A definition of “Constitutionally-meanigful levels of trustworthiness” in IT systems

A proposed definition of “Constitutionally-meanigful levels of trustworthiness” in IT systems

An IT system (or more precisely a end-2-end computing service or experience) will be said to have “constitutionally-meaningful levels of trustworthiness” when its confidentiality, authenticity, integrity and non-repudiation is sufficiently high to make its use – by ordinary, active and “medium-value target” citizens alike –rationally compatible to the full and effective Internet-connected exercise of their core civil rights, except for voting in governmental elections.  In concrete terms, it defines an end-2-end computing experience that warrants extremely well-placed confidence that the cost and risks for an extremely-skilled attacker to remotely perform continuous or pervasive comprimization substantially exceed the following: (1) for comprimization of a single user, the tens of thousands of euros, and the significant discoverability, such as those associated with enacting such level of abuse through on-site, proximity-based user surveillance, or non-scalable remote endpoint techniques, such as NSA TAO; (2) For the comprimization of the entire supply chain or lifecycle, the tens of millions of euros and significant discoverability, that are reportedly typically sustained by advanced actors, for high-value supply chains, through legal and illegal subversions of all kinds, including economic pressures.”

This entry was posted in general, work1, work2. Bookmark the permalink.