Last January 29th, 2020 - just two weeks before the Crypto AG Affair bombshell revelations - our  Trustless Computing Association, and its spin-off startup TRUSTLESS.AI, gathered leading IT security experts and Swiss institutions in Zurich for the 7th Edition of Free and Safe in Cyberspace Conference and Pre-Conference. 

As in previous editions, we discussed and further widened a consensus around new IT security paradigms and certifications aimed to achieve radically-unprecedented privacy and security for the most sensitive human communications and transactions, while concurrently ensuring legitimate and constitutional lawful access.

Among the participating panelists and keynoters, leaders from Digital Switzerland, Credit Suisse, ETH, Sberbank, Swiss Academy of Engineering Sciences (SATW), Accenture, ElectroSuisse, ICT Switzerland, Swiss Federal Ministry of Finance, Information Security Society Switzerland (ISSS), In the Cyber, InfoGuard, and Kryptus. See the event home page for a 5-minute video trailer and videos.

As the Crypto AG Affair further proved - given the scope of World conflicts and threats, and the ever-increasing ability of even small groups for individuals to cause significant human harm - we cannot hope ever to have access to IT systems delivering meaningful digital privacy and security unless there will continue to be ways for western security agencies governments to execute intercept or search and seizure orders, at least when they are legitimately mandated and authorized to do so.

In other words, "we can't choose between personal freedom and public safety. It is a both or neither challenge" as the slogan of our Free and Safe in Cyberspace Conference Series states. 

Why Nearly everything is hackable by numerous unaccountable actors

The dire need for a solution to this dichotomy was confirmed by recent revelations about the Jeff Bezos hack, and Crypto AG and its "sister company," which made it finally clear to the general public that even the richest persons or the heads of state most countries of the World, cannot buy IT systems that can meaningfully protect even their most sensitive digital communications. 

What is paradoxical is that they can't protect themselves, not only from abusive powerful nations but even from vast numbers of unaccountable and criminal state and non-state hacking entities. 

The latter is due to the popular ways by which the security agencies of such nations go about fulfilling their missions. 

Firstly, as the Crypto AG scandal confirmed, powerful nations cumulatively spend tens of billions each year inserting, hiding and purchasing critical vulnerabilities in ALL systems for enabling their targeted and massive surveillance, including buying and investing in crucial firms, infiltrating them or their supply chains, and pressuring them in myriad ways. If the actions of CIA in Crypto AG were so brazen, yes so successful for decades, and if even Swiss authorities were so "blind," we can expect such subversive actions to be ongoing on all companies in Switzerland, NATO countries and worldwide that offer the highest levels of confidentiality of data and metadata of communications or financial transactions.

Secondly, powerful nations have a crucial requirement that their stockpiled back-doors are in the form of critical vulnerabilities that are "easily masked as implementation or human errors," as official German BND Crypto AG documents outlined, to provide them with plausible deniability if discovered (so-called "bug-doors"); in turn, making it often much easier for 3rd parties to exploit them. 

Lastly, such nations' security agencies have been, and are, unable to keep powerful information and hacking tools under proper lock and key, as shown by the Snowden, Vault 7, Shadow Brokers, and Hacking Team hack revelations.

So, therefore, the combination of these three factors, create collateral damage by which every secure computing device and secure app is hackable even by a large number of mid-level hackers - not because we are not technically capable of preventing it, or hackers are getting too skillful, but because we haven't yet found ways to transparently reconcile the need for individual privacy and the need for legitimate cyber-investigations.

The Good and the BAD of The Greatest Intelligence Operation of the Century

Arguably, the affair of Crypto AG and its "sister company" - with all its abuses, huge collateral damages, - likely overall "clearly contributed to making the world a little safer" as the former head of the German BND stated, or at least until the end of the Cold War. 

The "greatest intelligence operation of the century" - while including constraining the emergence of legitimate democratic socialist regimes around the World - also likely helped one overreaching superpower to prevail over a worse one. It even likely and helped to lead Swiss private banks in their critical quest to stay clear of a large majority of the most dangerous criminals, terrorism financiers, and despots. 

But then, starting with doubts in the 90s, and now with this extremely detailed and documented bombshell revelations, the "toy has broken," and those intelligence agencies can no longer rely on dangerous criminals or heads of state to trust IT systems, just because they are from self-declared neutral countries, with a track record of engineering excellence. 

Since the Cold War till Today

With the end of the Cold War, with the progressive emergence of the truth about Crypto AG after the 1992 Hans Buehler scandal, the rich and powerful started increasingly using a wide variety of ever-changing and more complex IT systems - which such agencies do not directly control, as they did Crypto AG and similar. Therefore it has become much more messy and complicated for CIA, BND, Swiss Intelligence, and other intelligence agencies to carry on their legitimate work in intercepting criminals and rogue nations.

In this Wild West, intelligence agencies have no other choice but to increase their investments and shrewdness in a race to far outcompete nations and resourced criminal syndicates as the greatest stockpilers of multiple critical vulnerabilities of exploits in ALL systems. This is achieved by trying to stay the first buyers, inserters, and stockpilers of fresh, new, and "plausibly deniable" critical vulnerabilities. 

Their legitimate hacking capability is less consistent and produces less reliable evidence and intelligence, due to the high probability of concurrent undetected hacking by multiple entities - and the fact that such systems are often designed to make forensic analysis harder rather than easier - so much so that evidence so acquired is structurally contested by highest civilian courts in Europe, such as in France, Italy and Germany.

The problem is even more significant because it is becoming ever more apparent that we cannot choose between freedom and public safety. That is because, in the process of maximizing their mission security agencies have not only eliminated the privacy of citizens and active citizens but even broken by design even the technologies, standards and certifications that are used by their own government for the most critical system to maintain a genuinely democratic regime - and therefore, in turn, public safety, favoring the fraudulent undemocratic emergence of autocratic regimes in western nations.   

Examples of that are the continued compromisation of by NSA of the US NIST standardization body, and the hacking of the US Office for Personnel Management, of western elected officials and heads of state like Angel Merkel, of the US Democratic National Committee, the terrible state of electronic electoral voting systems, and the 2016 and 2020 US Presidential elections as well as the utter vulnerability of mainstream social media networks, like Facebook, to large-scale hacking and illegal manipulations.

The Conference

The conference was opened by Nicolas Burer, Managing Director of Digital Switzerland opened the event and the broader context of new Swiss digital trust labels/certifications in Switzerland, highlighting the Swiss Digital Initiative and its initiatives for Swiss Digital Trust Labels. Launched last year by Digital Switzerland, the President and former President of the Swiss Federation, and endorsed by the largest Swiss enterprises and banks, some of the largest IT giants, including by Microsoft and by Huawei, has made its 1st project the creation of Swiss Digital Trust Labels, or certifications, to differentiate new higher Swiss standards.  

Then Rufo Guerreschi, Exec. Dir. of Trustless Computing Association and CEO of TRUSTLESS.AI, presented the initiative for a  Trustless Computing Certification Body, for a new Swiss-based international standards-setting and certification/labeling body which that aims to ensure radically-unprecedented levels of digital privacy and security for private human computing and financial transactions, while concurrently solidly ensuring offline in-person legitimate and constitutional lawful access. (video, deck). 

The conference then followed its unique format since the 1st Edition, structured around 4 Challenges of Free and Safe in Cyberspace, which were identified as a critical sequence of challenges whose solution would best turn IT into a great instrument of the global public good. During the Challenge A Panel, Roberto Gallo, CEO of Kryptus and President of the Brazilian Defense Industry Association, highlighted the technical challenges of certifications for high-assurance IT systems for critical domains. During Challenge B Panel, Paolo Lezzi, president of In the Cyber, new owner of the famed Hacking Team - allegedly maker of the malware used to hack Jeff Bezos - discussed the need and challenges of international security certifications for lawful targeted surveillance tools. Kai Schramm, VP of Security Architecture from Credit Suisse, discussed ways in which IT security and privacy can be turned from a major threat to a primary competitive advantage against direct competitors and other encroaching actors. Among the other speakers: Adrian Perrig, Monique Morrow, Dobszay Levente, Arie Malz, as well as Uwe Kissmann, Paul Foster, and Adolf Doerig.

Most of the organizations participating with speakers to the conference also confirmed participation in a closed-door pre-conference, held on the same day, reserved to entities actively interested in becoming founding members of such Swiss-based Trustless Computing Certification Body. 

The Trustless Computing Certification Body

The Trustless Computing Certification Body is an initiative a new Swiss-based international standards-setting and certification/labeling body that aims to ensure radically-unprecedented levels of digital privacy and security for private human computing and financial transactions, while concurrently solidly ensuring offline in-person legitimate and constitutional lawful access by a Swiss/EU local, national government, and through them, to legitimate requests by foreign law enforcement or intelligence agencies, like the CIA. 

TCCB achieves such goals through its unique Trustless Computing Paradigms, that ensure uncompromising zero-trust approach down to CPU design and fabrication oversight, and a transparent solution to the need for legitimate lawful access - as validated by such an ultra-resilient and independent international certification body, within Swiss and EU current legislation. 

TCCB includes a Seevik Room process, by which all sensitive data and code are stored in 3 hosting rooms in 3 different nations part of different military/intelligence alliances, one of which Switzerland. The validity of civilian court orders and absence of blatant unconstitutionality of other supposed legal authority or executive orders will be ensured by inherently requiring that physical access by anyone to such hosting rooms is conditional on the physical presence and approval of at least five randomly-selected citizen-jury-like body, in addition to system administrators and an expert legal counsel, as detailed in research documents since 2015.

The initial new compliant open-licensed patent-unencumbered target architecture, computing base, and ecosystem will be initially targeted to a wide user base of enterprises, private banks, high net worth individuals, politicians, journalists, and mission-critical NGOs - that will carry compliant ultra-thin devices in custom leather wallets and phone cases - the Seevik Pod can then be embedded in the back of smartphones and public touch-screen kiosks, to bring meaningful digital freedom to all citizens, and sovereignty to our societies.

Italy, Austria, and Germany have been actively interested or engaged for years and more recently by large private entities from Switzerland, the EU, the US, China, and South Korea. Among our R&D partners, since 2016, the Italian OCSI ISTICOM and their Austrian A-SIT and CIO participated as formal governance partners to EU funding proposals for the creation of such new international IT security standards-setting and certification body. Over the last months, we met with top management of the German BSI, the German entity setting the highest security standards for the German government. 

Turning CRYPTO AG FROM a great problem into a great opportunity FOR SWITZERLAND, and ITS private banking and IT security sectors

Switzerland could take on the opportunity to lead a few other leading nations and private entities to turn the embarrassing Crypto AG revelations from a blunder for its reputation of neutrality and its IT security sector into an opportunity to re-establish and re-launched those by decisively leading the creation of novel socio-technical mechanisms and international organizations uncompromisingly trustless and transparent ways to reconcile (A) the need to establish a lead in secure IT for individuals, private banks and public agencies in Switzerland and worldwide, and (B) the need to prevent and prosecute grave crimes, and for a responsible and balanced Swiss geopolitical posture.  

Switzerland has a unique opportunity to be one of a few nations to become founding partners of the TCCB, with a symbolic yearly monetary contribution and participation with some decision making power in the TCCB governance. Ultimately the trustworthiness of TCCB and its resilience to state pressures relies on the quality of its governance. 

Swiss private banks have successfully secured their server-side digital infrastructure with technology and processes that are often beyond military-grade. Meanwhile, their client-side solutions have had to rely on the abysmal security of commercial browsers and, more recently of mobile phones.  

After the end of Swiss banking secrecy, and the recent multi-billion dollar fines of leading Swiss private banks for allegedly helping foreign citizens evade taxes, the Swiss ecosystem could and should seriously consider that – leveraging their unique expertise in communications security and privacy laws – Switzerland's main business model of "providing UHNWIs and firms unique confidentiality against other nations' tax authorities" could be complemented and partly replaced by "providing UHNWIs and firms unique confidentiality and security against competitors, hackers, and illegitimately snooping governments."

Current secure client-side solutions used within banks and between banks and their clients mostly create high friction and inconvenience, while levels of security and privacy that far from what client demands. Such levels are also substantially lower than solutions provided by encroaching IT giants that leverage their exclusive access to secure technologies embedded in user devices to increasingly offer digital trust and financial services, and even less than leading open-source "secure messaging apps." Even the "call back" process, ultimate safeguards against financial fraud, is very much in danger as a battle between voice cloning and voice print authentication technologies is being waged, with uncertain outcomes. Even the secure client-side solutions currently used today for the most critical use case scenarios comprise of a mix of mobile applications, hardware authentication devices, and big data analysis that ultimately rely on the trustworthiness of hardware, software, and manufacturing processes that are terribly insecure and beyond their control, or possibly subject to foreign government compromisation as shown by revelations about the "sister company" of Crypto AG, or mounting doubts about Omnisec. At this point, some level of ownership or steady control by CIA, and possibly other NATO member intelligence agency, should be assumed for all Swiss (and non-Swiss) companies.

It is, therefore, no surprise that the two largest Swiss private banking associations - Association of Swiss Asset and Wealth Management Bank (VAV-APG) and the Association of Swiss Private Banks (ABPS) - have made their main goal during their 2019 last annual meeting to turn cybersecurity in a competitive locational advantage. 

Provided Switzerland acts timely and decisively based on what is already known and widely presumed about Crypto AG, similar Swiss companies and Swiss government oversight - Switzerland has still the most to offer and most to benefit by being the host location for a truly independent international certification organization for IT security that can be trusted not to be unduly pressured by powerful governments, including the Swiss one, and the US one through the Swiss one. In contrast to the US, China, Russia, and Israel, and nearly all other nations, Switzerland does not have very strict export control laws, overly extensive executive powers, nor laws that prescribe or are strongly conducive to producing surreptitious access for law enforcement. 

Switzerland maintains a historical leadership for the most secure IT systems for human communications and financial transactions - with engineers and architects produced over decades by entities like Crypto AG, Kudelski, Infoguard, Securosys, and ETH, and more recently by leading startups in the areas of biometrics, quantum cryptography and blockchain - like ProtonMail, Threema, IDquantique, Dfinity - are a unique asset, even though, after Crypto AG, there will need to be deep continuous background checks, executed by an international body, on the likelihood that key staff of Swiss companies may be bought, blackmailed, or hired by state and non-state entities with undeclared conflicting interests.

The Roadmap ahead and Momentum

The Trustless Computing Certification Body initiative is a private initiative adopted on a voluntary basis by IT providers seeking such certifications, which is downward-compatible to the highest level of EU and Swiss state-mandated private-market IT security certifications for human communications and transactions, such as SwissID LoT3 or eIDAS Qualified. So, therefore, it does not necessitate any formal governmental uptake. 

Nevertheless, together with our prospective Swiss partners, we agreed on the need to multiple engage multiple ministries of the Swiss Federal Government, in addition to the Swiss Digital Initiative - in addition to several EU nations - to ensure that there is a full understanding to how such initiative is a win-win opportunity for Switzerland reputation, economy, public safety, and digital sovereignty, while overall increasing the ability of foreign law enforcement security agencies and international entities like Interpol to pursue their most legitimate and pressing cyber-investigations needs.

Meanwhile, we have widened our engagement over the last six months with multiple Group Head-level and Group C-level executives of 3 of the top 5 Swiss private banks, and with 2 of the top 4 global smartphone makers, for their interest to join as founding members of the TCCB, and being the first to offer TCCB-compliant mobile computing devices. Our startup spin-off TRUSTLESS.AI - which is raising funds for such TCCB-compliant systems and for TCCB, and whose governance will be totally segregated from the governance of TCCB - was nominated as 1 of only five finalists for Early Stage category of the 2020 Swiss Fintech Awards, which is the most prestigious of its kind in Switzerland, supported by leading Swiss private banks and with its senior executives in its juries.

Long Term Vision

In the longer-term, the TCCB could well be the basis for Switzerland to lead new open transnational initiatives to build high-visibility high-impact multilateral treaties and governance capabilities in critical digital sectors, both outside and within the United Nations processes, such as the UN High-level Panel on Digital Cooperation.

Last but not least, the creation in Switzerland of such new certification body and complaint ecosystems, would be instrumental to very large opportunities of economic locational economic advantage for its banking sector and many emerging tech sectors where unprecedented IT security will be a key competitive advantage (sensitive AI, IoT, human computing, etc.) as detailed in our plans for a Trustless Computing Cluster and Campus of Eastern Switzerland, which leverage a Trustless Dual-Use Initiative for joint military and civilian capability building.

Joins us this Wednesday, January 29th for the 7th Free and Safe in Cyberspace Conference and Pre-Conference, where cybersecurity experts, leading banks, researcher and industry association will discuss and present new IT security paradigms and certifications that can ensure radically unprecedented levels of security for human digital communications, in a time when even the richest person in the World, Jeff Bezos, cannot protect his digital private life.

As we were reminded in recent weeks - even the richest and the most powerful individuals in the World - can't buy a device to communicate with their closest associates which is not hackable even by mid-level hackers accessing state-grade tools on the Dark Web.

How is it possible?

Is it really such a technological challenge? Or is it instead of that every tech and standard is broken by design by nations seeking to prevent grave crimes? Anything we can do about it?

Apps can't cut it. Even the most secure messaging apps are wildly insufficient since an app is only as secure as the device it runs on. While most experts agree with the Israeli company that hacked the "San Bernardino iPhone" that certain iPhone models are "hands down" the best device for privacy, for a generic user, it is regularly hacked even by teenage hackers or by researchers.

Ok, then why don't Trump and Bezos the World's 200,000 ultra-high-net-worth individuals, with $27 trillion in combined assets, buy "military-grade" secure phones and devices which have been sold for decades by leading Swiss, US and Israel "cryptophone" makers?

Very few do. The market for such devices is a relatively minuscule $4 billion. Few find reasons to trust such devices and, therefore, not worthed the inconvenience to carry a second device. Few trust them to do a better job than Apple that - although it has to manage huge system complexity - has a greater budget, control of the supply chain, and reputation capital at stake. Plus, lack of transparency and adequate certification bodies do not even allow a comparison among them.

But ultimately these technical problems could be solved if they were not "by design". In fact, few trust those devices not to share regularly hidden vulnerabilities with certain nations, to enable them to fulfill their crucial mission to prevent terrorist attacks and other grave crimes.

So, therefore, every human computing device is hackable even by mid-level hackers - not because we are not technically capable enough - but because we have yet not found ways to transparently reconcile the need for individual privacy and the need for legitimate cyber-investigations.

The problem is even bigger because it is becoming ever more clear that we cannot really choose between freedom and safety. Recent US presidential elections and Facebook manipulations show how both are needed to safeguard civil freedoms, democracy and peace; and to avoid snooping nations to break their own most critical ITs.

In there anything we can do about it?

What if digital freedom and public safety were not a choice of “either-or” choice, a zero-sum game, but instead a solvable “both or neither” challenge? A challenge that is solvable primarily through time-proven trustless technologies and oversight mechanisms, and ultra-resilient and citizen-accountable standard-setting and certification governance models?

Led by the Trustless Computing Association, a few leading nations, enterprises, financial institutions and NGOs have been leading consortium initiatives and a global event series, to build new IT security paradigms, ecosystem and certification body that aim to reliably certify that a given IT system provides radically unprecedented, ultra-high and constitutionally-meaningful levels of trustworthiness while, concurrently, ensuring legitimate offline lawful access.

After 6 editions - twice in Brussels, once in New York, in Iguaçu and in Berlin, and Geneva the 7th edition of Free and Safe in Cyberspace will be held Wednesday, January 29th, 2020 in Zurich Switzerland, organized by the Trustless Computing Association and its spin-off startup TRUSTLESS.AI, recently nominated to the 2020 Swiss Fintech Awards, which is building initial portable devices complaint to such new standards for private banks and wealthy individuals.

On January 14th 2020, we were invited to pitch by EPFL and Deloitte to a special event Enabling Trust in Cyberspace at the presence of the Head of Cyber Campus of the Swiss Army.

The event was hosted at the new Trust Square conference room, where we’ll hold next Jan 29th our own 7th Free and Safe in Cyberspace.

Click below for our CEO full 5-minute pitch:

On January 29th in Zurich, we will hold our 7th Free and Safe in Cyberspace Conference to further advance and widen the support for our initiative to build a new standard setting and certification body for human communications and transactions, the Trustless Computing Certification Body, that achieves radically unprecedented levels of trustworthiness.

The Conference series has been conceived and organized by the Trustless Computing Association, from which our startup we spun off in 2017.

As for all previous editions of the series, we’ll debate the following question and challenges:

Are personal freedom and public safety in Cyberspace really "zero-sum game", an "either-or" choice? Are they not instead a "both or neither" challenge, solvable by applying uncompromising zero-trust approaches, as in democratic systems and other critical industries?

Can this enable leading private banks, mobile IT players or nation-states to turn cybersecurity from a threat to decisive competitive advantage?

The creation of a Trustless Computing Certification Body is central to the value propositions of our Seevik Pod and Seevik Phone Service, since 100% of their will derive from being the 1st IT service assessed as compliant to such new standards.

Last week - after a cybersecurity startup event in Zurich and then one Bern, we were invited to present TRUSTLESS.AI and the Trustless Computing Association to Digital Sovereignty: how sovereign could Switzerland be? event in Zurich, participated by the new Swiss Federal Cybersecurity Delegate, Florian Schütz, top Israeli cybersecurity official, Rami Efrati, and leaders of the Swiss cybersecurity research and investment community.

Thomas Duebendorfer, president of SICTIC and prominent cybersecurity startup investor, presented (pdf) the past and present excellence of Switzerland companies advancing Swiss digital sovereignty. We were honored to be profiled on par with Swiss historical leaders, such as Crypto AG and ID Quantique.

Find here below, our speech about how our Trustless Computing Certification Body and TCCB-compliant Seevik Pod Service will enable top Swiss private banks to position themselves and global leaders in client-side cybersecurity, while helping Switzerland increase its digital sovereignty and promote economic development:

———————-

Digital Sovereignty, Switzerland and Trustless Computing

Sovereignty is a measure of the freedom and civil rights of citizens. Digital Sovereignty is that same measure, in Cyberspace and through Cyberspace.

Jean-Jacques Rousseau explained 250 years ago how and why a social contract is necessary to maximize personal freedom. He explained how the maximization of personal freedom, and that of democratic effectiveness and public safety of our democracies, are not a “trade off” or a “zero sum” game, but a joint maximization problem. We all know today that you cannot have one, without the other.

Yet, since the Internet revolution, most people have been (willfully) deluded to think that those evident truths do not apply Cyberspace because of a wild overestimation of the power cryptography alone to solve IT security problems. This has lead to a great loss and risk of digital sovereignty as well as personal.

On the one hand, most western security agencies and center-right parties have taken a cyber-securitarian approach, believing that citizens should sacrifice personal freedom in order to maximize public safety, in an inevitable zero sum game. Yet, we learned recently how such sacrifice has greatly damaged the functioning of our democracies, and in turn public safety, rendering them vulnerable to powerful unaccountable hacking entities.

On the other hand, most civil rights activists and center-left parties have taken a cyber-libertarians approach, believing that citizens can rely on new cryptographic protocols and open source software to self-provide meaningful freedoms without building or relying on existing or new trusted third parties.
Such idea is not only technically flawed - because the complexity of supply chains make it impossible to self-provide meaningful digital freedoms without relying on a trusted third party - but it would have tremendous public safety consequences if it was possible, with extremely dangerous abuse by criminals.

So far, therefore, most people have believed personal freedom and public safety in Cyberspace to be an “either or” choice. We believe instead that it is a “both or neither” challenge, that can and must be solved.

Switzerland is rich enough to be able to allocate a tens large funds to radically increase its sovereignty at least for the most critical societal use cases of citizens, governments and private banks, reaping huge economic benefits. 

It could do so by applying an uncompromising zero trust approach to ALL critical technologies and processes in the entire supply chain and lifecycle - down to CPU design, fabrication oversight, and ultimately to certifications, whose governance makes them radically more trustworthy than current ones. 

But then, most powerful nations have been breaking all techs and certifications (in a plausibly-deniable way) for very concrete and solid reasons to preserve public safety, to retain legitimate cyber-investigation capabilities.

So, therefore, a radical increase in security and privacy needs also to somehow ensure that legitimate cyber-investigation is not significantly diminished.

At TRUSTLESS.AI and Trustless Computing Association, we are building a new Trustless Computing Certification Body that reconciles the need for radically more secure IT and legitimate lawful access - and a compliant IT service and standalone 2mm-thin personal computing device. it is carried in a custom wallet, and will eventually be embedded into the back of 5mm-thin custom phones, building a private digital sphere seamlessly for all citizens.

Read here about our vision of how an uncompromising pursuit of digital sovereignty can become a great economic development opportunity for Switzerland.

Join our 7th Free and Safe in Cyberspace conference and pre-conference, next January 29th 2020 in Zurich, to learn more and join us as partner in this mission.

One month after our 6th Free and Safe in Cyberspace conference in Geneva, the annual Private Banking Day 2019 was held last week in Lucerne - organized by the Association of Swiss Asset and Wealth Management Banks and the Association of Swiss Private Banks - to reach the same conclusion: IT security and privacy constitute the key opportunity for Swiss private banks to build competitive and locational advantage.

The Private Banking Day 2019 clearly highlighted such conclusions in their official press release, "Efficiently combating cyber threats a key locational factor", and the closing remarks of the President, "How can we protect confidentiality in the digital world?".

The 6th Free and Safe in Cyberspace - held in Geneva, after Brussels, New York, Iguazu and Berlin - was organized by our Geneva-based Trustless Computing Association and its spin-off startup TRUSTLESS.AI, and participated by top IT security experts, public institutions and leading family offices and private banks and family offices, such as SYZ Group, PeakView and Point5 which in the evening of day 1 discussed concrete ways to take advantage of such great opportunity.

This new awareness by the main Swiss private banking associations confirms the timeliness and vision of our initiative to gather a few leading Swiss private banks to become their top clients' digital trust providers through the creation of new ultra-secure human computing devices, Seevik Pod , and a new related Trustless Computing Certification Body, to independently certify radically unprecedented levels of confidentiality of communications and integrity of transactions, while at once preventing criminal abuse.

On May 9th 2019, we pitched at Fusion Demo Day in Nyon, as a main milestone of our year-long acceleration program at Fusion in Geneva. We pitched with 8 other fintech startups, selected among 400 for the Fintech Fusion acceleration program. Over 100 attendees.

Since being accepted last September, we quickly found in Fusion and Geneva our new home, and decided to move here a few weeks later. We found great interest from local private banks, and fantastic support from the Fusion team. Some pitctures and a (draft) low-volume video of our pitch.

Geneva, March 28th 2019. 

After editions in Brussels, Iguazu, New York and Berlin, leading European and Swiss IT security and banking experts will convene this time in Geneva for the 6th Edition of the Free and Safe in Cyberspace on April 9th-10th 2019: www.free-and-safe.org

Panelists and keynoters include leading experts, academics and private banks – including from EPFL, ETH Zurich, Oxford University FHI,United Nations ITU, Thales Group SICPA, Symphony, SYZ Group,Peakview, WAAM Wealth Management, Polytech Ventures, and more. Organized by the Trustless Computing Association and its spinoff TRUSTLESS.AI-Sarl. Hosted at their new home at the Fintech Fusion accelerator in Geneva.

As in previous edition, we’ll discuss what new IT security paradigms, technologies and international non-governmental certifications can be expected to enable human communications and financial transactions that are radically more secure than state-of-the-art. We’ll tackle 4 key challenges and how their solution by pioneering public and private organizations could create huge public good and economic opportunities.

After the repeal of bank secrecy laws and huge fines levied on Swiss banks from US and EU authorities, can an offering of unique digital security and confidentiality from hackers, competitors and adversary become the new dominant competitive advantage of Swiss private banks?

Cybercrime cost will reach $6 trillion by 2021. Most of it unnoticed or unreported. Wealthy persons and banks are the primary victims, simply because that’s where the money is. In fact, extortion schemes, financial frauds, and trade secret theftamount to a much higher cost than consumer data breaches that make headlines every other day, and are mostly forgotten by users and markets the next one.

No matter how much they’re willing to pay, even the richest and most powerful persons like Trump and Bezos, still cannot expect their communications with close associates to stay private from even mid-level attackers. The phone “call back”, the mainstay and last line ofdefense of banks against financial transaction fraud, is greatly threatened by fast-emerging voice cloning technologies.

Sure, IT devices and supply-chains are ever more complex, to deliver rich experiences, and more obscure, to protect intellectual property. Meanwhile hackers are getting ever more resourceful. But is it really a technological issue?

Are we really not good enough? The latent demand after all is enormous. Or is instead that all is broken, by design at birth, ultimately to satisfy legitimate needs of law enforcement? If so, do we have to choose? Can we even choose? Is personal freedom and public safety really an “either or” choice, or is it instead a solvable “both or neither” challenge? Can both possibly be solved largely through the same uncompromising zero-trust time-proven technologies and international certification governance models?

Can such ultra-secure IT – and related certification governance models – contribute to radically increase the security, privacy or safety of complex and critical IT systems, such as 5G Networks, self-driving cars, robo-advisors, social media platforms and future all powerful AIs?

For Logistics:
info@trustlesscomputing.org

For media, speakers and spoorships:
Rufo Guerreschi, Exec. Dir. Trustless Computing Associationrufo@trustlesscomputing.org — mobile +41799137280

Last March 6th, Zuckerberg described in a long blog post a new fresh course for Facebook, our troubled “social digital master”, to provide its 2 billion users with unprecedented privacy of personal communications.

A “digital equivalent of the living room”, in his own words, to be delivered by merging its Messenger, WhatsApp and Instagram messaging apps and strengthening their security. His promise echos similar unfulfilled promises by Steve Jobs in 1984, to save us from an Orwellian future, and Richard Stallman in 1983, when he launched the Free and Open Source Software Movement. Same promise of mobile apps like Signal and Telegram.

But can even a perfectly secure app enable the meaningful and responsible exercise of our constitutional rights to privacy, freedom of speech, freedom of assembly in cyberspace?

Such promises are completely impossible because an app can never be more secure than the device it runs on, while even the most secure mobile phones, such as an iPhone or a Samsung Knox, is regularly hacked and hackable even by researchers or teenage hackers, as we learn repeatedly on a monthly basis.

Nearly all commentators, except for rare comments by digital rights organizations, have failed to recognise Zuckerberg plan is impossible. The New York Times for example thinks his business model is missing, while the EFF, the World leading digital rights organization, thinks it could all work with a third-party audit entity.

But truth is that even if their apps were perfectly secure - which is likely impossible - they would be extremely far from delivering on their promise. In fact, the security an app can not be is limited to the security of the device it runs on. And that security is “utterly weak” as Snowden noted. Even the most secure portable device out there, the iPhone, is regularly hacked by even mid-level hackers. (And also compromisable at scale at low marginal cost via public and private programs AI-powered descendants of NSA FoxAcid, NSA Turbine and Hacking Team RCS).

A Sea of Lies

Though impossible to realize, Zuckerberg promise may well be able to sell this plan to a majority of people because of the astounding amount of deceptions and misconceptions surrounding the issue.

At root there is a wide natural uncoordinated alignment of interests of several actors that produces a wild overstatement of the privacy provided by secure apps and secure devices, even on the face of a continuous barrage of revelations of government programs and systems vulnerabilities. These actors includes security agencies, happy to induce mid-level criminals to abuse such IT so that they can intercept them, secure messaging IT providers, happy to overstate the security of their wares, and cybersecurity journalists, often parroting the above, and looking for news even where there is none.

Is a Digital Private Sphere Impossible?

At first, Facebook replaced public streets, squares and shopping malls, and the smaller fragmented online spaces of the first year of the Internet, with a single de-facto digital public sphere, a gigantic digital shopping mall with 24hrs surveillance cameras at every corner. More recently, it bought its way into domination of personal and social messaging by buying off Whatsapp and Instagram, and implementing strong encryption technologies.

Facebook now claims to be setting out to create the “digital equivalent of the living room”, a digital transposition of what was the constitutionally guaranteed private sphere. They claim it will not only be secure, but secure even against hackers and governments, while also mitigating criminal abuse, and simply by integrating, enriching and further securing its Whatsapp, Instagram and Messenger messaging apps.

But that is impossible, as we discussed about. If after we learned that even Bezos and Trump can’t access a way to privately communicate with their personal associates, Facebook can still credibly claim to become the new privacy champion just by making their messaging apps more secure, it means that the level of deception on digital privacy is way beyond guard-level.

At TRUSTLESS.AI and our Trustless Computing Association, we are building nothing less than that very “digital equivalent of the living room” or a “digital private sphere” that Zuckerberg promised but will never be able deliver, even if he wanted to.

In order to build the “digital equivalent of the living room” you need a new device that will seamlessly integrate with the “digital public sphere”, but is nevertheless separated by a physical wall, just like in the physical World we expect our living room to be separated by a wall from public urban spaces.

We are building a sort new parallel human computing universe around a 2mm-thin device that seamlessly brings radically-unprecedented privacy and security to our private digital life and e-banking, by eliminating the need to rely on unverified trust in anything or anyone.

Initially for private banks and their ultra-high net-worth and corporate clients - that will carry it in custom wallets and phone cases - our Seevik Pod will then embedded in the back of a 5mm-thin top-brand flagship Android smartphone, to bring digital freedom to millions.

We achieve such levels of security via an uncompromising zero-trust approach down to CPU design and fabrication oversight - and a transparent solution to the need for legitimate in-person lawful access - as validated by a new ultra-resilient independent Trustless Computing Certification Body, promoted by our non-profit arm.

It will come in the form of a Seevik Pod a new standalone 2mm-thin touch-screen device, that will become the default backscreen of tens of millions of Android phones, complementing our digital public sphere with a vibrant and secure private sphere.

We are honored and excited to welcome Gerhard Knecht as an advisor of TRUSTLESS.AI. Gerhard is an IT security expert and executive, who recently retired after over 30 years of experience in globally leading IT firms.

For 12 years he was the Chief Information Officer and Global Head of Information Security Services for UNYSIS Services, an household name among IT consultancy and service providers, with 20.000 staff globally and $3bn yearly revenue. Gerhard also has an illustrious career in Internal Audit and Corporate Governance, as Global Head of IT Audit at UNISYS.

Gerhard was the driver of UNISYS positioning as a provider of IT security solutions and services around novel risk management and centered on their "Zero Trust" approach. Unisys promotes the use of identity-driven micro-segmentation to isolate critical data; to enable CIOs to identify, validate and secure trusted users, devices and data flows - following the approach “never trust, always verify”.

Such concept is very similar in approach to our Trustless Computing Paradigms of the Trustless Computing Association, our non-profit arm.

We look forward to work with Gerhard to bring security-by-design principles to their ultimate realization by removing the need of assumption of unverified trust, all the way down to CPU design, fabrication oversight and even standard setting governance.

As we were reminded in recent weeks - even the richest and the most powerful individuals in the World - can't buy a device to communicate with their closest associates which is not hackable even by mid-level hackers accessing state-grade tools on the Dark Web.

How is it possible? Is it really such technological challenge? Anything we can do about it?

Apps can't cut it. Even the most secure messaging apps are wildly insufficient, since an app is only as secure as the device it runs on.

While most experts agree agree with the Israeli company that hacked the "San Bernardino iPhone" it is "hands down" the best device for privacy, it is regularly hacked even by teenage hackers or by researchers.

Ok, then why don't Trump and Bezos the World's 200,000 ultra-high net-worth individuals, with $27 trillions in combined assets, buy "military-grade" secure phones and devices which have been sold for decades by the likes of GSMK Cryptophone, Kudelski Security, Crypto AG, ectetera?

Very few do. The market for such devices is a relatively miniscule $4 billions. Few find reasons to trust such devices and, therefore, not worthed the inconvenience to carry a second device. Few trust them to do a better job than Apple that - although it has to manage huge system complexity - has greater budget, control of the supply chain, and reputation capital at stake. Plus, lack of transparency and adequate certification bodies do not even allow a comparisons among them.

But ultimately these technical problems could be solved, if they were not "by design". In fact, few trust those devices not to share regularly hidden vulnerabilities with certain nations, to enable them to fulfill their crucial mission to prevent terrorist attacks and other grave crimes.

So, therefore, every human computing device is hackable even by mid-level hackers - not because we are not technically capable enough - but because we have yet not found ways to transparently reconcile the need individual privacy and the need for legitimate cyber-investigations.

The problem is even bigger because it is becoming ever more clear that we cannot really choose between freedom and safety.

Recent US presidential elections and Facebook manipulations show how both are needed to safeguard civil freedoms, democracy and peace; and to avoid snooping nations to break their own most critical ITs.

In there anything we can do about it?

Led by the Trustless Computing Association, a few leading nations, enterprises, financial institutions and NGOs have been leading consortium initiatives and a global event series, to build new IT security paradigms, ecosystem and certification body that aim to reliably certify that a given IT system provides radically unprecedented, ultra-high and constitutionally-meaningful levels of trustworthiness while, concurrently, ensuring legitimate offline lawful access.

After 5 editions - twice in Brussels, once in New York, in Iguaçu and in Berlin, the 6th edition of such event series - Free and Safe in Cyberspace - will be held next April 9-10th in Geneva, Switzerland, in partnership with the UN World Summit on the Information Society and Fusionstartup accelerator - new home to the association and its spin-off startup TRUSTLESS.AI since October 2018.

What if digital freedom and public safety were not a choice of “either or” choice, a zero-sum game, but instead a solvable “both or neither” challenge? A challenge that is solvable primarily through time-proven trustless technologies and oversight mechanisms, and ultra-resilient and citizen-accountable standard setting and certification governance models?

After editions twice in Brussels - and once in New York, Iguazu and Berlin - we will hold the 6th Edition of the Free and Safe in Cyberspace event series in Geneva, next April 9-10th 2019. 

As for previous editions, prestigious speakers and partners will discuss how a few leading financial institutions, enterprises and NGOs can turn cybersecurity from a huge threat into a competitive advantage for them - and then digital freedom for all citizens - by spearheading a new-generation of "zero trust" IT security paradigms, certification body and IT services, that can radically exceed state-of-the-art.

We'll host day workshops at the 2019 UN World Summit on the Information Society and evening receptions at the Fintech Fusion startup accelerator in Geneva, new home since October to our startup and our non-profit arm Trustless Computing Association, building the new certifications body for which we are building a first compliant open computing base and IT device.

Join us in Geneva or Join our Movement!

We are always on the look out for value-added partners for the association; sponsor or keynote sponsors or guest for the event series. We are also open to more banks and enterprises as go-to-market partners, great talents and value-added investors for our startup spin-off TRUSTLESS.AI, as we finalize our prototype in the next weeks and expand our traction in Geneva, and beyond.