Building the trustless computing certification body

12 Apr 2019 11:00h - 12:45h

Event report

 

Moderator Mr Rufo Guerreschi (Executive Director, Trustless Computing Association [TCA]) shed some light on TCA’s work, pointing out that TCA is a standalone and independent organisation aggregating nations, industry associations, and unique players in the industry to create a new certification body. The goal of the TCA is to achieve a more secure technology and to radically improve online security. Since the dawn of the industrial era, we have been promised a utopian future of a labour-free world enabled by machines. Nevertheless, we realised that today no one is actually safe on the Internet and even the most powerful individuals and governments are being spied on. This is because the current Internet model is created with security design flaws. He added that this can hardly be changed even if we begin from the manufacturers. He quoted the US Defence Science Board’s conclusion from 2005 by stating that ‘Trust cannot be added to integrated circuits after fabrication’. In order to restore our trust in machines, the TCA is proposing a way to have two devices built into one: one for the private sphere of our life, and the other for our public place in society. For this system to work, a massive certification push needs to happen, and new certification bodies need to be established. We have seen that we can create such strong bodies which are able to manage complex systems like those in the aviation and nuclear energy sectors. The main principles that should apply to this body, Guerreschi added, are for it to be transparent, audited, overseen, and certified. This change needs to be applied at the service level and in the production phase. Emerging technologies can help us create a more secure (or a perfectly secure) Internet, artificial intelligence, blockchain, and quantum computing.

Mr Jorn Erbguth (Privacy and Blockchain Expert) also pointed out that our current system is, security-wise, flawed through design. We need everyone to agree on that, he added. In his opinion, to change this paradigm we will need a strong political will. We will also need to balance security and freedom when discussing our future. Erbguth added that we are witnessing these initiatives as in the case of Microsoft’s call for the Digital Geneva Convention. However, acknowledging the problem does not put us in a better position. We need to act fast.

Ms Yuko Murayama (Retired Professor, Tsuda University; Chair, IFIP Domain Committee, IT in Disaster Risk Reduction) addressed the notion of trust from the psychological perspective. We usually define trust in relation to third parties. Beside a technical, there is an emotional segment of trust. In the Japanese culture this is called ‘anshi’, she added. When talking about a system, we use the word ‘dependable’, but when we talk about a person, we tend to use ‘trust’, Murayama added. Talking about related concepts, such as safety and security, she mentioned the results of a research done by Hoffman and Camp, where the notion of trust is actually an umbrella term for safety, security, usability, availability, reliability, and privacy.

Mr Lennig Pedron (President and Co-founder, ICON) pointed out that emerging technologies are very complex and create growing concerns on how their development will affect our daily lives. To build digital trust, we need to teach people how to use devices properly. Certification is most definitely needed and this is not an easy way to go, he concluded.

Mr Paul Wang (Expert on Blockchain, Cybersecurity and IT Forensic Technologies) underlined the role education has in building a future where trust in technology exists. He shared results from a research conducted in a school in Switzerland, where 90% of children trust everything they see on the Internet. Due diligence is difficult to achieve with younger generations. He added that cross-sector work in needed, and urged the tech community to work more on education regarding the complex tech systems put in place. Tech and non-tech people need to work together, he concluded.

Moira de Roche (Chairman, IFIP IP3; Director, Global Industry Council; Fellow, IITPSA & PMIITPSA) pointed out that a global body of computer scientists should be established for addressing issues on trusting technology. The paradigm of safety and trust needs to resemble analogies from the physical world. You safeguard your house keys, put your valuables in a safe, and go to the police only as a last resort. A similar approach is required in the digital world. Trust is the most expensive thing in the world, she concluded, and is really hard to gain, but easy to lose.

In answering questions from the audience, the panel concluded that even if large bodies for certification and web-standards exist (such as the Internet Engineering Task Force (IETF) and the World Wide Web Consortium (W3C)), we need a new set of rules that will include trust in design.

 

By Arvin Kamberi