Encryption is key for a trusted Internet Thumbnail
Building Trust 30 March 2017

Encryption is key for a trusted Internet

By Walid Al-SaqafMember, Internet Society Board of Trustees

One of the few regrets of Vint Cerf, who is often referred to as the ‘father of the Internet’, is the fact that encryption using public cryptography was not baked in the original ARPANET design. While the early Internet was meant to meet a number of requirements such as resilience and openness, encryption was not one of them. Some of this was because of the high cost associated with encryption, and some if it was for other reasons. This explains why encryption was only introduced at later stages when CPU and memory resources were more affordable.

And, after the revelations in recent years of surveillance, hacking, eavesdropping and leaking information, the need to have strong end-to-end encryption cannot be overstated. The rise of the Internet of Things has made those threats even more salient.

ISOC believes in a safer Internet that everyone trusts. If we don’t trust the Internet, we’re risking one of the world’s greatest tools for communication, economic growth, and endless positive opportunities we haven’t even thought of yet.

In an effort to make Internet access safer, ISOC is promoting good encryption practices on the infrastructure level through programs such as the Deploy360 program and through campaigns encouraging websites to turn on HTTPS by default and have DNSSEC compliance.

The proper use of encryption is critical to building that trust.

Knowing The Subtle Differences

Encrypted traffic going from one device to another generally passes through one or more intermediaries. If a message gets encrypted before leaving the device, Internet service provider and other gateways between the device and the platform would not be able to read it.

But some services are known to provide encryption that’s not end-to-end. This is because the data is decrypted on the intermediary servers before being encrypted again and sent to the target device. Some services assign the same private key for the sender and receiver. This is called ‘symmetric’ encryption, which is not a safe way of encrypting your data since it is possible that something, or someone, could read your stuff before it ends up at its destination.

Where You Can Find End-to-End

The good news is various software vendors are increasingly adopting end-to-end encryption. But It is tricky to know for sure which of those vendors are truly offering end-to-end encryption and which ones are not. The Guardian Project listed a number of mobile apps that have implemented end-to-end encryption. Or, if users are a bit more tech savvy, they could do the encryption themselves instead of relying on the vendor’s software. This is often done for email communication through Pretty Good Privacy (PGP) encryption, which is used by many cyber activists and techies. For instant messaging, Off-the-Record Messaging (OTR) is also widely used.

Any encryption is of little meaning if it is not strong enough to sustain brute attacks, which are becoming stronger because of faster processors and cheaper memory. To minimize risk from such attacks, private keys, as well as passcodes, should be sufficiently complex and long.

It’s Up To All Of Us

A safer Internet we trust is going to take all of us. Boosting the strength of encryption Internet users are using is key to preserve their online privacy.

Sometimes using encryption may very well be the difference between life and death for whistleblowers, activists and journalists who use the Internet to send confidential and sensitive information. In many countries under repressive regimes, protecting the confidentiality of data is critical for survival.

The Bottom Line

The bottom line is that Internet access with strong end-to-end encryption is critical in today’s world where cyber threats of all kinds are on the rise. The more of us who start to use encryption, the more trustworthy the Internet becomes since communication channels become safer.

Although we will not be able to turn back time to embed encryption in the original design of the Internet, we can continue working to make it a priority moving forward.

Join us at the Internet Society and let’s work for a safer Internet we can all trust.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Building Trust 21 February 2020

NDSS 2020: The Best in Security Research – For the Good of the Internet

On 23 February, the 27th consecutive Network and Distributed System Security Symposium (NDSS) kicks off in San Diego, CA....

Building Trust 11 February 2020

Every Day Should Be Safer Internet Day

Safer Internet Day is an opportunity for people and organizations around the world to join forces in a series...

Building Trust 28 January 2020

This Data Privacy Day It’s the Little Things That Count

Today we’re celebrating Data Privacy Day, which is all about empowering people and organizations to respect privacy, safeguard data,...