Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Will the usually obscure Internet Engineering Task Force – that open-to-anyone group of engineers who design and keep the ‘net functioning – step up and fight back against mass surveillance? That possibility is now in the air, following a talk in Vancouver today by cryptographer Bruce Schneier (see “Bruce Schneier: NSA Spying is Making us Less Safe”). He laid partial responsibility of the National Security Agency’s mass surveillance on the IETF’s doorstep.

“Fundamentally, surveillance is a business model of the Internet. The NSA didn’t wake up and say: ‘Let’s just spy on everybody, it said: ‘Wow, corporations are spying on everybody, let’s get ourselves a copy,’ ” he said, referring to the cloud computing providers and others who warehouse data. The NSA found the Internet quite easy to tap in various places; as a result, “The NSA has turned the Internet into a giant surveillance platform” that is robust both politically, legally, and technologically, he added.

Those were fighting words to IETF members like Stephen Farrell, a computer scientist at Trinity College Dublin. He said in a talk after Schneier’s that it was time for the IETF to take action, describing the NSA’s actions–detailed in leaks from former contractor Edward Snowden–as “a new scale of attack.” He said the right response was to “make it significantly more expensive for a bad actor. There are things we can and should do.” One approach, Farrell said, was to organize a team of developers to make an open-source hardware and software crytopgraphy engine platform that could be used to add security to various places on the network.

The basic problem is that at its core, the existing ‘net is merely a bigger and fancier version of the original one that assumed everyone was honest and trustworthy (all of the early users were researchers in government and academic labs). But amid growing security concerns, computer scientists prototyped various new designs–ones aimed at things like authenticating users, adding more privacy and security, and making the ‘net more mobile-ready (see “The Internet is Broken”). These projects have never been implemented across the ‘net, though.  

The good news is that encryption in various parts of the existing network can go a long way to thwarting NSA surveillance and other eavesdropping (see “NSA Leak Leaves Crypto Math Intact but Highlights Known Workarounds”) simply by making it that much harder to spy, and thus forcing the NSA or other eavesdroppers to conduct targeted surveillance, rather than scooping everyone’s data. “We have made surveillance too cheap, and we need to make it more expensive,” Schneier added. “We’ve ended up with a public-private surveillance alliance.”

One simple step, for example, is for Web companies to routinely use SSL, an encrypted communications protocol between people’s computers and company servers. Schneier asserted yesterday that the NSA got ten times as much information from Yahoo users than it did from Google users, and that this was because “Google uses SSL by default.”

5 comments. Share your thoughts »

Tagged: Communications, Web, Mobile, Bruce Schneier

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me