Trustless Computing Association

View Original

Hacking Team e prospettive di leadership Italiana/EU nell’IT high-assurance dual-use

Roma, July 10th 2015. Segue una lettera aperta inviata al DIS e Ministero della Difesa Italiano stamani.

(only in Italian for the moment)

TITOLOHacking Team e prospettive di leadership Italiana/EU nell’IT high-assurance dual-use

Spettabile DIS e Ministero della Difesa,

Egregi Dott. Ciocca, Ammiraglio. Di Biase, Dott. Scialla,

(in CC, Dott. Quintarelli, Prof. Baldoni, Dott. Iorio, Dott Cappelletti, a vario titolo interessati)

Vi scrivo in riferimento alle rivelazioni su Hacking Team, e la loro puntuale attinenza rispetto alle nostre recenti proposte al DIS, al Ministero della Difesa e all’AGID, per proporre un incontro.

La grave compromissione di Hacking Team, leader mondiale di state-grade targeted lawful access systems, ha: (1) reso globalmente disponibili larga parte di tali capacità; (2) esposto l’esistenza di backdoor accessibile da tale aziende e presumibilmente a (stati) terzi, (3) esposto suoi clienti, inclusi i servizi di intelligence italiani, a violazioni in larga scala delle loro informazioni critiche, possibilmente per la durata di anni.

In vista di quanto successo con Hacking Team, è stato reso evidente quanto presupposto da anni da noi ed altri esperti, ovvero la impellente necessità di standard di high-assurance IT security radicalmente più sicuri sia una necessità non solo di cyber defense (per cittadini, industria e istituzioni pubbliche), ma anche per standard e soluzioni di lawful cyber offense e lawful access, per proteggere i cittadini e la missione delle stesse istituzioni di sicurezza dello stato.

E’ emerso (finalmente) come evidente che gli standard per sistemi e processi di lawful access (come definiti a livello internazionale da ETSI e NIST, e liberamente implementati dagli stati) sono talmente inadeguati da mettere a grave rischio non solo i cittadini, ma sovvertire la stessa mission delle istituzioni di pubblica sicurezza. Tali problematiche di radicale insicurezza, e specie di insicurezze volontariamente introdotte (backdoor), risalgono tra l’origine storica negli anni 80-90 di sistemi di lawful access systems basati su accesso agli end-point. Inoltre, la vicinanza di tali aziende, inclusa Hacking Team, a grandi potenze alleate – attraverso commesse e investimento di loro “ex” ufficiali –  rende presumibile che tali insicurezze radicali, vadano ad accrescere il loro ruolo egemonico di tali agenzia esercitato dalle documentate dinamiche di “network effects” insite nel rapporto fra intelligence services, con grande danno per le relazioni fra alleati, sovranità dello stato e capacità di mantenere segreti industriali.

Rinnoviamo quindi le nostre proposte già presentate che riteniamo possano costituire l’elemento centrale di risoluzione di tali problematiche nel medio termine:

1. Al Dott. Minniti (Direttore CISR) e Dott .Massolo (direttore DIS), di partecipazione come speaker ad evento a Brussels a Settembre, Free and Safe in CyberSpace, su nuovi standards internazionali radicalmente più sicuri per tali tecnologie, sia di lawful intercept che per communication cyber defense. Ne parleremo inoltre all’evento a Brussels, con Bruce SchneierBart PreneelEuropean Defense AgencyEU Directorate of Justice, etc.. ed altri in attesa di conferma. L’abstract preliminare dell’intervento dell’EDA, Head of Information Assurance, è: “Prospects of transparently reconciling lawful access and personal confidentiality to sustain a critical mass of EU dual-use investments for a comprehensive EU-domestic “trustworthy computing base”, for the defense of EU citizens and assets, and  for a future architecture of mission-configurable services in a secure cloud”

Estendiamo tale proposta a successivi eventi previsti dalla nostra iniziativa Trustless Computing Workgroup.

2. Al Ministero della Difesa Italiano, di partecipare a progetto internazionale di R&D da 8-15M€ per una piattaforma, ecosistema e standard per una piattaforma di computing dual-use di massimo livello di sicurezza, idonea per uso negli ambiti più critici di difesa e offesa (investigation e espionage) di information and strategic communication. Forniamo link alle slides (PDF) e la Bozza di Proposta (PDF) per un EDA Studies in vista di progetto R/&D con fondi EDA Cat B/ECSEL, che presentammo a 22 MoDs all’EDA a Brussels, al Dr. Francesco Scialla (MoD a Brussels), a Dr. Paolo Ciocca (Vice-Dir. DIS), e via email all’ Amm. Di Biase, Capo Reparto VI STD, che dobbiamo incontrare nelle prossime settimane.

Vi invitiamo vivamente a visionare pagine 11-13 di tale bozza di proposta, già anticipata lo scorso mese, che riporto qui di seguito. In esse si descrive come il progetto UVST, non solo apporterebbe necessarie capabilities di capafilities di difesa delle comunicazioni interne delle forze di sicurezza, ma provvederebbe le basi tecnologiche e di standard per futuri sistemi di lawful intercept e cyber offense, che risolvano le radicali inadeguatezza di sistemi come Hacking Team e dei relativi standard, creati da NIST e ETSI.

Ecco l’estratto di pagina 11-13:

1.5.1. Increasing the trustworthiness of existing state security societal and internal Lawful Access Systems and processes   National and EU-wide Lawful interception systems are mandated by law in all EU countries for decades. On reception of a legal due process authorization, communication service providers (CSP), diversely defined in each country, must enable the interception of a user, mostly without his knowledge. But even those following EU standards such as ETSI, do not provide nearly sufficient assurance that they are resistant to remote technical or organizational compromise – at very-low cost and discoverability risk per user – by staff members of the communication service provider (CSP), or external criminal actors, including rogue state employees or state agencies.   Such organizational and technical vulnerabilities – widely known – have caused many known large scale and continuous abuses, and there is wide consensus and evidence that abuse, especially remote, by many actors can be possible undetectably, and likely to happen widely.   There are also cases in the US in which communication service providers (CSP) have been mandated by Presidential decree to disregard regular procedure and provide bulk access to public security without due legal process, as well as with authorities based on secret laws, of dubious constitutionality, or abuse of national security letters. Those breached have than received more or less formally sanctioned impunity.    Such abuses and huge vulnerabilities have decreased the trust of citizens in LEAs and the government ability to manage lawful interception without gravely damaging the rights of citizens. New EU court rulings have determined data retention laws illegal, and there is a very wide resistance to calls to extend lawful intercept requirements beyond providers of telephone service, to include also providers of email, Internet services or computing devices.   These abuses are all possible because of the technical and organizational vulnerabilities of the socio-technical solutions involved. Even abuses involving unconstitutional or illegal actions by state employees or agencies could be prevented if there were adequate socio-technical systems and standards in place. As Obama suggested, in one of the his few passage and praised by the Electronic Frontier Foundation, in referring to possible new improved Lawful Interception solutions that prevent abuse even by state security agencies:“Technology itself may provide us some additional safeguards. So for example, if people don’t have confidence that the law, the checks and balances of the court and Congress, are sufficient to give us confidence that government’s not snooping, well, maybe we can embed technologies in there that prevent the snooping regardless of what government wants to do. I mean, there may be some technological fixes that provide another layer of assurance.”.   UVST can be used to radically improve the citizen-trustworthiness of current and existing lawful interception by ensuring all technologies critically involved are truly citizen-trustworthy, and by ensuring that organizational processes are not abused, even by state agencies illegal actions. UVST in fact uniquely relies on onsite citizen-witness based processes for all critical phases of the lifecycle, including physical access to server rooms hosting any privacy-sensitive user data. Such citizen-witnesses would complement procedures whereby access to user data requires multiple state agencies to be physically present and approving (such as official of the national Data Protection Authority, and Ministry of Justice), to avoid abuse by one of such agencies.1.5.2. Increasing the trustworthiness of existing state security data mining systems. Many EU states, legally, filter internet traffic in order to spot keywords combinations that could be a sign of criminal activity. As for Germany, “Every year the parliamentary control committee issues a brief, general report on surveillance activities.  The report for the year 2010 received a lot of attention in the media because it stated that automatic searches with more than 15,000 keywords identified over 37 million telecommunications, mostly Emails, for further examination.”.    Regardless of the opinion if such processes should or should not be legally mandated, everyone will agree that it is crucial that such systems are not abused through unauthorized manual access or unknown vulnerabilities – through technical or organizational vulnerabilities – to enable state security agency to target individual that do not strictly fit the legally sanctioned keyword parameters. We are inspired by the processes proposed and tested by NSA top engineers and whistleblower Bill Binney with ThinThread, before it was turned into the PRISM system, which would ensure that flagging for suspicious traffic would be done by agreed upon parameters rather than at whim.Deployment of UVST could be applied (or even mandated by law) to provide fully–automated keyword search of leads to possible criminal activity, and that there is no manual interference or abuse. It would provide the user-verifiability of the fact that communications identified for manual “further examination” are created exclusively through democratically-approved and transparent parameters, rather than changing discretional factors or manual choice. It would produce a win-win situation in which suspicious communication patterns can be identified, while completely preserving the privacy of innocent citizens which are not under reasonable suspicions. Some of such search may happen through homomorphic cryptography. “Encrypted Search” may be deployed which allows for arbitrary queries on a encrypted data set so that after “discovering” that something matches a certain criteria set, state agencies could request access to the very specific data.   Such functionality would allow for the full capability of analyzing all communications for suspicious activity without the huge risk of abuse and arbitrariness of a manual, or also manual process, as well explained by Prof. Lawrence Lessig. It would concurrently radically promote both privacy and security, by fulfilling concurrently: (A) the very legitimate need (and proposals) of security agencies to have access to all endpoints, when supported by warrant; (B) the great utility for security agencies to apply the latest big data analysis techniques to help identify suspected criminal activity, and (C) protect the constitutional rights of citizens and businesses to privacy and security of communications unless a judge determines there is probable cause that justifies interception or log access.   Such use would substantially increase the actual capacity of state security agencies to fulfill their mandates, proving to a large extent that privacy and security are not a zero-sum-game. On the contrary, there are combined technical and legislative solution whereas one can strongly enhance the other.

Infine, la leadership Italiana e EU in tali nuove tecnologie e standard può costituire, oltre ad una leadership in high-assurance IT, anche una  “trusted computing base” base di massima sicurezza, nel medio-lungo termine, nell’emergente e fondamentale settore dell’intelligenza artificiale applicata al settore commerciale e alla prevenzione del crimine, con enormi implicazioni di potere geo-strategico e di preservazione della sovranità dello stato, come illustriamo in questo dettagliato post.

Cordiali saluti,
Dr. Rufo Guerreschi,
Exec. Director, Open Media Cluster
omc.trustlesscomputing.org
Via F. Vettori 39, 00164, Rome, Italy
mobile +39.335.7545620 — fax +39.06.60513100