Internet launches fightback against state snoopers

Hugo Böse · August 24th, 2013

From the FT

Key architects of the internet have started to fight back against US and UK snooping programmes by drawing up an ambitious plan to defend traffic over the world wide web against mass surveillance.

The Internet Engineering Task Force, a body that develops internet standards, has proposed a system in which all communication between websites and browsers would be shielded by encryption.

In practical terms that would be akin to extending the sort of secure communications that banks and retailers like Amazon use to protect their customers across the world wide web.

While the plan is at an early stage, it has the potential to transform a large part of the internet and make it more difficult for governments, companies and criminals to eavesdrop on people as they browse the web. At present, only a fraction of all websites – typically those that handle financial information – encrypt data when communicating with web browsers.

“There has been a complete change in how people perceive the world” since whistleblower Edward Snowden disclosed the extent of US surveillance programmes earlier this summer, said Mike Belshe, a software engineer and IETF member who helped develop Google web browser Chrome.
“Not having encryption on the web today is a matter of life and death,” he said.

The IETF push for greater use of encryption comes alongside calls from top internet and privacy groups for fundamental reforms of the laws governing the web. In a letter to the FT published this weekend, top groups including web founder Tim Berners Lee’s World Wide Web Foundation call for a “reform of the status quo” online.

“Online privacy is being eroded at a breakneck speed by blanket surveillance, and unless steps to reform are taken immediately, the notion of free and secure online communications will be relegated to the annals of history,” they write. “Blanket government surveillance by default, with laws enforced in secret, will always be unacceptable.”

The IETF, which operates through the “rough consensus” of its members, has been instrumental in shaping the technical infrastructure of the web since it was founded in 1986.

While the body cannot force the adoption of its standards, it is highly influential and its membership includes employees of the world’s biggest internet companies including Google, Microsoft and Apple.
But at its conference in Berlin this month, IETF members reached “nearly unanimous consensus” on the need to build encryption into the heart of the web, said Mark Nottingham, a developer who chairs the IETF working group on HTTP, a data access protocol that underpins the web. “There are a lot of people who want this to happen,” he said.

Mr Nottingham cautioned that it was “very early days” and said the proposal would need to undergo extensive discussion within the broad web community before it could be implemented. Exactly how the plan would work has yet to be decided.

But at present the idea is to mandate the use of Transport Layer Security (TLS), a cryptographic protocol, in the next version of HTTP, which is planned for 2014.

It would then be up to companies behind web browsers and web servers to put the new standards into practice.
Google and Twitter are among several big companies that have long called for more encryption of web traffic. Chrome, Google’s popular web browser, already allows people to encrypt their activity when browsing any of the company’s websites.

However, security experts said that while TLS encryption would make surveillance more difficult, it was far from foolproof.

“If you’re looking for a silver bullet to make people’s personal traffic impossible to break, this won’t be it,” said Sam Curry, chief technologist at RSA, a computer security company.
Hackers, especially those with substantial computing power, would find ways to crack the encryption or get around it by exploiting other vulnerabilities in the network, he said.

Nonetheless, he added: “Anything that improves trust in the digital world is a noble aim.”

http://www.ft.com/intl/cms/s/0/ab28f...#axzz2csXO4ZZM

WayneOfTheNorth · August 24th, 2013

German government offices and corporations have been warned not to use Windows 8 because they put NSA backdoors in it.

http://www.theregister.co.uk/2013/08...any_windows_8/

Quote:

Microsoft's new touchy Windows 8 operating system is so vulnerable to prying hackers that Germany's businesses and government should not use it, the country's authorities have warned in a series of leaked documents.

According to files published in German weekly Die Zeit, the Euro nation's officials fear Germans' data is not secure thanks to the OS's Trusted Computing technology – a set of specifications and protocols that relies on every computer having a unique cryptographic key built into the hardware that's used to dictate what software can be run.

Authorities at Germany's Federal Office for Information Security (BSI) later clarified that it was the Trusted Computing specs in Windows 8 in conjunction with the Trusted Platform Module (TPM) chip embedded in the hardware that creates the alleged security issue. BSI released a statement that backtracked slightly, insisting that using Windows 8 in combination with a TPM may make a system safer, but noting that it is investigating "some critical aspects related to specific scenarios in which Windows 8 is operated in combination with a hardware that has a TPM 2.0".

Edward Teach · August 24th, 2013

http://www.motherjones.com/politics/...rivacy-nsa-isp

They call it "mesh potatoes".

Set up parallel networks using wifi, bypassing big biz altogether.

We should ALL start doing this.

Matt Ferguson · August 24th, 2013

There have been government backdoors built into Windows since at least XP and probably before that, it's not just Windows 8. I've heard speculation on Apple but that seems less certain although I doubt that they have just ignored Macs.

Does using encryption even matter when they install equipment directly into ISP server rooms? Maybe and maybe not. This is assuming that they can't crack encryption and also aren't behind creating many of the commonly used encryption programs.

Besides everyone posting here is already tagged, bagged and flagged so even if you dropped off the net entirely from this point on it woudn't matter.

August 24th, 2013	#1
Hugo Böse Jeunesse Dorée Join Date: Jan 2004 Location: Four Seasons Jalalabad Posts: 9,749	Internet launches fightback against state snoopers From the FT Key architects of the internet have started to fight back against US and UK snooping programmes by drawing up an ambitious plan to defend traffic over the world wide web against mass surveillance. The Internet Engineering Task Force, a body that develops internet standards, has proposed a system in which all communication between websites and browsers would be shielded by encryption. In practical terms that would be akin to extending the sort of secure communications that banks and retailers like Amazon use to protect their customers across the world wide web. While the plan is at an early stage, it has the potential to transform a large part of the internet and make it more difficult for governments, companies and criminals to eavesdrop on people as they browse the web. At present, only a fraction of all websites – typically those that handle financial information – encrypt data when communicating with web browsers. “There has been a complete change in how people perceive the world” since whistleblower Edward Snowden disclosed the extent of US surveillance programmes earlier this summer, said Mike Belshe, a software engineer and IETF member who helped develop Google web browser Chrome. “Not having encryption on the web today is a matter of life and death,” he said. The IETF push for greater use of encryption comes alongside calls from top internet and privacy groups for fundamental reforms of the laws governing the web. In a letter to the FT published this weekend, top groups including web founder Tim Berners Lee’s World Wide Web Foundation call for a “reform of the status quo” online. “Online privacy is being eroded at a breakneck speed by blanket surveillance, and unless steps to reform are taken immediately, the notion of free and secure online communications will be relegated to the annals of history,” they write. “Blanket government surveillance by default, with laws enforced in secret, will always be unacceptable.” The IETF, which operates through the “rough consensus” of its members, has been instrumental in shaping the technical infrastructure of the web since it was founded in 1986. While the body cannot force the adoption of its standards, it is highly influential and its membership includes employees of the world’s biggest internet companies including Google, Microsoft and Apple. But at its conference in Berlin this month, IETF members reached “nearly unanimous consensus” on the need to build encryption into the heart of the web, said Mark Nottingham, a developer who chairs the IETF working group on HTTP, a data access protocol that underpins the web. “There are a lot of people who want this to happen,” he said. Mr Nottingham cautioned that it was “very early days” and said the proposal would need to undergo extensive discussion within the broad web community before it could be implemented. Exactly how the plan would work has yet to be decided. But at present the idea is to mandate the use of Transport Layer Security (TLS), a cryptographic protocol, in the next version of HTTP, which is planned for 2014. It would then be up to companies behind web browsers and web servers to put the new standards into practice. Google and Twitter are among several big companies that have long called for more encryption of web traffic. Chrome, Google’s popular web browser, already allows people to encrypt their activity when browsing any of the company’s websites. However, security experts said that while TLS encryption would make surveillance more difficult, it was far from foolproof. “If you’re looking for a silver bullet to make people’s personal traffic impossible to break, this won’t be it,” said Sam Curry, chief technologist at RSA, a computer security company. Hackers, especially those with substantial computing power, would find ways to crack the encryption or get around it by exploiting other vulnerabilities in the network, he said. Nonetheless, he added: “Anything that improves trust in the digital world is a noble aim.” http://www.ft.com/intl/cms/s/0/ab28f...#axzz2csXO4ZZM __________________ _______ Political correctness is an intellectual gulag.

August 24th, 2013	#3
Edward Teach Junior Member Join Date: Jan 2013 Posts: 58	New way to surf the web http://www.motherjones.com/politics/...rivacy-nsa-isp They call it "mesh potatoes". Set up parallel networks using wifi, bypassing big biz altogether. We should ALL start doing this.

Thread
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

August 24th, 2013	#4
Matt Ferguson Member Join Date: Dec 2008 Posts: 456	There have been government backdoors built into Windows since at least XP and probably before that, it's not just Windows 8. I've heard speculation on Apple but that seems less certain although I doubt that they have just ignored Macs. Does using encryption even matter when they install equipment directly into ISP server rooms? Maybe and maybe not. This is assuming that they can't crack encryption and also aren't behind creating many of the commonly used encryption programs. Besides everyone posting here is already tagged, bagged and flagged so even if you dropped off the net entirely from this point on it woudn't matter.