End-To-End Encryption Isn't Just About Privacy, But Security

from the legacy-of-ed-snowden? dept

Nicholas Weaver has a fantastic article over at Wired detailing how GCHQ and NSA’s “quantum injection” effort works to install malware on the computers of targets via packet injection. As he notes, this effort “turned the internet backbone into a weapon.” That’s dangerous on multiple levels. He explains that, while experts have been suggesting this for years, cleartext traffic isn’t just a privacy issue, it’s now a security issue:

If the NSA can hack Petrobras, the Russians can justify attacking Exxon/Mobil. If GCHQ can hack Belgicom to enable covert wiretaps, France can do the same to AT&T. If the Canadians target the Brazilian Ministry of Mines and Energy, the Chinese can target the U.S. Department of the Interior. We now live in a world where, if we are lucky, our attackers may be every country our traffic passes through except our own.

Which means the rest of us — and especially any company or individual whose operations are economically or politically significant — are now targets. All cleartext traffic is not just information being sent from sender to receiver, but is a possible attack vector.

The only way to protect against this is to encrypt everything:

The only self defense from all of the above is universal encryption. Universal encryption is difficult and expensive, but unfortunately necessary.

Encryption doesn’t just keep our traffic safe from eavesdroppers, it protects us from attack. DNSSEC validation protects DNS from tampering, while SSL armors both email and web traffic.

Thankfully, he’s not the only one thinking about this. As we pointed out a few weeks ago, IETF is moving forward, full-steam ahead, on looking at ways to make the internet secure by default.

That seems like a very useful consequence of all of this. While we’ve mostly been focused on what’s happening at the political and policy levels around here, the technology can make a lot of that meaningless. The simple fact is that an awful lot of security online has involved kludges pasted on later, after problems or concerns appeared. Rethinking and rebuilding a more secure (it’ll never be perfectly secure but it can be a lot more secure) internet from the ground up isn’t just good for protecting privacy and keeping away from snooping spies, but it’s just a good plan, in general, for security.

Filed Under: , , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “End-To-End Encryption Isn't Just About Privacy, But Security”

Subscribe: RSS Leave a comment
out_of_the_blue says:

Oy. What's been obvious to me for years is now seeping into noobs.

“turned the internet backbone into a weapon.” — Sheesh. You only have to understand a bit of how it’s designed — the root servers, plain text everywhere, open addresses in every browser request — to see that it has NO OTHER PURPOSE than for spying.

Just for history: in 1979, Neil Young (of Crosby Stills Nash and Young) wrote (one of his best in my opinion) “Computer Cowboy (Aka Syscrusher)” which speaks exactly of SNOOPING / HACKING the then almost unknown networks. “He rides the range at midnight [allegoric, see?] … to bring another system down, and leave his alias behind”. Security problems are SO not new.

And has this noob never heard of Google? The MAIN spying done on teh internets is BY Google and Facebook!

Oh, and mainly, this intended lack of security will become the excuse for hardware lockdown and personal identification everywhere. All as intended from the start: a panopticon system surveilled by gadgets, the utter end of personal freedom. The Internet IS the Big Brother telescreen system.

“The new Google privacy policy is: You have no privacy.”


out_of_the_blue says:

Re: Oy. What's been obvious to me for years is now seeping into noobs.

Whoops. 1982. Here for your delectation the lyrics (stolen no doubt):

Well, his cattle each have numbers
And they all eat in a line
When he turns the floodlights on each night
Of course the herd looks perfect!
Computer Cowboy.

Well, he rides the range ’til midnight
And the wild coyotes yowl
As he trots beneath the floodlights
And of course the rhythm is perfect!
Computer Cowboy.

Ride along computer cowboy
To the city just in time
To bring another system down
And leave your alias behind:

Computer syscrusher.

Computer syscrusher.

Crusher. Syscrusher.


Pragmatic says:

Re: Re: Re: Oy. What's been obvious to me for years is now seeping into noobs.

Yes indeed, the copyrighted material has been infringed and the artist deprived on remuneration by arch-hypocrite OOTB.

I presume that’s an anomaly on your part. So, shall we extradite you, Cathy? Huh? Shall we drag you from your home and treat you like a criminal for copying and pasting lyrics on a site that hosts adverts and therefore makes money from your infringement, you grifting, thieving, pirate?

Dave says:

Re: Re: Oy. What's been obvious to me for years is now seeping into noobs.

What a bitter and twisted person that OOTB must be! I have visions of a darkened room in a dingy basement in a less-then-salubrious neighbourhood occupied by a gnarled old man hunched over a yellowing keyboard desperately racking a few brain cells to try and produce aimless and completely irrelevant trolling posts to surpass previous attempts at what HE must presume to be intelligent comments. Nobody is fooled for one minute by such inane and puerile ramblings. I believe there is a diagnosis for such a person who desires to be the centre of attention and I would suggest a doctor is consulted.

ahow628 (profile) says:

Re: Intelligence of other countries should thank them

Maybe I’m misunderstanding you, but it seems like you are missing the point. The reason the Snowden revelations were so damaging isn’t because it is making spying on terrorists harder. It is so dangerous because it is going to hamper attempts to track their own citizenry.

So it really doesn’t have anything to do with the Americans or the British, per se.

Think about this: The NSA or GCHQ each have multi-billion dollar budgets. They have thousands of employees. They sweep up tons of information. They wield massive amounts of power. If you think they want to give that up, you are crazy. End-to-end encryption would wreck all of that and make 90% of NSA and GCHQ useless.

Anonymous Coward says:

Re: Re: Intelligence of other countries should thank them

” End-to-end encryption would wreck all of that and make 90% of NSA and GCHQ useless.”

Not really. Do you think terrorist groups use gmail to communicate? Yet they tap Google.

They simply invent an enemy wherever they can monitor.

Like Al Qaeda always magically popped up in any country they want to attack.


And terrorists suddenly are doing conference calls, just after the Skype tapping revelations come out.


And, ‘anonymous’ suddenly stops being a MEME used by any hacker and is redrawn by the spooks as a cyber-terrorist-army, with ‘cells’ and a control structure and geographic leaders, anonymous in Australia, anonymous in Indonesia…. etc.

If you’re always fighting phantoms, it’s easy to create any number of phantom enemies to fight.

ahow628 (profile) says:

Re: Re: Re: Intelligence of other countries should thank them

But once again, what I’m getting at, most of that goes away (aside from the Al Qaeda thing) when end-to-end encryption is put into service. The NSA and GCHQ simply won’t be able to harvest the traffic.

Not really. Do you think terrorist groups use gmail to communicate? Yet they tap Google.

I think we are agreeing here. I said in my prior comment that they point was NEVER to spy on terrorists (although that was the excuse). With end-to-end encryption, spying on Gmail or Skype or whatever is ineffective. So what is the NSA’s or GCHQ’s job at that point? Why would they be around? Maybe they can get back to their actual mission instead of spying on their own citizens.

Mr. Applegate says:

Re: Re: Re:2 Intelligence of other countries should thank them

With end-to-end encryption, spying on Gmail or Skype or whatever is ineffectiveThat really isn’t true. Especially as the world transitions to IPv6 they will be able to monitor traffic on the backbones to see who talks to who, even if it is encrypted.

Really not much different than tracking the Meta-Data from cell phones. I may not know what you said, but I know who you said it to, for how long… If you talk to the wrong people then I will attack the end point (install spyware, or more likely activate it, since it is likely built in at this point) to garner further information.

ahow628 (profile) says:

Re: Re: Re:3 Intelligence of other countries should thank them

I’m not an expert here, but I think you are mistaken. End-to-end encryption doesn’t just cover the message itself. It also covers the transmission of that message including its sender and its destination. I think this would be tied into DNSSec. For email specifically, it would involve the previously mentioned Dark Mail.


The point of end-to-end encryption is that it would be end-to-end and not leave any dangling metadata. Perhaps there would be some ability to track the amount of data transmitted, but that would be obfuscated by sending extra data, using compression, sending messages split into chunks, or using stenography.

Mr. Applegate says:

Re: Re: Re:4 Intelligence of other countries should thank them

I am an expert. Even encrypted data has meta data. The packets will reveal for example Packet size, Source, Destination, Source Port, Destination Port (which can reveal type of traffic, such as Web, Email…)

Don’t get me wrong, encryption makes the NSA et al job harder, but it is still possible. They would have to change to a multi layer approach, and would concentrate even harder into forcing back doors into encryption protocols. Many people believe they already have backdoors into some protocols, and they may well have the private keys issued by many cert sites.

John Fenderson (profile) says:

Re: Re: Re:4 Intelligence of other countries should thank them

He’s not mistaken at all. Just to get the data from one machine to another over the internet requires information about where the data packet is coming from, where it is going, timestamps, and other miscellaneous things. This data cannot be hidden or the transmission won’t succeed. There’s really no way around this.

What you can do is use thing like an onion router (like Tor) to obfuscate the transmission path. It’s not perfect, but helps a lot. If you’re only worried about specific services, you can use proxy chains (for web browsing) or anonymous remailer chains (for email) to get a similar effect.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...