Trustless Computing Association

View Original

A case for the NSA/USA to join other nations on equal terms to advance concurrently the security non-classified but sensitive mobile communications, national security and defend democracy.

In Cyberspace, the US national security apparatus, primarily via the NSA, has always had a dual mission of defending the critical civilian and military systems of the US and its allies, on one side, and intercepting and disrupting the IT systems of criminals, enemies and adversaries, on the other. The US and the NSA have undoubtedly achieved great successes in the Cold War and in the war on terrorism, for the US and for its allies.

Yet, revelations in the last 10 years have shown that the first mission has been pursued at excessive expense of the second, with immense collateral damages in terms of civil rights and democracy. Trust in democratic institutions, and trust among key allies have greatly diminished. The worldwide credibility of the US as a promoter and example of freedom and democracy in the digital age, in the all-important global competition and informational warfare for the hearts and minds of citizens, at home and abroad.

After the end of the Cold War, partly due to 9/11, the US missed an opportunity to lead the world in building a global digital communications infrastructure that would reflect internationally its stated liberal democratic values, by concurrently ensuring and enhancing national security while fostering, on a fair basis, trust and secure dialogue among citizens, among allies and among adversary nations.

Recently, the NSA established the NSA Cybersecurity Collaboration Center, lead by Morgan Adamski, which is in charge of promoting both missions by centralizing all unclassified collaboration with private firms, foreign and domestic, as well as participation in standardization initiatives and with standardization partners.

In a recent interview ( from minute 24.21), she gave a 2-minute answer to a hard question about how many nations consider the NSA an APTs (advanced persistent threat), to which she replied that there is a significant "culture pivot" in the NSA whereby it is now significantly more inclined to work with allies on joint defensive initiatives, including standards, to defend "networks and democracy".

Maybe one of the main spaces for collaboration with allies could be on new international standards for non-classified but sensitive mobile communications that constitute a win-win solution to reconcile the utmost privacy for law-abiding citizens and elected officials, with the need to counter criminals and adversaries.

This post is an open proposal to the NSA Cybersecurity Collaboration Center to explore the possibility that the NSA, or other US agency, could co-lead an initiative in such domain by co-leading and joining the Trustless Computing Certification Body.

The Problem

Even prime ministers, opposition leaders, and their close associates are illegally, undetectably and continuously hacked on their personal smartphones, as shown in Spain, in Greece and in Israel, last year alone.

Even in the US President and its secret service detail are vulnerable to illegitimate hacks by third parties AND potentially unaccountable instead to legitimate lawful access, in their non-classified but sensitive mobile communications and their close personal and professional associates.

As everyone else, they are virtually forced to use iOS or Android mobile devices, to be able to communicate with their close associates, as hegemonic social and messaging apps are only available in those stores.

NSO Group, just one of a dozen spyware firms in Israel alone, declared that 13,000 citizens per year are hacked via their Pegasus system. This number does not include the dozens of other similar spyware firms that sale or rent to nations, abuses by security agencies of powerful nations, and dozen of other entities to discover, buy, steal, or just rent access to illegitimately hacking of high-profile users, as we’ve learned from Shadow Brokers and Vault 7 scandals.

Even the best secure messaging apps cannot be more secure than the device they run on, while all smartphones and IT standards and certifications are hyper-complex and systematically and surreptitiously weakened by powerful nations to fight criminals and adversary nations, as we’ve learned from Snowden onwards.

Even worse, the surreptitious nature and “plausible deniability” of these structural processes causes innumerable other entities to discover, buy, steal, or just rent access to those victims. As a consequence, nearly all the most sensitive law-abiding members of society, in the millions, are unable to be spied on, blackmailed AND unable to communicate and network privately, securely, and safely, among themselves within or across nations, or geopolitical blocks.

It is nothing short of a public security and democratic emergency!

The Solution

As Trustless Computing Association, last June 2021 in Geneva we established the Trustless Computing Certification Body, a new inter-governmental democratic IT security certification body to guarantee both radically-unprecedented security and privacy as well as “in-person” procedural legitimate lawful access for sensitive yet non-classified communications. Via its startup spin-in, TRUSTLESS.AI, we are building an initial TCCB-complaint private cloud, mainstream mobile app and 2mm-thin mobile device - embedded in custom leather wallets (video animation) or in the back of Android smartphone (video of PoC device) - that aims to far outcompete in both security, convenience and accountability even the best protected iPhones and the best cryptophones.

TCCB and Seevik Net will uniquely leverage uncompromising transparency, Trustless Computing Paradigms and deep multinational cooperation at all levels and stages, to radically advance concurrently national, EU, international and democratic digital sovereignty, while improving legitimate lawful access and national security. Here is how Trustless Computing relates to Zero Trust.

The US, via the NSA or NIST, could join selected globally-diverse like-minded nations as founding nations-state governance partners of the Trustless Computing Certification Body and Seevik Net initiative, and early select privileged initial end-users of the initial TCCB-compliant interoperable digital communication systems and devices, by acquiring joint majority or full control of the initiative, while committing to invite in other nations on an equal basis.

We are selecting no more than 3 EU nations, 4 non-EU diverse globally-representative nations and 3 neutral and fitting NGOs and IGOs (e.g. the EU, UN agencies, Arab League, African Union) to join as as founding governance partners of the IT security certification body Trustless Computing Certification Body (“TCCB”) to give it final shape and control it, and co-own its startup spin-in, which is building an initial open TCCB-compliant ecosystem, computing base and mobile IT system, Seevik Net.

Why would even the US and Israel benefit from joining the TCCB?

Via their privileged relationship with secure IT, cybersecurity and spyware companies, security agencies of a few cyber powers like US and Israel, specific persons and groups within them, have likely much better protection, against more threat actors, as well as more access to breaking in when they need to.

The US and Israel, and partly other “five-eyes” countries, UK, Germany and France - are in a different position from other western and third nations. They have the upper hand in the current hegemonic model for the security and hacking of non-classified but sensitive mobile secure communications. These nations have much higher capacity than other nations to exploit the vulnerabilities on even the most secure iOS or Android smartphones - directly and indirectly through their “private” spyware companies - and in part to protect its officials and citizens against hacking from others.

These lucky few have access to: (a) More secured versions of commercial smartphones (like iPhone and Samsung Knox) or special “below the radar” secure crypto phones; (b) cybersecurity software suites to layer inside, on top or on the side on that IT, like Koolspan or Crowdstrike; and/or (c) they are technically excluded by the most powerful “private” state-grade surveillance platforms, like Israel Pegasus or German/UK FinFisher for example, by being on a specific list, or from a specific nation or in a specific nation.

Why should they join an initiative that sets international rule-based and fair playing ground and, worse, compromises their ability to defend themselves?

Even these cannot really know how protected they really are, often not protected against abuse by nations and other actors that somehow gain access via leaks, corruption, and other means.

Even so-called “cyber powers” like the US and Israel, which apparently have the upper hand in the current scenario, are suffering from colossal collateral damages that are mining their own democratic systems, which we believe our TCCB model would mitigate.

They have ended up weakening their own technologies, procedural safeguards and oversight processes both of (a) the mobile devices used by even their top elected officials, parliamentarians, and ministers, as well as (b) the targeted hacking systems used by the police. This has become even more evident in February 2022 scandal involving NSO Group and the Israeli police. Sure, NSO Group has declared it has built-in limitation that prevent its spyware to be used inside the US and on US number, but what about other systems?

Even the US President and its secret service detail - in their non-classified but sensitive communications with their personal and professional associates - are vulnerable to illegitimate hacks by third parties AND potentially unaccountable instead to legitimate lawful access.

Every elected official or citizen in their country or abroad is hackable by who knows who is inside or outside their institutions. Sometimes they “go dark”. The evidence they acquire is often unreliable and not accepted in their highest courts. Also, trust among allies suffers when they feel they are hacked illegitimately in their leadership.

Enabling fair and effective dialogue across nations for shared truths and peace.

An initiative like TCCB is also needed to promote peace while avoiding a Digital Iron Curtain.

Diplomats and elected officials rely on “secure” messaging apps - like Signal, Threema, WeChat, Telegram WhatsApp, Wire, Element - that are non-interoperable, and that expose them to be hacked on their devices by innumerable attackers; or on devices, also non-interoperable, whose security is largely a matter of blind faith.

Even the most sensitive members of society are unable to communicate one-to-one securely and privately, let alone have access to a digital platform that can enable a fair, confidential and effective dialogue among them. The lack of globally trusted and convenient mobile communications creates huge friction in diplomatic dialogues.

Even the presidents of the US and China lack a secure and confidential channel for emergency and dialogue, as noted recently by Chris Painter. Even EU parliamentarians and UK Ministers of Defense, are impersonated and spied upon even by pranksters, Even video conferences of EU Ministers of Defence are easily hacked when discussing sensitive matters.

Civil society, diplomats, elected officials, journalists and active citizens network on social media platforms, that are divided by geopolitical blocks, and subject to targeted manipulations by powerful state and non-state entities at huge scale. A deluge of propaganda on both sides, no combination of platforms or sources enable sincere educated persons, with different backgrounds, to agree on a shared base of truths to start seeking common ground.

For ​a ​more detailed​ case​, check ​read our Case for Israel and the US to join the TCCB.