Trustless Computing: a proposal for an international certification body for highest-assurance IT and lawful access systems (1st draft)

Rome, July 20th 2015.

a proposal by the Open Media Cluster

In this proposal, we argue that the establishment of a new international non-governmental standard and certification body for highest-assurance IT services and for lawful access schemes[1]– mostly within current legislative and constitutional frameworks of liberal nations – may play a decisive role in concurrently promoting the wide availability of IT systems of meaningfully high-trustworthiness[2] levels, as well as increase the trustworthiness, intra-governmental oversight and citizen-accountability of existing lawful access schemes, both state-managed and provider-managed. We intend “trustless” in its primary meaning of “trusting” and “distrustful”, i.e. lacking the need or assumption of trust in anything and anyone, as it is the case in democratic election systems or in certain WMD safety socio-technical systems. It stands in contrast with the root untrustworthiness of the Trusted Computing concept[3][4].

Significant expected outcomes of such wide adoption would be to inspire possible law changes by states that mandate or highly-incentivize their internal use – including adequate formalization of existing lawful access authorities – and, independently, the economically and legally-sustainable emergence of providers for IT systems of meaningfully high-trustworthiness[5] levels, including providers that decide to voluntarily offer provider-managed processing of lawful access requests, through certifiably-extreme safeguards.

To be clear, this proposal opposes any law proposal for a “state backdoor”, i.e. any state mandatory requirement that IT providers provide access to their users communication in plain text pursuant a legal authorization. It also opposes the introduction, legal formalization and regulation of lawful hacking state authorization legislation, except if those are not regulated by an international certification body of sufficiently-extreme technical proficiency, ethical standing and citizen-accountability, and which is primarily non-governmental.

State of Security of commercial and high-assurance IT

All or nearly all end-points, both ordinary commercial systems and high-trustworthiness IT systems, are broken beyond the point of encryption, and scalably exploitable by powerful nations and a relatively large number of other mid- or high-level threat actors.

A lack of sufficiently extreme and comprehensive standards for critical computing, and the decisive covert action of states to preserve pre-Internet lawful access capabilities, have made so that, while unbreakable encryption is everywhere, everything is broken; and while state-mandated or state-sanctioned backdoors are nearly everywhere[6], the most skilled or well-financed criminals communicate unchecked.

Nearly all critical computing services include at least some critical components whose complexity that is way beyond adequate verifiability. Design or fabrication of critical components or processes (CPU, SoC fabrication, etc.) are not publicly verifiable, and there are no reasons to trust providers’ carefulness and intent, when plausible deniability is very easy, liability is almost non-existent, and state pressures to accidentally leave a door open are extremely high.

The only reliable measure of the effectiveness IT security provider, private and public relies on its “closeness” to major stockpilers of vulnerabilities, mostly few large powerful states, creating perversive intelligence network effects[7], gravely undermining society sovereignty, freedoms and competitiveness.

In sum, there is a wide unavailability, for both citizens and for lawful access schemes, of end-2-end IT services of meaningfully high-trustworthiness levels,

This situation will not be changed by a nation’s law, or international treaty. Stockpiling of zero day vulnerabilities, through investment in discovery, creation and purchase by powerful state and non-state actors will keep accelerating, and there is no chance any law or international treaty can significantly avoid that. Non proliferation of IT weapons is very different from other weapons like biological and nuclear, as their nature makes them easier to hide and reproduce, and they are daily used and spread by powerful actors to pursue their cyber-investigation goals.

As opposed to biological and nuclear weapons, however, IT weapons are completely useless against an infrastructure that does not contain a critical vulnerability known to the attacker. Perfect absence of vulnerability is impossible, but it is acknowledged that IT systems could be made 10 or 100 times more expert audited relative to complexity – in all their critical life-cycle components – and therefore be made tens of times more resistant to the most advanced threats. These could have a chance of making the entire lifecycle of critical systems verifiably resistant to persistent attack in the order of tens of millions of euros in “symmetric backdoors” and economic pressures, by skilled, covert and largely legally unaccountable actors.

State of lawful access schemes, including lawful hacking schemes

Today, state-mandated backdoors – hidden or public like the telephone interception systems – or state-sanctioned backdoors – such as undisclosed critical vulnerabilities created, acquired, discovered or used, legally or illegally – are in nearly all IT devices.

US and most western states have in place plenty of legislations, and legally authorized intelligence programs, that enable them to access a suspect communications following a legal due process authorization, including: mandatory key disclosure, lawful hacking laws, national security letters, and other laws.

Powerful states invest tens of millions of dollars every year in pressure of all kinds order to ensure that IT systems of meaningfully high-trustworthiness levels are not available to the civilian market and, indirectly, to nearly all of the internal intelligence, military and lawful access systems markets. Such pressures are in the form of creation and discovery of symmetrical backdoor, onsite subversion of various kinds, economic (CIA venture capital, procurement pressures, etc), patenting (NSA secret patents), legal (crypto export) pressure crypto export pressures, and strong pressures to establish high-trustworthiness IT standards, that are incomplete (Common Criteria, FIPS, etc.) and compromised (Dual_EC_DRBG). That is in addition to similar activities by other powerful states, and tens of millions of euros of investments by zero market companies.

Nonetheless, a few of the most knowledgeable and well-funded criminals, state and non-state, regularly do use and could use custom-made end-2-end IT infrastructures, that manage to avoid the use of components where critical vulnerabilities known by powerful states[8]. On the other hand, commercial vendors like Apple – having uniquely full control of their life-cycle, and not being mandated to store a master key – are in theory positioned to render their future systems inaccessible to lawful access, although that is very unlikely because of: the huge relative complexity of their systems and life-cycle, which makes it inherently creation of weakness via subversion, legal or illegal by powerful state actors, as well as to independent discovery of vulnerability; and high-level of plausible deniability in a scenario in which Apple may be purposely leaving highly-safeguarded and asymmetrical backdoors for a few states. The same arguments are valid for current high-assurance IT systems, which in all known case add the lack of control of a number of critical life-cycle phases.

The UK/US state proposal.

In recent statements, NSA, Europol, UK Cameron, Obama, US Dept of Justice, and FBI have proposed to solve the “going dark” problem by mandating a some kind of backdoor into all IT systems. The FBI has more specifically proposed a “legislation that will assure that when we get the appropriate court order . . . companies . . . served . . . have the capability and the capacity to respond”[9], while the NSA has been generically referring to organization or technical safeguards ensuring backdoor access authorization approval by multiple state agencies[10], and Obama referring to a possible safeguard role of non-state entities[11].

From Snowden and Hacking Team revelations, it has become clear that – in addition to covertly introducing, purchasing and sanctioning symmetric backdoors everywhere – most western nations have consistently proven incapable or unwilling to design, standardize, legally oversee or certifying lawful access, by LEA or intelligence agencies, both for traditional phone wiretaps and for IT systems. Current schemes and systems have very poor or no citizen or legislative-branch accountability, because of lack of legal mechanisms as well as adequately accountable socio-technical systems.

Such precedents and a number of technical facts make so that such solution would  most likely turn out to be ineffective towards the most serious criminals and causing great risks for civil liberties abuse[12]. Among the infeasibilities is the fact that – short of mandating a complete and impossibly draconian control over any connected IT devices through unbreakable remote attestation – how can any master key for lawful access in IT products prevent a suspect to encrypt its messages a second time, possibly through steganography, rendering the masterkey useless in reading the plain text or audio, and even hard to prove the suspect has sent an unlawfully encrypted message?

The US/UK experts proposal.

In an open letter published last July 6th 2015, Keys under Doormats, – 14 among the most renowned US computer security experts have made a detailed case against the introduction of such new national legislation, in the US and elsewhere, and possibly part of international agreements. They also list questions that any such proposal should answer in order for the public and experts to assess the foreseeable risks of grave civil liberties abuses.

Even some IT security experts that have been for decades the most staunch opposers to lawful access solution for IP communications, acknowledge that some “going dark” problem exists and, regardless of quite varying opinions one may about its gravity, a solution will need to be found as political pressures will keep mounting[13].

Therefore, three of the most prominent among the 14 experts mentioned above, and Sandy Clark, have proposed [Going Bright, 2013, and Lawful Hacking[14], 2014] an alternative solution to the problem that requires the state to“exploit the rich supply of security vulnerabilities already existing in virtually every operating system and application to obtain access to communications of the targets of wiretap orders”, and properly regulate it. It basically proposes to formalize and strictly regulates the state’s ability to hack citizens pursuant a court order. It proposes very extensive measures and safeguards to mitigate the consequent negative effects, including:

  1. Creation of new vulnerabilities is not allowed, but only discovery and creation of exploit for existing vulnerabilities.

  2. Mandatory reporting of vulnerabilities to IT vendors on discovery or acquisition, with some exceptions. It counts on the fact that new will be found and that it takes time for vulnerabilities to be patched;

  3. Limitation of lawful access software to only authorized access actions (whether intercept, search, or else).

An “extended” US/UK experts proposal.

We believe the US/UK experts proposals to formalize and regulate lawful hacking would be a substantial improvement in respect to the status quo. It would provide extremely valid and insightful technical requirements[15] to radically raise the trustworthiness of lawful hacking lawful access systems, that can also be useful non-governmental voluntary standards, such as those currently maintained by ETSI in Europe and NIST in the US.

For ordinary commercial systems, such mitigations, although only partially effective, seem nonetheless acceptable for ordinary commercial systems (i.e. low and medium-trustworthiness systems), as it would not change significantly the overall vulnerability of such systems. In fact, such systems ratio of security auditing relative to complexity – and low or ineffective HW/SW systems compartmentation – will expectedly remain so low, as to guarantee state availability of at least one critical vulnerability, that enables full undetected remote endpoint comprimization. In lay terms, having 10 or 5 holes would not affect significantly the number of actors with access to at least one critical remote vulnerability.

For high-trustworthiness systems, on the other hand, making illegal for the state to create new vulnerabilities would in theory benefit the wide availability of IT systems of meaningfully high-trustworthiness levels. However, as discussed, it is very unlikely that a law in that regard will ever be approved and enforced. In fact, it seems highly implausible that powerful states would reliably enforce, with serious liability, an outlawing of creation of new vulnerabilities, as it would objectively put them at disadvantage towards other state and non-state actors that would continue doing so, through symmetric and asymmetric[16] backdooring. And their effort would obviously focus on those system to which they yet do not have access to, i.e. high-trustworthiness IT systems.
Therefore, state and non-state pressures on breaking the life-cycle of high-trustworthiness systems would likely remain or increase, as would the current lack of standards for IT systems of meaningfully high-trustworthiness levels for both citizen communications and lawful access schemes.
In fact, such experts proposal does not specify sufficiently-extreme organizational and technical generic IT security requirements for the entire life-cycle of the critically involve HW, SW and organizational components

We therefore propose to:

  1. Amend such US/UK experts legislative proposal by:

    1. Requiring sufficiently-extreme organizational and technical generic IT security requirements for the entire life-cycle of the critically involve HW, SW and organizational components, which would be in addition to those specific to lawful hacking lawful access systems very well specified in the proposal.

    2. Mandate or incentivize certification of lawful access services, including lawful hacking, as well as for IT systems in all e-government critical use case scenarios, by approved international bodies with a very-high level of technical-proficiency, ethical standing and citizen-accountability.

    3. Forbid – and strongly enforce through severe liability provisions – the creation of new vulnerabilities in IT systems of meaningfully high-trustworthiness levels, which enact a voluntary socio-technical service to respond to lawful access requests, where both the IT systems and lawful access service comply to the above mentioned standards; and additional requirements to reduce even more the possibility of suspects circumvention of lawful access and of user abuse.

    4. Propose and promote the creation – – independently from the above legislative proposal and our proposed amendments – of an international certification body, as described above, and of an initial open compliant ecosystem spanning the entire life-cycle and end-2-end computing experience.

Follows below a draft of the high-level paradigms for certification requirements of IT systems of meaningfully high-trustworthiness levels, applicable to both citizen communications and lawful access systems.

High-level paradigms for certification requirements of IT systems of meaningfully high-trustworthiness levels

The following draft high-level socio-technical paradigms are defined in the form of high-level certification requirements for IT service providers which, in their final version and detailed in specifications, will define a compliant service. They will constitute the terms that any provider needs to respect to be certified by the  certification body (and what any active participant needs to respect to participate in a compliant ecosystem). They are therefore intended to guide not only the establishment of a certification standard, but also to ensure and sustain a suitable open ecosystem that is fully coherent with such standards.
A compliant computing service by a given provider, will therefore be described as one which:

  1. aims at constitutionally-meaningful levels of actual and perceived trustworthiness to the end-user of the privacy, anonymity, integrity and authenticity of data and metadata of his/her entire connected computing experience, and not mere substantial improvements;

  2. extends these terms to all software, hardware and organizational processes critically involved during the entire lifecycle at endpoints, as well as to the overall architecture of midpoints relevant to ensuring of metadata privacy;

  3. assumes that extremely skilled attackers are willing to devote even tens of millions of dollars to compromise the supply chain or lifecycle, through legal and illegal subversion of all kinds, including economic pressures, to the extent that the foreseeable cost and risks for such party to perform continuous or pervasive remote targeted surveillance of any users, through compromise or tampering, is several times smaller than the cost of typical continuous proximity-based surveillance techniques;

  4. assumes an active and complete lack trust in anyone or anything, except in the assessable technical barriers and cumulative disincentives against decisive attacks to all organizational processes critically involved in the entire lifecycle, from standard setting to fabrication oversight;

  5. provides extreme user accountability, independence and technical proficiency of all organizational and processes critically involved in the computing service lifecycle and operation, which ultimately rely on an international independent standard and certification body or bodies.

  6. provides extreme intensity and competency of engineering and auditing efforts deployed, relative to complexity, for all critical software and hardware components, including through extreme software and hardware compartmentation;

  7. includes an extreme level of cumulative liability, contractual/economic and legal, for all individuals and organizations critically involved for not strictly following procedures or willingly compromising the life-cycle.

  8. includes only highly-redundant hardware and/or software cryptosystems, whose protocols, algorithms and implementations are either open, long-standing, standards-based and extensively verified and endorsed by recognized ethical security experts, albeit with lesser performance, and widely-recognized for their post-quantum resistance levels, aiming at a migration to post-quantum cryptography in the next 5-10 years.

  9. integrates and develops only software and firmware whose source code and compiler allows for auditing without non-disclosure agreement (“NDA”), and which is developed openly and publicly in all its iterations;

  10. strongly minimizes the inclusion of non-Free Software, including updatable and non-updatable firmware. Makes extensive reuse of existing Free/Open Source Software components – through extreme stripping down, hardening and re-writing. It strongly aims at realising the computing device with the least amount of non-free software and firmware in security-critical hardware components;

  11. includes only critical hardware components whose firmware (and microcode) and full hardware designs that are publicly auditable without NDA at all times in open public structured format – by anyone without NDA. In the case of processors, it will include code, hardware description source files (such as VHDL or Verilog files), Spin interpreter and similar, programming tools, and compilers;

  12. allows for complete hardware fabrication and assembly auditability, and extremely user-accountable and effective oversight, of all critical hardware components, in their manufacturing processes;

  13. ensures availability of one mirror physical copy of the complete client, midpoint server-side hosting room setups to enable easy independent testing by anyone, while being charged only the marginal cost of providing such access.

  14. includes effective and exhaustive first-time in-person training for users, to ensure knowledge of basic operational security (OpSec) and the risk management for self and others.

  15. ensures that current legislations and state agencies practices in the country of origin and/or localization of all critical process and components of the service, are consistent with a constitutional/lawful and feasible compliance to this standards.

  16. includes only technologies and innovations with clear and low long-term royalties – from patenting and licensing fees – to prevent undue intellectual property right holders’ pressures, lock-ins, patent vetoes, and ensure an open platform with sustainably low costs, affordable to most western citizens.

What could and should be the governance of such new paradigms and certifications?

Over the last decades, in addition to sanctioning backdoors everywhere, states have repeatedly proven to be utterly incapable to neither socio-technically design, nor legally manage, and nor issue proper technical and organizational certification requirements, for lawful access compliance.
Fittingly, states have been similarly unable to create voluntary or mandatory IT security standards, that were nearly sufficiently extreme and comprehensive.

Consensus-based decision-making processes at the core of EU institutions – and international public and mixed standard-setting bodies (such as ETSI) – have made it impossible to resist the firm will of even a single powerful country to corrupt or dilute-to-meaninglessness the standard setting process.

Industry-driven standards are no better; standards bodies like Trusted Computing Group and Global Platform have focused on increasing user convenience, interoperability and reducing overall costs of violations to content copyright and integrity of financial transactions, while playing passing lip service to the security and privacy demands of end-user, that were at odds with state security agencies.

So, therefore, the governance of such paradigms and certifications may need to be primarily independent, international, highly-competent and citizen-accountable, and the role of the national, and international governmental institutions (EU, UN, etc) – and major global IT industry players – can only be that recognizers, adopters, and minority stakeholders. A process similar to that of the World Wide Web Consortium could be followed, but with much wider user- or citizen-accountability to avoid having companies having too much control.

(Updated Sept 26th).

  1. Means lawful access schemes (systems, processes, legislations, standards)

  2. We’ll use “trustworthiness” to mean the same as “assurance”, too technical a word for the intended audience

  3. From Wikipedia on Trusted Computing: “Therefore, to trust anything that is authenticated by or encrypted by a TPM or a Trusted computer, an end user has to trust the company that made the chip, the company that designed the chip, the companies allowed to make software for the chip, and the ability and interest of those companies not to compromise the whole process.”

  4. As initially proposed in a 2014 post “A case for a Trustless Computing Group”

  5. We’ll use “trustworthiness” to mean the same as “assurance”, too technical a word for the intended audience



  8. FBI …

  9. NSA Director Rogers recently stated “I don’t want a backdoor … I want a front door. And I want the front door to have multiple locks. Big locks.”

  10. Obama stated in 2013: “Technology itself may provide us some additional safeguards. So for example, if people don’t have confidence that the law, the checks and balances of the court and Congress, are sufficient to give us confidence that government’s not snooping, well, maybe we can embed technologies in there that prevent the snooping regardless of what government wants to do. I mean, there may be some technological fixes that provide another layer of trustworthiness.”

  11. See Keys under Doormats, and 1997 report …

  12. From Lawful Hacking report: …


  14. See pages … of the Lawful Hacking report

  15. An asymmetric backdoor, is a purposely created vulnerability which, in the intention and socio-technical plans of the creator, does not enable another attacker to exploit it on a given target, based on its mere knowledge. For example, encrypted exploits that are signed with a user’s MAC address may not be repurposed for other targets.

Rufo Guerreschi