The inevitable path toward an encrypted internet
The last time that I wrote in my blog (in Spanish) about the possibility of encrypting the whole internet traffic was in mid-2008: at the time, it was just a little proposal put forward by The Pirate Bay in response to the spread of surveillance policies aimed at preventing peer to peer exchange of copyrighted material. However, The Pirate Bay didn’t really had a good track record when it came to following through with their plans, and in fact, the idea didn’t go through.
At that time, we used to think that concerns about what we wrote about online, or who we are, or which websites we have visited being monitored applied only to totalitarian regimes. Then came Wikileaks, Assange, Manning, and Snowden, and we realized what was going on: respect for human rights was a farce, and we had to assume that everything we did online was subject to spying.
The internet is decreasingly a tool for freedom, and increasingly one for mass control. Supposedly democratic governments are now requiring businesses to provide information on our activities, while at the same time illegally listening, storing and processing all the data that they can. The massive scale of the enterprise has led to the creation of vast data processing centers, and structures staffed by hundreds of thousands of people. If you are shocked to learn that China employs more than two million people to monitor the internet, add up the number of people working full time, including contractors, for similar tasks at the US government, and then divide it by the total population. You’ll be surprised.
We are now facing the need to redefine how we use the internet. An article in MIT Tech Review titled “Internet engineers plan a fully encrypted net” looks at how the Internet Engineering Task Force (IETF) is working to make encryption a standard option for all internet traffic and to update all existing protocols to versions that will be included in a transition to an HTTP 2.0 that technically could be finished by the end of 2014.
At the same time, the EFF has also launched a campaign to pressure technology suppliers to adopt end-to-end ciphering for all their services. Many of these suppliers, angry in the wake of the revelations that prove government surveillance of the connections between data centers, have begun similar initiatives. The EFF is documenting them as they are announced or completed.
Protecting online privacy through end-to-end ciphering will have many repercussions, chief among them the difficulty in combating traffic related to real crimes such as terrorism and child pornography. If the confidentiality of what we send over the internet is a right and technology there to guarantee that right, then the police should be going beyond simply intercepting online traffic and instead using more sophisticated monitoring methods, something that could have been prevented if the law had simply been respected in the first place, and a proper calculation made on the basis of consultation that balanced security needs with our right to privacy.
The second implication in all this is rooted in the same question: technology alone cannot guarantee respect for our rights. In the first place, we need to defend at all costs the right to privacy online, and that no “redefining” of that right takes place surreptitiously. Furthermore, we need to make sure that the checks and balances that have failed are guaranteed. This will require appropriate and strict separation of powers, as well as naming and shaming the governments that have betrayed our trust by spying on us, along with judicial monitoring of situations that lead to exceptions to these rules. Anybody who believes that technology alone can protect us is living in cloud cuckoo land: rights are not given, they are fought for and protected at all costs; technological developments must be matched by legal guarantees. This is going to be a long fight.
