David Talbot

A View from David Talbot

Time for Internet Engineers to Fight Back Against the “Surveillance Internet”

Amid torrent of revelations that the NSA finds mass surveillance easy, the IETF ponders how to harden the Internet.

  • November 6, 2013

Will the usually obscure Internet Engineering Task Force – that open-to-anyone group of engineers who design and keep the ‘net functioning – step up and fight back against mass surveillance? That possibility is now in the air, following a talk in Vancouver today by cryptographer Bruce Schneier (see “Bruce Schneier: NSA Spying is Making us Less Safe”). He laid partial responsibility of the National Security Agency’s mass surveillance on the IETF’s doorstep.

“Fundamentally, surveillance is a business model of the Internet. The NSA didn’t wake up and say: ‘Let’s just spy on everybody, it said: ‘Wow, corporations are spying on everybody, let’s get ourselves a copy,’ ” he said, referring to the cloud computing providers and others who warehouse data. The NSA found the Internet quite easy to tap in various places; as a result, “The NSA has turned the Internet into a giant surveillance platform” that is robust both politically, legally, and technologically, he added.

Those were fighting words to IETF members like Stephen Farrell, a computer scientist at Trinity College Dublin. He said in a talk after Schneier’s that it was time for the IETF to take action, describing the NSA’s actions–detailed in leaks from former contractor Edward Snowden–as “a new scale of attack.” He said the right response was to “make it significantly more expensive for a bad actor. There are things we can and should do.” One approach, Farrell said, was to organize a team of developers to make an open-source hardware and software crytopgraphy engine platform that could be used to add security to various places on the network.

The basic problem is that at its core, the existing ‘net is merely a bigger and fancier version of the original one that assumed everyone was honest and trustworthy (all of the early users were researchers in government and academic labs). But amid growing security concerns, computer scientists prototyped various new designs–ones aimed at things like authenticating users, adding more privacy and security, and making the ‘net more mobile-ready (see “The Internet is Broken”). These projects have never been implemented across the ‘net, though.  

The good news is that encryption in various parts of the existing network can go a long way to thwarting NSA surveillance and other eavesdropping (see “NSA Leak Leaves Crypto Math Intact but Highlights Known Workarounds”) simply by making it that much harder to spy, and thus forcing the NSA or other eavesdroppers to conduct targeted surveillance, rather than scooping everyone’s data. “We have made surveillance too cheap, and we need to make it more expensive,” Schneier added. “We’ve ended up with a public-private surveillance alliance.”

One simple step, for example, is for Web companies to routinely use SSL, an encrypted communications protocol between people’s computers and company servers. Schneier asserted yesterday that the NSA got ten times as much information from Yahoo users than it did from Google users, and that this was because “Google uses SSL by default.”

Tech Obsessive?
Become an Insider to get the story behind the story — and before anyone else.
Subscribe today

Uh oh–you've read all five of your free articles for this month.

Insider Premium

$179.95/yr US PRICE

More from Connectivity

What it means to be constantly connected with each other and vast sources of information.

Want more award-winning journalism? Subscribe and become an Insider.

  • Insider Premium {! insider.prices.premium !}*

    {! insider.display.menuOptionsLabel !}

    Our award winning magazine, unlimited access to our story archive, special discounts to MIT Technology Review Events, and exclusive content.

    See details+

    What's Included

    Bimonthly home delivery and unlimited 24/7 access to MIT Technology Review’s website.

    The Download. Our daily newsletter of what's important in technology and innovation.

    Access to the Magazine archive. Over 24,000 articles going back to 1899 at your fingertips.

    Special Discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

    First Look. Exclusive early access to stories.

    Insider Conversations. Join in and ask questions as our editors talk to innovators from around the world.

  • Insider Plus {! insider.prices.plus !}* Best Value

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus ad-free web experience, select discounts to partner offerings and MIT Technology Review events

    See details+

    What's Included

    Bimonthly home delivery and unlimited 24/7 access to MIT Technology Review’s website.

    The Download. Our daily newsletter of what's important in technology and innovation.

    Access to the Magazine archive. Over 24,000 articles going back to 1899 at your fingertips.

    Special Discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning magazine and daily delivery of The Download, our newsletter of what’s important in technology and innovation.

    See details+

    What's Included

    Bimonthly home delivery and unlimited 24/7 access to MIT Technology Review’s website.

    The Download. Our daily newsletter of what's important in technology and innovation.

You've read of free articles this month.