THE PROBLEM, WITH CURRENT STANDARDS AND CERTIFICATIONS
Current highest-assurance IT security standards, standard setting and certification processes – such as Common Criteria and FIPS – have one or more of the following shortcomings:
- do not certify any complete end-2-end computing experience and device service and lifecycle, but just parts of devices, server-side service stacks or components;
- include only partially, if at all, critical hardware designs and fabrication phase;
- are developed in opaque ways by standard organizational processes that are only very indirectly (and inadequately) user- or citizen-accountable, and subject to various undue pressures;
- make dubious crypto requirements, such “national crypto standards”, including custom elliptic cryptographic curves, that leave substantial doubts about the ability of certain national agencies (and potentially others) to bypass them;
- certify devices that are embedded into or critically connected to other devices that are not subject to the same certification processes;
- have very slow and costly certification processes, due to various organizational inefficiencies and to the fact that they mostly certify large (and often new) proprietary target architectures, rather than extension of certified and open ones.
SOLUTION: TRUSTLESS COMPUTING APPROACH
All software, hardware and organization processes critically involved in the lifecycle and supply chain – including CPU, fabrication and standard setting – will uniquely be subject to:
- (A) public inspectability in their source HW & SW designs without NDA;
- (B) extreme security-review relative to complexity by highly-proficient and ethical hackers;
- (C) extremely resilient oversight of human processes, based on offline in-person citizen-witness or citizen-jury processes, to enable key recovery and legitimate lawful access procedures with safeguards against privacy abuse exceeding the best current solutions;
- (D) extremely citizen-accountable and technically-proficient certification processes.
SOLUTION: TRUSTLESS COMPUTING GOVERNANCE MODEL
The citizen-accountability and technical-proficiency of the governance and organizational processes governance of such new standard setting and certification bodies is by far the most important requirement of its sustainable effectiveness and success in promoting societal benefits. For such reason, it is is currently driven primarily by individual experts and activists that respond to such requirements. In time, we plan to attract:
- (1) a few private or academic entities with unique or advanced technical expertises;
- (2) a few key civilian and state security national agencies in democratic nations;
- (3) major global digital rights NGOs and experts; other expert stakeholders. Such new standardization and certification organization would ideally be driven by a democratic mix of public, private and/or relevant international non-profit.
Aims to (a) achieve unprecedented and constitutionally-meaningful levels of actual and perceived assurance and (b) promote open target architectures for wide-market deployment; while (c) only moderately increase disadvantages to the user and to the service provider; and (d) overall increase targeted cyber-investigation capabilities, and overall increase public safety. It expects to facilitate the emergence of open ultra-high assurance target architectures, that can greatly improve certification efficiency, lower user costs, and increase ecosystem resiliency, and establish EU as an ethical and economic leader in critical computing for wide societal use and impact.