TRUSTLESS.AI

View Original

Swiss private banks, digital confidentiality and the need for lawful access

(to comment, like, comment ore share refer to this Linkedin post)
This blog post was also published on Dec 11th 2020 on the Geneva newspaper Le Temps)

Last November 25th a reportage article from the Swiss public TV program Rundschau made public how Omnisec AG, another leading Swiss encryption maker was also controlled or compromised by US and German secret services. We also learned how it may have affected the confidentiality of IT systems used by the UBS Group, the World’s largest wealth manager. Rundschau was the same media that co-led the reportage on Crypto AG and Infoguard AG last February. 

This is not news or surprising to experts. Yet, until now, few media articles made connections between the documented fact that top Swiss private banks were for decades clients of the InfoGuard AG, which was until 2018 a "sister company" of Crypto AG. Most media did not explore what this information meant for the confidentiality of Swiss private banking. In fact, scant information was publicly available about the nature and scope of such commercial relationships. 

Though banks may well have been unaware of such foreign spying, they indirectly benefited from a priceless unparalleled know-your-customer service, enabling them to avoid engaging with the most dangerous criminals or rogue states. This ultimately was good for the banks, for Switzerland, and for World peace and security.

Two years ago, Omnisec AG was closed while Infoguard AG ownership was formally transferred to a few long-time top managers of the company. 

In response to these changes, some of those banks appear to continue using Infoguard AG for their most sensitive internal communications - and it remains up to speculation if foreign nations' influence has been maintained - while others have partly or fully moved for some use cases to other solutions based on home-made or Swiss ultra-secure messaging apps, like Threema - running on mainstream mobile devices "secured" through advanced anti-malware systems.

These software-only solutions cannot provide the same level of protection as hardware solutions, since an app can never be more secure than the device it runs on. These solutions remain therefore vulnerable not only to powerful nations - allied and non-allied, and without accountability - but also and most concerningly to advanced criminal organizations and less powerful nations. 

It is estimated that a large majority of confidentiality hacks remain undiscovered (because the longer the undiscovered spying, the more valuable to the attacker) or unreported (as both victim and attacker have no interest in publicity). Nevertheless, the vulnerability and other failures of such new software-based approaches have emerged in regards to Credit Suisse in a recent internal spying scandal and caused it substantial and ongoing public image, regulatory, and economic damage.  

Paradoxically, these software solutions also cause at times law enforcement to be unable to access evidence ex-post due to strong encryption, which may have been acquired by criminals previously through malware running on the device during their use, with grave risks for blackmailing or worse.

This less than ideal situation opens up an opportunity for those banks to explore new ways to achieve the utmost confidentiality for internal and client communications, while concurrently enabling legitimate international law enforcement. This alternative could be based on deep democratic control and transparency applied to both the IT systems and to the mechanisms used to enable legitimate lawful access

This alternative could be based on deep democratic control and transparency applied to both the IT systems and to the mechanisms used to enable legitimate lawful access.

We have been building exactly that alternative at the Swiss-based Trustless Computing Association and its spinoff startup TRUSTLESS.AI - both based in Zurich and Geneva - in the form of a new Trustless Computing Certification Body, and a new ultra-portable 2mm-thin PC compliant to such standards. 

Through such an alternative, not only can Swiss private banks can better protect their confidentiality, and that of their clients, while ensuring legitimate international lawful access, but they can also turn a huge headache into a great opportunity to become the digital trust providers of their clients, deepening of their trust relationship, increasing clients’ convenience, offering of additional services, and improving their PR in a time of global crisis.

For more details on how our proposed alternative, please refer to this recent long post, which explores how our Trustless Computing Certification Body initiative relates to the recent calls by western countries for mandated backdoors while strengthening encryptions, and to the new US administration under Joe Biden, and how it can be enacted within existing laws, and in the benefit of all key players involved.