Position Paper: Case for a Trustless Computing Certification Body

Authors: Rufo Guerreschi and Udit Dhawan

Abstract: Can a new certification body deliver radically unprecedented IT security for all, while at once ensuring legitimate lawful access? In this position paper, we argue that a new cybersecurity certification body can, and should, be created which will be able to reliably and sustainably certify end-to-end IT services with levels of integrity and confidentiality that radically exceed current state-of-the-art, civilian and military, while at once solidly enabling only legitimate and constitutional lawful access. Both can be achieved through uniquely uncompromising “zero trust” security-by-design paradigms down to each critical life-cycle component, including the certification governance itself.

Presented: Originally presented on April 30th, 2018 in Berlin during the 5th Edition of the Free and Safe in Cyberspace Conference.

Version: 1.0

One-pager Summary:

“Recent revelations and reported security breaches have highlighted the fact that even the most stringent current IT security certifications are severely inadequate in their ability to: (a) afford citizens and organizations access to IT services and devices that can meaningfully protect their fundamental civil rights, (b) enable governments to reliably enforce their own regulations aimed at the defense of democratic sovereignty, security agencies’ capabilities and oversight, criminal prosecution, critical infrastructure, and integrity and efficacy of targeted cyber-investigations, and (c) enable an adequate security baseline for the regulation or certification of the most critical deterministic sub-systems of advanced security-critical AI systems, given their huge societal implications.

Goals (a) and (b) have increasingly revealed themselves as interlinked, since the failure of current IT security certifications to provide (a) has been in fact overwhelmingly due to at-all-costs efforts by powerful nations to retain cyber-investigation capabilities through remote and local “lawful hacking”. This has, in turn, prevented such endpoint cyber-investigation capabilities to achieve the required levels of integrity of evidence so acquired to stand the scrutiny of constitutional courts, and their own required resistance from external and internal abuse to foster the level of international intelligence exchange needed to best prosecute grave international crimes.    

In this position paper, we argue that a new cybersecurity certification body, the Trustless Computing Certification Body (“Certification Body” or “TCCB”), could and should be created. It should be suitable to confidently certify end-to-end IT services that are able to sustain levels of integrity and confidentiality radically exceeding current state-of-the-art in their resistance against state-grade remote or local hacking. It should also be suitable for the responsible exercise of citizens’ privacy, assembly, communication and political rights, except for the most sensitive political and institutional voting.  

Key paradigms will center on uniquely ultra-high levels of transparency, accountability and oversight of all critically-involved technologies, procedures and people. These include ultra-high ethical, expert and public security-review in relation to complexity”, advanced citizen-witness and citizen-jury-like oversight processes, online and in-person multi-jurisdictional secret-sharing techniques. Economic feasibility is granted by radical minimisation of features and performance, effective compartmentalisation, and critical technical stacks that are time-proven and subject to open IP regimes.  

Compliant providers – in order to prevent crimes, stave off its outlawing and cater to user need for safer key recovery – will be mandated to voluntarily (i.e. in excess of legal obligations) offer to national security agencies evaluation of their lawful access requests for adherence to law and international human rights, through an offline key or data escrow/recovery process. By applying the same safeguards used to ensure ultra-high security, and more, the inevitable added risk will be radically mitigated, resulting in compliant IT services that overall reduce the risk of abuse of end-users by anyone to levels that are radically (or at least substantially) lower than any of the other alternative secure IT systems – available today or knowingly in development – which do or do not offer such voluntary processing”.