We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

David Talbot

A View from David Talbot

Time for Internet Engineers to Fight Back Against the “Surveillance Internet”

Amid torrent of revelations that the NSA finds mass surveillance easy, the IETF ponders how to harden the Internet.

  • November 6, 2013

Will the usually obscure Internet Engineering Task Force – that open-to-anyone group of engineers who design and keep the ‘net functioning – step up and fight back against mass surveillance? That possibility is now in the air, following a talk in Vancouver today by cryptographer Bruce Schneier (see “Bruce Schneier: NSA Spying is Making us Less Safe”). He laid partial responsibility of the National Security Agency’s mass surveillance on the IETF’s doorstep.

“Fundamentally, surveillance is a business model of the Internet. The NSA didn’t wake up and say: ‘Let’s just spy on everybody, it said: ‘Wow, corporations are spying on everybody, let’s get ourselves a copy,’ ” he said, referring to the cloud computing providers and others who warehouse data. The NSA found the Internet quite easy to tap in various places; as a result, “The NSA has turned the Internet into a giant surveillance platform” that is robust both politically, legally, and technologically, he added.

Those were fighting words to IETF members like Stephen Farrell, a computer scientist at Trinity College Dublin. He said in a talk after Schneier’s that it was time for the IETF to take action, describing the NSA’s actions–detailed in leaks from former contractor Edward Snowden–as “a new scale of attack.” He said the right response was to “make it significantly more expensive for a bad actor. There are things we can and should do.” One approach, Farrell said, was to organize a team of developers to make an open-source hardware and software crytopgraphy engine platform that could be used to add security to various places on the network.

The basic problem is that at its core, the existing ‘net is merely a bigger and fancier version of the original one that assumed everyone was honest and trustworthy (all of the early users were researchers in government and academic labs). But amid growing security concerns, computer scientists prototyped various new designs–ones aimed at things like authenticating users, adding more privacy and security, and making the ‘net more mobile-ready (see “The Internet is Broken”). These projects have never been implemented across the ‘net, though.  

The good news is that encryption in various parts of the existing network can go a long way to thwarting NSA surveillance and other eavesdropping (see “NSA Leak Leaves Crypto Math Intact but Highlights Known Workarounds”) simply by making it that much harder to spy, and thus forcing the NSA or other eavesdroppers to conduct targeted surveillance, rather than scooping everyone’s data. “We have made surveillance too cheap, and we need to make it more expensive,” Schneier added. “We’ve ended up with a public-private surveillance alliance.”

One simple step, for example, is for Web companies to routinely use SSL, an encrypted communications protocol between people’s computers and company servers. Schneier asserted yesterday that the NSA got ten times as much information from Yahoo users than it did from Google users, and that this was because “Google uses SSL by default.”

Cut off? Read unlimited articles today.

Become an Insider
Already an Insider? Log in.

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

More from Connectivity

What it means to be constantly connected with each other and vast sources of information.

Want more award-winning journalism? Subscribe to Insider Online Only.
  • Insider Online Only {! insider.prices.online !}*

    {! insider.display.menuOptionsLabel !}

    Unlimited online access including articles and video, plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.