WHEN EDWARD SNOWDEN made it known to the
world that pretty much all traffic on the Internet was
collected and searched by the U.S. National Security
Agency (NSA), the U.K. Government Communications
Headquarters (GCHQ), and various other countries’
secret services as well, the IT and networking
communities were furious and felt betrayed.
A wave of activism followed to get traffic encrypted
so as to make it impossible for NSA to indiscriminately
snoop on the entire world population. When all you
have is a hammer, all problems look like nails, and
the available hammer was the SSL/TLS encryption
protocol, so the battle cry was “SSL/TLS/HTTPS
everywhere.” A lot of nails have been hit with that!
After an animated plenary session in Vancouver, the Internet Engineering Task Force (IETF) published
“Best Current Practice 188” (https://
declared that pervasive monitoring
is a technical attack that should be
mitigated in the design of IETF protocols where possible. Now, with this
manifesto in hand, SSL/TLS and encryption are being hammered into
and bolted onto protocols and standards throughout the IETF working
Or maybe not.
˲Kazakhstan recently announced
that a “state root certificate” would
have to be installed on all computers
Article development led by
Retaining electronic privacy
requires more political engagement.
BY POUL-HENNING KAMP