Offer and Special Case for US, China & Israel
Offer and Special Case for the US, China and Israel to join concurrently as founder or governance partners of the Trustless Computing Certification Body and Seevik Net initiative.
Our Offer to like-minded states, IGOs and neutral INGOs to join as governance partners or cofounder partners of the Initiative apply to the current de-facto cyber superpowers: the USA, China and Israel as well, with one exception.
Given how central neutrality is to our Initiative - while they are each individually welcome to apply to join the Initiative and join our upcoming 10th Edition of the Free and Safe in Cyberspace workshops in Geneva - their partner status will become operational only when and if the other two also join.
To incentivize each to apply early, the first one of them that applies will enjoy a 30% higher decision-making power relative to the other two in the Initiative for the first 18 months, although such decision-making power will be suspended until all three cyber superpowers will have joined.
As you can read in our TCCB Governance Page, special terms apply to them in terms of decision making power in the TCCB general assembly. They will each have, for the first 2 years, 50% higher decision-making power than other countries with similar metrics. Why? Simply because of the need to some “realpolitik” compromise to get an ambitious global cooperation agreement in place in domains that are highly sensitive for national security.
Why should they join? While being entrenched as the global dominant cyber superpowers, we have detailed arguments as to why - as counterintuitive as it may seem - they would overall greatly benefit from joining and supporting the Initiative. That said their participation is highly welcome but not required.
The problem with the status quo
The current model by which western states reconcile the need for sensitive non-classified mobile privacy and security with the need for international legitimate lawful access is causing increasingly unacceptable collateral damages in terms of civil freedoms and democratic sovereignty in EU member states, of the EU, the world over, and just as much within the US and Israel, with even parliamentarians and the former prime ministers vulnerable.
Even heads of state and head of opposition, and their close associates, were hacked on their smartphones last year, as shown in Spain, in Greece and in Israel, in Finland, in UK, in Switzerland, among those we got to know about.
The problem has long turned also in a crucial state security threat, even in the US and Israel, as it increasingly exposes our leaders, elected officials and journalists to spying and blackmail - by enemies foreign and domestic - and mines the appeal of our democracies to our fellow citizens and towards third states, whose "hearts and minds" we need to prevail over fast rising appeal authoritarian countries and of authoritarianism.
Why the US, China and Israel benefit the status quo
It may seem that the US and Israel, would not have an interested in maintaining the status quo in the market, because they undoubtedly have an "informational superiority upper hand" in the current model, via their overwhelming control of leading secure devices (e.g. iPhone, Android), spyware (e.g. NSO Group) and endpoint security firms (Crowdstrike, Koolspan, etc).
Due to their control over the leading and globally-hegemonic private IT security firms, the US and Israel have an apparent distinct advantage, via their ability to access better protections, better espionage capabilities, and better espionage countermeasures. Similar powers over the security and insecurity of mobile infrastructure is exercised, increasingly, by China, via its control of nearly all mobile phones except iPhones, and leadership in 5G networks, and increasingly with platforms like WeChat, TikTok and the new mobile operating system Harmony.
Why the US, China and Israel are also greatly damaged by the status quo
Yet, the current model and hegemony comes with huge and mounting inefficiencies, collateral damages, and a “boomerang effect” for those leading states, so it may be worth exploring it there may be a better alternative model, like ours, that would eliminate or radically mitigate those effects, and overall be most convenient for such states and also for the narrower goals of their security agencies.
Even though they have the upper hand in the current scenario, they are suffering from huge collateral damages mining their own democratic systems. Involuntarily, they have ended up weakening the technologies, procedural safeguards and oversight processes of the IT systems that are most critical in sustaining democratic society, such as (a) the mobile devices used by even their top elected officials, parliamentarians, ministers, as well as (b) the targeted hacking systems used to by the police.
This has become even more evident when even the son of the prime minister of Israel Netanyau was reportedly hacked, with no way to know if and by who he was, in a cascade of accusations, severe divisions in society, and further loss of trust in democratic institutions. It has become clear that every elected official or citizen not only abroad but also in their country is hackable by who knows who, inside or outside their institutions. In addition, sometimes they “go dark” and the evidence they acquire is often unreliable, and not accepted by their highest courts.
Even the president of the US runs very similar risks, as detailed in 2017 by the New York Times. Just as concerning, current smartphones enable users to reliably delete evidence of crimes to evade criminal accountability, as shown by investigations on the US president's secret service detail, while others may have acquired such evidence before its deletion for use in politically-motivated blackmail.
For these reasons, and more detailed below, we believe they will eventually join as governance partners of the TCCB, even though they'll need approval from an UN-like neutral democratic body to intercept an elected official, journalist or private citizen from a friendly nation. While nearly every state would be welcome to join such an initiative, none is necessary. That said, it would be highly advantageous that a few states that have a key role in current and future global cybersecurity architecture - like the US, Israel and/or China - would join sooner or later.
Interest show so far by the US, China and Israel
Over the last two years, we held over nine meetings of intense and detailed dialogue with the former highest-ranking cyber diplomats of both the US and Israel. Following such dialogues, we wrote a blog post on why Israel and the US should and will eventually join as governance partners of the Trustless Computing Certification Body - even though they'd need approval by an UN-like resilient, democratic body to intercept an elected official or private citizen from a friendly nation. MACH37, the Virginia-based US leading cybersecurity accelerator, for which we were chosen among hundreds in Q4 2021, has accrued rights to 3% of the shares of the spin-in TRUSTLESS.AI.
We have engaged with some interest with several top executives of Huawei global and Swiss in 2019-2020, as one of two smartphone partners (one western and one non-western) for building initial mobile device and system complaint to the TCCB Seevik Phone, and as a proxy for engaging with the Chinese government. We made some attempts to engage China, over the years, without success. But last November, we initially engaged a Secretary of the China Mission to the UN in Geneva, in charge of IT standards at the UN.
Why should cyber superpowers ideally join TCCB together rather than singularly?
As we wrote above, given how central neutrality is to our Initiative, the current cyber superpowers US, China and Israel are all individually welcome to join the FSC9 and FSC10 workshops and following ones but, while welcome to join the Initiative, will be accepted only when they do so concurrently.
When and if the US and/Israel decide to participate, we believe it would be crucial to ensure that China also participated or that it would be ensured that it can join later, and the other way around. That’s because it would make TCCB, Seevik Net and TCCB-compliant IT: (1) more equally trusted worldwide, to enable the fair and effective global dialogue, at all levels, to promote peace and joint tackling of global challenges; and (2) substantially more trusted even by western citizens, elected officials, diplomats, and even prime ministers, given the experience of programs like Crypto AG, NSO Group, the iPhone, and past overreach of western security agencies.
Eight detailed key arguments as to why the US and/or Israel (and partly China) would benefit from joining the TCCB and Seevik Net Initiative
Let me list below eight key arguments why Israel or US, counterintuitively, would greatly benefit overall by joining and co-leading the Trustless Computing Certification Body and Seevik Net as opposed to relying only on the current failed model.
First, they would ensure a much higher certainty, integrity, attribution capability when investigating users of TCCB-compliant systems, foreign and domestic, than they currently have when investigating current IT systems with the current model.
In fact, while their security agencies would “by definition” lose the arbitrary capability to hack into TCCB-compliant systems (which will be designed with the state purpose of being impregnable to such acts) - when legitimately authorized - they will:
(A) have certainty of prompt access, without the risk of “going dark” or being unable to hack, and independently from the availability to assist of other nations or firms; and
(B) obtain more solid and forensic-friendly evidence that is much more reliable and that will be accepted by the highest national courts, unlike that obtained via targeted hacking which does not stand in court in Germany, Italy and France.Second, they would expand and improve existing multilateral and bilateral agreements whereby Israel and US, as other friend nations, ask each other's permission to allied host nations when having to spy on targets that are citizens of an ally country via an obscure complex web of agreements that are oral, software-coded or written, such as MLATs, Club of Berne, 5-9-15 eyes.
For example, we recently learned there are “rules” in place for at least a few years that technically prevent any nation-state client of the NSO Group to hack target users with a US number or while they are on US territory. Following the scandals in October 2021, such rule was extended to Israel, the United States, Canada, Australia, New Zealand and the United Kingdom, and France. To be fair and coherent, following the same rationale should be extended to other allied, friend and non-adversarial nations, both for NSO and other “private” spyware as well as state hacking capabilities.
Third, they would radically mitigate the problem whereby their current target hacking capability, direct and through private firms, produces unreliable and untrustworthy evidence, since client devices could have been hacked by others and do not support forensic, as it was highlighted by Rami Efrati, former Head of Cyber Division of the Prime Minister Office of Israel, during a recent university lecture (min 9.35).
In fact, evidence so acquired via state trojan is structurally contested by highest civilian courts in Germany and France, as well as in Italy. Often parallel construction is used to mitigate such problems, but creates big others of its own. Requests to TCCB instead are approved even in 1-2 hours, if urgent, and produce much cleaner evidence.
Fourth, they would radically increase both the protection of legal communications and the accountability of illegal communications for their most sensitive law-abiding citizens and organizations, including elected officials, journalists, business leaders, activists, as well as their reference organizations.
TCCB would radically increase protection from politically-motivated extortion, blackmail, manipulation, or profit-motivated extortion, ransomware and trade secret spying.
Provided that key elected and appointed officials, and their close personal and professional associates, are mandated to use such devices, TCCB could serve as a way to better exercise accountability and national and investigative powers over grave activities aimed at subverting the democratic constitution, as we’ve seem happen in Germany and the US recently. as we outline in this post under "Germany's internal fight against far-right subversion".
They would radically mitigate the problem of their own elected officials being spied on and blackmail by who knows who.
Over the last decade, in an unforeseen huge “boomerang effect” those same weaknesses and vulnerabilities in the Internet infrastructure have been used by adversary nations, and internal authoritarian forces to wreak havoc, compromising democratic stability and national security.
Any US or Israeli parliamentarian and their close associates - and even the son of Israel prime minister or a US presidential candidate - can be hacked undetectably for months or years on hand. Even worse, the fact that this is often not be discovered, non detectable, and when discovered it is nearly impossible to ascertain who did it, fosters deep division and mistrust with their societies where everyone is an accuser and victim, and mines citizens’ trust in the democratic institutions citizen, creating an untenable situation that could lead Israel down the similar paths as the US democracy.
Fifth, they would mitigate the huge collateral damage of unwittingly fostering a huge cyber crime business, by fostering a billion dollars zero-days market for vulnerabilities, and creating the conditions for leaks like Vault 7 and Shadow Brokers, whereby state-grade hacking tools end up in the Dark Web.
Even the most sophisticated state-grade malware, protected with multiple sophisticated layer of “obfuscation” ends up being “decompiled” by state and non-state actors - as it happened to Finfisher last year - that find them in a victim device, enabling non-state entities of all kinds to re-use them, often leaving no trace afterwards, and with no way to assess the scale of their hacking, and who did it, creating a real Wild West.
Sixth, they would retain the threat visibility and influence that they currently have on third and allied nations through their undue control over the dominant mobile device, platforms, cybersecurity solution and spyware - especially for Israel towards Middle East governments to reduce terrorist and Iran threats - via the careful governance and socio-technical design of our new trustworthy international body, the Trustless Computing Certification Body.
For threat visibility, the TCCB would radically minimize the risk that legitimate cyber-investigations - that one of those nations deem needed, legal and proportionate - will not be approved by the TCCB International Judicial Board, or impossible to exercise for any reasons, even those involving international communications of a nation’s leader.
For the influence, US and Israel could benefit from moving from a position of deceitful “hard cyber power” over their allies and third-nations to a new model of “soft cyber power”. Move from providing third-nations the ability to hack indiscriminately to giving them the ability to protect legitimate communication and make accountable illegitimate ones.
Seventh, they would repair and relaunch their reputation, trustworthiness and leadership towards allied and third nations - especially after the US NSA revelations of 2013 and the NSO revelations of the last few years - about large-scale unwarranted abuse of nation state clients of NSO Group to spy on journalists and even prime ministers of allied countries, and for making us all (through their bug-door model) more exposed to cyber criminals of all kinds that somehow gain access to the most powerful hacking capabilities.
Leadership by example rather than coercion. A leadership among nations with equal dignity. More carrots and less sticks. Affirm a model whereby advancing diplomatic, geopolitical and economic interests can be done while also promoting peace, freedom, democracy and safety.
They would increase their ability to counter the rise of authoritarianism at home and abroad, by having more democratic investigative visibility into internal subversive activities, as well as more coherently project a leadership by example of a model of digital society that is coherent with western democratic values.
They would be recognized by other nations as co-leaders in promoting peace and fair and effective global cooperation- within and across alliances, participating in building nothing less than the new de-facto global standard state-of-the art for sensitive and diplomatic digital communications.Eight, they would join an initiative that aligns as natural development of the very complex history of attempts by the US to find a solution to this conundrum. It was 1991 when a young Joe Biden, as Chairman of the Senate Judiciary Committee, introduced a bill called the Comprehensive Counter-Terrorism Act, that stated aspirational goals for a front-door access mechanism: "It is the sense of Congress that providers of electronic communications services and manufacturers of electronic communications service equipment shall ensure that communications systems permit the government to obtain the plain text contents of voice, data, and other communications when appropriately authorized by law."
In such a bill proposal, however, Joe Biden did not specify "how" those providers should "shall ensure that communications systems permit the government to obtain the plain text contents of voice, data, and other communications when appropriately authorized by law."
Yet, the overly generic nature of such provisions, and the prevailing draft implementations of such bill, lead a group of digital rights experts and activists to foresee that ill-thought implementations of such law would have curtailed the freedoms they had just gained for themselves and all citizens with such new encryption protocols and software while doing nothing to stop criminals.It was Biden's bill, and the looming threat that this newly-found strong encryption would be outlawed, that Phil Zimmermann wrote at the time "led me to publish PGP electronically for free that year.". This open technological solution suddenly enabled anyone in the world to communicate securely, even from US remote interception.
Those fears of those digital rights experts and activists proved to be exactly right. As the use of algorithmically unbreakable encryption kept spreading, in 1993, the Clinton Administration developed a system hardware component, the Clipper Chip, that was promoted and encouraged to be inserted (initially on a voluntary basis) in US human electronic communication devices and systems, to ensure remote access by the government, when authorized by due legal process.The wide availability of open source algorithmically unbreakable encryption software forced a shift in the western security community whereby they had to move on to break all IT and IT standards to retain the interception capabilities that they had back when they could break all encryption in transit.
Last October 2020, the US, UK, Australia, New Zealand, Japan, and India, published a joint International Statement: End-To-End Encryption and Public Safety, issuing a call to IT providers, NGOs, and stakeholders to find a solution to the problem of encryption technologies hindering law enforcement and security agencies from detecting and preventing grave crimes by individuals and nation-states. In the following November, a Draft Resolution of the Council of European Union was revealed, which was very similar to such a Statement, and literally identical to it in key provisions, called on civil society, industry and academia to find a solution that enables lawful access requests that are not only legal, but also “necessary and proportionate, and is subject to strong safeguards and oversight." adding key requirements that were missing in the original bill by US President Joe Biden in 1991.
This novelty raises hopes that new mechanisms, standards, certifications, and bodies could be created - reserved for IT systems for human communications conceived for the highest levels of security - that apply such new stringent requirements to mechanisms that can both ensure legitimate lawful access as well as radically raise the level of security and privacy of those systems.Ninth, they would be able to affirm a new leadership based on the principles of democracy and fair and effective international relations, communications and cooperation, via win-win solutions whereby national security is increased while and by advancing our democratic and liberal societal values.
For all these reasons, we believe that by co-leading other nations to build the TCCB and Seevik Net, the US or Israel could lead to enact a new model of democratic digital society that is finally coherent with their liberty and democratic principles, creating an healthy constructive competition with China, and other fast rising autocracies, for the hearts and minds of world citizens, and promote therefore security, peace, democracy and freedom, at home and abroad.
A sort of post-Cold War Crypto AG: multilateral, transparent, for peace, for all and mobile?
In a way, we are building what could be conceived as a "post-Cold War version of Crypto AG", the de-facto global standard and state-of-the-art for sensitive and diplomatic digital communications during the Cold War, that turned out in 2020 to have been controlled by only two nations.
As opposed to the original one, the TCCB and Seevik Net initiative will be based on open democratic multilateralism, uncompromising transparency, and an ultra-resilient procedural front-door instead of a technical back-door.
Beyond diplomats, it’ll be available to all with utmost portability and convenience via 2mm-thin standalone devices, carried inside custom leather wallets or in the back of their future smartphones - to finally enable secure, fair, and efficient digital communications and dialogue, within and among nations.
The original Crypto AG provided over 100 nations enormous value in terms of internal and external remote communications reliably secure against interception by any state or non-state actor, albeit at the (witting or unwitting) cost of interception by top security agencies of two nations. Ultimately, Crypto AG was one of the most successful and impactful intelligence operations of the last century, playing a crucial role to make sure that a more democratic geopolitical block prevailed over a lesser one.
The original Crypto AG program also proved that digital communications can be made to resist even the most powerful state-grade attackers at relatively moderate R&D costs. Even more relevant, it proved that 3rd-party access to encrypted data and communications can be reliably restricted to intended parties - albeit solely for such ultra-secure IT systems and at moderate scale - contradicting widely shared expert ideas about the impossibility in all cases of a secure-enough "front-door” socio-technical mechanism.
CONTACTS
Trustless Computing Association - www.trustlesscomputing.org —
Rufo Guerreschi, Exec. Director - rufo@trustlesscomputing.org
+393289376075
Geneva - Rome