How could the US government incentivize IT service providers to voluntarily and adequately provide compliance to lawful access?!

More news on Obama’s search for legislative or regulatory solution to lawful access to digital systems. For some time now, the US government has been ever more often stating that there will not be a mandatory technical requirements to enable remote state lawful access, but that they expect provider to somehow come up autonomously with solutions that would allow for…

A Proposed Solution to Wikimedia funding problem …

… without introducing any undemocratic bias: Introduce contextual ads made exclusively of product/service comparisons made by  democratically-controlled consumer organizations. In Italy for example there is Altroconsumo org with 100s of thousands of members which regularly produces extensive comparative reports. In practice: for each new report that comes out, a request is made to the companies…

IT security research needs for artificial intelligence and machine super-intelligence

(originally appeared on Open Media Cluster website on July 7th 2015) On Jan 23rd 2015, nearly the entire “who’s who” of artificial intelligence, including the leading researchers, research centers, companies, IT entrepreneurs – in addition to what are possibly the leading world scientists and IT entrepeneurs – have signed Open Letter “Research priorities for robust and beneficial artificial intelligence” with an…

A definition of “Constitutionally-meanigful levels of trustworthiness” in IT systems

A proposed definition of “Constitutionally-meanigful levels of trustworthiness” in IT systems An IT system (or more precisely a end-2-end computing service or experience) will be said to have “constitutionally-meaningful levels of trustworthiness” when its confidentiality, authenticity, integrity and non-repudiation is sufficiently high to make its use – by ordinary, active and “medium-value target” citizens alike –rationally compatible to the full and effective…

Why Hacking Team backdoor is old news from the late 80’s!

The just revealed Hacking Team RCS systems backdoor (for them and presumably for their state friends) was the very reason of existence of the first such systems from the early 80-90’s (!!), created by former NSA staff, and then taken over by former (?) Mossad senior agents, and sold to tens of governments worldwide. Pushed…

In a recent post on Wired, called “Why We Need Free Digital Hardware Designs“, Richard Stallman compares the prospects and meaining of Free digital Hardware and designs, in comparison with Free Software: You can’t build and run a circuit design or a chip design in your computer. Constructing a big circuit is a lot of painstaking work, and…

What’s the use of ultra-privacy techs when mics are everywhere?

Since Snowden all hopes to retain a meaningful, albeit limited, personal privacy sphere have relied on the possibility of making devices resistant to advanced surveillance available to citizens, supplementary to ordinary commercial ones, and make so that they won’t be made illegal. Eve if we succeeded, such devices may not serve their purpose or achieve…

Why we won’t have ultra-private IoT without ultra-private ICT

(Originally published for Meet-IoT 2015) A large segment of the booming Internet-of-Things market is made of solutions comprising devices with external sensors that are within the sensing reach of their users and/or other passerby citizens. These include wearables, home automation solutions, smart city solutions, airborne connected objects, etc. Such IoT devices are in almost all cases currently…

Cyber-libertarianism vs. Rousseau’s Social Contract in cyberspace

In this long post, argue that the cyber-liberarian belief that we can protect our rights in cyberspace is incorrect, as it is impossible for an individual to provide himself meaningful assurance from hardware fabrication and assembly undetectable backdooring – even if supported by informal digital communities of trust – more or less hidden in cyberspace. User…

Blackphone “idea” of transparency, and media buy in

Blackphone CTO prides of their transparency while stating they will never “release” all their code for review, nor tell their customers when a critical bug may have been discovered. Also, they do not even mention firmware or hardware schematics, nor they clarify which code form third party they use that will not be available for…

Blackphone and the IT security media

Months after its launch, and no code released (not to mention firmware or hardware schematics or fab oversight), the only people that question how in the world we can even assess it’s security are a few blog commenters, while everyone from Schneier down just cheers up for the secure phone or stay silent. We clearly have a…

A case for UVST in my “The economics of meaningful assurance of computing services for civilian use” lecture slides

On Aug 8th 2014 in Trento, Italy, Open Media Cluster Director Dr. Rufo Guerreschi was invited and honored by Jovan Golic – the PEU EIT ICT LABS Privacy, Security and Trust Action Line Leader of the €3 billion EU R&D agency – to hold the (only) Concluding Guest Lecture to over 50 post-graduate students selected for their prestigious EU EIT ICT Labs “Security and…

If “code is law” than “hardware is constitution”

Many have understood that “code is law”,  like Lessig says, but extremely few know that “firmware, hardware, and hardware fabrication oversight (or luck of) are constitution” . US Defense Science Board has been saying since 2005 that “trust cannot be added to integrated circuits after fabrication”.

Schneier and the need for bollot box type procedures like the CivicRoom

In this video Bruce Schneier (minute 33.21 till 36.00) makes direct reference to the need to deploy in-person “secret sharing” schemes inspired to ballot box voting procedures, such as the ones we have devised for the UVST CivicRoom , and we demonstrated with a physical installation in 2007 a major ICT event in Ara Pacis in Rome, in partnership with Progetto…