Founded in Geneva, Switzerland, in 1998, OISTE was created with the objectives of promoting the use and adoption of international standards to secure electronic transactions, expand the use of digital certification and ensure the interoperability of certification authorities’ e-transaction systems. Since its inception, the choice of Switzerland, a neutral country to house the foundation was a central strategic decision.
The X.509 norm
Since its creation and under the aegis of the International Telecommunication Union (ITU), the OISTE Foundation adopted the X.509 standard which provides the foundation with the use of a cryptographic root of trust or Public Key Infrastructure (PKI), OISTE’s core asset. Under the X.509 norm, OISTE acts as a certification authority (CA) and is on top of a hierarchical certification chain created with its own cryptographic root of trust.
OISTE and WISeKey
In January 1999, a short time after the launch of OISTE, Carlos Moreira incorporated the society WISeKey in Geneva with the purpose of providing identification and authentication services using OISTE’s cryptographic root. Under a contractual agreement, OISTE delegated on WISeKey SA the operation of the systems and infrastructure supporting the Trust Model. In compliance with the X.509 and other international standards, such as the RFC3647 developed by the Internet Engineering Task Force (IETF), OISTE produced a Certifications Practice Statement (CPS), which set up the legal conditions of the OISTE Global Trust Model. The latest version of OISTE’s CPS dates from the 25th of February 2019 and can be consulted in full @ https://oiste.org/wp-content/uploads/OGTM-OISTE-Foundation-CPS.v3.0.pdf. WISekey possesses its own subordinated CPS. The society WEBTRUST audits and certifies OISTE and other PKI providers as a means to ensure consumer confidence in the application of PKI technology. A few more technicalities derivate from the above, which are explained in detailed in OISTE’s repository: https://oiste.org/repository/
The OISTE Foundation upholds a Policy Approval Authority (PAA) that drafts, approves and revises the policies to which WISeKey is bound to comply with under its operator contract. The PAA is composed of members of the community to which OISTE provides its Certification Authority Services, resulting in a virtuous cycle for trust management.
After the ITU launched the initiative Electronic Commerce for Developing Countries (EC-DC) in 1998; OISTE, in association with WISeKey and the World Trade Centre were among the first partners to sign a partnership agreement. Considerable financial contributions followed towards infrastructure, services and training for developing and least developed countries expanding the scope of the initiative from e-commerce to e-government, e-procurement, e-health, e-learning and e-payments using Public Key Infrastructure (PKI), operated from OISTE’s cryptographic root.
In the scope of two years, more than 220 organisations including telecom operators, ministries, chambers of commerce, Internet Service Providers, trade associations, NGOs and financial institutions benefited from the first electronic certification authority (CA) for developing and least developed countries.
ITU and the World Internet Secure Key (WISeKey SA) organized a training workshop in Geneva from 27 to 29 November 2000 with the support of a number of companies from the world of information and communication technologies (ICT), known as the Secure Electronic Commerce Partnership Conference or WISeWorld 2000. WISeWorld 2000 was the result of more than seven months of preparation. Some 500 participants from 120 countries and 11 international organisations attended the event. More than 50 leading industry experts in e-transaction security, trust technologies, risk management, e-financial services, software and hardware technology providers demonstrated leading-edge e-business solutions.
OISTE and the World Summit on the Information Society (WSIS)
OISTE fully embraces the Geneva and Tunis Declaration of Principles (B5 / Art 35) which states:
“Strengthening the trust framework, including information security and network security, authentication, privacy and consumer protection, is a prerequisite for the development of the Information Society and for building confidence among users of ICTs”.
OISTE’s contribution at the WSIS 2003
In 2003, OISTE advocated for the transfer of the control and management of technologies related to domain name systems and digital identity management to neutral authorities working on the public interest as a means to solving the problem of the shortage of DNS and setting up a universal, neutral and inter-operable root certification authority for digital identity.
OISTE’s contribution to the WSIS 2005
In 2005, OISTE underlined the challenge to which all States are confronted: holding a right to their citizens’ identity in the digital world. The difficulty lies in the fact that whilst the State fulfils a role of identity management in the physical world, in cyberspace nobody holds the same level of authority. As a result, digital identity management becomes an ad-hoc matter, with many, often improvised solutions, none of them more authoritative than the others. In the Internet, the citizen mutates into the end user: e-mail addresses, usernames and passwords replace national identity.
In 2005 the OISTE Foundation insisted on the importance of setting up the basis for certified digital identities using Public Key Infrastructures (PKI), building and respecting international standards, under the coordination of a Policy Approval Authority (PAA), using a primary root key that guarantees universal technical and legal interoperability.
OISTE’s contribution to the WSIS Forum 2012
The International Secure Electronic Transactions Organization, OISTE, convened a workshop during the WSIS Forum 2012 entitled “Matching the speed of the running code: public awareness and digital identity management”. During this meeting, OISTE published a Position Paper proposing the following:
Strengthening the trust framework
The OISTE foundation recognizes the importance of showing improvements in Agenda Action Line C5, Building confidence and security in the use of ICTs and Action Line C7, the development of ICT applications to e-government, e-health, e-education, e-business, e-agriculture; but wishes to emphasize that this will not be possible unless all stakeholders succeed in introducing secure, interoperable and user-centric methods of digital identity management.
Furthermore, the OISTE Foundation reminds all stakeholders that finding workable solutions to digital identity management is a precondition for establishing a global culture of cybersecurity.
In this sense, the OISTE Foundation stresses the importance of:
- Addressing the hard issues linked to the use of cryptography and Public Key Infrastructures (PKI), which constitute the foundation for providing robust and authoritative digital identities, i.e the lack of interoperability; the automatic recognition by the web browser and the barriers linked to local law;
- Considering the convenience of establishing an International Clearing House that will deal with the problems listed above, upon which all stakeholders will confer the authority to create a secure Identity Ecosystem. The main function of this International Clearing House is promoting collaboration between the private and the public sector;
- Agreeing on the need of a binding international legal framework for the protection of privacy, personal identifiable information and personal data;
- Prioritizing the adoption of improved methods of digital identity management for effective child protection over the Internet;
- Encouraging the development of low assurance solutions to digital identity management and educating the public about when and where these solutions are appropriate.
OISTE contribution to the WSIS Forum 2017 in association with the World Trade Point Federation
Electronic commerce has the potential to become a driving force of economic development and job creation in least developed and developing countries if a number of conditions are met. One of them is overcoming the trust deficit that is becoming a prevailing force in the online world. Internet users have become wary of revealing critical personal identifiable information, having their identity stolen or being the victims of scam plots where they ignore whom they are dealing with.
Furthermore, Internet users are feeling increasingly unsure of the way their personal data is used by tech giants that have the capacity to harvest and exploit people’s information.
Besides, in the absence of an international legal framework to encourage the development of e-commerce in developing nations, the digital divide acts as a political barrier that buttresses protectionist instincts. Least developed nations do not possess the communications infrastructure that is necessary to enable their citizens to participate in electronic commerce.
Similarly, a number of unresolved legal issues concerning electronic trade act as an entrance barrier both for companies and governments alike: tax law, jurisdictions, data flows and the impact of technological innovation.
Taking stock of the above,
- The International Secure Electronic Transactions Organisation (OISTE) and the World Trade Point Federation (WTPF) agree that enough weight has to be given to the needs of developing countries on the outcomes of international electronic trade negotiations;
- The OISTE Foundation and the WTPF agree that bridging the gap of the digital divide comes as a priority on the WSIS agenda: more funding has to be provided to least developed countries to allow them to improve their communications infrastructure;
- The OISTE Foundation and the WTPF underline the strategic importance of building a secure ecosystem where buyers and sellers exchange information and make transactions following protocols that create and enforce trust;
- The OISTE Foundation and the WTPF emphasize the need to show progress in international law standards concerning digital identity management and electronic signatures;
- The OISTE Foundation and the WTPF agree that showing progress on secure international payments systems, customs procedures and the reliability of logistics is also a manner to pave the way to the entrance of less developed countries into Global Value Chains;
- OISTE and the WTPF encourage the creation of Trade Points in all major cities of developing countries, enabling them to set up a secure communications infrastructure, such as the new generation Electronic Trade Opportunities (ETO), incorporated into World Trade Points:
- OISTE and the WTPF, conscious of the rapid pace imposed by the advance of the digital economy, support the efforts to educate policy makers on the complexities of digital policies and Internet governance.
- Building electronic trade platforms touches upon the role of governments and all stakeholders in the promotion of ICTs. The main barrier to e-commerce is the digital gap.
- Agreed protocols of digital identity management across borders would have a positive impact on electronic commerce. The role of governments is crucial in participating in international negotiations related to digital identity management.
- Building confidence and security in the use of ICTs is paramount in electronic commerce. Technologies that create trust are at the base of electronic trade platforms: encryption needs to be legally framed in such a way that innovation and privacy are not curtailed.
Campaign, “The right to disappear on the Internet”
In 2013 the OISTE Foundation launched the campaign: “The right to disappear on the Internet” Lately the European General Data Protection Regulation enshrined legal principles to erase personal data from the Internet.
Side-event at the World Economic Forum, 2014
In association with the International Organisation for Knowledge Economy and the GINI project on digital identity financed by the European Union, the OISTE Foundation, organised a side-event at the WEF in January 2014. The organisers signed and proposed a “High-Level Declaration Addressing Identity Management, Privacy, Security and Trust in Digital Communications”.
OISTE and the International Principles on the Application of Human Rights to Communications Surveillance
The OISTE Foundation signed The International Principles on the Application of Human Rights to Communications Surveillance right after they were launched at the 24th session of the UN Human Rights Council in Geneva in 2013.
Initiatives taken by the organisation in support of the Millennium Development Goals
The OISTE Foundation contributed in different ways towards Goal 8 of the Millennium Development Goals (progress assessed in 2015 – now replaced by the Sustainable Development Goals SDGs): develop a global partnership for development and in particular to target 8F, “In cooperation with the private sector, make available benefits of new technologies, especially information and communications”
- GVID (Globally Verifiable Digital Identity for Migrants), with different multilateral organizations (World Bank, INTERPOL) and the Association for International Mobility
- Globally Verifiable Seafarers’ Identity Document and Services Platform, together with the Association for International Mobility (AIM) and INTERPOL
- January 2014, roundtable at the Davos World Economic Forum co-organised with the Fraunhofer Institute for Open Communication Systems (FOKUS) and the International Organization for Knowledge Economy and Enterprise Development (IKED): “Addressing Identity Management, Privacy, Security and Trust in Digital Communication”
- January 2015, roundtable at the Davos World Economic Forum co-organised with the Fraunhofer Institute for Open Communication Systems (FOKUS) and the International Organization for Knowledge Economy and Enterprise Development (IKED): “Searching new business models for digital identity management: empowering the end-user”. Access the content at https://www.youtube.com/watch?v=Xt3csSymGyg
- Assessing the role of cryptography in protecting privacy and ensuring trust in modern communications, ongoing conversation with government missions, UN bodies and international NGOs in Geneva
1ST March 2019, Side Event at the Human Rights Council
Privacy is a fundamental human right recognised as such under international law. It is also a universal right, one which should be enjoyed everywhere by everybody. However, privacy is not an absolute right and under certain circumstance may be limited, but only where limitation is necessary, proportionate and in accordance with the law.
The panel dwelt on critical issues underlined by the Special Rapporteur: “more than a third of United Nations Member States have no privacy laws at all while most of the other 125 states have laws which cover some of the contexts where privacy may be threatened but not all. Some important threats to privacy especially those arising on the context of national security, intelligence and surveillance are inadequately regulated in most countries of the world” (A/HRC/37/62)
This comes at a moment when the general public starts to realise the reach of “Surveillance Capitalism” in our daily lives. As pointed out by the Harvard professor Shoshana Zuboff. The raw material is our personal data, our digital identity that is not yet completely protected by the law, although the European General Data Protection Regulation (GDPR) marks a milestone on balancing the fundamental right to privacy with economic priorities concerning the free flow of personal data considered as a “resource”.