Everything is backdoored: why our approach minimizes the risk.

Many civil rights activists and activist cryptographers and IT security professional have been suggesting that we are just building a IT system and standard with a backdoor, out of incompetence or collusion with security agencies.

On the contrary, in a World where every device is broken -  at birth, by design down to CPU design and fabrication as shown by the recent scandal about Intel and about AMD CPUs - we are building the CivicPod, the FIRST IT device and service in the World which can be plausibly argued to be WITHOUT backdoors, state-sanctioned or state-inserted - for the first time since algorithmically unbreakable encryption was made wide available in the 90’s.

Backdoors are everywhere, today, and we are. 

 In fact, given extremely high plausible deniability, it is virtually impossible to ascertain which of those critical vulnerabilities are errors due to hyper-complexity or incompetency or are backdoors - stockpiled, spiffed by an insider developer or subversively inserted by nations.

 By nature of such tools and techniques - impervious to accountability and attribution when skillfully deployed - such backdoors are wildly abused and abusable by nations agents and criminals without due legal process.

 We should assume that all or nearly all devices and services available today are backdoored and hackable by large number of actors. Bruce Schneier said "I assume that all big companies are now in cahoots with the NSA, cannot be trusted, are lying to us constantly," he said. "You cannot trust any company that makes any claims of the security of their products. Not one cloud provider, not one software provider, not one hardware manufacturer. 

Though perfect security will never exist -  by uniquely implementing extreme transparency, oversight, accountability, and ethical and expert security review in relation to complexity - our certifications will spur the creation of the 1st IT systems and device in the World that removes any and all upfront unverified trust along the entire supply chain and lifecycle.

As opposed to all other systems, exploitable by nation and criminals without a proper judicial authorization, such systems will only be offered in privacy-respecting EU nations and deploy radically extreme and transparent technical and organizational safeguards - involving even citizen juries in multiple democratic jurisdictions, accountable to such certification body, an highly ethical, international, trustworthy non-profit “trusted third party” - to vet and manage the legitimacy and constitutionality of lawful access requests.

Rufo Guerreschi

I am a lifetime activist, entrepreneur, and researcher in the area of digital civil rights and leading-edge IT security and privacy – living between Zurich and Rome.

Cart (0)