Peakview, WAAM AND Point5 Family office join TRUSTLESS.AI as proof-of-concept partners

Geneva - February 18th 2019. As wealthy individuals seek to transfer to the digital realm the trust relationships that they have traditionally maintained with the wealth managers - a few leading wealth management firms have joined TRUSTLESS.AI in building ways for their clients to engage in remote advisory and transactions with peace of mind. These enable them to deepen and widen such trust relationship, becoming de-facto their clients’ digital confidant and digital trust provider.

As we engage target clients in the next weeks to complete the functional prototype of our Seevik Pod, we started selecting a limited number of wealth management firms, enterprises and NGOs to become our proof-of-concept or go-to-market partners.

We are happy to welcome Point5 Family Office, PeakView Private Investment Office and Wealth and Asset Management (WAAM) Solutions, as our first proof-of-concept partners bringing unique and varied market knowledge invaluable to refine our value proposition.

The Pod will enable them to far surpass their competitors in confidentiality, trust and cyber resilience, both in actuality and in perception, given our thought leadership being established via the Free and Safe in Cyberspace event series, next in Geneva on April 9-10th 2019.

They join us to co-develop a custom proof-of-concept to help us ensure our SeeVik Pod will abide to their needs, preferences and compliance requirements. They will receive a number of free device units when commercially ready.

Go-to-market partners, additionally, will be entitled to a time-limited go-to-market exclusivity - together with a few other firms with a similar amount of Assets-under-Management - in small, medium and large categories.

About TRUSTLESS.AI
A Geneva-based startup, at Fusion accelerator, building a 2mm-thin Wifi handheld device that enables wealth management firms to seamlessly deliver radically-unprecedented cybersecurity for the most sensitive computing, communications and negotiations of their client (U)HWNIs, relationship managers and executives; while solidly enabling legitimate lawful access.

About PeakView Private Investment Office
Geneva-based investment boutique, focused on managing the assets of a select number of private individuals and family offices. It acts as a strategic investment partner to clients and provides a uniquely modern, independent, and sophisticated asset management service, devoid of the conflict of interests that often characterize the offerings of larger companies. Its management has led some of the largest investment teams at leading international private banks within Europe.

About Point5 Family Office
A Geneva-based financial Institution focused in managing assets of wealthy families and individuals in the emerging markets community. They devised unique Environmental, Social and Corporate Governance (ESG) metrics to ensure better assessment of the risk, while contributing to the public good, and fighting corruption.

About Wealth and Asset Management (WAAM) Solutions SA
A Swiss-based private and institutional financial advisor boutique-company built on a commitment to challenge the private banking and fund management industry by bringing Clients innovative and tailored solutions in managing and protecting their wealth and assets.

PR Contacts:
Rufo Guerreschi, CEO of TRUSTLESS.AI
rufo@trustless.ai — +41799137280

Gerhard Knecht joins as advisor

We are honored and excited to welcome Gerhard Knecht as an advisor of TRUSTLESS.AI. Gerhard is an IT security expert and executive, who recently retired after over 30 years of experience in globally leading IT firms.

For 12 years he was the Chief Information Officer and Global Head of Information Security Services for UNYSIS Services, an household name among IT consultancy and service providers, with 20.000 staff globally and $3bn yearly revenue. Gerhard also has an illustrious career in Internal Audit and Corporate Governance, as Global Head of IT Audit at UNISYS.

Gerhard was the driver of UNISYS positioning as a provider of IT security solutions and services around novel risk management and centered on their "Zero Trust" approach. Unisys promotes the use of identity-driven micro-segmentation to isolate critical data; to enable CIOs to identify, validate and secure trusted users, devices and data flows - following the approach “never trust, always verify”.

Such concept is very similar in approach to our Trustless Computing Paradigms of the Trustless Computing Association, our non-profit arm.

We look forward to work with Gerhard to bring security-by-design principles to their ultimate realization by removing the need of assumption of unverified trust, all the way down to CPU design, fabrication oversight and even standard setting governance.

If even Trump and Bezos can't buy a shred of digital privacy

As we were reminded in recent weeks - even the richest and the most powerful individuals in the World - can't buy a device to communicate with their closest associates which is not hackable even by mid-level hackers accessing state-grade tools on the Dark Web.

How is it possible? Is it really such technological challenge? Anything we can do about it?

Apps can't cut it. Even the most secure messaging apps are wildly insufficient, since an app is only as secure as the device it runs on.

While most experts agree agree with the Israeli company that hacked the "San Bernardino iPhone" it is "hands down" the best device for privacy, it is regularly hacked even by teenage hackers or by researchers.

Ok, then why don't Trump and Bezos the World's 200,000 ultra-high net-worth individuals, with $27 trillions in combined assets, buy "military-grade" secure phones and devices which have been sold for decades by the likes of GSMK Cryptophone, Kudelski Security, Crypto AG, ectetera?

Very few do. The market for such devices is a relatively miniscule $4 billions. Few find reasons to trust such devices and, therefore, not worthed the inconvenience to carry a second device. Few trust them to do a better job than Apple that - although it has to manage huge system complexity - has greater budget, control of the supply chain, and reputation capital at stake. Plus, lack of transparency and adequate certification bodies do not even allow a comparisons among them.

But ultimately these technical problems could be solved, if they were not "by design". In fact, few trust those devices not to share regularly hidden vulnerabilities with certain nations, to enable them to fulfill their crucial mission to prevent terrorist attacks and other grave crimes.

So, therefore, every human computing device is hackable even by mid-level hackers - not because we are not technically capable enough - but because we have yet not found ways to transparently reconcile the need individual privacy and the need for legitimate cyber-investigations.

The problem is even bigger because it is becoming ever more clear that we cannot really choose between freedom and safety.

Recent US presidential elections and Facebook manipulations show how both are needed to safeguard civil freedoms, democracy and peace; and to avoid snooping nations to break their own most critical ITs.

In there anything we can do about it?

Led by the Trustless Computing Association, a few leading nations, enterprises, financial institutions and NGOs have been leading consortium initiatives and a global event series, to build new IT security paradigms, ecosystem and certification body that aim to reliably certify that a given IT system provides radically unprecedented, ultra-high and constitutionally-meaningful levels of trustworthiness while, concurrently, ensuring legitimate offline lawful access.

After 5 editions - twice in Brussels, once in New York, in Iguaçu and in Berlin, the 6th edition of such event series - Free and Safe in Cyberspace - will be held next April 9-10th in Geneva, Switzerland, in partnership with the UN World Summit on the Information Society and Fusionstartup accelerator - new home to the association and its spin-off startup TRUSTLESS.AI since October 2018.

What if digital freedom and public safety were not a choice of “either or” choice, a zero-sum game, but instead a solvable “both or neither” challenge? A challenge that is solvable primarily through time-proven trustless technologies and oversight mechanisms, and ultra-resilient and citizen-accountable standard setting and certification governance models?

Trustless Computing takes on Geneva!

After editions twice in Brussels - and once in New YorkIguazu and Berlin - we will hold the 6th Edition of the Free and Safe in Cyberspace event series in Geneva, next April 9-10th 2019. 

As for previous editions, prestigious speakers and partners will discuss how a few leading financial institutions, enterprises and NGOs can turn cybersecurity from a huge threat into a competitive advantage for them - and then digital freedom for all citizens - by spearheading a new-generation of "zero trust" IT security paradigms, certification body and IT services, that can radically exceed state-of-the-art.

We'll host day workshops at the 2019 UN World Summit on the Information Society and evening receptions at the Fintech Fusion startup accelerator in Geneva, new home since October to our startup and our non-profit arm Trustless Computing Association, building the new certifications body for which we are building a first compliant open computing base and IT device.

Join us in Geneva or Join our Movement!

We are always on the look out for value-added partners for the association; sponsor or keynote sponsors or guest for the event series. We are also open to more banks and enterprises as go-to-market partners, great talents and value-added investors for our startup spin-off TRUSTLESS.AI, as we finalize our prototype in the next weeks and expand our traction in Geneva, and beyond.

Expanding our team and traction in Geneva

Over the last 3 months, we have expanded our team in Geneva, with the addition of young and passionate assets, and engaged with a number of local private banks and global enterprises that have shown interest and provided useful feedback.

We deepened our technical partnerships, and advanced the prototyping of the SeeVik Pod, which will be ready in the next weeks for feedback from our prospective clients and commercialization partners.

Through our non-profit arm, the Trustless Computing Association, we’ve planned the 6th edition of the Free and Safe in Cyberspace next April 9-10th in Geneva, which will be our best and largest ever.

The event will further consolidate a critical mass of pioneers behind the Trustless Computing Certification Body, which will certify the radically-unprecedented security levels of our SeeVik Pod.

IMG_20190114_155056.jpg

Moving to Geneva

Four weeks after getting accepted in the prestigious Fintech Fusion acceleration in Geneva, we decided to move our main operations office in this beautiful Swiss city and private banking capital of the World.

Geneva will be our main operational and sales office indefinitely. We’ll retain our incorporation in Luxembourg, while we’ll likely move our development office to Berlin after closing of our 2nd fundraising event in Q2-Q3 2018.

In fact, in addition to providing experienced mentoring, highly-fitting industry networking opportunities, Fintech Fusion provides a unique opportunity to engage its funding partners from the banking sector, which include some of World largest banks, private banks and banking technology providers, including some of the partners include BNP Paribas, SwissRe (Credit Suisse, AMEX), Temenos, Saxo Bank, Notz Stucki, and more.

Such partners, and Switzerland role as “banking capital of the World”, perfectly align with the recent refocusing of our B2B2B and B2B2C business model that moves away from generalistic banks to private banks as our main customers; while our end-users remain ultra-high net-worth individuals and large global corporates.

Furthermore, pitch events towards local angels and VCs will take place late next month, November 2018, and then in late Q1 2019.

Jean-Pierre Pennacino joins as advisor

Following our selection to the 2018-2019 Fintech fusion program in Geneva, Switzerland, Jean-Pierre Pennacino has joined us as special advisor for the Swiss market.

Jean-Pierre is a Geneva-based senior IT and hardware cybersecurity executive with over 25 years of senior and executive positions in financial, operation and growth in leading IT companies, including PwC, Motorola, Gemalto and STMicroelectronics.


TRUSTLESS.AI chosen for the Fintech Fusion acceleration in Geneva


Following pitch finals last Monday Sept 17th - with 17 shortlisted startups from 10 countries - TRUSTLESS.AI was selected as 1 of only 9 out of 400 applicant startups a to join the 2018-2019 program of the prestigious Fintech Fusion acceleration in Geneva.

In addition to providing amazing and experienced mentoring, and great office space in Geneva, it provides for a unique opportunity to engage funding partners from the banking sector, which include some of World largest banks, private banks and banking technology providers, including some of the partners include BNP Paribas, SwissRe (Credit Suisse, AMEX), Temenos, Saxo Bank, Notz Stucki, and more.

Such partners, and Switzerland role as “banking capital of the World”, perfectly align with the recent refocusing of our B2B2B and B2B2C business model that moves away from generalistic banks to private banks as our main customers; while our end-users remain ultra-high net-worth individuals and large global corporates.

Furthermore, pitch events towards local angels and VCs will take place late next month, November 2018, and then in late Q1 2019.

Joonyoung Park joins as cofounder Executive VP of Engineering

Last June 6th, Joonyoung Park, an advisor since Oct 2016, has also joined as Cofounder and Executive VP of Engineering. He brings an incredible CV and very fitting expertises. He worked with the CEO Rufo in Seattle in 2001, and has been active advisor since 2016.

A Joonyoung led 30-staff team in Palo Alto at Kudelski, a global leader in IPTV and cybersecurity, for the design of new devices concept-to-manufacturing.

He co-managed and exited in 2018 JRC, a family-owned 200M$/yr 7-sigma electronics manufacturing plant (EMS) in South Korea. Was Chief of Engineering Staff for B2B Solution Development at LG Solutions. Was Principal Staff System Engineer at Motorola.

Last June 1st, we were selected to pitch at Tech Invest Milan, where our CEO Rufo Guerreschi gave an 8-minute pitch presentation:


   

 

 

TRUSTLESS.AI revolutionary paradigms at the center of MAY 4TH event in Berlin

The Trustless Computing Association - the non-profit organization from we at TRUSTLESS.AI spun-off in 2017 - hosted  its 5th Edition of our Free and Safe in Cyberspace conference on May 4th 2018 in Berlin.

Speakers included IT security, blockchain and GDPR experts, and digital civil rights activists, as well as current and former top cybersecurity officials of Deutsche Telekom Labs, the Austrian CIO,  the German Armed ForcesGermany Ministry of Interior, and European Defence Agency.

As for its previous 4 editions, participated by amazing speakers, the event hosted   centered on discussing and widening a consensus around solutions to the challenge that we have been tackling with TRUSTLESS.AI offering: 

  • (A) Can we create a new IT and AI security certification body - and compliant open systems - that radically exceed the security state-of-the-art? and

  • (B) If so, can we do so while at once increasing public safety and preserving legitimate and constitutional lawful access capabilities?

During the event, Rufo Guerreschi, - Executive Director of Trustless Computing Association and CEO of TRUSTLESS.AI - will present the just-published Position Paper - Case for a Trustless Computing Certification Body (pdf), which will describe and argue in detail about a proposed joint solution to the Challenge A and B described above.

 

Backdoors: why our Pod may well be the 1st IT device WITHOUT one

Many civil rights activists and activist cryptographers and IT security professional have been suggesting that we are just building a IT system and standard with a backdoor, out of incompetence or collusion with security agencies.

On the contrary, in a World where every device is broken -  at birth, by design down to CPU design and fabrication as shown by the recent scandal about Intel and about AMD CPUs - we are building the CivicPod, the FIRST IT device and service in the World which can be plausibly argued to be WITHOUT backdoors, state-sanctioned or state-inserted - for the first time since algorithmically unbreakable encryption was made wide available in the 90’s.

Backdoors are everywhere, today, and we are. 

 In fact, given extremely high plausible deniability, it is virtually impossible to ascertain which of those critical vulnerabilities are errors due to hyper-complexity or incompetency or are backdoors - stockpiled, spiffed by an insider developer or subversively inserted by nations.

 By nature of such tools and techniques - impervious to accountability and attribution when skillfully deployed - such backdoors are wildly abused and abusable by nations agents and criminals without due legal process.

 We should assume that all or nearly all devices and services available today are backdoored and hackable by large number of actors. Bruce Schneier said "I assume that all big companies are now in cahoots with the NSA, cannot be trusted, are lying to us constantly," he said. "You cannot trust any company that makes any claims of the security of their products. Not one cloud provider, not one software provider, not one hardware manufacturer. 

Though perfect security will never exist -  by uniquely implementing extreme transparency, oversight, accountability, and ethical and expert security review in relation to complexity - our certifications will spur the creation of the 1st IT systems and device in the World that removes any and all upfront unverified trust along the entire supply chain and lifecycle.

As opposed to all other systems, exploitable by nation and criminals without a proper judicial authorization, such systems will only be offered in privacy-respecting EU nations and deploy radically extreme and transparent technical and organizational safeguards - involving even citizen juries in multiple democratic jurisdictions, accountable to such certification body, an highly ethical, international, trustworthy non-profit “trusted third party” - to vet and manage the legitimacy and constitutionality of lawful access requests.

2018 may well be about endpoint security: the role of TRUSTLESS.AI

In this long post we'll argue that demand for endpoint security will explode in 2018 in all IT domains. We'll look at how leading projects like Sirin Labs Finney, Telegram TON and OpenRisc plan to meaningfully mitigate from critical vulnerabilities -  like Spectre and Meltdown - and how TRUSTLESS.AI compares and positions. 

After Snowden revealed in 2013 incredibly pervasive spying by the US and Five Eyes agencies, researchers have increasingly revealed critical vulnerabilities deep down in nearly all mainstream and high-security systems. Vulnerabilities that, apparently, so often the story goes, went unnoticed for years or decades by their makers and by western security agencies.

The public dumping of thousands of CIA hacking tools revealed Wikileaks Vault 7 and that of the source code Hacking Team platform - for the semi-automated scaling of hacking to thousands - reveals not only that state-grade targeted hacking tools are available to mid-level hackers, but also their capability to scalably exploit them.

Meanwhile, over the last 2 years, nearly all media and experts reports how end-to-end encryption apps, blockchain and open source will deliver meaningful protection to the endpoint, but they are wrong.

In fact, more than $4 billions have been raised last year via ICO by blockchain startups to bring unprecedented levels of security and immutability to nearly all economic sectors. Yet, the security that blockchains are increasingly bringing to the database/ledger level is completely lost at the endpoint edges. It is lost by the client devices used to write to it or read from it, which are more broken than ever. Cybersecurity, after all, is as good as the weakest link.

In fact, even after what we’ve learned, media still wildly overestimates the security of current of current and emerging endpoint solutions because of an uncoordinated alignment of IT providers marketing their new products and security agencies pretending that they are“going dark” in order to drive more criminals to use techs they can crack remotely.

Nonetheless, a large number of enterprise CSOs and top executives by now know better about where real costs and threats reside. While they have learned they can easily mitigate from ransomware, and quickly recover their stock valuation from the public dump of a massive user database, they understand that they are practically naked, when it comes to protecting their most sensitive communications, negotiations, trade secrets, and protecting their execs and boards from blackmailing.

This recent news, and other facts listed below, make a strong case that 2018 will be about meaningful endpoint security and that our TRUSTLESS.AI and Trustless Computing Association has a great potential to deliver - initially to all user’ most critical computing - what the World is waiting since Snowden. Let’s look into them in some more detail.

Telegram

Days ago Telegram, an app-basedsecure” messaging platform with 170M users - fast expanding its features to become a sort of non-Chinese WeChat - announced an unprecedented $500 millions ICO in order to its app-based platform a uniquely private and fast blockchain to "pay for services purely through digital tokens without relying on banks or payment processors, which are often the target of government scrutiny or censorship”.

But they haven’t and won't deliver because they inexplicably use of new obscure non-time-proven encryption protocol and for the simple fact that their security is merely app-based, and therefore completely compromisable in integrity and confidentiality, by a malware easily installed on the endpoint device, by even mid-level hackers. Also, hiding large financial transaction from a legitimate investigation is not only immoral but it will also never be allowed by large states.

MeltDown and Spectre

Last week, the public disclosure of MeltDown and Spectre vulnerabilities revealed how a large majority of modern CPUs - even for high-security scenarios - have been critically comprised in their data confidentiality for over 20 years, allowing any app or VM running on the machine to copy data and encryption key from any other running app or VM.

In a recent post, we clarify not only that our CPU is immune from such vulnerabilities but most importantly, but our overall solution and supply chain is are highly more resistant than state-of-the-art to the iper-complexities, security-through-obscurity, lack of coherent certifications and need to leave backdoors for states, that have lead to Spectre and Meltdown, and the many similar critical vulnerabilities in endpoint stacks - of even systems for high assurance scenarios - that are continuously publicized, will be publicised, and especially those that will never be discovered, or publicised, for years.

Our solution doesn’t rely on SW or HW isolation to protect against less “trusted” applications or virtual machines. It is a self-contained VPN-isolated end-to-end “computing universe” where any app that runs on it would be subject to exactly the same levels of security standards as all other technical and supply chain stacks.

Sirin Labs

Last December, Sirin Labs, the maker 15k$ cryptophone raised 157M$, to address exactly the same user problem that we are addressing. But they keep doing so in trusted way, with plenty of black-box components and processes, rather than uncompromisingly trustless way.

In a way, it is disheartening that startups based on market failed products and old trusted computing approaches are so successful in ICOs, when well funded, but yet it validates the size of the problem, as we outline in this post.

OpenRisc

In recent days, an open source CPU and SoC project, OpenRisc - widely-praised in the hacking community and mostly paid lip service by the industry - clarified their immunity to Meltdown and Spectre and stating its claims to be able to provide meaningful endpoint security through the full transparency of its source designs.

Unfortunately, OpenRisc technologies and ecosystem were never conceived to radically increase security but rather to provide for open source alternative to high-performance computing, and therefore plagued by architectural, governance and complexity choices that they made accordingly.

As a DARPA analysis of OpenRisc as a platform for ultra-high assurance computing highlights on page 9 (pdf) the huge funding and effort challenges of trying to reconcile high performance and features, with ultra-high levels of assurance.

Why Spectre and Meltdown are likely examples "state-allowed" backdoors

Nearly all think that Meltdown and Spectre were just errors by the CPU industry derived from their prioritizing performance over security, and that surely is the main "technical" reason.

Many forget that Bruce Schneier said back in 2014 that, after what we learned with Snowden, "we should assume all mainstream CPUs to be compromised" (minute 32 of https://youtu.be/rJRsanm-ODI).

In another instance, he said: "I assume that all big companies are now in cahoots with the NSA, cannot be trusted, are lying to us constantly. You cannot trust any company that makes any claims of the security of their products. Not one cloud provider, not one software provider, not one hardware manufacturer.”

There are reasons to believe that Spectre and Meltdown vulnerabilities were not just discovered 6 months ago but they were known for a long time - by one or more CPU makes and governments - who deliberately inserted or discovered and left them there to allow government (more or less) lawful access.

This is the same exact thing as "inserting" a backdoor. No difference at all. Actually, it is the best and sleekest way to place a backdoor because you have near perfect deniability by all parties involved. In fact, the discovery of this bugs translates in a temporary decline in the stock prices and more orders for Spectre-proof chips from the same vendors, which may be required to enterprise and governments for compliance to GDPR or other rules.

Just very few need to be in the know. For example CPU making executive or senior R&D staff just have to make some architectural choices rather than other ones - or close an eye on a critical bug - and then slip out a word to high-level gov agencies.

Nothing we can do about it?

No, we can remove all unverified upfront trust not only in CPU makers, but in all critical components makers, designs and fabrication processes, and even in standards-setting - and allow an extremely safeguarded offline process to allow legitimate lawful access - as we are doing at TRUSTLESS.AI and the Trustless Computing Association.

EDITED TO ADD 1/11/2018: Our Trustless Computing Paradigms, on page 8 of our Whitepaper Summary (on our site) include since 2015 this assumption, baked into all our techs, governance and supply chain:

D. MEASURE: assumes that xtremely skilled attackers are willing to devote even tens of millions of dollars to compromise the lifecycle or supply chain through legal and illegal subversion of all kinds, including economic pressures; and many tens of thousands to compromise of the individual end-user.