He did say that it has to work in the absence of a central authority. It's hard for a central authority to control your device when it doesn't rely on a central authority.
Maybe we just need to re-imagine the operating-system level security model in a way that tries to tackle the security issues that we have today.