IETF Discussing Ways to Protect Internet Against Pervasive Surveillance

The IETF is considering a range of options to help reengineer some of the fundamental protocols that underpin the Internet in response to revelations that the NSA and other intelligence agencies are conducting widespread, dragnet-style surveillance online.

The group, which is responsible for developing the standards that govern much of the technical workings of the Internet, has been looking at all of the information revealed by the documents leaked by former NSA contractor Edward Snowden with dismay and officials said that they’re already at work on some changes that could help make the Internet more resistant to pervasive surveillance. The IETF is not putting out a huge amount of detail on the changes, but said that regardless of the modifications, they won’t matter if the devices people use or the people they communicate with aren’t trustworthy.

“Operational practices, laws, and other similar factors also matter. First of all, existing IETF security technologies, if used more widely, can definitely help.  But technical issues outside the IETF’s control, for example endpoint security, or the properties of specific products or implementations also affect the end result in major ways. So at the end of the day, no amount of communication security helps you if you do not trust the party you are communicating with or the devices you are using,” IETF Chairman Jari Arkko and IETF Security Area Director Stephen Farrell wrote in a statement.

The IETF is considering changes to the way that the HTTP 2.0 protocol handles security, specifically whether it should require the use of security up front rather than relying on the server on the other end to decide to provide it. The group also is looking at ways to better instruct people interested in deploying TLS with Perfect Forward Secrecy.

“We’re considering ways in which better use can be made of existing protocol features, for example, better guidance as to how to deploy TLS with Perfect Forward Secrecy, which makes applications running over TLS more robust if server private keys later leak out,” the statement says.

The changes under consideration at the IETF were already being discussed before the revelations about the NSA’s surveillance capabilities over the last few months, but the leaks have accelerated those discussions.

“We knew of interception of targeted individuals and other monitoring activities, but the scale of recently reported monitoring is surprising. Such scale was not envisaged during the design of many Internet protocols, but we are considering the consequence of these kinds of attacks,” the statement says.

“Recent days have also seen an extended and welcome discussion triggered by calls for the IETF to build better protections against wide-spread monitoring.”

The IETF will meet inVancouver in November and the group will discuss the ways in which it can help protect the Internet and users against pervasive surveillance.

Image from Flickr photos of Alessio Canepa

Suggested articles