Trustless Computing Association

View Original

Like hundreds of thousands of others, our prime ministers are hacked on their phones. Can anything be done to stop it?

Last November we learned that the then UK foreign minister Liz Truss was spied on for months on her mobile communications with colleagues, friends and foreign diplomats. A few days later, the president and foreign minister of Switzerland Ignazio Cassis, and 100 other top officials, were revealed to have been victims of hacking-for-hire by Indian hacker gangs, via UK legal firms. 

They are in good company. Last year alone, the sitting prime ministers of Spain and of Finland, the head of opposition of Greece and of Poland, the son of the new prime minister of Israel, and the editor of the Financial Times, suffered the same fate. The scale of this “EU Watergate” and possible solutions are detailed in a shocking 150 pages draft report on spyware presented last month by a dedicated EU Parliament committee.

Earlier this year, the UK Minister of Defense and several EU parliamentarians were fooled by foreign agents impersonating the attorney of a Russian opposition leader. Even the president of the US and his personal associates run similar risks, as detailed in 2017 by the New York Times. 

What expectation can we have that all other prime ministers - like Meloni, Macron, Scholtz, or Lula da Silva - their ministers, parliamentarians and/or their close associates are not also continuously hacked on their smartphones? Do they have access to some better magic protection tools that exceeds those of UK GCHQ for Ms Truss?

Just as concerning, current smartphones enable users to reliably delete evidence of crimes to evade criminal accountability, as shown by investigations on the US president's secret service detail and leaders of a top swiss bank, while criminals may have acquired such evidence before its deletion for use in blackmail. 

As terrible as this is for our democracies, it's just the tip of the iceberg, because the number of victims is most likely in the hundreds of thousands, as we detail below. Nearly everyone with power or money is a target or victim, including not only elected officials and politicians, but nearly all diplomats, businessmen, journalists, activists, their organizations, and their close associates inter-governmental organizations. 

This state of affairs constitutes a vital threat to our democracies and human rights, and greatly stifles and distorts diplomatic dialogue.

Are our leaders careless? Why don't they use their classified "work" phones? 

Sure, our leaders could and should be more careful, assuming their smartphones can be hacked by all kinds of culprits, but they still do "for the same reasons as the rest of us", as The Economist wrote in a recent article. 

They don't because a large majority of those they need to speak to - colleagues, parliamentarians, international colleagues, relatives, lovers - do not have"work" phones or have incompatible ones. 

They are forced to use hegemonic mobile phones, app stores and apps if they want to function at all, and even  self-censor to minimize their risks. 

Sure, they could and should be more careful, assuming that any use of their smartphone could result in blackmail, extortion or public shaming as legal or illegal snapshots of their life could be leaked to the media and published out of context or to prosecutors. 

Most of them know the risks by now, but they still do "for the same reasons as the rest of us", as The Economist wrote last month, following Liz Truss’s hack. “A similar attack on a government-issued phone would have been more difficult. But those phones are cumbersome to use. They come with long passwords that must be entered every time they are picked up; you cannot install apps you need to use without the permission of the IT department; their chat apps tend to be configured with tedious two-factor authentication. And, importantly, the daily chatter with political colleagues is not on that phone. It’s a pain to have two devices”, the British magazine goes on to say. 

They are forced to use hegemonic mobile phones, app stores and apps if they want to function at all in their job or life, while evidently, no protective tools by their security agencies are remotely sufficient. 

To make matters even worse, they are forced into extensive self-censorship to minimize the risk, with enormous costs to personal and professional effectiveness. Also, the difficulty of attributing hacks on today's devices makes it often impossible to know if a leak was due to a hacker or to the victim's interlocutor, as seen in the hack of Finnish Prime Minister Sanna Marin, fostering distrust among associates, and more self-censorship. 

Are hackers just too good? Can't those phones be made more secure? 

Every year, Apple, top Android phone makers, and cybersecurity protection suite makers, introduce new security improvements. Like a mirage, decent security is never attained. 

Why is that? Sure, state and non-state hackers keep significantly increasing their investments. Yet, we can make IT devices that are both reliably secure against the most advanced attackers and accessible to interception only to intended entities - as argued in this detailed academic paper by the Trustless Computing Association, and as shown in practice by Crypto AG, the Swiss-based western standard devices for secure diplomatic communications in the Cold War.

Two are the real root causes. First, hyper-complexity and obscurity are demanded by competition for rich entertainment performance features that are required of top-end smartphones. Second, the unconfessed need to surreptitiously ensure that several powerful nations can hack them at any time to prevent terrorist, enemy or adversary nations.

In addition, carrying an extra device may be acceptable for the most targeted persons but too cumbersome for their many sensitive non-classified interlocutors.

Is the problem limited to a few hundred top officials?

The number of those hacked or at risk is not easy to quantify or even approximate, by design. Security agencies go to great lenghts to ensure that a large number of criminals and terrorists over-estimate the security of secure mobile solutions so that they can continue their legitimate interception, while spyware and secure IT companies like Apple play along, for profit reasons. Every once in a while, the FBI pretends to be unable to hack an iPhone as in the San Bernardino case, whereby simple researchers and companies were able to.

But once in a while, some hard verified data comes around. The lawsuit that Facebook has against NSO Group provides details and proofs of 1400 WhatsApp hacked worldwide in the course of just 2 weeks. The NSO Group, just one of a dozen spyware firms in Israel alone, testified last June to the 42-strong PEGA EU Parliament Committee of spyware that over 12,000 citizens each year are hacked via their Pegasus system

But those numbers (1) do not include dozens of other similar spyware companies that rent or sell to nations and private groups; (2) nor do they include those hacked by security agencies of powerful nations like the US, China and Russia; (3) nor hundreds or thousands of other entities to discover, buy, steal, or just rent access to illegitimately hacking of high-profile users, as shown by Shadow Brokers and Vault 7 scandals, as consequence of the surreptitious way in which powerful nations ensure their "backdoor" access. 

Last October Kaspersky declared it had found and “fully deconstructed”  the most advanced German and UK spyware, FinFisher, enabling them to fully re-use it. The same could have been done by others. Already ten years ago powerful national security agencies like, and to a lesser extend some semi-private spyware companies, had capabilities to turn targeted surveillance into a scalable enterprise via systems and programs like the NSA FoxAcid and NSA Turbine.

Furthermore, a vast majority of these cyber crimes go undiscovered for years, if ever, as they often leave no trace, as outlined above. When discovered, they are nearly always kept secret as both victims and attackers gain from keeping them unreported. Victims are not required to disclose. Hacking of state officials are often classified as state secret.

Apple declared in 2021, the attacks should not worry because exploits: “cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users,the overwhelming majority of our users”. Their use of the term “overwhelming” is compatible with hundreds of thousands of devices hacked, which would amount to 0.01% of the 1.5 billion iPhones out there. The New York Times reported in 2018 about NSO Group: “Clients could then pay more to target additional users, saving as they spy with bulk discounts: $800,000 for an additional 100 phones.”, which brings the price to €8,000 per target (Though the price is apparently higher nowadays).  And that’s for the Rolls-Royce of hacking tools! 

From the above, we can therefore estimate that the number of victims are in the many hundreds of thousands every year, while those at risk are in the several millions world-wide.

As opposed to what security agencies, smartphone makes and uncritical media want us to believe those most at risk have known the truth for some time now. Pre-Covid surveys by UBS and by Northern Trust showed that the 16 million wealthiest persons in the World and family offices regard cybersecurity as their n.2 or their n.1 concern, respectively. 

It is nothing short of a public security and democratic emergency, as well as a huge market demand.

Can the solution reside in the ban or regulation of spyware?

This week, PEGA EU parliamentary committee on spyware, in line with leading global human rights organizations, published a 150 page draft report, showing how the scale of the problem is no less than an ongoing “EU Watergate”. While acknowledging the severe limitations of EU to adequately remediate given its internal decision making mechanisms, they suggest a wide array of beneficial actions that EU institutions and member states could take, mostly focused on the ban, moratorium and regulation of the use, sale and oversight of spyware by member states. 

The suggested regulation changes are direly needed, and would make a big difference, especially in the actual accountability of a nation's use of spyware towards its citizens and the EU. Even under the best case scenario of political will, even the best regulations would face vast and largely unsolvable technical and jurisdictional complexities inherent with how advanced spyware is built and deployed, that would make their enforcement only very partially effective.

Meanwhile, the prospect of a lasting moratorium or ban on the use of spyware by a EU member state or EU-wide would result in unregulated nations and criminals being able to spy, while duly authorized security agencies would not be able to intercept the most dangerous criminals.

So, banning spyware used by nations will not stop foreign hackers nor criminals. Regulation is direly needed, but can only have a very moderate impact in the best case scenario. 

Towards more comprehensive and effective solutions

So, a resolutive solution must inevitably start from somehow ensuring mobile devices are widely accessible for sensitive users that are not merely more resistant to the most sophisticated attacks but radically so. We know how to do that, as mentioned above in regards to Crypto AG, and as proven by our success in nuclear safety and civil aviation. 

But then who guarantees and oversees that the best engineering is applied and extremely powerful compromisation attempts are thwarted? How do we ensure wide adoption of such devices in a hegemonic mobile device market? How do we prevent their abuse by criminal, terrorists and adversarial nations? Suitable solutions would need to be both widely-adoptable and globally-trusted by a wide majority of sensitive persons all around the world, and reliably enable only legitimate lawful access, national and international. 

To be widely-adoptable, it must be convenient and cheap enough to be adopted by a large majority of the typical interlocutors of our elected officials and other vulnerable persons.
    Sure, we'd love to solve it with an open-source secure messaging app that everyone can review, but it can only be as secure as the device they run on. An external hardware solution would only protect from some of the hardware vulnerabilities.
  So the answer must be an additional standalone hardware device. But everyone is weary of carrying an extra device.
    Fortunately, the same miniaturization today that enables foldable phones could enable an ultra-thin minimalistic but ultra-secure device to be embedded face-out in the back of any smartphone or carried face-out in custom leather wallets, for those that prefer that. 

To be globally-trusted, all critical technical and process of the solution and its use should be openly inspectable, and minimal enough to be sufficiently inspectable.
  Given that the utmost security cannot be verified "after the sausage is made", any technical and human components, including every coder, architect, critical tech provider, chip fabrication, and user training, should be subject to full transparency, and extremely trustworthy oversight.
    Design quality and oversight should be assured by some international body, whose governance quality can be assessed by moderately educated and informed citizens, just as in properly designed democratic election processes and procedures.
  It could involve a mix of globally-diverse nations, IGOs and NGOs, randomly-sampled world citizens, and proven "ethical" experts.

To enable legitimate lawful access nationally and internationally, while sufficiently reducing the risk of its abuse, is something that highly influential US-based libertarian privacy activists and security experts have argued in several detailed papers detail cannot be done. There are instead solid practical precedents and scientific arguments that a secure-enough procedural “front-door” mechanism overseen by a global trustworthy third party, involving ultra-secure minimized IT systems.
  That was proven in practice by Crypto AG, the Swiss-based western standard devices for secure diplomatic communications in the Cold War - that was revealed to have been be owned and systematically intercepted by the CIA and its German equivalent - and argued in theory in a paper that the author published in 2018, Position Paper: Case for a Trustless Computing Certification Body - contradicting highly-influential detailed analysis by a group of US libertarian IT security experts about the impossibility, in all cases, of a secure-enough "front-door” mechanism.
  Both point to the fact that there may is a distinct possibility it could work by applying the same extreme technical and organizational safeguards, and checks and balances, to both an ultra-secure IT system and "in-person" procedural lawful access mechanisms - including via authorization by several randomly-selected citizens for national ones, and an international judicial board for international ones - both accountable to an highly trustworthy and resilient international certification body.
  While recognizing that adding a “front-door” access would inevitably add some additional potential vulnerability, we conclude that such an approach has a good chance to overall radically or at least substantially reduce the privacy risk in respect to any other alternative secure IT system available today, or knowingly in development, which does not offer such ”front-door”.

What would a solution overall look like?

A much more definitive solution could entail a small set of globally-diverse nations, NGOs and IGOs that join together to create (1) an open inter-governmental certification body to guarantee both the utmost security and safe "in-person" legitimate lawful access, as well as (2) a new product class in the form of minimalist ultra-thin mobile devices, compliant with such a body, to be embedded face-out in the back of any Android, Harmony and iOS smartphone, or carried in custom leather wallets, for all sensitive computing of prime ministers and all citizens. The project would rely on a redundant set of critical tech providers across participating nations, and open source technologies to mitigate supply chain disruption or compromisations.

A number of EU and non-EU nations recognizing the “institutional” impossibility of the EU and UN to take on such an initiative, could take matters in their own hands building such open technical solutions and inter-governmental institutions that can ensure those requirements are met - leading the way for the EU, other regional intergovernmental organizations and the UN to trail behind.

Successful Precedents

There have been similar successful initiatives, in addition to the mentioned Crypto AG, by Germany and the US. The joint definition and adoption by EU member states of the GSM standards produced two decades of EU mobile leadership. France and Germany joined to build  Franco-German ARTE public broadcasting TV channel and more recently share open standards “secure messaging mobile” platform based on Element/Matrix. 

An even more fitting, the highly successful Minitel digital platform created by the French government that by 1988 constitutued a whole digital ecosystem with 3 million users, several private and public compatible and compliant terminals (or PCs), thousands of private and public services and apps. 

While very successful, the Minitel was replaced over a few years by private PCs based on hegemonic US operating systems, due on one side to their better performance and user experience, but also as much to their higher investment due to their larger domestic and global markets, a globally- interoperable app ecosystem and private terminal/PCs, and the choice of Minitel to allow its services to run on the new US-made PCs.

Our initiative could be understood as sort of multi-governmental, mobile, ultra-secure version of the Minitel. Unlike the Minitel, it would not initially directly compete with dominant US commercial smartphones, but complement them with an adjunct hardware device, in the form of a 2mm-thin standalone mobile device. Such new devices would offer a parallel computing ecosystem that offers unique levels of privacy, trust and integrity, that US and Chinese smartphones do not and cannot offer, and citizens will crave as wearables, e-health and AI assistants make trustowrthiness a key enabler for the most advanced services. 

Would Great Cyber Powers join?

Due to their control over the leading private firms in digital IT security, the US and Israel have an apparent distinct advantage, via their ability to access better protections, better espionage capabilities, and better espionage countermeasures. 

That is a fact. Yet, the current model also creates huge collateral damages to their own national security, democracy and to their relationship with allies, so much so that we suspect they'd be open to a better and multi-lateral solution if one can be conceived and realized. 

While nearly every nation would be welcome to join such initiative, none is necessary. That said, it would be highly beneficial advantageous that a few nations that have a key role in current and future global cybersecurity architecture - like US, Israel and/or China - would join sooner or later.

Vision and Next Steps

By leveraging unique transparency levels - and participating nations' and citizens’ cooperation and oversight at all levels and stages, such new devices and related cloud services will create a parallel cyberspace to the hegemonic U.S.-Chinese ones that will enable the fair, wise and efficient dialogue that we need to foster the emergence of shared truths, deeper dialogue and coordination  among all nations - and to protect and enhance democracy, freedom and safety within liberal and social-democratic societies.  

Over time, it will become a kind of personal trust hub that will become essential for the private or sensitive digital lives citizens, such as e-health, political participation, social networking, e-banking, e-government, advanced AI-based services, for strong authentication of laptops, PCs, and cell phones, as well as for citizens’ control and interaction with wearable devices, VR/AR headsets.

Representatives of globally diverse nations and IGOs will discuss such a prospect during the 9th Edition of the Free and Safe in Cyberspace, held for a third time in Geneva, next March 14-15th 2023.

About the author: Rufo Guerreschi is a digital democracy, security and privacy activist, researcher and entrepreneur. He is ​the ​founder of the Trustless Computing Association and its spin-in startup TRUSTLESS.AI.