Trustless Computing Association

View Original

Why building a new democratic digital media platform is key to protect and enhance our democracies, and how we can do it.

In this position paper, as Trustless Computing Association, we propose to the EU, EU member states, US, and other democratic nations, to join in the creation of an international democratically-governed governance body that will build and regulate a new democratic digital media platform - with apps, cloud, and devices, parallel to mainstream ones - to substantially or radically increase the security, privacy, democratic control of both ordinary citizens, and politically-exposed citizens and institutions, over their digital lives.

Executive Summary

It is just crazy. 

Last week's news about the US democracy crisis is the definitive proof that our digital media system is getting close to destroying our democracies.

We live in a Digital Wild West, where the digital media platforms that we all use, all day and every day, are led by a handful of tech super billionaires, and their ads buyers and temporary political allies, that deeply shape what we think is true and good, what product we buy, and what candidates to vote. 

We live in a Hacker Republic, where millions of politically exposed persons - like journalists, activists, executives, political candidates, and elected officials - are hackable by powerful nations and even innumerable mid-level criminals, without accountability. 

No wonder our western democracies have suddenly begun to crumble.

Proper national or international media regulations could largely or completely solve these problems. Yet, their approval, and even mere proposal, has been and will be extremely difficult. 

On the social media side, such difficulty is due to the ever-stronger chokehold media powers have on the political process, their repeated threat of pulling out of regulating nations, and the inescapable need of nations to keep all IT systems hackable to fight terrorism. It is over a year since Zuckerberger himself testified saying “I don’t think private companies should make so many decisions alone when they touch on fundamental democratic values”, yet not meaningful regulations have even been tabled so far. 

On the cybersecurity side, such difficulty is due to the overwhelming need of powerful nations to break all IT to preserve their capability to circumvent strong encryption to prevent very grave crimes, even at a huge cost of increased vulnerability of IT for the most critical domestic user, public and private.

A complementary and backup plan is urgently needed. 

Leading democratic nations should join forces, with other suitable stakeholders, to create a new public democratic digital media platform, Seevik Net, not unlike their creation of national public TV broadcasters, that will uphold all democratic values and rights, while ensuring a role for the private media sector as guardians of power and innovation actors. 

This platform needs a new open transnational democratic governance body - uniquely citizen-accountable, competent and resilient - that will define, evolve and govern its technical standards for producers of technologies, and its terms of use for users, authors, publishers, and producers. It will exist in parallel with current platforms, and also include apps that run on mainstream mobile app stores.

All of its critical software and hardware technical layers, including apps and devices, will be based only on open-source or publicly inspectable source designs and will be subject to extreme security review in relation to complexity, and citizen-witness and citizen-jury-like oversight - all the way down to the CPU, chip foundry oversight, and data rooms access management.

Such a body will certify systems created by private providers, including and clouds and mobile apps for mainstream mobile stores, for their security and their respect of basic rules for democratic media space.  

It will also certify dedicated ultra-secure client devices with a separate app store, for the confidentiality needs of the 1% most politically-exposed. 

Why do we also need a separate device? Even the most secure end-to-end secure messaging apps cannot be more secure than the device they run on. And we know that all commercial IT devices are deliberately and painstakingly compromised by multiple governments to preserve their capability of investigating grave crimes. Therefore, no matter how secure those apps and intrusion prevention systems are, the privacy and security direly needed by the 1% most politically-exposed, require that they use dedicated ultra-secure standalone personal computing devices, that connect only the platform cloud. Since no one wants to carry an extra device, these can be ultra-thin and embedded in custom leather wallets or in the back of their smartphone, and run simpler and more secure apps, vetted by the same international body. 

Yet, governments will never let a device like this go to market, and they indeed should not (!) unless it concurrently enables lawful access, at least when legitimate and constitutional. Nor they will and should ever let end-to-end secure messaging apps run our wider social media sphere, because it means they could not protect us against large-scale grave crimes within such discussion spaces, like propaganda campaigns, terrorism, pedophilia, and much more.

Safeguarding such lawful access is extremely difficult, but inescapable. The problem of meaningful digital privacy and safe lawful access are two sides of the same problem. Solving it is an inexorable element of building a sustainable democratic media space. 

Sure, even a groundbreaking solution to this dual problem will always add some level of additional risk. But that could be radically mitigated, as we analyzed in fine detail, and it is the inevitable cost to be able to “go all the way” radically mitigating all endpoint risks, resulting overall in substantially or radically higher privacy than that available today.

So, therefore, in Seevik Net, all sensitive data and users’ encryption keys will be fragmented and split among special data rooms setup (TCCB Cloud) localized in different, and “relatively neutral” jurisdictions, whereby lawful access (offered voluntarily) is allowed only in-person, and physically requires, for local jurisdiction requests, the approval of 5 random-sampled citizens, acting as a sort of citizen witnesses and citizen jurors, and additionally an international committee of former chief justices, for international jurisdiction requests.

To radically mitigate the risk of technical hacks, state-of-the-art safeguards and technical standards will be implemented, and several additional socio-technical safeguards, developed over 13 years, will be implemented, including that its servers will be based on the same IT base of the standalone personal computing device, mentioned above.

After this Summary, let’s proceed step by step.

The crumbling of Western Democracies

Last week, we all witnessed how incredibly fragile the US democratic system has become. 

A few hundred enraged pro-Trump supporters were somehow able to storm into the US Capitol, leaving five dead and elected officials running for cover for 6 hours, some with gas masks on. 

Just like 127 million other Americans, these protesters somehow became convinced of an utterly baseless claim: that the recent US Presidential elections were stolen. This was the case even after dozens of recounts and court appeals had ascertained that the inevitable frauds that happen during all elections were minuscule compared to the margin of Biden’s victory.

The US President and his associates initiated and then incessantly touted conspiracy claims - as they did in previous years for other conspiracy theories - repeatedly calling for direct action “fight”, “combat”, in more or less direct terms, right until one hour before the assault.

The US President, many of his aides, and the near-totality of elected Republican lawmakers behaved continuously in subversive and profoundly immoral ways, and in some instances even criminal. If the US judicial system holds, as it has in recent weeks, some of these persons will go to jail or eventually be voted out of office. It is hugely important that all crimes committed will be fully pursued and threatened with harsh punishments in order to mitigate the risks of future fundamental challenges to the US democratic system. 

But will this solve the root cause that led us to this in the long term? 

The subversion of democracy by the media system

Deeply immoral persons have always existed and will always exist. Yet, until recently, western democracies succeeded in preventing them from harming it irreparably and without accountability.

The questions we need to ask are different. 

How did half of Americans end up electing some of the worst amongst them as their president and their representatives? How did 39% of Americans become convinced of entirely imaginary conspiracy theories on the most crucial issues?

If we dismiss a sudden anthropological mutation in human nature, the answer can only be that somehow the entire media system structurally leads vast numbers of citizens to believe falsehoods and irrational ideas about crucial societal matters, instead of a free market of ideas and deliberative discussions.

The media system does not develop in a void. It develops as new media companies and technologies evolve, in the context of the national and international laws that determine what is allowed and not allowed, and the economic incentives on the media system’s key actors: the political economy of media

What laws regulate the ownership, control, and concentration of media? What laws define the bounds of freedom of speech? What laws limit political or issue ad spending by wealthy governmental and private entities? What laws ensure the security of critical digital media systems against technical hack or manipulation? What laws protect our digital systems against wide-spread violations of civil freedoms and freedom of assembly? What laws can we rebuild our media and IT systems so that we can infuse in them the democratic principle and the checks and balances that we have in other less-critical sectors of society? 

Sure, inadequate campaign finance laws enable a few persons and corporations to influence the agenda of politicians, but how could they do it unless the media system allowed them to spend those funds on media ads and social media campaigns?

Yet, national laws are changed by elected politicians. Politicians are completely dependent on being able to buy traditional and social media ads campaigns to convince citizens to elect them again, and digital media giants have the strongest lobby, and they can threaten to pull out of some countries, as they did before. 

So, therefore, regulation will be very very hard to do, though it must be tried. In parallel to such policy efforts, nations should consider creating, fostering, and new digital media platforms that regulate those in proper ways, that could compete and eventually largely replace those.

The undemocratic nature of our media and social media systems

Traditional media like newspapers and TV have been severely lacking in this regard, enabling the richest and most powerful actors, domestic and international, to influence public opinion’s formation in their interest. Yet, such influence had limits that Abraham Lincoln’s say remained true: “You can fool some of the people all of the time, and all of the people some of the time, but you can not fool all of the people all of the time”.

With the Internet explosion, that quote is no longer true, as a few social media and IT platforms have largely absorbed and subsumed traditional media, and their utilization and sophistication have greatly increased. These largely replaced the in-person meetings and associations that enabled for centuries citizens to socialize, engage in social and political action, share and interpret news, and build their opinions.

Western democracies’ unwillingness or incapacity to regulate new media, the huge increase in media consumption and the huge and accelerating sophistication of IT used as a mediator of citizens’ media consumption and communications - together with lacking and inadequate regulation - have hugely expanded the undemocratic media influence of those actors.

The owners of those platforms, and a few powerful actors, have built a massive power of influence via direct unaccountable control of our media feeds and user experience, or via the purchase of extremely personalized and effective “behavioral change” campaigns. 

Until recently such power accrued to thousands of the most wealthy in society. Some of that power is good, the political right would argue, as it accrued to some of the most informed, competent, and productive in society. But by now such power is overwhelmingly transferred to a handful tech super billionaires that control those platforms - our new global tech oligarchs - with out-of-control run-away market valuations, and a handful of other super billionaires running large scale propaganda operations through them, and traditional media, like Murdoch, Koch brothers, and Mercer, founder of Cambridge Analytica and Parler. Meanwhile, governments issue recurrent empty threats of regulation. 

Sure, it was good that US mainstream social media and media blocked Trump and other extremists in the face of “clear and present danger” to democracy and national security due to their likely illegal post, and closing apps and websites enabling communications of extremist US groups, but that is way too late and further highlights the urgent need for deep regulation and action.

The insecurity of our mainstream IT platforms

In addition, the disturbing insecurity of dominant messaging, social media, operating systems, and IT devices, even those meant for the most secure communications of politically-exposed persons, enables nations states, and very often even just mid-level criminals, to hack and spy on them very low marginal cost or risks, and little chance of attribution or accountability. 

This results in a near-complete loss of the rights to privacy and private assembly, stifling dissent and freedom of speech, and further unduly empowering those powerful entities. The cost of cybercrime is now $6 trillion per year, while the cost in terms of civil freedoms, national sovereignty, our democracies’ health, and national security, is even higher. 

Since the public availability of algorithmically unbreakable encryption in the 90s, and then even more with the emergence of rampant terrorism in the 2000s, powerful nations understandably felt the need to be able to break every IT system and all times to prevent and persecute grave crime, in the absence of reliable lawful intercept mechanisms - as it existed for older means of communication. 

All nations started investing more and more in stockpiling most discovered vulnerabilities instead of fixing them, promoting inadequate and flawed standards, and outright inserting backdoors or bug-doors (i.e. backdoors disguised as accidental errors) in all technical stacks, all the way down to CPU and chip fabrication. They allowed for system hyper-complexity, craved by users and producers of consumer electronics for ever-richer user experiences, to extend to society-critical IT systems. Most problematic, they have proven, over and over again, unable to keep such vulnerabilities for themselves.

How bad is it for democracy in the digital age?

The consequences of this situation are nothing short of catastrophic. 

Although cybersecurity spending has grown 30 times in the last 10 years to $120 billion per year, the cost of cybercrime is now $6 trillion per year.  Meanwhile, the cost in terms of civil freedoms, national sovereignty, our democracies’ health, and national security, is even higher. A near-complete loss of the right to privacy and private assembly in the digital sphere is compounded by a digital media sphere and election systems that are increasingly prone to be directly hacked - or deeply manipulated, through their complexity and obscurity, as shown by the Cambridge Analytica affair.

Big Tech platforms enable themselves and a few powerful and deep-pocketed malicious or unaccountable actors to deeply intrude in our privacy and to deeply manipulate our thoughts and behaviors - through their large-scale hacking of our devices, and through their design of user interfaces and social media feeds - to convince us to buy their products and vote for their candidates. 

While these abuses affect all of us, the majority of hacking and manipulation resources are concentrated on the politically-exposed persons, such as those that control the money - such as wealthy persons, and corporate and financial executives - and those that control the politics - like politicians, elected officials, journalists, and swing voters in selected regions.

All this results in grave malfunctioning and degeneration of our democratic societies, preventing them to function effectively and equitably and rationally face the huge challenges posed by pandemics, nuclear, chemical, war, artificial intelligence.

With the accelerating advent of a new Digital Age, the locus of real-world power shifted from having the most guns and money to having the most informational, hacking, and propaganda superiority. Power rests in a few state, state-connected, and private entities that have the most informational superiority - to protect their most critical information and acquire others’ - and hacking superiority - to defend their critical infrastructure and cyber-physical systems from disruption and acquire the capability to disrupt that of others’ - and propaganda superiority - ability to protect one’s government from manipulation of popular consent and election processes, and ability to do so onto others’.

Solution

It has become starkly evident that it is absurd to let a handful of tech mega-billionaires be in charge of what information we read, how we assemble and organize, what privacy we can get - and saving every little detail about us to push us their clients' products or candidates.

Clearly, we need to move from a model where corporations manage the basic rules governing the fruition and offering of digital media and IT platforms to one where those are effectively democratically managed by governments and citizens, while companies are free to innovate and compete within those rules and standards. 

Of course, the most obvious solution would be to enact sweeping national regulations of current social media IT and platforms to achieve the levels of security, privacy, and democratic control that are needed for a democracy.

Yet, that solution may well face the oppositìon of those platforms, claiming the requirements would impose an undue cost, with a threat of exiting the national markets of nations, as those platforms have argued before.

A complementary or backup solution, that can be enacted autonomously and within current national laws, would be to create a set of standards, technologies, and governance structures that could ensure the wide availability of technologies and digital media spaces that could uphold our democratic ideals, at least the most critical parts of our digital media space.

Can we make our digital media more democratic? And what does that mean?

In order for social media to be democratic, it should defend and reinforce democracy, by promoting all constitutional values, rights, and mandates. It should primarily guarantee a free market of ideas which is the fundamental assumption of the democratic system, whereby citizens learn together, debate, and seek common ground. 

A crucial need is to find win-win solutions for those constitutional values that appear to be conflicting, because the constitution of any democratic society does not contain absolute rights, but only ordinary or fundamental rights and constitutional mandates. In cyberspace, it is key to find win-win ways to defend and reinforce civil rights, freedom of speech, privacy, freedom of private association, while protecting rule of law and public security. 

Can we make our digital media more secure?

We know how to make IT radically and meaningfully and sufficiently more secure. That has been demonstrated by the track record of systems and certification bodies in the fields of nuclear safety (e.g. the International Atomic Energy Agency) and commercial aviation (e.g. Federal Aviation Administration), where only one out of sixteen million flights result in an accident.

Yet, our everyday digital technologies are way too complex to ever be secured enough. The performance and features that we have become accustomed to for everyday computing require complexity that is hopelessly incompatible with meaningful security against targeted attacks. 

But then again, do all people really care or really need digital privacy for all of their computing? After all, we have all been giving a huge amount of our data to a few digital giants, knowingly subjecting ourselves to manipulation via ads and feeds, in return for free digital services and entertainment. 

Though a recent Gallup found that US citizens fear cybercrime twice more than any other crime, a bus driver in Berlin - just like as for about 99% of the rest of us - does not really care, nor have to care, about privacy because, whatever his private life is, there would not be an interest in any state or criminal attacks to blackmail or extort him, unless he is a swing voter

There is however a small percentage of citizens, less than 1%,  that is politically-exposed and strongly demand (and need!) to have meaningful security and privacy, and would be ready to face some costs in terms of inconvenience and costs, and whose protection against blackmailing and spying is crucial for the functioning of our democracy. Think of journalists, civil rights activists, politicians, executives, wealthy individuals, and elected officials. According to a recent UBS survey, the World 16 million high net worth individuals list cybercrime as their second greatest concern, after “their country politics”. A recent survey of family offices found that cybersecurity is their main concern, followed by “potential economic recession” and “geopolitical instability”. 

Can new regulations by single national governments fix it?

It is obvious that regulation is absolutely and urgently needed. 

For example, nations could mandate transparency, security, and user-control of the algorithms behind social media recommendations and feeds, they could severely limit or outlaw digital advertising, they could mandate stronger security and user identification and authentications, and more. 

Yet, the national governments up to now have somehow been unable to step up to their responsibility, letting monopolies, cartels, and state hacking entities rule our digital media sphere, launching every once in a while plans for regulations that soon turn out to be wildly insufficient.

It is not to be excluded that they will somehow succeed. Yet, the accelerating growth in power of such media entities, especially Big Tech, and the inherently global nature of our media sphere of the needed regulations, make such a possibility unfortunately very remote.

It is mostly a Wild West, without a sheriff, with no one really in the driving seat. 

Can a coalition of western governments succeed instead?

International norms and bodies, that were mostly successful for decades in regulating conflicts and attacks among nations, have proven ineffective to regulate cyber weapons and cyberattacks, due to the inherent difficulties of cyber attribution, and weak cybersecurity standards - while not even attempting to regulate our global social media sphere. 

In parallel with trying with discussing and fighting the opposition to new adequate regulations, a coalition of democratic governments could take a key role to promote supra-national governance to affirm and defend the democraticness of our digital media space, but setting a solid framework, boundaries, and platform, over which private players that operate with independence, autonomy, and creativity. 

But then a coalition of governments has rarely created something to be trusted, as we’ve seen with EU attempts to regulate digital media or privacy, and UN role in promoting standards for cybersecurity, while international intelligence services alliances have ruled the day with their joint project to increase their informational, hacking and propaganda powers. 

In western liberal democracies, we’ve lived in a world that has glorified private media as a guardian of citizens’ rights, and government intervention as something evil and authoritarian per se. This is a product of the private media control of the accepted range of opinions, and their crucial interest in promoting this opinion. There much truth in media as guardians of democracy, but the contrary is also true: that “free” media is the primary means by which political and economic elites exert their power over society.

Given the key societal role of media authors and publishers - from bloggers to newspapers to new app makers - as guardians against abuses from governments the role of nations should be based on the same principles of trustlessness that govern our electoral system - whereby effective check and balances, transparency and citizens’ oversight processes prevent the use of such power to stifle their independence - while also prompting their creativity to promote diversity, individual freedoms, and progress.

Seevik Net and the Trustless Computing Certification Body

The profound lack of national and international regulation, paradoxically, represents the basis of the huge opportunity for a coalition of nations and partners to create an alternative but parallel media system within such a void that will progressively make the current one obsolete

In fact, this very same regulatory void, that enables a few other IT giants, like Facebook or Google, to largely govern and define our public media sphere, could be instead accrued into an international democratically-governed body (or treaty) that develops and governs the technologies and governance structures that we need at least the most critical use cases and components of our digital media space.

Such an international body would need to maximize citizen-accountability, technical expertise, and resilience from undue influence. The quality of its governance is absolutely central to realizing its aims and prevent unwanted degenerations into authoritarianism or stealthy encroaching by undemocratic powers. 

So, therefore, in addition to involving participating nations’ representatives and ethical experts, the governance would also include checks and balances and a significant presence of random-sampled citizens to act as citizen witness and citizen jury in the governance, according to the principle of citizens’ assemblies, and in key oversight processes.

A few leading nations could join to create the first democratic and ultra-secure human computing platform, Seevik Net, governed by a new highly democratic, competent, and resilient democratic international governance, standards-setting, and certification body, the Trustless Computing Certification Body

The aim would be similar in aims to the creation of public TV broadcaster and public telecom platforms, whereby instead of enabling and regulating the national private market of private video content producers, it would do so for global private producers of apps, social apps, devices, and digital content, competing among themselves on a share public platforms,  and against existing global private platforms.

Seevik Net will truly affirm online our constitutional rights and freedoms, and defend our democracies while protecting national security. It will exist in parallel and seamlessly complement the mainstream apps, systems, and devices that we have grown to depend on. It strives for an information and communication sphere constituting a fair and resilient free market of ideas, based on scientific evidence and rational reasoning. It will enact a win-win solution that concurrently maximizes the collective and individual values of privacy, freedom of speech, freedom of assembly - on one side - and that of crime prevention, national security, and public safety - on the other. It will enable citizens, associations and private companies to innovate by providing apps and services,  that enable citizens to submit content, apps, and comments to collectively enable them and their associates to communicate, inform themselves, and assemble in cyberspace, in full respect of the UN Universal Declaration of Human Rights, while concurrently protecting public security.

It’s very tough. 

Technically, an app can never be more secure than the device it runs on, both on the client-side and on the server-side, So, we need to democratize it all, down to the operating system, hardware design and fabrication, and key governance processes. We also need to resolve the apparent dichotomy between personal privacy and public safety. 

On the client-side, Seevik Net users will rely a Seevik Pods - for politically-exposed among us for which extreme protection against targeted abuses of confidentiality and integrity are critical (less than 1%) - and on Seevik Mainstream Apps, running on their ordinary smartphones, for the rest of us who do not demand nor need such high levels of protection against targeted client-side attacks.

Seevik Apps will come in two types. Seevik Pod Apps are very minimal and secure and certified to run only on Seevik Pods. Seevik Mainstream Apps instead can run on any major mainstream mobile device and run on app stores like Apple and Google. 

TCCB Cloud defines the setup, management, and access of socio-technical cloud infrastructure and data rooms, for both Pods and Apps, that will ensure substantially or radically unprecedented levels of confidentiality and integrity, while concurrently solidly ensuring off-line in-person legitimate and constitutional lawful access.

TCCB Cloud providers will not only need to implement state-of-the-art technical, procedural, and socio-technical arrangements but in addition ensure that critically-involved servers and access mechanisms will utilize TCCB-compliant systems and processes.  

To ensure extreme protection against the insider threat, ensure user data recovery, and ensure legitimate and constitutional lawful access, partial temporary encryption keys will be mandatorily saved daily to a redundant set of data rooms, whose physical access is under direct management, certification, and oversight of TCCB.

TCCB Cloud process requires that all sensitive data and code is stored in 3 data rooms in 3 different nations part of different military/intelligence alliances. The validity of civilian court orders and absence of blatant unconstitutionality of other supposed legal authority or executive orders will be ensured by inherently requiring that physical access by anyone to such data rooms is conditional on the physical presence and approval of at least 5 randomly-selected citizen-jury-like body, in addition to system administrators and an expert legal counsel.

TCCB Cloud, and Seevik Net, requires that all sensitive data and users’ encryption keys will be fragmented and split among 3 special data rooms in 3 different nations part of different military/intelligence alliances, and “relatively neutral” jurisdictions, whereby lawful access (offered voluntarily) is allowed only in-person, and physically requires, for local jurisdiction requests, the approval of 5 random-sampled citizens, acting as a sort of citizen witnesses and citizen jurors, and additionally an international committee of former chief justices, for international jurisdiction requests, based on international democratic principles. (More on the TCCB Cloud)

TCCB Pods are completely standalone minimal personal computers, that deliver to politically-exposed persons, and their close personal and business associates, substantially or radically unprecedented privacy, security, and control for their private digital and social lives.
Portability and user-friendliness will be key to its adoption, so it would be most suitable to have them in the form of a unique form factor and product of ultra-secure 2-2.5mm-thin personal computers, with Bluetooth, Wifi and NFC connection, but no physical ports, that can be carried face-out in users’ leather wallets or encased in the back of future smartphones. 

Seevik Pod Apps will be certified to security levels of the Seevik Pod’s other components, whereas Mainstream Apps will be set slightly higher than the current state-of-the-art. All Apps will mandatorily interface only with a Cloud, that provides unique levels of security, user accountability, and democratic accountability, to ensure security, privacy, and democratic social space of discussion and communication. 

Mainstream Apps users can engage in secure text, audio, and video messaging with other Mainstream App users, and text and audio messaging only with Pod Apps users since the Pod platform will be much more performance and feature constrained to ensure extreme levels of security and privacy.

All Apps with messaging features are mandatorily interoperable with other messaging apps unless the app is reserved only for the internal use of a staff of a company or government.  Apps that offer to post and comments must be mandatorily linkable by any post or comment in the same app or any other app, if these are linkable to anyone outside the users of the app. 

Apps that include feeds of content, must guarantee high levels of security, transparency, and user control. These should be transparent in their source, and TCCB-certified for security in their algorithms, including Artificial Intelligence components. Users should be able to freely and easily re-configure such feeds, and save those for others to uptake. 

Mainstream Apps must be based on the battle-tested open-source code, such as that of the Signal secure messaging app. These will offer social, messaging and networking, and any other legal feature. Users can post, read, comment, share, rate, create groups, join groups, request for connection, save and organize links to media on the Web or other social media. These will cumulatively offer all the basic features offered today by WhatsApp and Facebook apps.

Mainstream Apps users will be able to communicate with end-users of any other open-source ultra-secure messaging app, such as the mainstream Signal or Threema, provided that those apps: are certified to the same or similar levels of security required of Mainstream Apps; decide to provide suitable APIs for full interoperability; and whereby the user has undergone the onboarding and authentication requirements of the Apps.  

All Pod and Mainstream App users must engage in a secure initial identification video call with physical IDs for initial authentication and basic training, as well as undergo know-your-customer checks, with levels of security substantially in excess of those required by national digital ID programs, and downwards compliant with them. Mainstream Apps users are required to use a (Fido-compliant) hardware authentication device at all times, to reduce both the risk of identity theft and troll farms. 

All Pod users, App users, and Apps producers must declare any direct or indirect economic influence on the company or individuals, on the App production and on user interactions, including in-depth ownership disclosure and checks, and disclosing of all sources of direct and indirect funding. Post authors must always declare eventual co-authors who must be users or guest-authors, authenticated, and profiled as any ordinary user.

TCCB Cloud, Pod, and Apps are continuously vetted and certified by a new independent Trustless Computing Certification Body, that ensures extreme levels of security and privacy, ensures legitimate lawful access, and democratically governs the resulting media space, via an uncompromisingly trustless approach down to CPU design, chip fabrication oversight, and TCCB Cloud data rooms physical access.

Why have Mainstream Apps, instead of only Pod Apps? Why not use existing secure messaging apps?

Most citizens don’t really need the extra security and privacy, TCCB Pods, and could rely on secured apps for the mainstream mobile app store. 

As mentioned above our TCCB Apps will be based on the open-source code of the most secure messaging apps. Very secure end-to-end encrypted open-source secure messaging apps, like Signal and Threema, exist today, freely available, that provide a high level of security and privacy, suitable for all except the most politically-exposed 1% among us. 

Yet, those secure messaging apps have a few or all of the following major downsides. The independence, trustworthiness, timeliness, and/or depth of their security verifications are insufficient. They often contain non-open-source components. They have obscure or undemocratic governance and funding. They don’t provide for ways for governments to conduct investigations even when legally and legitimately authorized to do so; which is a problem by itself, and also leads those companies to limit the extent and size of group interactions and freedom of association, so that they are less likely to be abused for large scale troll farms, propaganda and disinformation campaigns, as it happens in social media from Facebook to Parler. 

Business Model

All Seevik Apps must be free of charge and of any other indirect monetization. Seevik Net is exclusively funded only by progressive member fees, i.e. fee that varies in relation to the member earnings and patrimony (say between $4 and $99 per month, for example).

Producers of Apps and Posts will receive 40% of the annual fees paid by users of the Seevik Net, in proportion to the direct and indirect support by users, including institutional ones like newspapers. Each user has the same amount of “endorsement chips” to assign every month (say 1000) to producers and content. They will assign 33% of those automatically by liking or sharing posts and using Apps, another 33% automatically while interacting with content or apps, and another 33% manually by thoughtfully assigning it directly to a Producer or an App once per month. 

Each Producer share is deducted from the revenue generated for the same content outside of Seevik Net, because the same content may have been sponsored/paid-for via ads or other funding sources. 

The case and need for participating nations

Participating nations join two or more democratic nations to make up 30% of the governance of the certification body, and divide equally 100% of the voting shares full ownership of the startup company building such 2mm-thin personal computer.

Such nations are expected to eventually mandate TCCB-compliance for (a) the human communication systems used by high-level governmental officials, nationally elected representatives, and all-levels of classified digital systems (in addition to current certifications); and for (b) the most critical societal sub-systems, such as social media feeds, governmental systems databases with sensitive state or citizen data.

  1. Protect their most politically-exposed individuals from blackmail, impersonation, spying, and extortion, while making them more accountable for crimes.

  2. Protect their most sensitive governmental officials from blackmail, impersonation, spying, and extortion, while making them more accountable for crimes.

  3. Protect the most sensitive governmental agencies from hacks of the most democracy-critical or national- security-critical systems, [such as those involved in OPM hacks, SolarWinds, DNC hack, 2016 US Presidential election hacks, and other disclosed and undisclosed, in less-resourced nations] - while making them more accountable to over-reach or abuse.

  4. Lead in cost-saving and efficiencies by offering TCCB-compliant kiosks - in public and semi-public spaces - and subsidized for TCCB-compliant Pods (that also embed citizen ID card and NFC) that are compliant to eIDAS Qualified, and much more, leading to the definition of the next version of eIDAS Qualified by extending the state-of-the-art.

  5. While losing the capability to arbitrarily hack into TCCB systems and client-devices, they would increase their cyber-investigation and cyber-attribution capability - for all hacks of TCCB-compliant systems - with the certainty of lawful access, when legitimate, and with access to much more solid and forensic-friendly evidence, autonomously from arbitrary assistance from states or firms.

  6. Public image advantage in regards to leading in the promotion of democratic sovereignty, civil rights of citizens, and accountability of their elected officials and security agencies.

Why in detail would law enforcement and national security also greatly benefit?

Such a platform would constrain the ability of nations' security agencies to arbitrarily hack their users when duly authorized. How could that be ultimately to their benefit? 

The US has invested enormously to maintain its ability to remotely hack at a low-cost, low-risk, and with plausible deniability nearly any device, at scale. 

In this new Wild West, and with the need to overcome encryption use by criminals and adversaries in the absence of lawful access mechanisms, public security agencies have had no other choice but to increase their investments and shrewdness in a sort of “race to the bottom” to outcompete other nations and resourced criminal syndicates as the greatest stockpilers of multiple critical vulnerabilities of exploits for all systems - by aggressively competing to be the first buyers, inserters, and stockpilers of fresh, new, and "plausibly deniable" critical vulnerabilities. 

Yet, this resulted in the creation of IT infrastructure for human communications that is so complex and vulnerable that resulted in two huge collateral damages. It has greatly reduced the security and privacy of our elected officials, businesses, politicians, candidates, journalists, and the resiliency of the democratic systems. 

Their legitimate hacking capability is less consistent and produces less reliable evidence and intelligence due to the high probability of concurrent undetected hacking by multiple entities - and the fact that such systems are often designed to make forensic analysis harder rather than easier. 

As highlighted by Rami Efrati, former Head of Cyber Division of Prime Minister Office of Israel, during a recent university lecture intelligence agencies' legitimate hacking capability is often inconsistent, as a consequence of all IT end-points being broken at multiple levels.  

This makes so that legitimate and lawful state hacking of those systems produces less reliable evidence and intelligence due to the high probability of concurrent undetected hacking by multiple other entities - and the fact that such systems are often designed to make forensic analysis harder rather than easier. 

This has made so that the evidence they acquire in such through targeted surveillance is often not sufficiently reliable, and it is not accepted in the highest courts in western nations including in Germany and France, and Italy. Law enforcement or intelligence, therefore, need to resort to parallel construction to acquire evidence that will stand in court, but at a variable cost in terms of compliance to regulations.

In the process of maximizing their mission, security agencies have not only eliminated the privacy of citizens and active citizens, but also broken even technologies, standards, and certifications used by their own governmental systems that are critical to public security and maintenance of a genuinely democratic regime - and therefore, in turn, public safety, favoring the fraudulent undemocratic emergence of autocratic regimes in western nations.   

Examples of that are the SolarWinds hack, the continued compromisation by NSA of the US NIST standardization body, and the hacking of the US Office for Personnel Management, of western elected officials and heads of state like Angela Merkel, of the US Democratic National Committee, the terrible state of electronic electoral voting systems, and the 2016 and 2020 US Presidential elections as well as the utter vulnerability of mainstream social media networks, like Facebook, to large-scale hacking and illegal manipulations. And the list goes on.

Project Status & Funding

The project is well underway with at our Trustless Computing Association - leading in the creation of the definition of the Trustless Computing Paradigms and setting up of the Trustless Computing Certification Body - and its spinoff startup TRUSTLESS.AI building an initial TCCB Pod, App and Cloud, and engaging the initial users and clients of the TCCB Pods and Cloud, called the Seevik Pod, in the form of large enterprises, private banks, wealthy individuals, and other politically-exposed persons. 

We donations of about $50k from the EU (EIT Digital) to support over the years the Free and Safe in Cyberspace conference series. We received investments of over $1 million over 3 years in the startup spin-off, in part from 5 domain-expert angel investors. We are raising funds from private and public investors to allow us in 24 months to make the Trustless Computing Certification Body operational, in framework mode, and go to market 10’000 units of a first complete IT solution complaint to TCCB - such as the TCCB Pod, in the form of a Seevik Wallet - as well as one or more initial TCCB Mainstream Apps.

Early-bird Opportunity for Governments

We offer an opportunity to democratic governments to join a small number of an initial nation that join as cofounders and governance members of the Trustless Computing Certification Body, and optionally as participating funders of the initial compliant infrastructure. We have been engaging several nations for both offers at different stages of engagement including - Switzerland, the US, Germany, Italy, and Israel, but we’re open to all other democratic nations to join.

By joining early there are economic advantages, related to some temporary exclusivities for the exploitation of the standards and technologies for governmental deployments, and publicity advantages, as detailed above.

Calls to Action for Citizens, NGOs, and Firms

If you like our mission and plan, we need all the help you can give, but there may be also opportunities for you to benefit from the economic opportunities:

Share this post on social networks.

Reach out to us at info@trustlesscomputing.org