Stung by revelations of ubiquitous surveillance and compromised software, the internet’s engineers and programmers ponder how to fight back
SECURITY guards (at least the good ones) are paid to be paranoid. Computer-security researchers are the same. Many had long suspected that governments use the internet not only to keep tabs on particular targets, but also to snoop on entire populations. But suspicions are not facts. So when newspapers began publishing documents leaked by Edward Snowden, once employed as a contractor by America’s National Security Agency (NSA), the world’s most munificently funded electronic spy agency, those researchers sat up.
They were especially incensed by leaks published in September by the Guardian and the New York Times, which suggested that American spooks (with help from their British counterparts) had been working quietly for years to subvert and undermine the cryptographic software and standards which make secure communication over the internet possible. “At that point”, says Matthew Green, a cryptographer at Johns Hopkins University, “people started to get really upset.”
On November 6th a meeting in Vancouver of the Internet Engineering Task Force (IETF), an organisation which brings together the scientists, technicians and programmers who built the internet in the first place and whose behind-the-scenes efforts keep it running, debated what to do about all this. A strong streak of West Coast libertarianism still runs through the IETF, and the tone was mostly hostile to the idea of omnipresent surveillance. Some of its members were involved in creating the parts of the internet that spooks are now exploiting. “I think we should treat this as an attack,” said Stephen Farrell, a computer scientist from Trinity College, Dublin, in his presentation to the delegates. Discussion then moved on to what should be done to thwart it.
We have the technology
As a sort of council of elders for the internet, the IETF has plenty of soft power. But it has no formal authority. Because its standards must be acceptable to users and engineers all over the world, it works through a slow process of consensus-building. New standards, guidelines and advice take months or years to produce.
Others, equally offended by the intelligence agencies’ activities, prefer not to wait, and are simply getting on with the job of trying to restore confidence in online security. As Bruce Schneier, a leading cryptographer, told the conference, it seems spies cannot actually break most cryptographic codes. Instead they try to work around them. One way is to subvert the standards and software which implement cryptography. That is possible because, besides trying to defeat the cryptographic efforts of others, the NSA also helps produce ciphers for Americans to use. Those same cryptographic standards are then employed all over the internet.
Researchers have therefore been warning users against employing anything that might have been tampered with. RSA Security, a big maker of encryption software, has advised its customers to stop using a random-number generator widely believed to have been fiddled with by the spooks to make its output predictable (random numbers are a crucial component of any cryptographic scheme, but are notoriously hard to produce on a deterministic machine such as a computer). And a group of Brazilian mathematicians has published a new set of codes for use with elliptic-curve cryptography, a novel scrambling technique that has been championed by the NSA. Anyone worried by the provenance of NSA-supplied curves is free to use these new ones instead.
Even America’s government is getting in on the act. The credibility of its National Institute of Standards and Technology, which sets American cryptographic standards with the help of the NSA, has been dented by Mr Snowden’s revelations.
Go deeper with Bing News on:
Internet security
- Millions of Americans Might Lose Internet Access Today. Here’s What You Need to Know
The Affordable Connectivity Program—a federal benefit that provides discounts on high-speed internet access to low-income Americans—ends on April 30. Here's what happens next.
- Internet divided as ex-NSA worker gets 21 years for selling classified information to 'Russian agent'
Jareh Sebastian Dalke, a 32-year-old Colorado Springs resident and an Army veteran, worked as an information systems security designer at the NSA ...
- ‘Should have been done yesterday’: Rural, older Americans could get hurt as affordable internet program runs out of cash
Cynthia George connects with her granddaughter and great-grandson on video calls. The 71-year-old retiree reads the news on her MSN homepage and googles how to fight the bugs coming from her drain in ...
- Best Multi-Gig Internet Plans of 2024
Do you have a need for speed? Check out these top broadband providers and their multi-gigabit plans if you're looking for fast connectivity at home.
- Highbanks Park to get Starlink internet and security cameras
BIG RAPIDS TOWNSHIP — The Big Rapids Township board of trustees approved a contract with Starlink for internet service at Highbanks Park to provide for the installation of security cameras during its ...
Go deeper with Google Headlines on:
Internet security
[google_news title=”” keyword=”Internet security” num_posts=”5″ blurb_length=”0″ show_thumb=”left”]
Go deeper with Bing News on:
Computer security
- Life lessons and computer training meet in Fresno program for young and old | Opinion
The effort trains residents to avoid computer scams while giving students opportunities to become mentors with life-experienced adults.
- So long as the politics of grievance is with us, Scottish independence will find supporters
But it was devolution that turbo-charged Scottish nationalism. Before May 1999, the SNP had just six MPs at Westminster; the first devolved elections gave them 35 MSPs too, each one with well-funded ...
- New UK Laws Want Apple to State for How Long iPhones Will Receive Security Updates
A new UK cybersecurity law requires smart device manufacturers to maintain minimum security standards or face huge penalties.
- Tesla wins key China security clearance during Musk visit
Tesla received a key security clearance from China during owner Elon Musk's whistlestop visit to the world's biggest electric car market, which wrapped up on Monday.
- Critics question tech-heavy lineup of new Homeland Security AI safety board
The fundamental assumption posed by the board's existence, and reflected in Biden's AI executive order from October, is that AI is an inherently risky technology and that American citizens and ...
Go deeper with Google Headlines on:
Computer security
[google_news title=”” keyword=”computer security” num_posts=”5″ blurb_length=”0″ show_thumb=”left”]