As we were reminded in recent weeks – even the richest and the most powerful individuals in the World – can’t buy a device to communicate with their closest associates which is not hackable even by mid-level hackers accessing state-grade tools on the Dark Web.
How is it possible? Is it really such technological challenge? Anything we can do about it?
Apps can’t cut it. Even the most secure messaging apps are wildly insufficient, since an app is only as secure as the device it runs on.
While most experts agree agree with the Israeli company that hacked the “San Bernardino iPhone” it is “hands down” the best device for privacy, it is regularly hacked even by teenage hackers or by researchers.
Ok, then why don’t Trump and Bezos the World’s 200,000 ultra-high net-worth individuals, with $27 trillions in combined assets, buy “military-grade” secure phones and devices which have been sold for decades by the likes of GSMK Cryptophone, Kudelski Security, Crypto AG, ectetera?
Very few do. The market for such devices is a relatively miniscule $4 billions. Few find reasons to trust such devices and, therefore, not worthed the inconvenience to carry a second device. Few trust them to do a better job than Apple that – although it has to manage huge system complexity – has greater budget, control of the supply chain, and reputation capital at stake. Plus, lack of transparency and adequate certification bodies do not even allow a comparisons among them.
But ultimately these technical problems could be solved, if they were not “by design”. In fact, few trust those devices not to share regularly hidden vulnerabilities with certain nations, to enable them to fulfill their crucial mission to prevent terrorist attacks and other grave crimes.
So, therefore, every human computing device is hackable even by mid-level hackers – not because we are not technically capable enough – but because we have yet not found ways to transparently reconcile the need individual privacy and the need for legitimate cyber-investigations.
The problem is even bigger because it is becoming ever more clear that we cannot really choose between freedom and safety.
Recent US presidential elections and Facebook manipulations show how both are needed to safeguard civil freedoms, democracy and peace; and to avoid snooping nations to break their own most critical ITs.
In there anything we can do about it?
Led by the Trustless Computing Association, a few leading nations, enterprises, financial institutions and NGOs have been leading consortium initiatives and a global event series, to build new IT security paradigms, ecosystem and certification body that aim to reliably certify that a given IT system provides radically unprecedented, ultra-high and constitutionally-meaningful levels of trustworthiness while, concurrently, ensuring legitimate offline lawful access.
After 5 editions – twice in Brussels, once in New York, in Iguaçu and in Berlin, the 6th edition of such event series – Free and Safe in Cyberspace – will be held next April 9-10th in Geneva, Switzerland, in partnership with the UN World Summit on the Information Society and Fusionstartup accelerator – new home to the association and its spin-off startup TRUSTLESS.AI since October 2018.
What if digital freedom and public safety were not a choice of “either or” choice, a zero-sum game, but instead a solvable “both or neither” challenge? A challenge that is solvable primarily through time-proven trustless technologies and oversight mechanisms, and ultra-resilient and citizen-accountable standard setting and certification governance models?