Free and Safe in Cyberspace was organized in Brussels on Setember 24-25 by the Open Media Cluster and the EIT Digital Privacy, Security and Trust action line. The Brussels event of this year was participated by EU and US renowned IT privacy and security experts, Schneier and Preneel, the father of free software, Richard Stallman, senior officials of leading civilian and military EU institutions, high-assurance IT executives and experts in advanced artificial intelligence.
The objective was to discuss innovative techno-organizational certifications and certification governance models for next generation high-assurance IT services, as well as targeted or focused (endpoint) lawful access systems. Can new standards and technologies, supplementary to overly complex mainstream devices, allow ordinary citizens to reach meaningful levels of privacy and security, at least for the most critical and personal parts of their online lives? If so, can they be made user-friendly and affordable for all, and still prevent grave risks for public safety and cyber-investigation capabilities? In the long-term, the aim is to build consensus about the solutions.
The event consisted of keynote speeches followed by five panels.
“It is essential to define some very high and measurable levels of trustworthiness that are compatible with the exercise of civil rights in cyberspace”, said Rufo Guerreschi, executive director of Open Media Cluster. Jovan Golic, the EIT Digital Action Line Leader for Privacy, Security and Trust said: “We would like to have both cyber-security and cyber-privacy and also lawful cyber-surveillance. In order to achieve that, we need secure and trustworthy technologies. This would unblock business in this area”.
Michael Sieber, European Defence Agency, said: “We can create a joint vision, big in ambition and funding; concentrate on our strengths; effectively combine ‘smart clustering’ and ‘smart regulation‘”. Bruce Schneier said: “Trust is essential to human society and we, as a species, are very trusting. But, what are the security mechanisms that make this work, particularly in the IT world? Mostly we rely on transparency, oversight and accountability”. Richard Stallman, founder of the Free Software Foundation, proposed: “We should stop assuming that program developers are on our side. Actually, the programmer can be the enemy, so we must be sure that there is no one with that much control”. Michael Hohmuth, CEO at Kernkonzept, Dresden, said: “One obstacle is complexity of our operating systems…and of course the solution is trying to reduce this complexity, something that we try to address by putting all the components that user cannot trust anymore in its own little compartment, thus enabling simpler verification steps”.
Kai Rannenberg, Professor of Business Informatics at Frankfurst’s Goethe University, said: “Today, EU seems to have only a limited capacity to come up with its own value chain to build trust in hardware, and companies should definitely move forward on this direction“. Andreas Wild, executive director of ECSEL JU, indicated a strategy: “Most widely publicized cyber-attacks happen through unauthorized access and malicious software alterations in inter-connected operational systems. Therefore, a secure system needs robust design methodologies, trustworthy supply chains, controlled manufacturing sites and safe methodologies in deploying and operating it, and this with regard to both hardware and software”.
Renowned cryptographers Yvo Desmedt and Jovan Golic presented some options for lawful and focused access to protected data and key recovery that may enable public or private entities to provide voluntary compliance with lawful access requests, through independent and offline third-party processes based on secret sharing cryptographic protocols, which can ensure shared trust and the so-called forward secrecy.
Slides and videos are available on the event page: www.free-and-safe.org
"Free and Safe in Cyberspace" aimes at becoming an annual event, with EU, Latin American and North American editions.