Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

David Talbot

A View from David Talbot

Time for Internet Engineers to Fight Back Against the “Surveillance Internet”

Amid torrent of revelations that the NSA finds mass surveillance easy, the IETF ponders how to harden the Internet.

  • November 6, 2013

Will the usually obscure Internet Engineering Task Force – that open-to-anyone group of engineers who design and keep the ‘net functioning – step up and fight back against mass surveillance? That possibility is now in the air, following a talk in Vancouver today by cryptographer Bruce Schneier (see “Bruce Schneier: NSA Spying is Making us Less Safe”). He laid partial responsibility of the National Security Agency’s mass surveillance on the IETF’s doorstep.

“Fundamentally, surveillance is a business model of the Internet. The NSA didn’t wake up and say: ‘Let’s just spy on everybody, it said: ‘Wow, corporations are spying on everybody, let’s get ourselves a copy,’ ” he said, referring to the cloud computing providers and others who warehouse data. The NSA found the Internet quite easy to tap in various places; as a result, “The NSA has turned the Internet into a giant surveillance platform” that is robust both politically, legally, and technologically, he added.

Those were fighting words to IETF members like Stephen Farrell, a computer scientist at Trinity College Dublin. He said in a talk after Schneier’s that it was time for the IETF to take action, describing the NSA’s actions–detailed in leaks from former contractor Edward Snowden–as “a new scale of attack.” He said the right response was to “make it significantly more expensive for a bad actor. There are things we can and should do.” One approach, Farrell said, was to organize a team of developers to make an open-source hardware and software crytopgraphy engine platform that could be used to add security to various places on the network.

The basic problem is that at its core, the existing ‘net is merely a bigger and fancier version of the original one that assumed everyone was honest and trustworthy (all of the early users were researchers in government and academic labs). But amid growing security concerns, computer scientists prototyped various new designs–ones aimed at things like authenticating users, adding more privacy and security, and making the ‘net more mobile-ready (see “The Internet is Broken”). These projects have never been implemented across the ‘net, though.  

The good news is that encryption in various parts of the existing network can go a long way to thwarting NSA surveillance and other eavesdropping (see “NSA Leak Leaves Crypto Math Intact but Highlights Known Workarounds”) simply by making it that much harder to spy, and thus forcing the NSA or other eavesdroppers to conduct targeted surveillance, rather than scooping everyone’s data. “We have made surveillance too cheap, and we need to make it more expensive,” Schneier added. “We’ve ended up with a public-private surveillance alliance.”

One simple step, for example, is for Web companies to routinely use SSL, an encrypted communications protocol between people’s computers and company servers. Schneier asserted yesterday that the NSA got ten times as much information from Yahoo users than it did from Google users, and that this was because “Google uses SSL by default.”

Be the leader your company needs. Implement ethical AI.
Join us at EmTech Digital 2019.

Register now
More from Connectivity

What it means to be constantly connected with each other and vast sources of information.

Want more award-winning journalism? Subscribe to Insider Plus.
  • Insider Plus {! insider.prices.plus !}*

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    Print + Digital Magazine (6 bi-monthly issues)

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

    Technology Review PDF magazine archive, including articles, images, and covers dating back to 1899

    10% Discount to MIT Technology Review events and MIT Press

    Ad-free website experience

/3
You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.