Internet launches fightback against state snoopers

By Robert Cookson, Digital Media Correspondent

Key architects of the internet have started to fight back against US and UK 
snooping programmes by drawing up an ambitious plan to defend traffic over the 
world wide web against mass surveillance.

The Internet Engineering Task Force, a body that develops internet standards, 
has proposed a system in which all communication between websites and browsers 
would be shielded by encryption.

In practical terms that would be akin to extending the sort of secure 
communications that banks and retailers like Amazon use to protect their 
customers across the world wide web.

While the plan is at an early stage, it has the potential to transform a large 
part of the internet and make it more difficult for governments, companies and 
criminals to eavesdrop on people as they browse the web. At present, only a 
fraction of all websites – typically those that handle financial information – 
encrypt data when communicating with web browsers.

“There has been a complete change in how people perceive the world” since 
whistleblower Edward Snowden disclosed the extent of US surveillance programmes 
earlier this summer, said Mike Belshe, a software engineer and IETF member who 
helped develop Google web browser Chrome.

“Not having encryption on the web today is a matter of life and death,” he said.

The IETF push for greater use of encryption comes alongside calls from top 
internet and privacy groups for fundamental reforms of the laws governing the 
web. In a letter to the FT published this weekend, top groups including web 
founder Tim Berners Lee’s World Wide Web Foundation call for a “reform of the 
status quo” online.

“Online privacy is being eroded at a breakneck speed by blanket surveillance, 
and unless steps to reform are taken immediately, the notion of free and secure 
online communications will be relegated to the annals of history,” they write. 
“Blanket government surveillance by default, with laws enforced in secret, will 
always be unacceptable.”

The IETF, which operates through the “rough consensus” of its members, has been 
instrumental in shaping the technical infrastructure of the web since it was 
founded in 1986.

While the body cannot force the adoption of its standards, it is highly 
influential and its membership includes employees of the world’s biggest 
internet companies including Google, Microsoft and Apple.

But at its conference in Berlin this month, IETF members reached “nearly 
unanimous consensus” on the need to build encryption into the heart of the web, 
said Mark Nottingham, a developer who chairs the IETF working group on HTTP, a 
data access protocol that underpins the web. “There are a lot of people who 
want this to happen,” he said.

Mr Nottingham cautioned that it was “very early days” and said the proposal 
would need to undergo extensive discussion within the broad web community 
before it could be implemented. Exactly how the plan would work has yet to be 

But at present the idea is to mandate the use of Transport Layer Security 
(TLS), a cryptographic protocol, in the next version of HTTP, which is planned 
for 2014.

It would then be up to companies behind web browsers and web servers to put the 
new standards into practice.

Google and Twitter are among several big companies that have long called for 
more encryption of web traffic. Chrome, Google’s popular web browser, already 
allows people to encrypt their activity when browsing any of the company’s 

However, security experts said that while TLS encryption would make 
surveillance more difficult, it was far from foolproof.

“If you’re looking for a silver bullet to make people’s personal traffic 
impossible to break, this won’t be it,” said Sam Curry, chief technologist at 
RSA, a computer security company.

Hackers, especially those with substantial computing power, would find ways to 
crack the encryption or get around it by exploiting other vulnerabilities in 
the network, he said.

Nonetheless, he added: “Anything that improves trust in the digital world is a 
noble aim.”

Copyright The Financial Times Limited 2013. 
Just because i'm near the punchbowl doesn't mean I'm also drinking from it.

Infowarrior mailing list

Reply via email to