One of the few regrets of Vint Cerf, who is often referred to as the ‘father of the Internet’, is the fact that encryption using public cryptography was not baked in the original ARPANET design. While the early Internet was meant to meet a number of requirements such as resilience and openness, encryption was not one of them. Some of this was because of the high cost associated with encryption, and some if it was for other reasons. This explains why encryption was only introduced at later stages when CPU and memory resources were more affordable.
And, after the revelations in recent years of surveillance, hacking, eavesdropping and leaking information, the need to have strong end-to-end encryption cannot be overstated. The rise of the Internet of Things has made those threats even more salient.
ISOC believes in a safer Internet that everyone trusts. If we don’t trust the Internet, we’re risking one of the world’s greatest tools for communication, economic growth, and endless positive opportunities we haven’t even thought of yet.
In an effort to make Internet access safer, ISOC is promoting good encryption practices on the infrastructure level through programs such as the Deploy360 program and through campaigns encouraging websites to turn on HTTPS by default and have DNSSEC compliance.
The proper use of encryption is critical to building that trust.
Knowing The Subtle Differences
Encrypted traffic going from one device to another generally passes through one or more intermediaries. If a message gets encrypted before leaving the device, Internet service provider and other gateways between the device and the platform would not be able to read it.
But some services are known to provide encryption that’s not end-to-end. This is because the data is decrypted on the intermediary servers before being encrypted again and sent to the target device. Some services assign the same private key for the sender and receiver. This is called ‘symmetric’ encryption, which is not a safe way of encrypting your data since it is possible that something, or someone, could read your stuff before it ends up at its destination.
Where You Can Find End-to-End
The good news is various software vendors are increasingly adopting end-to-end encryption. But It is tricky to know for sure which of those vendors are truly offering end-to-end encryption and which ones are not. The Guardian Project listed a number of mobile apps that have implemented end-to-end encryption. Or, if users are a bit more tech savvy, they could do the encryption themselves instead of relying on the vendor’s software. This is often done for email communication through Pretty Good Privacy (PGP) encryption, which is used by many cyber activists and techies. For instant messaging, Off-the-Record Messaging (OTR) is also widely used.
Any encryption is of little meaning if it is not strong enough to sustain brute attacks, which are becoming stronger because of faster processors and cheaper memory. To minimize risk from such attacks, private keys, as well as passcodes, should be sufficiently complex and long.
It’s Up To All Of Us
A safer Internet we trust is going to take all of us. Boosting the strength of encryption Internet users are using is key to preserve their online privacy.
Sometimes using encryption may very well be the difference between life and death for whistleblowers, activists and journalists who use the Internet to send confidential and sensitive information. In many countries under repressive regimes, protecting the confidentiality of data is critical for survival.
The Bottom Line
The bottom line is that Internet access with strong end-to-end encryption is critical in today’s world where cyber threats of all kinds are on the rise. The more of us who start to use encryption, the more trustworthy the Internet becomes since communication channels become safer.
Although we will not be able to turn back time to embed encryption in the original design of the Internet, we can continue working to make it a priority moving forward.
Join us at the Internet Society and let’s work for a safer Internet we can all trust.