UVST R&D project and state-mandated backdoors
A few people on social media and in privacy activist circles have been spreading incorrect information as far as the relation between our UVST R&D proposal for high(est)-assurance IT systems and services, and various UK/US legislative proposal for state-mandated backdoors. These misunderstanidng come probably from our open acknowledgement of the problem cause by the potential malevolent use of systems that are – unlike near all current systems – truly beyond the interceptability by state security and justice agencies with due legal process.
Our R&D proposal has been submitted to H2020 opportunities once with world-class partners, each of which, except Lfoundry, have bindingly underwritten an MOU that binds them to several open innovation paradigms, as well as stating clearly that any service certified by the resulting UVST standard body can be certified only if: “only if both the Provider and the hosting facility are located in nations where mandatory key disclosure, and similar legislation, or known practices, do NOT make it illegal to withhold access to warrant-based or state-security-based government requests. Terms of service and operational procedures must in fact clearly exclude compliance to any government request for personal data of users. When and if laws are changed that make it illegal, then the Provider must give a choice to each individual user to either (a) agree to transfer such services to other nation where it is legal; or (b) turn off such server-side services;“
Nonetheless, we are actively and openly reviewing such provisions with our partners – including through an event that we have created to such purpose, Free and Safe and Cyberspace – to find win-win solutions that will reduce the risks of malevolent use of the results of our R&D project.