If even Trump and Bezos can’t buy a shred of digital privacy

 In Blog

In recent weeks, more evidence emerged to confirm that even World the richest and the most powerful individuals in the World cannot access an app or device to communicate with their closest associates which is not hackable even by mid-level hackers or teenagers.

How is it possible? Is it really such technological challenge? Anything we can do about it?

Apps can’t cut it. Even the most secure messaging apps are wildly insufficient, since an app is only as secure as the device it runs on. While most experts agree agree with the Israeli company that hacked the “San Bernardino iPhone” it is “hands down” the best device for privacy, it is regularly hacked even by teenage hackers or by researchers. that can access thousands of state-grade leaked hacking tools in the Dark Web such inclding from the CIA.

Ok, then why don’t Trump and Bezos, and the World’s 200,000 ultra-high net-worth individuals, with $27 trillions in combined assets, buy “military-grade” secure phones and devices which have been sold for decades by the likes of GSMK Cryptophone, Kudelski Security, Crypto AG, ectetera?

Very few do. The market for such devices is a relatively miniscule $4 billions. Few find reasons to trust such devices and, therefore, not worthed the inconvenience to carry a second device.

Few trust them to do a better job than Apple which – though offer devices built with huge system and supply chain complexity – it has greater budget, control of the supply chain, and reputation capital at stake that its competitors. In addition, lack of transparency and oversight in key technologies and processes, and lack of adequate standard setting and  certification bodies do not even allow a comparisons among them.

But ultimately these technical problems could most likely be radically minimized, if they were not “by design”, inentional. A bug found in a hopelessly complex IT system provides perfect plausible deniability to the fact that it was found and left there or actually desing in.

In fact, few trust those devices not to share regularly hidden vulnerabilities with certain nations, to enable them to fulfill their crucial mission to prevent terrorist attacks and other grave crimes.

So, therefore, every human computing device is hackable even by mid-level hackers – not because we are not technically capable enough – but because we have yet not found ways to transparently reconcile the need individual privacy and the need for legitimate cyber-investigations.

The problem is even bigger because it is becoming ever more clear that we cannot really choose between freedom and safety. Recent US presidential elections and Facebook manipulations show how both are needed to safeguard civil freedoms, democracy and peace; and to avoid snooping nations to break their own most critical ITs.

In there anything we can do about that?

Led by the Trustless Computing Association, a few leading nations, enterprises, financial institutions and NGOs have been leading consortium initiatives and a global event series, to build new IT security paradigms, ecosystem and certification body that aim to reliably certify that a given IT system provides radically unprecedented, ultra-high and constitutionally-meaningful levels of trustworthiness while, concurrently, ensuring legitimate offline lawful access.

After 5 editions – twice in Brussels, once in New York, in Iguaçu and in Berlin, the 6th edition of such event series – Free and Safe in Cyberspace – will be held next April 9-10th in Geneva, Switzerland, in partnership with the UN World Summit on the Information Society and Fusionstartup accelerator – new home to the association and its spin-off startup TRUSTLESS.AI since October 2018.

What if digital freedom and public safety were not a choice of “either or” choice, a zero-sum game, but instead a solvable “both or neither” challenge? A challenge that is solvable primarily through time-proven trustless technologies and oversight mechanisms, and ultra-resilient and citizen-accountable standard setting and certification governance models?