The Damaged Credibility of Internet Security

NIST. Image from wikipedia

On Nov. 6, 2013,  the Internet Engineering Task Force (IETF), an organisation which brings together the scientists, technicians and programmers who built the internet in the first place and whose behind-the-scenes efforts keep it running, debated what to do about all this. A strong streak of West Coast libertarianism still runs through the IETF, and the tone was mostly hostile to the idea of omnipresent surveillance. Some of its members were involved in creating the parts of the internet that spooks are now exploiting. “I think we should treat this as an attack,” said Stephen Farrell, a computer scientist from Trinity College, Dublin, in his presentation to the delegates. Discussion then moved on to what should be done to thwart it….

Even America’s government is getting in on the act. The credibility of its National Institute of Standards and Technology, which sets American cryptographic standards with the help of the NSA, has been dented by Mr Snowden’s revelations. On November 1st it announced it would review the way it carries out its work, in an effort to rebuild trust. The unspoken implication was that it would try harder to stop spooks attempting to slip “unreliable” technology past its vetting procedures.Other security experts are re-examining existing products. Dr Green and his colleague Kenn White are leading a forensic audit of Truecrypt, a popular program that enciphers a user’s hard disks but which displays some odd-looking behaviour and has rather murky origins (it is open-source, but its designers are anonymous, and are thought to live in eastern Europe).

Fixing cryptography is only part of the problem. Intelligence agencies can also tap data cables, allowing them to capture unscrambled information being sent between a user and a server, regardless of whether it is later encrypted.  Mr Snowden’s leaks seem to have boosted the market for better ways of dealing with this behaviour, too. Mike Janke, a former commando who now runs Silent Circle, a firm that offers “end-to-end” encryption software (meaning all messages are transmitted pre-scrambled), counts everything from corporations worried about industrial espionage to the Dalai Lama among his customers. He says that “business is up about 400% since the summer of Snowden”. In the wake of Mr Snowden’s revelations, his firm shut down its e-mail service and is preparing a new one that will transmit all messages pre-scrambled, meaning that only the recipient, not even the company itself, will be able to decode them…

On October 30th the Washington Post reported that America’s spies have bugged private, unencrypted fibre-optic cables which carry bits and bytes between the data centres in the worldwide networks of Google and Yahoo, without the companies’ knowledge. Google, which, of course, must be able to read its customers’ e-mail in order to inflict advertisements on them, nevertheless relies on people trusting it to guard their data, observes Dr Green.  “There’s a lot of anger out there,” says Christopher Soghoian, principal technologist at the American Civil Liberties Union, a lobbying group. “I’ve seen two blog posts by Google engineers in the last three days that contained the words ‘fuck you, NSA’.”

Excerpts, Internet security: Besieged, Economist, Nov. 9, 2013 at 83

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s