Last November we learned that the then UK foreign minister Liz Truss was spied on for months on her mobile communications with colleagues, friends and foreign diplomats. A few days later, the president and foreign minister of Switzerland Ignazio Cassis, and 100 other top officials, were revealed to have been victims of hacking-for-hire by Indian hacker gangs, via UK legal firms. 

They are in good company. Last year alone, the sitting prime ministers of Spain and of Finland, the head of opposition of Greece and of Poland, the son of the new prime minister of Israel, and the editor of the Financial Times, suffered the same fate. The scale of this “EU Watergate” and possible solutions are detailed in a shocking 150 pages draft report on spyware presented last month by a dedicated EU Parliament committee.

Earlier this year, the UK Minister of Defense and several EU parliamentarians were fooled by foreign agents impersonating the attorney of a Russian opposition leader. Even the president of the US and his personal associates run similar risks, as detailed in 2017 by the New York Times. 

What expectation can we have that all other prime ministers - like Meloni, Macron, Scholtz, or Lula da Silva - their ministers, parliamentarians and/or their close associates are not also continuously hacked on their smartphones? Do they have access to some better magic protection tools that exceeds those of UK GCHQ for Ms Truss?

Just as concerning, current smartphones enable users to reliably delete evidence of crimes to evade criminal accountability, as shown by investigations on the US president's secret service detail and leaders of a top swiss bank, while criminals may have acquired such evidence before its deletion for use in blackmail. 

As terrible as this is for our democracies, it's just the tip of the iceberg, because the number of victims is most likely in the hundreds of thousands, as we detail below. Nearly everyone with power or money is a target or victim, including not only elected officials and politicians, but nearly all diplomats, businessmen, journalists, activists, their organizations, and their close associates inter-governmental organizations. 

This state of affairs constitutes a vital threat to our democracies and human rights, and greatly stifles and distorts diplomatic dialogue.

Are our leaders careless? Why don't they use their classified "work" phones? 

Sure, our leaders could and should be more careful, assuming their smartphones can be hacked by all kinds of culprits, but they still do "for the same reasons as the rest of us", as The Economist wrote in a recent article. 

They don't because a large majority of those they need to speak to - colleagues, parliamentarians, international colleagues, relatives, lovers - do not have"work" phones or have incompatible ones. 

They are forced to use hegemonic mobile phones, app stores and apps if they want to function at all, and even  self-censor to minimize their risks. 

Sure, they could and should be more careful, assuming that any use of their smartphone could result in blackmail, extortion or public shaming as legal or illegal snapshots of their life could be leaked to the media and published out of context or to prosecutors. 

Most of them know the risks by now, but they still do "for the same reasons as the rest of us", as The Economist wrote last month, following Liz Truss’s hack. “A similar attack on a government-issued phone would have been more difficult. But those phones are cumbersome to use. They come with long passwords that must be entered every time they are picked up; you cannot install apps you need to use without the permission of the IT department; their chat apps tend to be configured with tedious two-factor authentication. And, importantly, the daily chatter with political colleagues is not on that phone. It’s a pain to have two devices”, the British magazine goes on to say. 

They are forced to use hegemonic mobile phones, app stores and apps if they want to function at all in their job or life, while evidently, no protective tools by their security agencies are remotely sufficient. 

To make matters even worse, they are forced into extensive self-censorship to minimize the risk, with enormous costs to personal and professional effectiveness. Also, the difficulty of attributing hacks on today's devices makes it often impossible to know if a leak was due to a hacker or to the victim's interlocutor, as seen in the hack of Finnish Prime Minister Sanna Marin, fostering distrust among associates, and more self-censorship. 

Are hackers just too good? Can't those phones be made more secure? 

Every year, Apple, top Android phone makers, and cybersecurity protection suite makers, introduce new security improvements. Like a mirage, decent security is never attained. 

Why is that? Sure, state and non-state hackers keep significantly increasing their investments. Yet, we can make IT devices that are both reliably secure against the most advanced attackers and accessible to interception only to intended entities - as argued in this detailed academic paper by the Trustless Computing Association, and as shown in practice by Crypto AG, the Swiss-based western standard devices for secure diplomatic communications in the Cold War.

Two are the real root causes. First, hyper-complexity and obscurity are demanded by competition for rich entertainment performance features that are required of top-end smartphones. Second, the unconfessed need to surreptitiously ensure that several powerful nations can hack them at any time to prevent terrorist, enemy or adversary nations.

In addition, carrying an extra device may be acceptable for the most targeted persons but too cumbersome for their many sensitive non-classified interlocutors.

Is the problem limited to a few hundred top officials?

The number of those hacked or at risk is not easy to quantify or even approximate, by design. Security agencies go to great lenghts to ensure that a large number of criminals and terrorists over-estimate the security of secure mobile solutions so that they can continue their legitimate interception, while spyware and secure IT companies like Apple play along, for profit reasons. Every once in a while, the FBI pretends to be unable to hack an iPhone as in the San Bernardino case, whereby simple researchers and companies were able to.

But once in a while, some hard verified data comes around. The lawsuit that Facebook has against NSO Group provides details and proofs of 1400 WhatsApp hacked worldwide in the course of just 2 weeks. The NSO Group, just one of a dozen spyware firms in Israel alone, testified last June to the 42-strong PEGA EU Parliament Committee of spyware that over 12,000 citizens each year are hacked via their Pegasus system. 

But those numbers (1) do not include dozens of other similar spyware companies that rent or sell to nations and private groups; (2) nor do they include those hacked by security agencies of powerful nations like the US, China and Russia; (3) nor hundreds or thousands of other entities to discover, buy, steal, or just rent access to illegitimately hacking of high-profile users, as shown by Shadow Brokers and Vault 7 scandals, as consequence of the surreptitious way in which powerful nations ensure their "backdoor" access. 

Last October Kaspersky declared it had found and “fully deconstructed”  the most advanced German and UK spyware, FinFisher, enabling them to fully re-use it. The same could have been done by others. Already ten years ago powerful national security agencies like, and to a lesser extend some semi-private spyware companies, had capabilities to turn targeted surveillance into a scalable enterprise via systems and programs like the NSA FoxAcid and NSA Turbine.

Furthermore, a vast majority of these cyber crimes go undiscovered for years, if ever, as they often leave no trace, as outlined above. When discovered, they are nearly always kept secret as both victims and attackers gain from keeping them unreported. Victims are not required to disclose. Hacking of state officials are often classified as state secret.

Apple declared in 2021, the attacks should not worry because exploits: “cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users,the overwhelming majority of our users”. Their use of the term “overwhelming” is compatible with hundreds of thousands of devices hacked, which would amount to 0.01% of the 1.5 billion iPhones out there. The New York Times reported in 2018 about NSO Group: “Clients could then pay more to target additional users, saving as they spy with bulk discounts: $800,000 for an additional 100 phones.”, which brings the price to €8,000 per target (Though the price is apparently higher nowadays).  And that’s for the Rolls-Royce of hacking tools! 

From the above, we can therefore estimate that the number of victims are in many hundreds of thousands every year, while those at risk are in several millions world-wide.

As opposed to what security agencies, smartphone makes and uncritical media want us to believe those most at risk have known the truth for some time now. Pre-Covid surveys by UBS and by Northern Trust showed that the 16 million wealthiest persons in the World and family offices regard cybersecurity as their n.2 or their n.1 concern, respectively. 

It is nothing short of a public security and democratic emergency, as well as a huge market demand.

Can the solution reside in the ban or regulation of spyware?

This week, PEGA EU parliamentary committee on spyware, in line with leading global human rights organizations, published a 150 page draft report, showing how the scale of the problem is no less than an ongoing “EU Watergate”. While acknowledging the severe limitations of EU to adequately remediate given its internal decision making mechanisms, they suggest a wide array of beneficial actions that EU institutions and member states could take, mostly focused on the ban, moratorium and regulation of the use, sale and oversight of spyware by member states. 

The suggested regulation changes are direly needed, and would make a big difference, especially in the actual accountability of a nation's use of spyware towards its citizens and the EU. Even under the best case scenario of political will, even the best regulations would face vast and largely unsolvable technical and jurisdictional complexities inherent with how advanced spyware is built and deployed, that would make their enforcement only very partially effective.

Meanwhile, the prospect of a lasting moratorium or ban on the use of spyware by a EU member state or EU-wide would result in unregulated nations and criminals being able to spy, while duly authorized security agencies would not be able to intercept the most dangerous criminals.

So, banning spyware used by nations will not stop foreign hackers nor criminals. Regulation is direly needed, but can only have a very moderate impact in the best case scenario. 

Towards more comprehensive and effective solutions

So, a resolutive solution must inevitably start from somehow ensuring mobile devices are widely accessible for sensitive users that are not merely more resistant to the most sophisticated attacks but radically so. We know how to do that, as mentioned above in regards to Crypto AG, and as proven by our success in nuclear safety and civil aviation. 

But then who guarantees and oversees that the best engineering is applied and extremely powerful compromisation attempts are thwarted? How do we ensure wide adoption of such devices in a hegemonic mobile device market? How do we prevent their abuse by criminal, terrorists and adversarial nations? Suitable solutions would need to be both widely-adoptable and globally-trusted by a wide majority of sensitive persons all around the world, and reliably enable only legitimate lawful access, national and international. 

To be widely-adoptable, it must be convenient and cheap enough to be adopted by a large majority of the typical interlocutors of our elected officials and other vulnerable persons.
    Sure, we'd love to solve it with an open-source secure messaging app that everyone can review, but it can only be as secure as the device they run on. An external hardware solution would only protect from some of the hardware vulnerabilities.
  So the answer must be an additional standalone hardware device. But everyone is weary of carrying an extra device.
    Fortunately, the same miniaturization today that enables foldable phones could enable an ultra-thin minimalistic but ultra-secure device to be embedded face-out in the back of any smartphone or carried face-out in custom leather wallets, for those that prefer that. 

To be globally-trusted, all critical technical and process of the solution and its use should be openly inspectable, and minimal enough to be sufficiently inspectable.
  Given that the utmost security cannot be verified "after the sausage is made", any technical and human components, including every coder, architect, critical tech provider, chip fabrication, and user training, should be subject to full transparency, and extremely trustworthy oversight.
    Design quality and oversight should be assured by some international body, whose governance quality can be assessed by moderately educated and informed citizens, just as in properly designed democratic election processes and procedures.
  It could involve a mix of globally-diverse nations, IGOs and NGOs, randomly-sampled world citizens, and proven "ethical" experts.

To enable legitimate lawful access nationally and internationally, while sufficiently reducing the risk of its abuse, is something that highly influential US-based libertarian privacy activists and security experts have argued in several detailed papers detail cannot be done. There are instead solid practical precedents and scientific arguments that a secure-enough procedural “front-door” mechanism overseen by a global trustworthy third party, involving ultra-secure minimized IT systems.
  That was proven in practice by Crypto AG, the Swiss-based western standard devices for secure diplomatic communications in the Cold War - that was revealed to have been be owned and systematically intercepted by the CIA and its German equivalent - and argued in theory in a paper that the author published in 2018, Position Paper: Case for a Trustless Computing Certification Body - contradicting highly-influential detailed analysis by a group of US libertarian IT security experts about the impossibility, in all cases, of a secure-enough "front-door” mechanism.
  Both point to the fact that there may is a distinct possibility it could work by applying the same extreme technical and organizational safeguards, and checks and balances, to both an ultra-secure IT system and "in-person" procedural lawful access mechanisms - including via authorization by several randomly-selected citizens for national ones, and an international judicial board for international ones - both accountable to an highly trustworthy and resilient international certification body.
  While recognizing that adding a “front-door” access would inevitably add some additional potential vulnerability, we conclude that such an approach has a good chance to overall radically or at least substantially reduce the privacy risk in respect to any other alternative secure IT system available today, or knowingly in development, which does not offer such ”front-door”.

What would a solution overall look like?

A much more definitive solution could entail a small set of globally-diverse nations, NGOs and IGOs that join together to create (1) an open inter-governmental certification body to guarantee both the utmost security and safe "in-person" legitimate lawful access, as well as (2) a new product class in the form of minimalist ultra-thin mobile devices, compliant with such a body, to be embedded face-out in the back of any Android, Harmony and iOS smartphone, or carried in custom leather wallets, for all sensitive computing of prime ministers and all citizens. The project would rely on a redundant set of critical tech providers across participating nations, and open source technologies to mitigate supply chain disruption or compromisations.

A number of EU and non-EU nations recognizing the “institutional” impossibility of the EU and UN to take on such an initiative, could take matters in their own hands building such open technical solutions and inter-governmental institutions that can ensure those requirements are met - leading the way for the EU, other regional intergovernmental organizations and the UN to trail behind.

Successful Precedents

There have been similar successful initiatives, in addition to the mentioned Crypto AG, by Germany and the US. The joint definition and adoption by EU member states of the GSM standards produced two decades of EU mobile leadership. France and Germany joined to build  Franco-German ARTE public broadcasting TV channel and more recently share open standards “secure messaging mobile” platform based on Element/Matrix. 

An even more fitting, the highly successful Minitel digital platform created by the French government that by 1988 constitutued a whole digital ecosystem with 3 million users, several private and public compatible and compliant terminals (or PCs), thousands of private and public services and apps. 

While very successful, the Minitel was replaced over a few years by private PCs based on hegemonic US operating systems, due on one side to their better performance and user experience, but also as much to their higher investment due to their larger domestic and global markets, a globally- interoperable app ecosystem and private terminal/PCs, and the choice of Minitel to allow its services to run on the new US-made PCs.

Our initiative could be understood as sort of multi-governmental, mobile, ultra-secure version of the Minitel. Unlike the Minitel, it would not initially directly compete with dominant US commercial smartphones, but complement them with an adjunct hardware device, in the form of a 2mm-thin standalone mobile device. Such new devices would offer a parallel computing ecosystem that offers unique levels of privacy, trust and integrity, that US and Chinese smartphones do not and cannot offer, and citizens will crave as wearables, e-health and AI assistants make trustowrthiness a key enabler for the most advanced services. 

Would Great Cyber Powers join?

Due to their control over the leading private firms in digital IT security, the US and Israel have an apparent distinct advantage, via their ability to access better protections, better espionage capabilities, and better espionage countermeasures. 

That is a fact. Yet, the current model also creates huge collateral damages to their own national security, democracy and to their relationship with allies, so much so that we suspect they'd be open to a better and multi-lateral solution if one can be conceived and realized. 

While nearly every nation would be welcome to join such initiative, none is necessary. That said, it would be highly beneficial advantageous that a few nations that have a key role in current and future global cybersecurity architecture - like US, Israel and/or China - would join sooner or later.

Vision and Next Steps

By leveraging unique transparency levels - and participating nations' and citizens’ cooperation and oversight at all levels and stages, such new devices and related cloud services will create a parallel cyberspace to the hegemonic U.S.-Chinese ones that will enable the fair, wise and efficient dialogue that we need to foster the emergence of shared truths, deeper dialogue and coordination  among all nations - and to protect and enhance democracy, freedom and safety within liberal and social-democratic societies.  

Over time, it will become a kind of personal trust hub that will become essential for the private or sensitive digital lives citizens, such as e-health, political participation, social networking, e-banking, e-government, advanced AI-based services, for strong authentication of laptops, PCs, and cell phones, as well as for citizens’ control and interaction with wearable devices, VR/AR headsets.

Representatives of globally diverse nations and IGOs will discuss such a prospect during the 9th Edition of the Free and Safe in Cyberspace, held for a third time in Geneva, next March 14-15th 2023.

About the author: Rufo Guerreschi is a digital democracy, security and privacy activist, researcher and entrepreneur. He is ​the ​founder of the Trustless Computing Association and its spin-in startup TRUSTLESS.AI.

Last week, Andreessen Horowitz, one of the largest venture capital firms in the World, and possibly the most iconic and influential, published a vision blog post titled “The biggest company in the World.”

It starts out like this:
"We think the biggest company in the world will be a consumer health tech company."

They go on to envision why and how:
"Fast forward fifty years, what could this full stack care delivery behemoth look like? It could be a company delivering 90% of healthcare, all through smartphones. This company would allow you to access the world’s best doctors through your phone, integrating human- and software-driven diagnostics, therapeutics, and medication delivery. Hospitals would still exist for surgery and certain diagnostics and treatment, and home health workers would deliver some physical care. But for most healthcare, you’d hop on your phone, just like we do today for 90% of personal finance or commerce (a new norm which itself may have seemed like science fiction twenty years ago)."

Yes, that sounds plausible. But are current smartphones, with their structural hyper-complexity and vulnerabilities, able to become the trusted client interface to such hyper-critical AI-powered e-health services and wearables?

Maybe, starting from millions of the wealthiest, we'll all eventually have a dedicated 2nd standalone ultra-thin mobile device embedded in the back of our smartphones (accountable to an international neutral body) that will provide the necessary and radically higher privacy and integrity for such hyper-critical services - and then also do the same for sensitive communications, and social and financial interactions.

The company that will make such a device may become the exclusive gateway to all of that. Such a company would not belong in private hands. It should *bindingly* eventually be owned by a neutral democratic inter-governmental body, as per the "spin-in" model.

We are working precisely on that at TRUSTLESS.AI.

Last April 28th, 2022, we were invited - with four members of our advisory boards of our Trustless Computing Association, and several partners - to attend the Spring Forum 2022 of the Munich Cyber Security Conference (MCSC) to give a slide presentation during the MCSC Roundtable on Day 2 of our Trustless Computing Certification Body and Seevik Net initiatives, in front of representatives from industry, government and military from Germany, and several EU and non-EU member states.

As a sister initiative of the Munich Security Conference, MCSC it is arguably the leading EU high-level transatlantic and trans-European cybersecurity forum. The Chairman of MCSC is the Group CEO of the G+D group, the leading provider of government cybersecurity solutions in Germany, and owner of Secunet.

This edition was the first in-person-only, which follows two years of online-only editions in February 2022 and in April 2021. Aside from most leaders of the German cyber ecosystem, confirmed in-person panelists for this edition from the US include Chris Krebs, former Director of the Cybersecurity and Infrastructure Security Agency, and John C. Inglis, recently appointed by Biden as the 1st National Cyber Director. and former Deputy Director of the National Security Agency. The President of the BSI is usually present to all editions, to be confirmed for this one.

We explained the distinguished audience how we are building a sort of Crypto AG 2.0. As opposed to the original one, Crypto AG, it will be based on democratic multilateralism, uncompromising transparency - with a procedural front-door instead of technical back-door - available for private citizens, initially via a 2mm-thin standalone device embedded in the back of everyone’s smartphone. Initially for non-classified communications of the most sensitive EU private citizens, journalist, politicians, elected officials - and then later other IT systems, domains, and classified domains.

By taking an approach based on uncompromising technological, procedural and organizational transparency - and open multi-national co-development and testing of the core open-source battle-tested technologies - we enable leading EU and like-minded nations to affirm digital sovereignty concurrently at the national, European, allied and citizen level, as well as establish a digital platform for global dialogue and peace, among and within all nations, at all levels of society. Through its innovative and resilient legitimate lawful access mechanism, it can also be implemented mandatorily inside government to help counter subversive activities by enemies, foreign and domestic, and so therefore authoritarianism.

We’ll be gathering interested EU and like-minded nations and partners to our 9th Edition of our Free and Safe in Cyberspace, currently slated to be held in Rome next September 9-11th (but possibly to be moved to Brussels or Germany).

In the context of the new world arising after the invasion of Ukraine, we argue why and how a transatlantic initiative, led by a few EU nations, should create a new democratic digital and governance infrastructure that can represent at once a dual-use cyber/informational defense and democratic sovereignty capability initiative, as well as an open democratic global platform for fair and effective dialogue among all nations and geopolitical blocks, in line with the principles of the UN Charter.

(this post was first published as a blog post of the Trustless Computing Association, the entity from which our startup spun-out)

The invasion of Ukraine has turned out to be more than a reckless unprovoked war by a great power aiming to right perceived and actual historical wrongs. It has turned into the center stage and pitch battle of a worldwide clash of political models that has been brewing between equally-sized opposing camps, since the victors of the Cold War failed to foster a world order coherent to their declared principles and values. 

It’s an all-out war for the hearts and the minds, by all means, that risks blowing in a nuclear confrontation. It is fought within all nations and between an increasingly-coordinated camp of authoritarian regimes and a camp neo-liberal social democratic ones, aggregated around NATO and the EU not dissimilar from that which led to the 2nd World War. The authoritarian camp has been gaining ground for many years to encompass half of the world economy and population. 

While they have about equal military and technological strength, they share the same core actual and perceived political weaknesses, which are rooted in plutocracy - the concentration of economic power in a few dozens mega-billionaires, and the 0.1% of society, which expands inequalities and injustices - and propaganda - a degeneration of the digital media and communication system, which mines the trust in institutions and media systems, and the cohesiveness of society. The US top 0.1 percent owns now nearly as much as the bottom 90 percent. The 3 richest in the US own more wealth than the bottom 50%.

The EU, for its geographic position between the two blocks, its history, its economic size - and its historical relative successes in taming within its borders those weaknesses - could play a lead role to mitigate those problems to promote both peace and the advancement of the aspirational values of the West, by building a shared democratic digital communications infrastructure. 

In a moment when the US has seemingly fallen in a loop of out-of-control excesses in neoliberalism, plutocracy, internal divisions, authoritarianism and in the power of Big Tech -  the EU could take the lead in transatlantic relations via temporary “passage of the baton” with the US, but with a share governance on equal basis, aimed to decisively and timely mitigate the contradictions and degenerations of the Western model.

EU success in such a venture requires, to start, an understanding of the synergies between plutocracy and propaganda. 

While plutocrats in authoritarian countries are much more temporary instruments of the autocrat in power, western plutocrats have much large strategic autonomy over political power. Western plutocrats, which includes large US financial and tech corporations, rely their direct and indirect power to deep manipulate and divide public opinion,in order to get them to approve or obstruct regulations that shift ever more economic and political power in their hands. 

Western plutocrats rely, on their informational superiority - i.e. their ability to maintain their licit and illicit secrets and acquire instead those of others, which they have acquired in synergy and nearly on par with nation states - to exert power over politicians, civil society, global elites, politicians, journalists, competitors and other perceived adversaries.

Reining in western plutocrats and propaganda may seem impossible, as the entire global media system, outside authoritarian countries, is solidly in the hands of a few ultra-billionaire plutocrats that control leading media groups and a few globally oligopolistic platforms, like Meta, Apple or News Corporation - and their backers in the US political elites, and the financial ones, who have “bet the house” on their future valuations. 

Regulating them is nearly impossible for the EU, when 27 nations have a right to veto, and for the US, when 50 senators do - not to mention their huge lobby power. 

Yet, executive branches of a few EU nations, in coordination with key allies, could come together to build and promote a new democratic digital communications base infrastructure, in competition to those private platforms. 

Such a digital and governance infrastructure should be completely or overwhelmingly conceived to run on top of current Internet infrastructure and in compliance with current international regulations, to prevent political roadblocks. 

It should aim to ensure much improved standards security, privacy, public safety and public democratic discourse. It should seek to approximate a “free market of idea”. 

It should seek hard to implement safeguards, checks and balances, uncompromising socio-technical transparency, democratic decentralization and win-win solutions to reconcile conflicting objectives, values and rights - such as privacy and lawful access - as well as counter the risk of excessive centralization.

Similarly to the social democratic model of public broadcasters - companies, private innovators, NGO and social organization would be free to innovate on top of it, while abiding to mandatory interoperability for public applications to prevent undue concentrations of power due to network effects.

It should be conceived, from the very start, to ensure a governance that is solidly globally-representative, so as to constitute a platform for fair and effective dialogue and cooperation at all levels of society, not only within and among nations in the Western camp, but also open and appealing to third nations, and then eventually to nations and civil society in the other camp.

Though never perfect, and drought with risks, it will easily outperform current dominant western systems which have mostly been blindlessly outsourced to a few tycoons, corporations or overreaching intelligence agencies. 

Success, even just in noticeably reversing the trend of expanding plutocracy and propaganda degeneration, may turn out to be, for the West, the most effective instrument to prevail and unite hearts and minds - from Ukraine to Moscow, from Kansas city to Nairobi. 

Such a digital and governance infrastructure could, if well carefully conceived, at once: (A) help bring a critical mass of EU nations together in an integrated defence and foreign policy via the EU enhanced cooperation mechanism, while mitigating the risks of concentration of power and potential far-right degenerations; (B) improve the democratic efficiency of EU and western institutions in providing for citizens’ wellbeing, foster a constructive “coo-petition” among nations and camps ; (C) and, most importantly, constitute a fair and effective basis for global dialogue, understanding and cooperation among geopolitical blocks across all levels of society, to sustain peace and tackle global challenges.

While it is absolutely crucial that such initiative is solidly lead through transparent participatory democratic constituent processes - through democratic nations, ethical experts and citizens assemblies - it could also attract the support of other civil society entities. 

The initiative would face stark opposition from authoritarian forces and many plutocrats, and their proxies and surrogates. Yet, it could well attract some capable ultra-billionaires, and merely wealthy good-willed individuals, whose sense of responsibility towards humanity, their progeny or their legacy, may prevail over greed and cynicism, when faced with a sound plan to turn democracy into a solid instrument for promoting global public good.

After all, some of the richest plutocrats have called for “significantly” increasing taxes for the rich, and have devoted huge parts of their skills and resources to global public good initiatives, though rarely so far in democratic capacity building.

As of today, our Geneva-based startup TRUSTLESS.AI, which originated as a spin-off of the Trustless Computing Association (TCA), has signed a new agreement with that restructures their relationship into one of spin-in.

According to such specific spin-in model - similar to the German DoD Herkules, but multinational - a new signed agreement with TCA ensures that the startup spin-out TRUSTLESS.AI and Seevik Net will be mandatorily owned and controlled by TCCB - via an option acquired by TCCB to buy 100% of its shares at precisely-defined non-speculative conditions - in order to leverage private sector innovation while ensuring a highly democratic and multi-national long-term control of such a sensitive transnational democratic infrastructure.

The new structure is expected to eliminate crucial concerns that were highlighted about the previous spin-off model by governmental and semi-governmental entities - that have been invited and engaged in order to join as governance partners of Trustless Computing Certification Body, and as investors into the startup via their state-controlled cyber-only VC arms.

In fact, their formal involvement in a Trustless Computing Certification Body, that had a limited-time exclusivity for certifications with a spin-off, but independent private company, such as TRUSTLESS.AI - could have been be construed - in actuality, perception or even legal terms - as undely benefiting its private individuals, such as the startup founders, investors and shareholders.

Most importantly, the new structure ensures that the long-term control of the startup and especially of the uniquely interoperable private secure communication infrastructure, and social space they create, will be insolidly in the hands of a international democratic organization, rather than private individuals that, however ethical they may be, they don’t belong at the steering wheel of something like that, they could change their priorities, they could sale one day to an amoral, evil or even adversarial entity.

January 27th 2022. Today, as Trustless Computing Association and its startup spin-off TRUSTLESS.AI, we graduated - with another 4 startups selected among hundreds - from Fall 2021 program of MACH37, is the premiere and leading US cybersecurity accelerator, based in in Washington DC.

The main reason we accepted to join MACH37 is the opportunity to engage even more with US diplomatic and security agencies - as we have done with European countries - to convince them of the benefits of participating as early nation-state governance partners of the Trustless Computing Certification Body (TCCB) - a new IT security certification body that we established last June in Geneva during the 8th Edition of our Free and Safe in Cyberspace.

The Trustless Computing Certification Body will certify IT systems that ensure the utmost levels of privacy AND concurrently ensure international legitimate lawful access, by applying to both problems the extreme battle-tested trustless socio-technical safeguards - such as the Seevik Pod (video) and Seevik Phone (video of PoC), being built by our startup spin-out, and future IT systems produced by others.

After an intro by Steve Weinstein, and then 6-8 minutes pitches each by the 5 graduating startups, a 50 minute Q&A Session followed participate by about 60 person in the audience, made up mostly of VCs and US officials.

After our pitch, a few questions helped us clarify why a wide adoption TCCB and TCCB-compliant would not only benefits law-abiding citizens worldwide but all democratic security agencies, and especially early adopting ones, that would coming together to promote much more secure IT with a multi-national procedural "front door".

Here is the video link and timeline of our 8-minute video and deck presentation and replies to 3 questions

• 00.58.35: Our 8.30 minutes video presentation with slides.

• 01.09.00: Question 1: "How are you going to compete with Apple on mobile security?"

• 01.12.00: Question 2: "Where is the product built?"

• 01.19.54: Question 3: "How are you going to convince the CIA and similar agencies worldwide to come knock on a door in Switzerland if they need to hack for example a Swedish journalist?"

Given the importance of Question 3 the feasibility of our Trustless Computing Certification Body, and therefore of the Seevik Pod, we thought of drafting a longer version of the question and of the answer below.

“Assuming you can make a mobile IT solutions that may not be independently undetectably hacked (remote or in presence) even by the CIA, Mossad or German BND if properly used:

1. Are you saying that the CIA would be OK with being required to knock on a door in Switzerland to ask authorization to some international democratic multi-lateral body in order to be able to intercept someone like a Swedish parliamentarian, journalist, or a venture capitalist, that is client of you Seevik Pod?

2. Are you saying that the FBI would knock on a door in the US and need to convince a private jury of 5 randomly-sampled US citizens, accountable to such international body (instead of a company's attorney like in Apple's case) - in order to have lawful access to the private data of a US journalist, business man or venture capitalist?”

OUR ANSWER

Yes, that that is what we are doing.

And we believe to be well on our way to convince a critical mass of nations that engaged us in 1-to-1, and joint close-doors and public events, including several relevant current and former officials from the USA and other leading allied nations.

Why are we so optimistic?

1. First, those nations already work in a multilateral and bilateral ways to manage those issues, albeit in an obscure and complex patchwork of written and oral agreements, and de-facto practices.

   1. For example, the NSO Group, the state-regulated Israeli leader in spyware for nations in the World - recently publicly declared that it has technical limitations that prevent it from spying on US mobile numbers or mobile users while on US territory. So, similar agreements are likely in place between intelligence agencies in the US and Israel and with other allies.

   2. It is today's news that NSO Group - after being sued by 3 Big Techs, trashed by Financial Times on a weekly basis, and blacklisted by the US government (A similar story as that of Inslaw Promis in the 90s) - is negotiating a sale to a company owned by US-soldiers and the executive chairman of KoolSpan, the leading Israeli endpoint security company, Elad Yoran, practically making NSO Group "a multi-national state-controlled company that will continue to serve national security and other geopolitical interests in the Arab World.

2. Secondly, the current way such cooperation happens creates huge collateral damages for national security, citizens’ privacy, critical infrastructure security, and the resilience of the democratic system.

   1. The evidence acquired through targeted endpoint hacking has often dubious validity, and standing in court, as it is often very hard to prove "beyond a reasonable doubt" that others may have tampered with the device or evidence. For these reasons, the supreme courts of Italy, France and Germany for years consistently refuse to accept evidence so acquired, forcing security agencies to break the law by engaging in parallel construction, while the highest Israeli officials are calling out for that problem.

   2. Firmware or software upgrades, or sophisticated tampering or behaviour by the user, makes access to user data or comms at times unavailable.

   3. The sustenance of this process and access requires those nations to ensure that all IT and standards be weakened, in plausibly deniable ways, which causes critical infrastructure and citizens communications to be vulnerable to criminal and state adversaries.

3. Thirdly, in addition to all that, democratic nations that join as early governance partners to the Trustless Computing Certification Body, would enjoy many additional benefits:

   1. Be able access all needed data at rest or in transit on the device, if valid rationale is shown:

      1. with near certainty of actually obtaining access;

      2. within 1-2 hours if the urgency is warranted, and

      3. with much higher evidence integrity assurance.

   2. Radically increase the protection that law-abiding journalists, politicians, elected officials, political activists can enjoy against hacking by enemies "both foreign and domestic" for their communication, within and across nations, while at once having higher assurance to be able to investigate if duly legally authorized, as validated by a trustworthy democratic international body. (For example, NSO Group was allegedly abused to spy on political opposition inside Israel without judicial authorisation).

   3. Increase protection of their most sensitive governmental agencies and officials from hacks of the most democracy-critical or national- security-critical systems, [such as those involved in OPM hacks, SolarWinds, DNC hack, 2016 US Presidential election hacks, feed and recommendation sub-systems of dominant social media.

   4. By joining early on, they can have more influence control in the body's governance - than other nations that will join later to - to best ensure its continued ability to ensure both systems security and legitimate lawful access.

4. Fourth, for a detailed case for why the US and other leading democratic nations would benefit from joining as early governance partners of the Trustless Computing Certification Body, please refer to this page on our Trustless Computing Association website.

   1. If you want to learn more about this opportunity, please reach out to info@trustlesscomputing.org and look into our plans for a 9th Edition of the Free and Safe in Cyberspace when we’ll gather other nations interested in joining such a body.

   2. Here is our 8-minute video pitch with slides to MACH37 Demo Day.

   3. If you think that only a few thousands are those law.abiding citizens that are hacked on their iPhone, we invite you to read this sobering White Paper that we have compiled with the latest information of how wide the client endpoint hacking problem is.

Can the future of humanity in the Age of AI be a wildly positive one?

Read below to learn why the answer is "Yes", and our key role in making it happen.

The unstoppable acceleration in AI capabilities and in the availability of personal data has the potential to greatly improve our personal health and wellbeing, social life, and peaceful coexistence - if sanely and wisely harnessed.

Yet, the lack of proper regulation and the War on Terrorism has produced mobile devices, social media, and human communications being utterly insecure, hyper-complex, and subject to flawed business models.

These increasingly enable a few companies and public agencies to deeply manipulate us for narrow profit or political interests via their direct and obscure control, hacking or gaming of the systems, or buying of targeted ads.

This has been fast eroding liberty and democracy within and among nations, as we see from the rapid demise in the US and worldwide, just when we must come together as free nations and free human beings to successfully tackle global challenges.

Even the most targeted for profit or politics, and most critical for functioning democracy, can't buy their way out. In fact, they are the most targeted for extortion, spying, fraud, and manipulation.

That's why we are building an ultra-secure 2mm-thin handheld personal computer, carried in a custom leather wallet or embedded in the back of your next smartphones, and a democratic Trustless Computing Certification Body that independently ensures both radically unprecedented privacy, security, and democratic control, as well as legitimate lawful access.

Surveys show how cybersecurity is the n.1 concern of even millions of the wealthiest among us and their close associates. The more money they make, the bigger their cybersecurity problem becomes! So our venture has not only an immense potential positive impact on the public good but also huge profit potential!

How will we bridge the network effect? Starting from the top, as Facebook did. Once established as the default for powerful, wealthy, famous, activists and elected officials - as a sort of "365 days, 24/7, digital World Economic Forum" - our platform business model and a cross-subsidization from wealthier end-users, will enable us to sell the hardware at sub-cost so that it'll eventually become affordable to tens of millions, and then all.

Our Trustless Computing Certification Body, and our startup techs, will expand to cover more critical IT and AI domains - with its uniquely trustless and comprehensive approach and democratic and resilient governance - creating the premiere World benchmark to ensure the most critical ITs and advanced AIs will be safe, human-aligned, and democratically controlled.

For more, see our site: www.trustless.ai. You don't want to miss short videos on our homepage, our Seevik Wallet product video, our Seevik Phone PoC device demo, or our Founder Personal Intro. More here about the Trustless Computing Certification Body being built by the NGO from which we spun off.

If you want to be part of this mission, reach out to us as we are actively seeking for more investors, clients and talents.

WHITE PAPER

Published on: July 28th, 2021
Authored by:  Trustless Computing Association and its spin-out startup TRUSTLESS.AI.

In this white paper, preceded by a 2-pager Executive Summary, we analyze recent news reports and experts’ analysis about the widespread hacking of the smartphones of law-abiding persons. We’ll examine why the number of law-abiding persons that are seriously at risk of being continuously and undetectably hacked is not in the thousands but in the hundreds of thousands. We then propose a radical mitigation of such problem via a new international democratic governance body that will certify end-to-2nd IT systems for digital human communications that radically exceed the state-of-the-art in personal privacy and security, while concurrently ensuring solid international legitimate lawful access. Lastly, we’ll examine why that is not only in the best interest of those citizens, and our democracies, but also of powerful western security agencies. 

Executive Summary

Last week, headlines worldwide were raging about a leaked dataset of 50,000 phone numbers that indicated a possible widespread continuous undetected hacking of the high-profile law-abiding citizens by governmental clients of the Israeli surveillance company NSO Group.

The size of the scandal, and the many uncertainties surrounding it, have brought to the fore the question of how can we prevent such abuses, and even more crucially a wide controversy around how big the problem of such pervasive hacking of smartphones by NSO clients and other entities really is. Some are claiming it involves only a few thousand victims and others that it extends to hundreds of thousands or even millions.

Apple declared that the “overwhelming majority” should not worry, while the CEO of NSO says you should “absolutely trust” in your Android or iOS phone unless you are a criminal, “of the Bin Laden kind”. Both have an economic interest in minimizing.

While hard data is hard to get or carefully hidden, Snowden estimated that if the current Wild West market of vulnerabilities - and the inaction of secure smartphone makers - continue, then the number of victims can soon become 50 million. 

As we argue below, by analyzing what we learned in recent years, one can conclude that the number of law-abiding persons that have a significant risk of being undetectably hacked can well be in the hundreds of thousands or even millions. There are also solid reasons to believe that wealthy companies and persons may be the majority of those hacked - for profit instead of for political motive as criminal groups acquire more and more of capabilities of nations, and that innumerable others can rent those capabilities for a moderate price and minimal risk.

If the problem is so widespread, what are the consequences for society? if we are right, and it is at least in the hundreds of thousands, it is nothing less than a global emergency for democracy and civil rights as a few actors with informational superiority are in a position to control, blackmail, extort, and spy on the 99.999% remaining of the people of the World, turning our World into a Hacker Republic.

Are there are the solutions to this democratic emergency?

Much has been written these days about requiring stringent international standards,  such as by Kaye and Schaake, at least among democratic nations, for how these tools are traded, used, and accounted for. Yet, even if that was enacted, enforcement and attribution would be very hard, and restrains on the provisioning of such tools to authoritarian entities will be replaced by other authoritarian nations and criminal groups, and our intelligence agencies would lose important visibility they rely on to prevent terrorism and irresponsible nuclear proliferation.

A few others, especially IT security experts have started questioning if Apple and other smartphone makers are really doing all their best to prevent this hacking. If with the best technicians and unlimited financial resources Apple cannot there be only one or both of two reasons: (a) a radical minimization of system and supply chains complexity is needed, and/or (b) somehow someone succeeds in making so that those devices are always, at any given time, hackable remotely and undetectably by several powerful nations.

We believe the key solution is to merge both of these two approaches together via a single new international democratic institution.

Such a body, launched last month in Geneva, and called Trustless Computing Certification Body (TCCB), will certify that given IT systems dedicated to sensitive human communications ensure both levels of security and privacy radically higher than state-of-the-art, and concurrently ensuring international legitimate lawful access.

Such a body will offer all nations to state their case for any need for lawful access request, on a voluntary basis as no legal mandate exist. Such requests are vetted by a jury-like body of citizens, for local requests, or by a committee of former international judges, for international requests by nations participating in the governance of the body. Those subject to a highly democratic, competent and resilient international governance structure and statute of such body. All this without changing a single law.

If we have stirred your interest so far ;-) then book some time, to read our detailed analysis and case below in this white paper.

We’ll analyze all this in steps, in this white paper. We’ll start by analyzing the recent “NSO 50k Affair”, to then deeply analyze if this is a problem for a few thousand people or for hundreds of thousands. We’ll then look at a proposed solution, and analyze how it breaks away from the zero-sum game downwards spiral to realize a wide-ranging win-win solution that advances both civil liberties and public safety, just like we did with the social contracts we conceived and implemented when we created our democratic constitutions in the pre-digital era.

1. The NSO 50k Affair

Last week, the leading Israeli spyware company NSO Group was for several days on top of the headlines around the World. Seventeen leading World news organizations presented the results of a year-long joint investigation around a dataset of 50,000 phone numbers, of yet unknown origin, which allegedly lists persons “targeted” for hacking worldwide by about 20 governmental clients of the NSO Group. 

Hundreds of journalists, parliamentarians, activists, 12 heads of state, and directors of major media organizations were included. A forensic analysis by Amnesty International and Citizen Lab of a few dozen of the smartphones 9o to those numbers found that half of them were hacked, or attempted to be hacked. 

Much is still unclear and may remain so, since we are deep into spy territory. What is the source and origin of the dataset? How many of those 50,000 on the list were hacked? How many were attempted to be hacked? Was that list, instead, a sort of full or partial “wish list” of NSO governmental clients, most of which were eventually turned down ex-post by NSO and/or via vetting processes by Israeli authorities? And many other key questions linger on. 

Regardless of these unanswered questions, most media outlets jumped to the early conclusions in headlines and also in articles that those 50,000 persons were all hacked, or attempted to be hacked. 

Also, NSO Group was depicted as an evil entity, and the only company doing this, while the crucial role they and similar entities in preventing international terrorism to dangerous nuclear proliferation were nearly completely ignored, in a shameful lack of gratefulness. 

2. A Dangerous World

Unfortunately, we live in an increasingly dangerous World, full of divisions, blind doctrinal beliefs, deep-seated hatred, and large-scale disinformation that lead many of our fellow humans to violence, terrorism, war and subversion of democracy.  

While over 30% of Americans believe the Presidential elections were stolen, we know there are over 30 million ISIS sympathizers in Arab countries. 

Meanwhile, a recreational drone can easily be weaponized with information available on the Internet to spread chemical, radioactive or biological agents to kill millions. IT and AI-driven innovations in all sectors are lowering the resources needed to weaponized technologies for huge harm. 

Yet, the need to prevent the bad guys has spurred the creation of regimes of pervasive private and state surveillance, that have nearly eliminated civil rights, accrue huge power of manipulation of public consent in a few hands,  and are fast eroding democracy itself, at home and abroad, contributing to a slide towards authoritarianism in a feedback loop. 

3. A Crisis of Informational Superiority and Democracy 

The laws and programs our western nations have enacted to prevent terrorists and rogue nations from abusing encryption to commit grave crimes have created a huge asymmetry in informational superiority that is fast widening at an accelerated pace.

On one side, a few dozens of tech ultra-billionaires and nation-state elites can protect their information and spy on the information of others. 

On the other side, the remaining 99.999% of us, including millions of journalists, elected officials, politicians, activists, wealthy businessmen, and their associates, who have nowhere to hide and we are hacked via powerful AI in social media feeds into buying not just their products, but their idea and candidates, and fake news. 

This widening informational asymmetry translates into an equivalent financial, power and political asymmetry that not only creates huge disparities of wealth, prevents to further reduce poverty and sickness but, even most importantly, prevents humanity from coming together as free human beings to rationally and democratically tackle the unprecedented challenges and opportunities facing it in the years to come. 

4. Awareness and Sizing the Problem

The NSO 50k affair has lead journalists and analysts to re-analyze the revelations of news of recent years about how vulnerable even the most sensitive law-abiding persons in society are to devastating and extended abuses of their privacy, at the hand of participants in a billion-dollar shady market of hacking tools made of nations, criminals, researchers and state-regulated companies like NSO.

Many have started realizing that the root problem is that even the most secure smartphones out there are by far not as secure as they were believed to be, how they should be, or how they could be, while secure messaging apps cannot be more secure than the device they run on.

Yes, huge questions have still gone unanswered: Who has a substantial risk of being hacked?  Is it a few thousands, or is it hundreds of thousands, or millions?
Which are the most targeted demographics? 

5. Who and How Many are at Risk? NSO and Apple answer

Both NSO and Apple rushed to minimize the scope of the problems, which aligns with their direct economic and reputational interests.

Apple declared a few days back: “Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.”

Their use of the term “overwhelming” is compatible with millions of devices hacked, which would amount to 0.1% of the 1.5 billion iPhones out there. Yes, those tools “cost millions of dollars” to develop by are then sold and used by many, and sometimes stolen or leaked. They state that iPhone exploits “often have a short shelf life”, admitting how there are some critical vulnerabilities, as widely reported, that have not been fixed even though they have been (inexplicably?) exploited at scale by powerful governments (and others?) for years. They, also state that they “continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data” but, if they do, and year on year the weaknesses do not improve, how much can we trust that they are trying hard enough?

Meanwhile, NSO Group CEO Hulio declared: “The people that are not criminals, not the Bin Ladens of the world—there’s nothing to be afraid of. They can absolutely trust the security and privacy of their Google and Apple devices.”. These statements comment themselves after what we have learned. Of course, you don’t need to be Bin Laden to be illegitimately intercepted by NSO clients or other entities. Of course, suggesting that all those that are not criminals (of the Bin Laden kind) should have “absolute trust” in their Google and Apple devices is a wild and irresponsible statement after what we have learned in these years. 

Security agencies also have a huge interest to minimize, because if most or all criminals knew how hackable their IT was they would not abuse them, and get busted. That is why the FBI (most likely) staged an act for months pretending not to be able to open an iPhone, when there were several companies and researchers (but not the NSA?) able to do so.

6. Who and How Many are at Risk? What is the cost of attacking a given person? Are you at risk? Let’s see. 

There is no way to quantify precisely how many have a high chance to be singled out for such hacking, but many bits of evidence support the case that millions or tens of millions of high-profile individuals may be currently hacked, or potentially hacked any day, or in the near future as estimated by Edward Snowden, if this way of things continues.

That includes over 100,000 elected parliamentarians and national politicians around the World, tens of thousands of front-line journalists and activists - and their close associates - hacked for political motives. But also hundreds of thousands of executive and wealthy individuals, and their close associates, targeted primarily for profit motives.

Although NSO tends to stay on the leading-edge, similar capabilities are offered by many other companies and are available independently to several powerful nations.  

Given technical and "political" limitations of NSO Group tools, clients purchase systems and services from multiple vendors from other countries, even 20 at once in some cases, to hack targets in their wish list that are blocked by one provider and to leverage advantages that some tools may have on certain target IT systems at a given time. 

Major known vendors are from Germany, France, US, and Italy. It is also likely that many nations acquire similar tools from nations like Russia and China. Also, many nations, several different agencies have separate contracts with the same provider. 

In addition, many governments that are clients of hacking tools also often invest greatly to build their one tools and capabilities, hiring dozens of expensive mercenary hackers, and sometimes top former western operatives, and rely on a billion-dollar black market of exploits and hacking systems made up of brokers, ethical researchers and criminals. 

There are another 170 nations that have not been mentioned in this recent NSO scandal, many of which can be expected to operate similarly, purchasing tools from other vendors, and developing their own capabilities. 

A phone number is often all it takes to take full control undetectably for months and years of the victim's phone. Most hacks happen remotely via messages from sources apparently known or trustworthy to the victims, or via no-click messages on iMessage or WhatsApp. Some are quickly fixed while others, while some (unexplainably?) remain exploitable for years. Hacks of Android devices often leave no traces even to forensic of the most advanced labs in the World. 

The need of the nations of origin of the hacking system providers to limit who gets hacked (NSO excludes number from the US or temporarily in the US), the difficulty of ex-post security audit of such systems, and the ease of hiding one's tracks in today's IT, often allow intelligence agencies to “piggyback” on systems like NSO Pegasus to spy on those such clients spy on. 

Even more concerning, those or similar capabilities are available to dozens or hundreds of criminal groups, more or less connected to a state, that autonomously develop such tools or come in their possession via leaks like Vault 7 and like Shadow Brokers, or even entire infrastructures such as via the Hacking Team hack - and most concerning of all innumerable others that can “rent” their capabilities at moderate cost and minimal risk.

Furthermore, the lawsuit that Facebook has against NSO provides details and proofs of 1400 WhatsApp hacked in the course of 2 weeks (!). This means 35.000 persons whose phone was completely taken over by NSO tools over one year. 

The hacking by NSO clients is overwhelmingly driven by political motives to maintain the current elected government or regime in power, by stifling, discrediting and anticipating the actions of dissents, critics and opposition, and blackmailing them by spying on their relative wrongdoings or socially questionable practices. 

Yet, a similarly huge problem is criminals have only a profit motive and so, therefore, tend to use such tools for extortion, ransomware, blackmail, and financial fraud attacks on the World's wealthiest individuals and firms. They may do so autonomously or be hired by brokers on behalf of other less technical criminals,  competitors, adversaries, former family members, or employees. 

How much does it cost in money and risk to attack a single person? 

There is much confusion as we read news that a hacking tool (expolit) for the iPhone can cost up to $1-2 million on the Dark Web. But the truth is that the costs and risks for an adversary to hack pretty much anyone - except a few chosen one that received special crypto devices (supposedly safer) from nations states - is very low because many of those tools scale quite well. Yes, some of them get regularly burned from overuse, but other ones stay on for years (how come?), and fresh ones are found all the time by a shady billion dollars industry of nations, firms, criminals and researchers. 

Although NSO’s Pegasus is the Roll Royce of hacking tools, t costs about $10,000 dollar for undetectably hacking continually any target user, as reported by he New York Times in 2018: “NSO Group charged $500,000 to set a client up with the Pegasus system, and then charged an additional fee to actually infiltrate people’s phones. At the time, the costs were reportedly $650,000 to hack 10 iPhone or Android users, or $500,000 to infiltrate five BlackBerry users. Clients could then pay more to target additional users, saving as they spy with bulk discounts: $800,000 for an additional 100 phones, $500,000 for an extra 50 phones, and so on. NSO would also reportedly charge 17 percent of what the clients had paid over the course of a year as an annual maintenance fee. According to Forbidden Stories, NSO’s contract with Saudi Arabia alone is worth up to $55 million”.

Ok, but then how can the dozens of powerful state and criminal entities that have these capabilities operationally hack and manage hundreds or thousands of devices and persons while minimizing discovery? Well already ten years ago powerful national agencies like the NSA had capabilities to turn targeted surveillance into a scalable enterprise via systems and programs like NSA FoxAcid, NSA Turbine and similar functionality offered (or at least marketed) by private equivalents like the Italian Hacking Team RCS. Ten years later we can well expect that more advanced AI and algorithms are even more effective at making targeted hacking completely automated or semi-automated at scale.

In light of what we’ve learned, the lofty claims of security by companies like Apple, Signal, sound very allow and less than genuine. Meanwhile, the self-defense guides by associations like EFF, ACLU or The Intercept may have been unwittingly but tragically misguided, placing many many activists and journalists in very danger over these years, by overestimating, still today, substantially the protection offered by the best tools or the most elaborate precautions.

Security agencies are happy to play along in supporting the overestimation of the security of current secure IT, so as to be able to intercept them as needed and be able to cry for “going dark” once in a while to make sure their capabilities are not diminished by new laws.

7. Why this widespread Hacking is our Worst threat to Democracy

Given the huge scale of this hacking, this state of affairs has huge costs for the targeted individuals and for society-at-large. For those individuals, there is a huge loss of civil rights, freedoms, frauds and risk for bodily harm. For our society-at-large, there is a huge cost in terms of democratic sovereignty, freedom of the press, and freedom of assembly. 

Even worse, as the UN High Commissioner for Human Rights Michelle Bachelet argues, this leads to self-censorship, whereby all need to assume that excerpts of any of their communications could be used by an adversary for evil purposes. And even more after these revelations.

The dilemma at the root of the NSO 50k Affair is indeed very hard to solve, and getting harder: how can we concurrently satisfy the two crucial and vital needs of (a) affirming civil rights in cyberspace while (b) preventing very grave crimes through abuse of encryption?

8. Why are we in this situation?

To solve the problem we first need to understand how we got here.

The root problem is that we live in a semi-anarchic World - one without any sane collective democratic governance - where dangerous technologies, people, and nations abound. Fortunately, some nations have taken on themselves the responsibility to protect themselves and the rest of the World against those huge global risks that can easily lead large-scale loss of life, conflict, and threats to democratic institutions.

To protect our safety, nations have had a vested interest in inserting, letting in, and managing subtle weaknesses in all secure IT and IT security standards used for human communications, in a plausibly deniable way, to ensure access for themselves at all times. 

To date, the need for public safety has prevailed, so nations have proceeded to ensure that no-one in the World, except authorized officials, can access IT that enables them to escape surveillance if that is legally authorized. That has served their cyber-investigation capability very well.

Yet, the collateral damage have been enormous. In fact, we also live in a World sliding towards authoritarianism, where widespread privacy abuses by authoritarian governments of dissidents, journalists, opposition figures, and their associates, has become a more and more decisive instrument for the long-term entrenching of their authoritarian power, as we’ve seen happen especially in China, but much also elsewhere, and pretty much everywhere, really.

So, therefore, safeguarding the safety, democracy and civil rights within our western nations, and internationally, requires both the enablement of cyber-investigation capability and protection from privacy abuse from state and non-state. 

Somehow, secure IT providers like Apple, even with nearly infinite R&D resources, always end up with their devices, like the iPhone, somehow (??!!) always short of being hackable at scale, at any given time, by at least a number of large nation-states. 

How come when there is a huge demand for higher levels of security, when family offices and high net-worth individuals, accruing $60 trillion in assets, see cybersecurity as their n.1 and their n.2 concerns? 

So, it may very well not be an accident. In fact, we are really good at security and safety engineering and standards, as only 1 out of 16 million commercial flights result in an accident. Meanwhile, 1.5 billion phones are made every year, each hackable by innumerable actors. The truth is all IT because safety trumps privacy when given a stark choice, in the mind of both governments and the people that elect them. 

There can be only 2 rational explanations or a mix of the two.

One, it could be that the increasing hyper-complexity of their systems and supply chain needed to offer even faster and richer user experience and entertainment, to keep us glued to such devices, is incompatible with achieving high-enough security. 

Two, it could be a deliberate activity by Apple and/or some of its employees, to leave in critical bugs that are discovered during development or internal testing (so-called “bug-doors”), and share those with governments, in plausibly deniable ways, or just let them find them. 

In fact, the two requirements go along well: being able to push complexity beyond what would be rational to maintain the target security levels, enables Apple and its competitors to offer a richer and richer experience, at the expense of our freedoms, as we’ve seen.

9. Is there a solution to this “NSO 50% dilemma”?

The dilemma at the root of the NSO affair is indeed very hard to solve, and getting harder: how can we concurrently satisfy the vital need to affirm civil rights in cyberspace, and the vital need to prevent grave crimes through abuse of encryption?

At the Trustless Computing Association and its spin-out startup TRUSTLESS.AI, are building a new Swiss-based ultra-resilient international democratic governance body that will certify IT systems for digital human communications that will radically exceed state-of-the-art in privacy, security, and democratic control, while concurrently ensuring international legitimate lawful access, by applying to both extreme battle-tested socio-technical safeguards, the Trustless Computing Paradigms.

Such Trustless Computing Paradigms include, among others, these unique requirements for a compliant IT service: (a) transparency of the source designs of the critical hardware and software components; (b) extreme level of “ethically-aligned” security review in relation to complexity; (3) wide utilization of citizen-witness and citizen-jury mechanisms within the lifecycle; (4) inclusion of the presumable motives of key staff, executive and shareholders, as a key element of trustworthiness. 

We use the word “radically” as the best quantitative approximation of the target security levels of TCCB, whereby perfect security will never exist, and incremental improvements are useless to the user given how low the current bar is. 

Last June 24-25th, during the 8th edition of Free and Safe in Cyberspace conference series in Geneva/online, we formally and finalized and established the Trustless Computing Certification Body (or “TCCB”), with World-class partners, advisors, and speakers, including top IT security experts, former top cyber diplomats from leading nations, and executives of top EU banks.

Meanwhile, the startup spin-out is building the 1st TCCB-compliant open target architecture, open computing base, and end-end IT system. It is building a TCCB-compliant private cloud and a standalone 2mm-thin personal computer - embedded in a custom leather wallet or in the back of smartphones of all price levels.

While being a stand-alone personal computer, it seamlessly complements your smartphone for Internet connection, data transfers, and 2-way multi-factor authentication.

Governance is absolutely central to the aims of the TCCB. Governance is "where the buck stops": the ultimate point of failure and the source of all present and future trustworthiness, actual and perceived, of TCCB-certified IT services. Its governance and statutes are thus conceived with the utmost care to maximize the likelihood it will sustainably remain highly citizens-accountable, technically proficient, effective, altruistic and resilient to undue processes from powerful state and non-state actors.

10. Is TCCB really in the interest of powerful nation-states?

The wide adoption of TCCB, we believe, would be in the best overall interest of powerful western nations, like the US and Israel, and even just in the narrower interest of their security agencies. 

Although the TCCB can be governed with suitable global accountability, competence and resiliency without asking any government permission, or any legislative change, and without the participation in the governance of a balanced mix of nations, the latest is highly desirable and to reinforce its actual and perceived democratic accountability.

TCCB will enact battle-proven and novel socio-technical safeguards - down to the hardware fabrication - to ensure both ultra-high levels of user security and privacy AND the resilience of a procedural in-person "front-door" mechanism, involving highly resilient and representative international judges and citizen-jury processes. 

TCCB will commit to evaluating cyber-investigation requests submitted by participating nations in return for their binding commitment to disclose to TCCB, and only to it, the vulnerabilities they find in those systems.

Participating nations could increase the availability of much more trustworthy IT for their most sensitive systems for human communications and transactions, public and private, while retaining their ability to access when there is a legitimate need or mandate. 

Participating nations would also enable their politicians, journalists, activists, and elected officials, with the utmost protection against all attackers, foreign and domestic, to protect national sovereignty and democracy.

Participating nations could eventually extend those certifications as preferred or mandatory for the critical subsystems of the most sensitive public and private systems - such as electoral systems, critical infrastructure, and dominant social media platforms - to further protect democracy, safety, and national security.

Yes, in a scenario of the wide roll-out of TCCB, powerful participating nations would lose their arbitrary ability to hack into such IT systems. Yet, arguably, their cyber-investigation capability would overall improve.

In fact, currently, targeted state endpoint hacking has substantial issues of consistency and often produces untrustworthy evidence and intelligence, due to several reasons: target devices are updated providing temporary “going dard” problems; there is a high probability of concurrent undetected hacking by multiple entities on the same device - and the fact that such systems are often designed to make forensic analysis harder rather than easier In fact, evidence so acquired via state trojan is structurally contested by highest civilian courts in Germany and France, as well as in Italy.

As highlighted by Rami Efrati, former Head of Cyber Division of the Prime Minister Office of Israel, during a recent university lecture (min 9.35), intelligence agencies' legitimate hacking capability is often inconsistent, as a consequence of the fact that all IT end-points are broken at multiple levels. 

With TCCB, instead, cyber-investigation requests by participating nations for such IT systems would be ensured to produce the data of a legitimate suspect or criminal in a timely manner, and produce evidence that is much more attributable and, therefore, to stand as valid evidence in the highest courts.  Lawful access requests could be processed within 1-2 hours, in urgent cases. 

In addition, all end-users of a TCCB-compliant system will need to undergo state-of-the-art background checks and KYC (know-your-customer), and very strong initial biometric authentication, reducing further the risk of abuse.

11. How will it work if a nation submits a lawful access request?

As detailed in our TCCB Cloud, an integral part of the Trustless Computing Paradigms:

“Nations that choose to join the TCCB governance, with its benefits and obligations - and nations where a TCCB-certified Cloud locates one of its hosting rooms - are guaranteed the ability to submit a lawful access request to the TCCB or to a local TCCB Provider, which will be handled according to the TCCB Cloud process, which is summarized here below: 

1. If the access request is by the national government (meaning one where one of the three redundant hosting rooms of the TCCB Cloud is located) - or by a foreign government, whose access request is appropriated by such government - then such request will be: 

   1. vetted in their due process (not in the evidence) by a TCCB Jury, a jury made of 5 or more random-sampled citizens of such national government and 2 random-sampled parliamentarians of local national jurisdiction, which will act as both citizen-jury and citizen-witnesses. Every 3 months, 15 are sampled and instructed. When the need arises, 10 are randomly called, as soon as 5 arrive, the process can begin.

   2. If the request is approved by the TCCB Jury, the Jury proceeds to physically provide access to the request data and/or keys of a specific user, according to the approved part of the request.

2. If the access request is by a foreign government, then such request will be:

   1. vetted by a TCCB Judicial Board, made of 15 recognized experts in international law, civil rights, and public security, who have been elected or appointed to high offices, such as a leading international court, the highest court of a large democratic nation. Deliberation will happen remotely using TCCB-compliant devices to provide the utmost confidentiality safeguard of the evidence being analyzed.  The Board decision will assess the “legitimacy” for each request by evaluating the furnished and autonomously-acquired evidence to determine to what extent the request complies with the national legislation where TCCB is based (Switzerland currently), and it maximizes:

      1. Compliance to and promotion of international civil rights and civil rights norms.

      2. Promotion of international security and safety.

      3. Compliance to laws and constitutions of the jurisdiction of the requester and the target.

   2. If the request is approved in full or in part by the TCCB Judicial Board, then the TCCB Jury will be instructed and ordered to allow access to specific users’ data and/or keys according to the approved part of the request.”

12. Dealing with Geo-political and National Security requirements

Often powerful nations “piggyback” (ie. “hack into”) surveillance tools and programs used by other nations - including those sold by their own state-regulated companies - in order to acquire valuable intelligence while further minimizing the risk of being discovered and maximizing plausible deniability. This activity has genuine value for promoting national and international security but, as we’ve seen, creates huge problems for civil rights and democratic accountability.

Should TCCB-complaint IT systems be made widely available in countries with a high concentration of radicalized persons, and lead by unreliable governments, powerful western nations like Israel, US and Germany, could lose some of the leverage and control they currently hold towards governments intelligence apparatus through the provisioning of hacking tools, which is important to promote pressing national and international security needs.

But that can be mitigated in several ways. The traditional leverage gained by selling them hacking tools, could be replaced by selling ultra-secure IT that is TCCB-compliant, and beyond, that enables them to be protected from anyone spying on them, except when the international TCCB Judicial Board decides a legitimate investigation is warranted.

By selling TCCB-compliant IT systems in the private and governmental markets, TCCB participating nations and their state-regulated cyber champions can take a lead in the global market of cybersecurity, secure communications and other markets where cybersecurity will be a key competitive advantage, like advanced AI and autonomous systems. 

Israel itself could make up lost business from NSO by several orders of magnitude, by being best positioned in a leadership position considering that 41% of global cybersecurity investments are in Israeli companies, as reported this week by Israel’s new Prime Minister Naftali Bennett. 

In fact, the uniquely transparent and trustworthy security assessment process of TCCB, and radically mitigating the actual and perceived risk of “bug-doors” or backdoors in IT systems, which has substantially limited the market of their IT in sensitive domains, and create a very distinct objective competitive advantage versus highly competitive but autocratic competitors, like China.

TCCB early participating nations could then acquire an early innovation and economic advantage in a crucial market and domains, promote a renewed cyber soft power to increase their geopolitical dominance while making civil rights and democracy stronger, and the World more secure and safe.  

In line with this vision, Jake Sullivan, Biden’s appointed US National Security Adviser stated last month that new true global soft-power leadership in security, privacy and democratic social networks - and not just in words and rhetoric, but in objective solid and transparent standards, could even be key to leadership in the AI race with China.  

On the same line, the US National Security Commission on Artificial Intelligence reports: “The United States can use diplomacy and leverage its global partnerships to advocate for establishing privacy-protecting technical standards and norms in international bodies, and it can work with like-minded nations to ensure that other nations have an alternative to embracing China’s technology and methods of social control and access to technologies that protect democratic values like privacy”.

13. From TCCB towards Cyber Peace

Since TCCB certifications will also require much higher levels of forensic-friendliness - participating nations would benefit from much improved - and internationally and objectively provable - cyber attribution capability for cyber incidents involving TCCB-compliant systems.  

As a resulting benefit, as the number of participating nations increase and more of their critical systems are TCCB certified - those nations would realistically be able to engage in enforceable cyber treaties and/or in fair and responsible retribution for grave violations of international norms, contributing substantially to cyber peace and therefore World peace. 

NOTES:
*A correction was added on July 30th to the 2nd paragraph to clarify how the estimates of hundreds of thousands or millions refers to all hacking entities and not only NSO clients.

Last June 24-25th, during the 8th edition of the Free and Safe in Cyberspace conference in Geneva and Zoom, the Trustless Computing Certification Body was established in Geneva, with the participation of World-class speakers, including top IT security experts, the former top cyber diplomats, executives of top EU banks, and many of our advisors.

TCCB will be a new Swiss-based ultra-resilient international democratic governance body that will certify IT systems for digital human communications that will radically exceed state-of-the-art in privacy, security, and democratic control, while concurrently ensuring international legitimate lawful access, through its Trustless Computing Paradigms.

Such Trustless Computing Paradigms include, among others, these unique requirements for a compliant IT service: (a) transparency of the source designs of the critical hardware and software components; (b) extreme level of “ethically-aligned” security review in relation to complexity; (3) wide utilization of citizen-witness and citizen-jury mechanisms within the lifecycle; (4) inclusion of the presumable motives of key staff, executive and shareholders, as a key element of trustworthiness (as we learned from Crypto Ag and Anom affairs).

100% of why you have confidence that our Seevik Wallet offers radically unprecedented levels of trustworthiness derives entirely from the fact that it is certified by the Trustless Computing Certification Body. Also, 100% of our startup unique competitive advantage and defensibility, comes from the fact that, as startup spin-out of the Trustless Computing Association, we have a limited-exclusive agreement with the Trustless Computing Certification Body for certification for our specific domains and markets.

TCCB and Seevik Net

As the outcome of years of work by outstanding advisors and R&D partners, and speakers of the previous editions of the conference series, in 3 continents, we held workshops and panels leading to the finalization of the socio-technical principles, governance, and statute of the Trustless Computing Certification Body (TCCB) to radically advance the realm of the possible in levels of IT security, freedoms and democratic accountability.

The TCCB is a new Swiss-based ultra-resilient international democratic governance body that will certify IT systems for digital human communications that will radically exceed state-of-the-art in privacy, security, and democratic control, while concurrently ensuring international legitimate lawful access, through its Trustless Computing Paradigms.

Such Trustless Computing Paradigms include, among others, these unique requirements for a compliant IT service: (a) transparency of the source designs of the critical hardware and software components; (b) extreme level of “ethically-aligned” security review in relation to complexity; (3) wide utilization of citizen-witness and citizen-jury mechanisms within the lifecycle; (4) inclusion of the presumable motives of key staff, executive and shareholders, as a key element of trustworthiness.

Roadmap Ahead

In about 20 months, Seevik Net will initially be available to millions of the most targeted law-abiding citizens via such TCCB-compliant 2mm-thin personal computer, the Seevik Pod, carried in a custom leather wallet, and later available to all embedded in the back of smartphones at all price levels, to enable anyone to affirm democracy and liberties in cyberspace for their private digital lives.

In our vision, the unique levels of IT trustworthiness and democratic accountability of the Trustless Computing Certification Body will foster, and become an enabler for, the development, deployment, and democratic certification of advanced Article Intelligence with radically higher levels of confidentiality, integrity, trustworthiness, and democratic accountability, on both the client and server-side, that will be key to a positive future of humanity in the Age of AI.

For more read the TCA and TCCB our roadmap. and join us to help.

Signal is widely regarded as the most secure messaging app because it is open-source, end-to-end encrypted, extensively tested by experts, and recommended by top privacy activists. Threema is a close second and has the same characteristics.

During the second week of January, Signal downloads reached 8.8 million with an increase of 3000% over the previous week, adding to its tens of millions of users.

Earlier that week, millions of citizens flocked to it in search of a safe haven for privacy, and replacements for close-circle social networking, following WhatsApp’s announcement of new data sharing with its parent Facebook led to endorsements by personalities. 

Later the same week, Trump and large numbers of far-right pro-Trump extremists, groups, and disinformation and propaganda operatives were kicked out by mainstream social media platforms - and extremist apps were shut down by mobile stores - following the storming of the US Capitol Hill. This lead to large numbers of those same persons and groups to download Signal, and other similar apps like Telegram, to exploit its obscurity to engage in insurrection plans and disinformation activities.

This indicates both the great potential of Signal to improve our digital sphere, as well as the huge challenges it faces to prevent its abuses.

Let’s look into it. 

Due to the strength of its encryption, Signal communications can only be hacked by installing malware on the user’s device. Yet, secure messaging cannot be more secure than the device they run on.

Meanwhile, even the most secure devices, like an iPhone, are remotely hackable by most nations, state-sponsored hackers, as well as by any private person willing to take a limited risk and invest between few tens to hundreds of thousands of dollars, by hiring suitable private or state hackers. Once hacked victims can also be continuously spied at very-low marginal costs, through platforms like NSA Turbine, NSA FoxAcid, and their private markets equivalents. The cost is lower if the hacker came into physical possession.

The cost is even lower if the device enters in temporary physical possession of thousands of entities that purchase such hacking capabilities - including many US public school districts - or persons close to them.

So, therefore, Signal offers some useful added privacy to ordinary citizens with very low inconvenience, but its level of privacy is wildly insufficient for the 1% among us that are most targeted illegitimately for political or economic reasons: the ones who really need it for themselves, and that we need in order to sustain a democratic society.

As opposed to all other messaging or social networking apps - that are not have end-to-end encryption or not strong enough - Signal cannot be subject to large-scale lawful interception by nations via illegitimate lawful access requests on the server-side - nor by nations and other entities via other server-side hacks. So, therefore, it hinders large-scale server-side privacy abuses, which is great. But it also hinders legitimate lawful access, which is very bad. 

Signal allows for group discussions, but since governments and criminals can hack a single member, they can therefore hack the message of small groups simply by hacking one of the members. Yet, since Signal groups can have up to 1000 members, this makes it very hard or impossible for law enforcement agencies to detect or stop crimes consisting of large-scale illegal propaganda, disinformation, or hate campaigns, such as those engaged by pro-Trump rioters in Parler. 

They cannot stop large groups engaging in wide-scale criminal activities, such as those that incite insurrectionist extremist mobs, or other radicalization activities, at home and abroad. Brazil and Myanmar are stark examples of the abuse of secure messaging apps like WhatsApp to spread disinformation that resulted in shifts to elector authoritarian regimes.

Signal mitigates such a problem by requiring a phone number for the account, though it is replaceable and not tied to the user’s mobile phone card, which gives governments more access to its user’s metadata: who interacts with who, when, or where. Signal could possibly further mitigate in the near future by imposing limits on the sharing of information and size of groups, as done for some time by WhatsApp. It may well have to start actively policing its users and taking down groups, as Telegram has started doing last week.

So, Signal is not able to prevent its abuse for grave crimes, that involve large numbers of users as victims or perpetrators.

In conclusion, though it is a great application delivering some privacy to ordinary citizens, we have to ask ourselves: is Signal really the model that can replace our messaging and social media to sustain our rights of privacy, freedom of assembly, freedom of speech, social networking? Can it also concurrently and reliably prevent grave crimes that can affect us, others, or society at large?

Signal and similar apps cannot deliver privacy and security of personal and group communications that are needed and demanded by the 1% of persons that are most targeted by governments’ and criminals’ illegitimate or illegal hacking. These include journalists, politicians, activists, elected officials, and of the wealthy, the preferred target of cybercriminals. A UBS survey found that the 16 million high net worth individuals identify cybersecurity as their second greatest concern after “their country politics”. These persons really need the utmost privacy to regain peace of mind, freedom, and protect against extortions, blackmail, financial frauds, physical safety threats, and just intrusions in their intimate life. Paradoxically, the more money those wealthy persons have, the less cybersecurity they can buy, at whatever cost.

Nor can Signal and similar apps can deliver wide social spaces that prevent and restrict fake news, disinformation, propaganda, hate, frauds, and other crimes that may affect or target you or your close associates, even when law enforcement acquires external evidence of those crimes. It doesn’t offer a place where you can network with friends, family, and colleagues in a democratic and fair way, without being manipulated by powerful disinformation, political and hate campaigns, via bots, trolls, and fake news. 

Nor Signal, as is, can ever grow into becoming a better substitute of current mainstream social media networks, with larger groups and social media feeds, for the reasons explained above. If it will, every time we’ll venture out of our small close groups, we’ll find ourselves in a Wild West, worse than Twitter and Facebook, without the shred of a state sheriff or a private moderator in sight, that can prevent the worst. We’ll have no way to distinguish legit groups and citizens from fake ones. No way to distinguish fellow citizens from advertisers, criminals, political operatives, and bots trying to manipulate you, to sell you, or even hurt you. 

At TRUSTLESS.AI, we are building the Seevik Net to fill exactly those gaps, for the 1% most in need. 

It is centered on a Seevik Cloud and a Seevik Pod, a stylish user-friendly 2mm-thin personal computer that users will buy in 3-10 units for themselves and their close personal and business associates. It is carried in the back of custom leather wallets in many different styles. It is meant to complement and not replace your secure messaging apps and social media, which you’ll still need for your less sensitive communications with those that don’t have a Seevik Pod. 

Initially, it is reserved for the 1% that are most economically and politically targeted, including executive staff and clients large private banks, and large companies.

Seevik Net will be the digital equivalent of your living room, where you can safely and freely engage with your family, friends, and guests in an enjoyable, human, respectful, and democratic way. We’d all love to achieve the same benefits, or even remotely close, via an app, but it is impossible, just like in the physical world we expect our living room to be separated by a wall from public urban spaces.

Seevik Net is not only used to safely connect with your close associates but your new private and democratic public sphere, your social media of choice, where you can be-friend similar-minded persons and groups; post, share, learn and discuss your passions; discuss news in a way that is enjoyable and conducive to a civil and deliberative discussion; were referenced and evidence-based posts, with a certified origin, are given preference. You’ll be able to communicate, network, transact, and much more with dozens of third-party apps.

We achieve such levels of privacy, security, and democratic control of the resulting media space, via an uncompromising zero-trust approach down to CPU design and fabrication oversight - and a transparent solution to the need for legitimate in-person lawful access - as validated by a highly democratic and resilient Trustless Computing Certification Body, promoted by our non-profit arm.

In the long run, the Pod will become the default backscreen of tens of millions of Android phones (video), complementing our digital public sphere with a vibrant and secure private sphere. Users of partnering secure messaging apps, like Signal or Threema, will be able to share the same secure and democratic social space offered by the Seevik Cloud, albeit without the unique levels of privacy and security offered only by the Pod.

(to comment, like, comment ore share refer to this Linkedin post)
This blog post was also published on Dec 11th 2020 on the Geneva newspaper Le Temps)

Last November 25th a reportage article from the Swiss public TV program Rundschau made public how Omnisec AG, another leading Swiss encryption maker was also controlled or compromised by US and German secret services. We also learned how it may have affected the confidentiality of IT systems used by the UBS Group, the World’s largest wealth manager. Rundschau was the same media that co-led the reportage on Crypto AG and Infoguard AG last February. 

This is not news or surprising to experts. Yet, until now, few media articles made connections between the documented fact that top Swiss private banks were for decades clients of the InfoGuard AG, which was until 2018 a "sister company" of Crypto AG. Most media did not explore what this information meant for the confidentiality of Swiss private banking. In fact, scant information was publicly available about the nature and scope of such commercial relationships. 

Though banks may well have been unaware of such foreign spying, they indirectly benefited from a priceless unparalleled know-your-customer service, enabling them to avoid engaging with the most dangerous criminals or rogue states. This ultimately was good for the banks, for Switzerland, and for World peace and security.

Two years ago, Omnisec AG was closed while Infoguard AG ownership was formally transferred to a few long-time top managers of the company. 

In response to these changes, some of those banks appear to continue using Infoguard AG for their most sensitive internal communications - and it remains up to speculation if foreign nations' influence has been maintained - while others have partly or fully moved for some use cases to other solutions based on home-made or Swiss ultra-secure messaging apps, like Threema - running on mainstream mobile devices "secured" through advanced anti-malware systems.

These software-only solutions cannot provide the same level of protection as hardware solutions, since an app can never be more secure than the device it runs on. These solutions remain therefore vulnerable not only to powerful nations - allied and non-allied, and without accountability - but also and most concerningly to advanced criminal organizations and less powerful nations. 

It is estimated that a large majority of confidentiality hacks remain undiscovered (because the longer the undiscovered spying, the more valuable to the attacker) or unreported (as both victim and attacker have no interest in publicity). Nevertheless, the vulnerability and other failures of such new software-based approaches have emerged in regards to Credit Suisse in a recent internal spying scandal and caused it substantial and ongoing public image, regulatory, and economic damage.  

Paradoxically, these software solutions also cause at times law enforcement to be unable to access evidence ex-post due to strong encryption, which may have been acquired by criminals previously through malware running on the device during their use, with grave risks for blackmailing or worse.

This less than ideal situation opens up an opportunity for those banks to explore new ways to achieve the utmost confidentiality for internal and client communications, while concurrently enabling legitimate international law enforcement. This alternative could be based on deep democratic control and transparency applied to both the IT systems and to the mechanisms used to enable legitimate lawful access. 

This alternative could be based on deep democratic control and transparency applied to both the IT systems and to the mechanisms used to enable legitimate lawful access.

We have been building exactly that alternative at the Swiss-based Trustless Computing Association and its spinoff startup TRUSTLESS.AI - both based in Zurich and Geneva - in the form of a new Trustless Computing Certification Body, and a new ultra-portable 2mm-thin PC compliant to such standards. 

Through such an alternative, not only can Swiss private banks can better protect their confidentiality, and that of their clients, while ensuring legitimate international lawful access, but they can also turn a huge headache into a great opportunity to become the digital trust providers of their clients, deepening of their trust relationship, increasing clients’ convenience, offering of additional services, and improving their PR in a time of global crisis.

For more details on how our proposed alternative, please refer to this recent long post, which explores how our Trustless Computing Certification Body initiative relates to the recent calls by western countries for mandated backdoors while strengthening encryptions, and to the new US administration under Joe Biden, and how it can be enacted within existing laws, and in the benefit of all key players involved.

In this long post, we analyze recent legislative developments in Switzerland and Germany that show progress in their positioning to promote international human rights in the area of IT, by radically improving IT security standards and certifications for the most sensitive domains. We analyze how ensuring legitimate lawful access within such new standards remains a crucial requirement for public security, the current challenges of security agencies ensuring such access, and how such need can be reconciled while increasing overall the ability of such agencies to fulfill their missions.

——————————————————————————

Recent intelligence revelations, supreme court rulings and referendum initiatives in Switzerland and Germany are pointing to an increasing will by their elected officials and citizens to differentiate themselves from the US, China, Russia in finding ways to protect public security while concurrently protecting international human rights, at home and abroad.

In this day and age, when trust in institutions and digital technologies is at an all-time low, this may turn into a key for economic growth and positioning in the most crucial and emerging IT sectors, increase digital sovereignty, protect the democratic process, and increase their soft power globally, in a time when both China and US soft power are rapidly decreasing.

There is an opportunity for Germany and Switzerland, and other EU nations, to lead the EU and then NATO in finding new ways – more resilient and transparent ways - to reconcile the needs to enforce a constitutionally-meaningful level of digital liberties to citizens (and elected officials, journalists, and politicians!) - and the need to ensure effective cyber-investigation ability nationally and internationally to prevent grave crimes.

Swiss citizens want to mandate Swiss firms to respect human right globally

After a long process including counterproposals by Swiss public entities, we learned last month that the Swiss Responsible Business Initiative will be put to vote to the Swiss people this November. Such a Swiss referendum initiative submitted in 2016 by dozens of Swiss and international NGOs to mandate that Swiss firms and international firms they control must “respect internationally recognized human rights and international environmental standards, also abroad”.

As of May 2020, ““78% of eligible voters would vote in favor of the Responsible Business Initiative”, growing from 65% last year.

The terms of the initiative would relate very much to the activity by Swiss firms that sell cyber-defense solutions (such as Crypto AG, Crypto International, InfoGuard) that may greatly compromise human rights by including backdoors that could enable some governments and other third parties to illegitimately intercept other government, firms or individuals.

The initiative text (pdf) states “Companies are required to carry out appropriate due diligence. This means in particular that they must: identify real and potential impacts on internationally recognized human rights and the environment; take appropriate measures to prevent the violation of internationally recognized human rights and international environmental standards, cease existing violations, and account for the actions taken”. “The scope of the due diligence to be carried out depends on the risks to the environment and human rights. In the process of regulating mandatory due diligence, the legislator is to take into account the needs of small and medium-sized companies that have limited risks of this kind. “

Swiss government refuses to reinstate Crypto International AG export licenses

Last week, the Swiss Federal Council has decided to extend blocking all pending individual export requests by Crypto International AG until the ongoing criminal investigations have been completed.  Such block extends a December 2019 suspension of the general export license mandated by the Swiss Minister of Economics, Guy Parmelin, former Minister of Defense.

Crypto International AG was purchased in 2018 by the Swedish entrepreneur, Andreas Linde, during the liquidation of Crypto AG – the Swiss provider of top-security IT to 130 nations governments and intelligence, which we officially learned last February was owned by the CIA, and 50% by German BND till 1994, which created his company (for sales abroad) and CyOne for sales only to the Swiss government. The company last month decided to fire all their 80 Swiss-based staff, while the owner this week re-established the company under a new name, Asperiq AG.

How will this decision affect the image of Switzerland as a leader in IT security and privacy solutions for governments, firms, and persons? What will be the principles to be applied to approve future export license requests? If they license IT services/devices that are not interceptable by allies security agencies, they risk promoting terrorism and breaching the Wassenaar Agreements. If they license IT services/devices with backdoors, then they risk breaching the democratic sovereignty of nations and the good faith of innocent users.

Maybe our Trustless Computing Certification Body could provide an alternative?

German Supreme Court extends the Germans’ humans rights to all

Following a recent ruling of the German Supreme Court, a Der Spiegel article reports that the leading German think-tank on surveillance and intelligence has suggested that the legislative enactments mandated by such ruling, include extensive strengthening and democratization of intelligence oversight mechanisms and safeguards.

Such ruling states that oversight is insufficient and it should be applied equally to German and foreign citizens, unprecedented in intelligence regulation globally. From such an article:

"The study also suggests creating an advisory board to the new control council. In addition to representatives from science, civil society and the private sector, this advisory board will also include IT experts who can ensure that intelligence services control also meets the latest technical developments." "The study suggests that the proposed control architecture should ensure that the protection of fundamental rights is no longer differentiated on the basis of nationality, but "purely functional."

Why Security Agencies need new ways to ensure their top-end non-governmental targeted lawful hacking

Crypto AG was a perfect solution for law enforcement and intelligence agencies of US, Germany and Switzerland - and for the Five Eyes and Maximator alliances - until it lasted.

Long before the public revelation last February that Crypto AG being owned by CIA and German BND, state adversaries, terrorists, and top criminals stopped trusting Swiss top secure IT for their most sensitive communications. With the end of the Cold War, with the progressive emergence of the truth about Crypto AG after the 1992 Hans Buehler scandal, the rich and powerful started increasingly using a wide variety of ever-changing and more complex IT systems - which such agencies do not directly control, as they did Crypto AG and similar. Many kept purchasing them for lack of less bad solutions, and because of the network effect, but nearly all used them while assuming they were intercepted.

Since then, these powerful western nations have had to rely on a patchwork of vulnerabilities embedded in all tech and standards, at birth, by design, with unreliable access, and severe collateral damages.

Therefore it has become much more messy and complicated for CIA, BND, Swiss Intelligence, and other intelligence agencies to carry on their legitimate work in intercepting criminals and rogue nations.

In this new Wild West, intelligence agencies have no other choice but to increase their investments and shrewdness in a race to far outcompete nations and resourced criminal syndicates as the greatest stockpilers of multiple critical vulnerabilities of exploits in ALL systems. This is achieved by trying to stay the first buyers, inserters, and stockpilers of fresh, new, and "plausibly deniable" critical vulnerabilities. 

Their legitimate hacking capability is less consistent and produces less reliable evidence and intelligence, due to the high probability of concurrent undetected hacking by multiple entities - and the fact that such systems are often designed to make forensic analysis harder rather than easier - so much so that evidence so acquired is structurally contested by highest civilian courts in Germany and France, as well as in Italy.

As highlighted by Rami Efrati, former Head of Cyber Division of Prime Minster Office of Israel, during a university lecture (from min 9.35) as a consequence of everything being broken, intelligence agencies’ legitimate hacking capability is less consistent and produces less reliable evidence and intelligence, due to the high probability of concurrent undetected hacking by multiple entities - and the fact that such systems are often designed to make forensic analysis harder rather than easier.

Often law enforcement or intelligence need to resort to parallel construction to acquire evidence that will stand in court, but at a variable cost in terms of compliance to regulations.

The problem is even more significant because it is becoming ever more apparent that we cannot choose between freedom and public safety. That is because, in the process of maximizing their mission security agencies have not only eliminated the privacy of citizens and active citizens but even broken by design even the technologies, standards and certifications that are used by their own government for the most critical system to maintain a genuinely democratic regime - and therefore, in turn, public safety, favoring the fraudulent undemocratic emergence of autocratic regimes in western nations.   

Examples of that are the continued compromisation of by NSA of the US NIST standardization body, and the hacking of the US Office for Personnel Management, of western elected officials and heads of state like Angel Merkel, of the US Democratic National Committee, the terrible state of electronic electoral voting systems, and the 2016 and 2020 US Presidential elections as well as the utter vulnerability of mainstream social media networks, like Facebook, to large-scale hacking and illegal manipulations.

Conclusions

There may be a case for Switzerland, and a few other Western nations, to turn the Crypto AG affair, from a public image and economic development disaster, into an opportunity to clearly re-establish their moral authority and soft power in digital civil liberties surveillance affairs, in the face of emerging eastern autocratic regimes, while also reaping the economic benefits of increased market trust.

Such nations could join together replace methods that worked great in the past and until they lasted, while concurrently improve the ability of intelligence agencies to pursue their essential mission to surveil private individuals and

They could join to lead in the creation of new Switzerland-based international standards and certifications – for secure digital communications systems only for use by private non-governmental individuals and organizations - that will safely and transparently reconcile the legitimate cyber-investigation needs of law enforcement and intelligence agencies, with the need of meaningful privacy of ordinary and politically-exposed citizens.

Since 2015, our Trustless Computing Association and its spin-off startup have been building a uniquely accountable, resilient and independent Trustless Computing Certification Body (“TCCB”) – and an initial compliant open ecosystem, computing base and 2mm-thin human computing device – aimed to achieve radically-unprecedented levels of trustworthiness for the confidentiality and integrity of the most critical IT systems, for private non-governmental entities, while concurrently ensuring legitimate lawful access, to prevent criminal abuse. We detail such a vision in a recent blog post: From Crypto AG to Trustless Computing: a Vision for Swiss Leadership in Digital Trust.

In a September 2019 survey, carried out by Digital Switzerland, well before the Crypto AG Affair Swiss revealed that nearly two-thirds of Swiss citizens are worried about the loss of privacy online. A majority (62%) “want to see more regulation for new technologies and the Internet”. There was even support among those surveyed for ”an independent oversight body set up by the state”.

In regards to the traction of such Trustless Computing Certification Body initiative, I encourage you to review and a recent blog post, that summarises the 7th Edition of the Free and Safe in Cyberspace Conference series, that we hosted last January 29th in Zurich. As for the previous edition, its only focus has been to expand the consensus around the TCCB initiative. A Pre-Conference was held the same day reserved to entities actively interested to join as founding members, adhered by Digital Switzerland, Swiss Ministry of Finance, Credit Suisse, Sberbank, Accenture, InfoGuard, ETH, SATW, and others.

Exactly one month after the bombshell revelations that the CIA and the German BND owned Crypto AG and controlled its "sister company" InfoGuard - for decades, respectively, the most trusted secure communications providers to the heads of states of 130 nations and of top private banks - a Spring reportage by Rene Jaun gauged the response of leading Swiss IT security firms.

The scandal greatly impacts the actual and perceived trustworthiness of Swiss and Swiss-based IT security sector. For decades, Swiss IT security and confidentiality - ensured by laws, Swiss neutral status and technical prowess - has been a key locational advantage for huge corporations in the area of life sciences, oil, private banking and other critical sectors.

Yet, it mostly impacts firms targeting the most high-risk customers, public and private, but also overwhelmingly providers of IT confidentiality - one of the 3 canonical parts of IT security, in addition to integrity and availability. That is because powerful western national security agencies are way more interested in spying on the communications and transactions of the World’s most powerful and rich and are instead highly vested in preventing major IT integrity or availability failures to the financial system of a key allied country, where 25% of cross-border global wealth is managed.

The Swiss IT confidentiality market has been quite small, not having realized much of the potential out there. Even though the 2013 Snowden revelations resulted in Forrester Research forecasting a 180 billion market for providers offering the level of privacy that US companies could not offer, the Swiss market realized only a fraction of that potential, while US and Israeli companies have thrived.

Swiss IT confidentiality providers are mostly split in client-side and server-side providers - with a few providing both, like Securosys, and hardware companies packaging their offering as managed services, including training, emergency response, and more.

Swiss client-side IT confidentiality providers, mostly aimed at the most high-risk individuals, banking and enterprises users, include the “off springs” of Crypto AG (Crypto International, CyOne, InfoGuard), Kudelski Security, and fast growing startups like ProtonMail, and Threema, which collectively constitute a small business with a few hundreds of millions francs in revenue and a few hundred employees in Switzerland.

A substantially larger market is constituted by Swiss secure data centers, that have leveraged their Swiss incorporation, laws, neutrality and engineering excellence - as key locational advantage their claims of globally-unique levels of confidentiality, even against the pressures or subversive hacks by foreign and domestic security agencies - in addition to integrity and availability, even in times of War.

The reaction of leading Swiss IT security firms to the Crypto AG scandal has mostly been silent or statements indicating that they'll mostly "carry on as before" ("weiterzumachen wie bisher" as they say here in Zurich). A few proposed improvements equivalent to a band-aid on a bullet wound, some calling for a “manifesto of principles”, while others listed safeguards that they already have in place that supposedly should make backdoors impossible.

Nick Mayencourt, the organizer of the largest Swiss IT security conference, Swiss Cyber Security Days, calling for a minimization of the affair stating that "the real scandal here is the scandal of the scandal." Others, like Securosys - Swiss excellence in IT security, that secures $100 billion of financial transactions every day - have explained in a recent interview to CNN how the safeguards they already have in place ensure them against backdoors.

Prof. Stefan Frei, an employee of the US-based Accenture consultancy, has come forward claiming that their supply-chain security standards initiative would solve the Crypto AG problem, forgetting (?) that "trust cannot be added to integrated circuits after fabrication". Many have started to ask if the levels of transparency and external independent oversight in Threema and in ProtonMail - two Swiss cryptographic excellencies, with millions of users World-wide - are sufficient in a post-Crypto AG World to deliver the levels of confidentiality that they promise - even though their solution as app/browser-based, so they cannot be more secure than the device they run on.

There has been no survey published yet on the impact of the Crypto AG affair - and after revelations that even Bezos cannot protect his most sensitive personal communications - on the level of trust that high-net-worth individuals have in Swiss private banks and Swiss private banks client-side hardware and software solutions. But it surely has overall decreased the general trust of high and ultra-high net-worth individuals -  a key demographic for the Swiss economy. Even before the scandal, current IT security solutions were considered by them so inadequate that a recent survey by UBS Group found that cybersecurity is their second greatest concern, after “their country politics”, while Switzerland “was the only region to cite data privacy as a top-three concern”.

Sure, sitting and waiting for a while helps the storm quiet down, and the stirred waters settle and surely mitigate the short-term damage.

But there will surely be a long-lasting and deep impact, if not changes are put in place. An increased Swiss parliamentary oversight over the intelligence services will surely come about. But that is not sufficient.

Unless the Swiss government or economy actors set up meaningful changes, Swiss and Swiss-based IT security companies, large and especially innovative startups - that are not mainly dependent on captive Swiss clients - may well find it more advantageous to move to Israel, Germany or even the US where, at least, investors for larger rounds are much more available and market opportunities much larger.

In fact, Kudelski, the largest and oldest Swiss IT security leader together with Crypto AG whose  CEO is  the President of the Swiss main innovation funding agency InnoSuisse - has started moving a large part or most of its R&D and production offices to the USA.

Some leading early-stage cybersecurity startups, like the bright team at XorLab, are also reconsidering the advantages of being in Switzerland. We have been invited by a former head of the cybersecurity division of Israeli Prime Minister to have meetings with investors, partners, and clients in Tel Aviv, to explore our move there.

Let's hope that a few large industry actors of the Swiss economy, like enterprises, industry associations or private banks - with the formal or informal endorsement of the federal government - can set in place a more active strategy,  than just sit and wait.

One strategy could be to set out to turn the Crypto AG affair, from a public image disaster, into an opportunity for Switzerland to shed the baggage of the needed compromises of the Cold War, by leading in the creation of Swiss-led international standards and certifications that will transparently reconcile the legitimate needs of law enforcement and intelligence agencies with the need of meaningful privacy of our personal and social communications.

In a September 2019 survey, carried out by Digital Switzerland, well before the Crypto AG Affair Swiss revealed that nearly two-thirds of Swiss citizens are worried about the loss of privacy online. A majority (62%) “want to see more regulation for new technologies and the Internet”. There was even support among those surveyed for ”an independent oversight body set up by the state”.

As TRUSTLESS.AI and Trustless Computing Association, we have a very concrete vision for a new voluntary Trustless Computing Certification Body that can re-establish on solid grounds Swiss leadership in IT security, and in the promotion of influential new international bodies and treaties on the most critical aspects of our Digital Age. We detail such a vision in a recent blog post: From Crypto AG to Trustless Computing: a Vision for Swiss Leadership in Digital Trust.