Panel: CHALLENGE B : How can we solve Challenge A, while at once adequately mitigating the consequent risks for public security? presented at FSC 2020

by Rufo Guerreschi, Adolf Doerig, Paolo Lezzi,


Summary : It is becoming evident that availability of IT for human communications, that provide constitutionally-meaningful levels of digital privacy, cannot be expected unless these will be reliably subject to government interception when legitiamately authorized to do so.Can providers of ultra-high assurance IT reliably and voluntarily (i.e. in addition to what is requried by law) offer compliance mechanisms for legitimate lawful access needs, while overall reducing risks for both privacy of users and public safety?If so, how? What novel paradigms, safeguards or certification processes are needed?Can the same extreme technical and human organizational safeguards – that are needed to ensure ultra-high levels of IT assurance – also enable “safe enough” voluntary compliance to lawful access requests – at least in some EU states – that overall reduce the risk of privacy rights abuse of end-users by anyone to levels that are radically or substantially lower than any of the other alternative secure IT systems (existing or in development) which do not offer such voluntary processing?Could the inevitable added risk be essentially shifted from technical systems to novel highly-resilient organizational processes? Could or should such processes rely on a IT provider-managed data/key recovery schemes that are certified and overseen by a (primarily non-governmental) radically citizen-accountable, independent and competent international certification body?