ULD. ULD is responsible for both freedom of information as well as data protection at private and public sector entities seated in Schleswig-Holstein.
The Secure Information Technology Center of Austria (Austria). A-SIT is the leading IT standardization and certification public body in Austria. It represents public authorities or assists Austrian public authorities in various international and EU bodies (e.g., Council of Europe, ENISA
Management Board, Common Criteria Management Board, SOG-IS, OECD, etc.). Its members are the Austrian Federal Ministry of Finance (BMF), the Central Bank of the Republic of Austria (Oesterreichische Nationalbank, OeNB), the Federal Computing Centre of Austria (BRZ), and Graz University of Technology (TU Graz). Further formal duties are Competent Authority for certifying online collection systems for the European Citizen Initiative (EU Regulation 211/10, art. 6(4)), security assessment of e-voting technical components (student union elections), or expert opinions for the Data Protection Commission. Following a Cabinet Council decision the Austrian federal ministries are asked to call on A-SIT in case of research orders or questions corresponding to the A-SIT mission. Thus, A-SIT has duties of a national ICT security advisory agency, even though not organized as an agency, but as an association.
Municipality of Barcelona (Spain). It is the capital city of the autonomous community of Catalonia in Spain and Spain’s second most populated city, with a population of 1.6 million within its administrative limits. As the capital of the autonomous community of Catalonia, Barcelona
is the seat of the Catalan government, known as the Generalitat de Catalunya; of particular note are the executive branch, the parliament, and the Supreme Court of Catalonia. It has historically been a EU leader in government and e-government practices centered on promoting citizens’ autonomy.
Lombardia Informatica (Italy) It is a public-capital service company which has been constituted in December 1981 as an initiative of the Regional Government of the Lombardia (Regione Lombardia). It has around 630 employees and a turnover of about 200 million Euro.
Designs and implements ICT Systems for the Regional Government and represents the unique interface between Regione Lombardia and the marketplace. LISPA team has a complete expertise in providing public services. The large experience in complex service and in providing critical privacy and security services in e-Gov and eHealth fields involving citizens and public employees guaranties all competence to manage the lab validation site.
Univ. Luxembourg – SnT – Interdisciplinary Centre for Security, Reliability and Trust (Luxembourg). The SnT conducts internationally competitive research in information and communication technology, ICT, with high relevance creating socio-economic impact.
In addition to long-term, high-risk research, SnT engages in demand driven collaborative projects with industry and the public sector. Therefore the centre has set up a Partnership Program with now 32 members targeting strategic areas addressing challenges confronting industry and the public sector in ICT. These resulting concepts present a genuine, long-lasting competitive advantage for companies in Luxembourg and beyond. SnT has undergone a rapid development since its launch in 2009; recruiting top scientists, launching over 50 EU and ESA projects, creating a technology transfer office (TTO), protecting and licensing IP, launching four spin-offs, and creating a dynamic interdisciplinary research environment with some 260 people. Role: anonymization layer, other.
Inria Rennes – Bretagne Atlantique – Décentralisé Team (France) Established in 1967, French public research body fully dedicated to computational sciences. Their new high security laboratory in Rennes (est. 2015), focuses on the development of secure systems in general and more
specifically on P2P and privacy-enhancing network protocols. The team is lead by Christian Grothoff.
Goethe University – Deutsche Telekom Chair for Mobile Business and Multilateral Security (Germany). Leads in research on issues of privacy and security in innovative mobile networks, and related social and economical aspects. Lead some of the most important EU
R&D project in the area of privacy, including: ABC4trust, TresPass, PrivacyOS. Chair is Prof. Kai Rannenberg, member of the NIS Platform for Individual Rights.
American Mini Foundry (USA) A dormant but leading startup in ultra high-assurance IC foundry oversight. They have unprecedented world-class competencies in hardware design and fabrication assurance processes. Among the management team members that will be involved
is their President Scodden, and Gerry Etzold, the former Technical Director of NSA Trusted Foundry Program (2008-2009).
EMAG Institute of Innovative Technologies (Poland) The Institute of Innovative Technologies EMAG is the R&D leader in many sectors of the market, such as information security management systems, business continuity systems, risk management systems,
natural hazards monitoring, and systems for automation and measurement. Has also knowledge and experience in the development of risk assessment methods and tools for different domains of applications e.g. for critical infrastructures, transport utility.