UVST is mainly aimed at an end-to-end service with centralized key management, called UVST Core Version, but it can be provided also as a UVST P2P version, without any central storage of encryption keys and logs in the CivicRoom, as well as a UVST Server-Side version, whereas the service only includes will include only the CivicRoom, CivicLab, CivicProvider and the CivicAuthority.
The same CivicProvider and CivicLab can offer P2P version or Core version concurrently, and P2P and Core user will be able to communicate seamlessly.
- UVST Hybrid Managed Version: End-to-end deployments will all include CivicPod devices, whereas the Desktop docking station, the CivicDongle/Box and the CivicPhone are optional depending on different commercial deployment scenarios. P2P and Core versions users can be provisioned by the same CivicProvider and communicate among themselves at the same levels of security. In fact, UVST is mainly conceived for large-scale deployment scenarios, whereas the CivicProvider falls under intercept legislation through warrant and logs maintenance, applicable to telecom operators, or it may fall as a result of future legislation. Communication metadata therefore, although routed thorough onion routing techniques, is sent from CivicPods the CivicRoom to be encrypted and stored together with the time-based encryption keys used to encrypt text and voice content of the communications.
- UVST P2P Managed and Unmanaged Versions: A UVST P2P Version of the UVST service will concurrently be developed to: (a) enable smaller entities, to offer a non-commercial P2P UVST service to its members/staff in usage scenarios that are exempt (for example Italy) from such requirements in which CivicPod/Phone keys are only stored in the user device and not in the CivicRoom and no user-activity logs are maintained; (b) support “scorched hearth” scenarios (see page 14) as an ultimate protection against forceful unconstitutional or unlawful physical access attempts to the CivicRoom.
- UVST server-side version: Non-client side UVST solution components are intended for exploitation as core technical and security architecture for solutions for specific markets and use cases with highest-end server-side privacy and security requirements of private and public organizations, including highest-security state security agencies, such as ultra-private server-side/cloud/CED/Paas/IaaS solutions. Only includes the CivicRoom, CivicLab, CivicProvider and the CivicAuthority.
Contract Types, Client Types and Business Development
Intellectual properties, competencies and partnerships generated by the publicly co-financed UVST R&D project(s) will be exploited economically by the proposal and project partners, and especially by the UVST Consortium or Member (see Partner section), in different commercial deployment scenarios for different markets.
Contract Types. Types of commercial offering for prospective clients and/or commercialization partners:
- Direct service offering
- White-label standard or custom deployments
- Co-marketing partners for the same.
Business Development Approach and Phases. Actual clients and co-marketing partners may be constituted by both current or prospective partners of the UVST project or UVST R&D grant proposals, as well as other parties that are approached – during R&D proposal finalization and the R&D phase – to sign initial agreements with the UVST Consortium or Member for:
- Interest in the outcomes of the R&D project, as prospective client and/or partner;
- MOUs in regards to commitments (nonbinding or binding) for alpha testing, beta testing and/or initial limited demo/trial real-world deployments (paid or free); or even
- Binding agreements for commercial custom-deployments, which include a down payment
Deployments by Sector
- Banks. Enable them to offer (white-label) to premium individuals and organizational clients an ultra-secure replacement to the typical token, ultra-private mobile and desktop communications, and ultra-private and secure e-banking.
- Large private and public Organizations. Offer direct or white-label ultra-private mobile and desktop communications for all or top employees.
- Broadcasters and Mobile Operators.Offer through the CivicDongle, a uniquely ergonomic and comfortable user experience, to access: free to air digital TV; the full mobile Web; the UVST ultra-private communication environment; preferential access to their or their partners’ paid or ad-supported video and interactive content; very innovative privacy-respecting yet highly targeted advertising.
- Municipalities. Enable them to offer (white-label) to citizens ultra-private mobile and desktop communications as well as access to dedicated for e-democracy, e-participation and e-government;
- State Security Agencies. Beyond state of the art end-to-end solutions to protect high-level state officials communications, as well as very advanced server-side-only UVST solutions to protect server-side state and other critical IT infrastructure, that may cause severe arm to the population if compromised.
- Member-supported non-profit Organizations. Offer direct or white-label ultra-private mobile and desktop communications for all or top employees.
CivicDongles and offerings to Member-supported non-profit organizations will be “at marginal cost” of provisioning, in order to increase public support for project and promote large deployment of CivicDongles.
A white-label solution for banks or banks associations (such as ABI or equivalent Brazilian) whereas they offer their current and prospective high-worth individuals and organizational clients a solution that offers all of the following: (A) premium replacement for the typical time-synchronized authentication token, through a dedicated one-time password app in the CivicPod, offering a much stronger authentication and security than the one provided by the token, especially after the scandal involving world leading token manufacturers1 (B) ultra-privacy protection to mobile and desktop Web financial transactions; (C) ultra-secure basic text, voice communications to other CivicPods and Web navigation.
- UVST version: Core (and/ or P2P)
- UVST Mode: white-label
- All UVST components are included, except the CivicDongle/Box, which is extra.
- Features in addition to Basic Features:
- A client-side and server-side random-number generation application is added to replace one-time password tokens.
- A server-side highly-secured stripped-down Web application offering access through CivicPod to ultra-private and ultra-secure e-banking services is added to standard CivicLab and CivicRoom standard setups. The CivicLab may be located in street-facing bank-own premises, possibly next to existing bank agency (or bank association offices).
- UVST is (or may be) made compatible with current national certified email and digital signature.
B2B Premium for highly privacy-sensitive Organizations
Direct offer to consumers by UVST partners, for the first 9-18 months, would be limited to beta testers, selected top security experts, high-profile figures, opinion leaders and the such, in order to allow large white-label Banking or Broadcaster/Telco clients to gain the limelight of first deployment and relative publicity effect.
It is offered as a direct end-to-end service, or as a white-label solution, to members or top employees of large organizations, especially high-worth, high-power or privacy/security-sensitive individuals within such organizations. The UVST user space can be fully controlled by the client organization, instead of the user.
Organization types most interested would be: large financial organizations, large companies and transnational corporations, news organizations, international or national civil rights organization, political organizations and public organizations in democratic states.
For most of those organizations, the privacy of their data and communications is their primary security concern, as authentication and security are a lesser issue and/or mostly satisfied by current technologies and incident mitigation procedures.
With trends like BYOD (Bring-your-own-device) and BYOC (bring-your-own-cloud service, as in Dropbox and the likes), it is crucial to enable workers to easily access both their commercial computing devices (Mac/Windows PC, Apple/Android smartphone) as well as access secure environments, such as cryptophones or dualOS (dual persona or hybridOS) devices attempt to do.
- UVST version: Core
- UVST Mode: direct offer or white-label
- All UVST components are included, except the following which are optional: CivicDongle/Box.
In a global market where all personal and business communications, and all entertainment, rapidly converge into a few leading mobile Internet platforms, which in turn are gradually overtaking broadcasters as gatekeepers of the TV – and when NSA surveillance disclosures have enormously raised the bar for the security and privacy of communication of citizens and businesses – UVST for Broadcasters/Telco – through an end-to-end client-server architecture including a portable end-user device (CivicPod) interfaceable with commercial smartphones and an HDMI TV-dongle (CivicDongle) – will complement the user’s PC and Smartphone, with an unprecedented ultra-secure communication environment, as well as an on-TV entertainment solution with unique UX and choice of content which complements and/or competes with satellite/terrestrial payTV service or emerging IP mobile2TV services like ChromeCast, Apple AirPlay/AppleTV and smart TVs.
It would provide the user: (A) uniquely immersive, comfortable and effective mobile, desktop and TV interaction and user experience; (B) beyond-state-of-the-art privacy, security and authentication; (C) a very wide choice of global content unrestrained access to all and any mobile Web content, and a wider choice of Italian content expected due to the control of the platform by national content right holders and aggregators; (D) uniquely extensive and privacy-respecting user-profiling for ads, both automated and user-driven, and immersive living room entertainment applications, that are made uniquely acceptable to consumers by unprecedented and guaranteed levels of user privacy, and by pseudonymity-based profiling.
The CivicDongle platform and its governance would be controlled and marketed by partnering local content rights holders, broadcasters and/or mobile operators, in addition to its users, and marketed/developed in partnership with the CivicDongle device manufacturer and/or the open Web OS maker (Firefox). Therefore, local TV broadcasters/rights-holders and major local video content rights owners would have a strong vested interest to join as content and minority governance partners of the CivicDongle platform as it enables them to: (A) compete, with a platform they substantially control, versus the emerging dominant of US and Korean mobile/TV ecosystems (Google, Apple, Samsung, etc), both for privacy/security and for entertainment services, as well as (B) increase (for broadcasters) substantially their negotiating power in respect to the quality of the presence of their contents and apps on such players’ platforms.
UVST for Broadcasters/Telco will create a mobile and mobile-to-TV meta-platform fully interacts with and functionally extends leading mainstream mobile platforms (Android, iOS), and aims to integrate and fully side with one or more open and open-Web-based mobile platforms (FirefoxOS and/or Ubuntu Phone, possibly Android), to provide users with the following key competitive advantages respect to market leaders: (A) uniquely immersive, comfortable and effective mobile, desktop and TV interaction and user experience; (B) beyond-state-of-the-art privacy, security and authentication; (C) a very wide choice of global content unrestrained access to all and any mobile Web content, and a wider choice of Italian content expected due to the control of the platform by Italian consumers and content right holders; (D) uniquely extensive and privacy-respecting user-profiling for ads, both automated and user-driven, and immersive living room entertainment applications, that are made uniquely acceptable to consumers by unprecedented and guaranteed levels of user privacy, and by pseudonymity-based profiling.
In the case of deployments that include a local public Broadcasters, content and services may include on-TV ultra-private and ultra-secure educational, e-government, e-participation and e-democracy services, which would be streamed directly from the CivicPod to a dedicate secure decryption chip on the CivicDongle.
An ecosystem of content, meta-content, content partner, community, tools and may be developed for content that take advantage the 3 unique capabilities of such platform: full mobile HTML5 Web appa and content on TV; on-TV ultra-secure communications apps and services; content, apps and services that take advantage of Kinect-like functionalities of the CivicPod when docked on the TV frame. Such content may be> linear and interactive; mainly entertainment, infotainment and edu-tainment, cross-media and transmedia, video-intensive, designed for the highest levels of involvement, stickiness or immersivity, and primarily for live performance or interactive use in real time. Typical areas of application will be: live cross-media and transmedia TV-centric shows, programs and channels, Web TV content and channels, corporate events, theatrical performances and artistic live streaming and / or interactive. In combination with the CivicDongle/Box, the CivicPod can be used by TV-show audience members, either on-stage or to at-home randomly-selected samples, to enable advanced live performance formats that include audience participation, through dedicated apps, that are immersive and UVST-secure.
- UVST version: Core
- UVST Mode: direct offer by USVT Consortium or Member through co-marketing agreement or as white-label for large broadcasters, Broadcasters association, in partnership with one or more mobile operators
- All is included, except CivicKeyboard/Mouse and Desktop docking stations which would be optional
Legislative constrains for B2C and B2B deployments
The availability of UVST both a Hybrid version with a (user-verifiable) encryption key escrow as well as in P2P solution, enables the UVST service provider to find ways to commercially provide UVST-based offerings – initially in niche markets and, subsequently for wide deployment – by balancing and often merging competing objectives: (A) unique privacy levels per market sector; (B) ability of the judiciary and state security agencies to pursue national and international crime; (C) respect current laws, as well as be future-proof for Italian laws that may be (rightfully) triggered by wide user adoption of UVST solutions.
Background on relevant Italian (and in part EU) Surveillance Legislation
Italy’s surveillance laws, to a large extent resemble other large EU states, and may be summarized as follows: 1. Commercial Internet/voice service providers are required to enable interception and access to logs of given user after court order; 2. The sale – as well as personal and organizational use or self-provisioning (for members or employees) – of highest-security cryptophone and VPN infrastructure, without any encryption key held in escrow by third party, is legal; 3. A January 2013 Executive Government decree enables Italy’s DIS to request and obtain “logs data” for needs of national cybersecurity (not previously verified by a judge) by telco/Internet service providers that have signed special conventions (Many have signed, including Telecom Italia and Poste).
Offering as a Device or as a Managed communication service
Therefore, in addition to the B2B white label and custom deployment scenarios, the UVST Consortium may offer UVST directly or through partners to consumers in 2 main modalities:
- As a device and/or unmanaged infrastructure offering, NOT subject to Italian lawful-intercept legislations (and/or DIS convention):
- Offered to high-worth individuals and organizations – private, public and state security (military) – typically current or potential customers of cryptophone or VPN
- For protection against business competitor, social acquaintance, political adversary, foreign state surveillance and/or other criminal with other mostly economic motives, through their exploitation of:
- Vulnerabilities accidentally or willfully inserted in any of the actual hardware, software and process involved in the fruition of the communication device, as well as
- (FULLY) Any vulnerabilities of the Italian legal intercept systems, both technological (due to use of non verifiable and/or verified systems) as well as procedural vulnerabilities from insider or external abuse (private and public)
- The CivicPod is sold by UVST Consortium or Member, or a controlled company – or partially or fully through a deployment partner – as a working P2P product offering, with products that are much more verifiably secure and private, cheap, profitable and user-friendly than the competition.
- UVST service provided by a no-profit CivicProvider. The CivicPod would be sold as a pure P2P solution but – in order to receive upgrade and patches necessary for long-term effective use – CivicPod users would need to become members of a no-profit CivicProvider which constitutes itself as a member-based organization offering UVST service, among other services unrelated to UVST. The service would be provisioned “at cost”, under the oversight of the CivicAuthority (see p.14), by a CivicProvider, that will manage the dedicated lab, CivicLab, and server room, CivicRoom, which provide all services to the users. Although not required by law – order to prevent abuse by criminals and prevent legislations outlawing such service as the services get widely adopted – such CivicProvider will also provide voluntarily a centralized geo-located server room (CivicRoom) where a judge or other state security agencies can request, under the oversight of a users’ citizens jury, for access a specific user’s data based on court order for intercept. (See p.12)
- As a managed voice/Internet service offering, subject to Italian lawful-intercept legislations (and/or DIS convention(s)), offered:
- Offered to consumers that are ordinarily-conscious to moderately-conscious in regards to their privacy and security
- For protection against business competitor, social acquaintance, political adversary, foreign state surveillance and/or other criminal with other mostly economic motives, through their exploitation of:
- Vulnerabilities accidentally or willfully inserted in any of the actual hardware, software and process involved in the fruition of the UVST end-user device, or server-side components.
- (PARTIALLY) Any vulnerabilities of Italian legal intercept systems, both technological (due to use of non verifiable and/or verified systems) as well as procedural vulnerabilities from insider or external abuse (private and public)
- CivicPod and UVST service are (both) provided by UVST Consortium or Member, its subsidiary and/or a partner. The CivicAuthority would of course remain an independent no-profit organization (see p.14). Although not required by law – in order to prevent abuse by criminals and prevent legislations outlawing such service as the services get widely adopted – POSTE, as CivicProvider, will also provide voluntarily a centralized geo-located server room (CivicRoom) in addition to current required procedures and technologies for legal intercept, which will provide an added layer of user-verifiable security – under the oversight of a users’ citizens jury – to the way intercept processes are actually performed by the people and technologies involved process. (See p.12)
- UVST version: Core, P2P and Server-side-only
- UVST Mode: standard and custom white-label
In partnership with Fondazione Ugo Bordoni – a core partner and the co-promoter of UVST from the start, and controlled by the main research arm of the Italian Ministry of Economic Development Communications Department (which has a crucial role in high-security state communications) – and with the Center for Cyber Intelligence and Information Security of La Sapienza, we have started initial dialogue and analysis aimed at building technologies that may be fit for possible deployments by (Italian or other) state security agencies and other critical public organizations in one or both of the following scenarios:
- For their internal communications. UVST can be deployed to substantially increase the protection of individuals within one public organizations from external threats, as well as internal threats by individuals or groups within the same organization or other public institutions and agencies. Given the extensive use in the security and military sectors of technologies that are not fully open to review and extensively independently tested, UVST could very well compete to replace highest security infrastructure currently used by the Office of the Prime Minister of Italian as well as the Italian Ministries Council, and its international equivalents (such as EU states and Brazil).
- For existing and/or future data mining programs operated by public security agencies. Deployment of UVST could be applied (or even mandated by law) to provide fully–automatic generation of leads to possible criminal activity, through free/open-source big-data semantic and sentiment analysis software and configuration settings, that constantly analyzes in fully-transparent user-verifiable way in a CivicRoom, and a especially fully and exclusively automated way, data streams to which they are given lawful automated access.
Such software would send fully-automated suspicion flags, including an excerpt of basic data about the communication and the people involved, when a certain threshold of suspicious elements and connections emerge. Such fully-automated suspicion flags, in accordance to local current and/or future legislation, may be used by the security agency in support of a warrant request to a judge. The user-verifiability of the fact that such flags are created exclusively through democratically-approved and transparent parameters, rather than changing discretional factors or manual choice, would produce a win-win situation in which suspicious communication patterns can be identified, while completely preserving the privacy of innocent citizens which are not under reasonable suspicions. Some of such search may happen through homomorphic cryptography. “Encrypted Search” may be deployed which allows for arbitrary queries on a encrypted data set so that after “discovering” that something matches a certain criteria set, state agencies could request access to the very specific data.
Such functionality would allow for the full capability of analyzing all communications for suspicious activity without the huge risk of abuse and arbitrariness of a manual, or also manual process, as well explained by Prof. Lawrence Lessig. It would concurrently radically promote both privacy AND security, by fulfilling concurrently: (A) the very legitimate need (and proposals) of security agencies to have access to all endpoints, when supported by warrant; (B) the great utility for security agencies to apply the latest big data analysis techniques to help identify suspected criminal activity, and (C) protect the constitutional rights of citizens and businesses to privacy and security of communications unless a judge determines there is probable cause that justifies interception or log access.
Such use would substantially increase the actual capacity of state security agencies to fulfill their mandates, proving to a large extent that privacy and security are not a zero-sum-game. On the contrary, there are combined technical and legislative solution whereas one can strongly enhance the other.
Given the huge public opinion backlash due to the US surveillance scandal, and the consequent “privacy pressure” on US and all national governments, a law mandating law could be drafted as a way in accord among civil liberties associations, security agencies, and elected officials.
Provided UVST research project fully delivers on its aims and promise, we could see it possible, and surely advisable, that new legislation may be drafted (in Italy, in the US) that provides strong incentives and (progressively stronger) disincentives that all Internet communication end-points (devices and server rooms) be UVST certified (or similar).
Deployment as experimental “highest-assurance certified email”
In partnership with Fondazione Ugo Bordoni – a core partner and the co-promoter of UVST, the main research arm of the Italian Ministry of Economic Development Communications Department (which has a crucial role in high-security state communications) – we’ll be exploring initial agreements to explore the possibility that UVST may be used as the basis for experimentations by the Italian Ministry of Economic Development to verify the definition of mandatory standards end-to-end technology standards for a new “high-security certified email” and “high-security digital signature” for specific high-security public organizations user scenarios.
In fact, one of the partners we are intensely negotiating with, SERPRO, is the Brazilian state IT agency that was delegated by the President of Brazil Rousseff to develop a “foreign espionage-proof” email system which she has famously committed to develop for the Brazilian public institutions and then for all citizens. Three of our key partner are Brazilian entities (Kryptus, USP CITI center, LSI-TEC) that are also key partners of SERPRO and other Brazilian agencies in such kind of projects, and will be participating with us to a EU Horizon 2020 EU/Brazil Cooperation Call to develop UVST as a project aimed also at setting or facilitating new international standards. USP CITI Center especially is in fact currently leading the Brazilian group of partners to a EU-Brazil 7FP Grant R&D project, including the German makers of the current HbbTv standard, to create an interoperable EU-Brazil interactive TV standard compatible with Italian MHP and TivuOn standards.