 So, our next speaker is Reinhardt Mutz. I want to say welcome to all of you. And in my short lecture, I will show the basics of WPIA, which spells to World Privacy and Identity Association. So, my name is Reinhardt Mutz. I worked in the IT since 1985, and I've been elected as president of WPIA at the first general meeting. I want to give a short overview of what we need a legal framework to operate a trusted service provider successfully. And I will show you the reasons why we do it, and I will show you the way we will do it. When we started, and you know this, it's some kind of good practice. You start with a kind of brainstorming, and what you do is just number all the issues you have to deal with. And I'll give just a few examples of what we have to consider. For example, finance, finance will include the management of membership fees, donations, payments, and of course, tax. Because the tax office always wants to get its part of the money, and you have to organize it very well. You can organize it if you have not a community, but an association. An association is represented by a management board, and this management board acts on behalf of the association. The same thing is in regards to contract management. If you see what you have to do, how many contracts you have to sign, then you see you need a data center to operate something. You need contracts to manage the relations between your trusted service provider and your customers, and you need contracts, for example, for insurances. Next item is human resources. Without a personal staff who is doing the things, there is no progress. So you have to organize it in a way that it will manage your targets. Go to infrastructure. You know the tasks you have. You will run a website, for example. You will run some software so that you can communicate in the teams. You will do and write software and manage it, and so on. See the item risk management. Risk management is a hard job to do because you have to write down any possibility which may crash you down. And the next is you must write it really in a clear form, in a clear way to see and then to have an overview about this. And then when you see risks which may happen, then go and try to minimize it. At least you need a documentation of all business processes and all actions in the meanings of keeping an archive and keeping it up to date. And these issues are not all. There are many, many more issues you have to consider. And please keep this in mind. As a trusted service provider, you are working in a market. The market of PKI is complex and the environment is a little bit more complex. So if you see the PKI description, which is made by Internet Enduring Taskforce, called RFC 5280, there are laid out and written in details the requirements how PKI will work. The browsers like, for example, Mozilla, Microsoft Edge, maybe Google Chrome, or whatsoever will follow this RFC 5280. And sometimes it happens, and that is what we will see, that they have different views about the same thing which happens. And that will lead, for example, to the fact that their trust source are filled with the names of CA companies, but they are not identical. Everyone who wants to surf the Internet in the way of, let's say, trust and builds up a trust source has its own view, whom he will trust. In 2005, the CA, the part of the CL market and the B, which stands for the browsers, organized a forum. A forum is nothing else as a discussion forum and what they try is to unify the views and the interpretations of RFC 5280. This part is well-known to many, many people in the community, but there is a new player coming which is not yet really recognized in the community. And this new player is that project in the EU called AIDAS, and AIDAS has a target which is described best as the internal market and the EU will be unified and this will be done latest in 2020. So there are only a few years left. What they do in regards to certificate authorities is that they created a new level of trusted CA's which they call a QTSB. QTSB is not only a trusted service provider, it's a qualified trusted service provider. And the hope is that they can make much more money than before. You may see this attempt of installation QTSB's like, for example, building a digital wall around the Schengen space so that they keep Europe as a single market and others say and will tell you it will help the world to communicate better and more safe and so on. That's the one side of the world of PKI's. The other side is that the same document, the RFC 5280 distinguishes between internet and internal. Internal means that you use the PKI system in your own networks and these networks have no connection to the internet. So the rules are not strong. The rules may be not obeyed and the reason why you do it is very simple. You can keep your internal network intern. This is used by almost all national governments in the world. The biggest internal PKI is run in the US administration. In Europe it's run by the government of the German Republic and you will see the internals if you visit the website of BSI where you can see the complete structure of the internal PKI of the German administration. There is another player in the market that is TeleTrust. TeleTrust is a non-profit association and the members are big business. When they started, the members were for example the company Siemens, Telecom and so on. And what they do is they run a project called EBCAA that's the European Bridge CA. This project is run to make the internal PKI's to the partners and participates of this model known and integrated into their browsers. They run an LDAP server and if you know the exact email address of one of the employees, you can write and use an e-mail signed and encrypted and you do not need to come in touch before. You just ask that LDAP server and that will serve you the appropriate certificate. So the question is what parts will WPIA serve? And the answer is simple, both sides. We want to operate in the market as a trusted service provider and will deploy certificates for free. And our software is open to all. It will be under an open license for your private convenience. You may download it and use it. A solution in this area must be based on trust. Privacy is a right and privacy and that's written by the UN. Privacy is not a commodity that can be sold. Its utility in various cultural and social settings can differ but privacy is a human right. And that was written in the UN World Public Sector Report in the year 2023. Last week we saw in Brussels an event from data protection officers and security interests and so on. And this guy, Mr. Karbonner, wrote a tweet. I catch it by some coincidence. And what he wrote is you cannot monetize fundamental right to make it subject to commercial transaction. And that was written in the year 2017. 14 years ago the UN World Public Sector Report said the difficult is that the protection of privacy is not high on the global or even national political agendas yet. And that yet is still hope. So as I said, a solution must be based on trust. The next item is a very important item is identity. And the Australian administration wrote a strategy paper and they said, the citizens must have confidence that their data will be received by the addresses fast and reliably. An open and free internet, the protection of personal data as well as the integrity of interconnected networks are the basis for global prosperity, security and the promotion of human rights. So what we can see is human rights is always mentioned and human rights cannot be divided. They cannot be sold or made subject to a market. Human rights should be accepted to its full extent. If you need privacy, if you accept identity, confidentiality and ignore the rest, then you don't accept human rights because it's undividable and cherry picking not allowed. See, if you see the environment and remember my words, then the next is very simple, how to manage this solution. You all know when we are in Brussels, the center of former Gallia, an old magazine called Caesar's Muxim was and if you work as project manager or manager of a company or something, you know that principle divide and conquer. What we have to obey is we have to organize users and customers. They will have roles as members, as fellows, as customers, maybe as employees. On the other side, we want to operate a service which delivers or deploys certificates and this will be done for free and this will take part in the market and based on all is our association, which is a charitable non-profit association and our members we are looking for now is make propaganda, tell the world what we are doing, tell it to your people, tell it to your neighbor and getting friends. The solution in more detail is shown on this page so World Private Identity and Association is a charitable non-profit association, will be owner of brands, logos, software and companies, is open for all human entities and by this required the acceptance of the universal declaration of human rights to its full extent. Members will pay a membership fee because you need some money to make propaganda, pay flyers and there are many costs and every individual may get certificates for free. Solution part two is to set up an operating center. A setup and create a certificate authority that's an incorporated company of our association, will be owner of brands and logos, operating all tasks which a data center must provide and running on behalf of WPIA only. Solution part three is a very, very old form of organization, it's a cooperative. This cooperative is open for associations and entities and requirement is the acceptance of the universal declaration of human rights as before. Members will pay yearly membership fee and that fee is used to pay all costs of the operating CA. The important thing in this is that you always remember we do not pay certificates. We pay and we organize an environment to get the costs and that's all we do. The rest depends on the participants. So the next is some milestones. As I said today, we are looking for new members. I welcome everyone of you to share and join our association. The incorporation of the CA is in the face, let us call this init, the same is in the incorporation of the cooperative. When we will have our software tested and the CA is set up, we will go live and going live is meaning that we will start with an audit from the very first day. We will never deploy to the public certificates for the purpose of testing or trying something like this. No, we are finished with this book and we'll start with an audit. The audit will lead about one year and after we passed it successfully and with flying colors then we apply for membership in the CAB forum. This membership is required to get the inclusion status of all browsers and they cannot deny it if you are in the same organization as they are now. So I think I have to say thanks. You've been a grateful audience and I would say visit our website and join the World Privacy and Identity Association today if possible. Thank you. Hi. I just have a few points of sort of clarification and a question. So it is not true that if you join the CA browser forum all of the browser members have to let you into their root stores. That is not true but it is also not required to be a member in order to apply for root store admission. So you can apply whenever you like and you can become a member of the CA browser forum at a later point. The membership requirements for the forum are that you are in at least one root store. So in fact it's the other way around. You have to get in a root store before you can become a full member. So the question. How would you compare two questions then? How would you compare your service to existing things like let's encrypt and CA cert? And secondly how do you going to solve the problem of ubiquity? That is to say making sure that everyone trusts your certificates as quickly as possible in order that anyone would want to use them. The first question is easily answered. Let's encrypt does not a reliable work. Sorry. They do not a reliable work. The certificates are generated by a machine used for another machine and what they are doing is not accountable in the meanings of legal... Yeah, of legal. You may read and I give you the wives to do so. The UN. The Committee for International Trade Laws has published two big documents and both are about the commercial market and the use of digital certificates. And they say that certificates generated from a machine to use to secure the communication between two machines are not reliable. So it's out of scope. If you want to have a reliable certificate the one part must be a human. A human on the side of the CA and a human on the side of the interest party which wants to see or wants to have a certificate. That's about...let's encrypt. And the other one, my question to you is are you a member of Mozzarella or Firefox or something like? Yeah. Yes? Take your words and I promise you that I will, when we start with the audit I will give you a contract that we will be integrated in Mozzarella's Firefox and then we will talk about it. Okay, and then we will see and check who does the right things. So I'm afraid that that's all the time we have for questions. Thank you very much.