Plans to favor some Internet packets over others threaten consumers' hard-won right to use encryption, a digital privacy advocate says.
Activists and tech companies fended off efforts in the U.S. in the 1990s to ban Internet encryption or give the government ways around it, but an even bigger battle over cryptography is brewing now, according to Sascha Meinrath, director of X-Lab, a digital civil-rights think tank launched earlier this year. One of the most contested issues in that battle will be Net neutrality, Meinrath said.
[ Build and deploy an effective line of defense against corporate intruders with InfoWorld's Encryption Deep Dive PDF expert guide. Download it today! | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
The new fight will be even more fierce than the last one, because Internet service providers now see dollars and cents in the details of packets traversing their networks. They want to charge content providers for priority delivery of their packets across the network, something that a controversial Federal Communications Commission proposal could allow under certain conditions. Friday was the filing deadline for the first round of public comments on that plan.
Encrypted traffic can't be given special treatment because it can't be identified, Meinrath said. That could eliminate a major revenue source for ISPs, giving them a strong reason to oppose the use of encrypted services and potentially an indirect way to degrade their performance, he said. Meinrath laid out parts of this argument in a recent essay in the June issue of Critical Studies in Media Communication, called "Crypto War II" and written with tech policy activist Sean Vitka.
The U.S. government once sought to keep the country's cryptographic technology to itself or to hold onto the keys to all encrypted data. Opponents won out and opened the door to encrypted services people use every day, such as shopping and email. But the ability to use encryption is under fire both from government and potentially from ISPs' new business models, the essay said. The looming cryptography debate will also involve several other hot topics, including government surveillance spreading from networks into individual devices and the privacy of data generated by the "Internet of Things," the authors wrote.
Net neutrality could be important to the use of encryption in at least two ways, according to Meinrath. For one thing, if broadband capacity is scarce on a busy service-provider network, and some traffic gets paid priority, then other traffic could suffer. Encrypted traffic is likely to get the short end of that deal. For example, a streaming video service that was encrypted and couldn't be prioritized might stall or have longer buffer times if it had to share a crowded pipe with favored video streams.
In addition, ISPs might start to block encrypted traffic in order to maintain their business model. For example, if carriers can discriminate among applications, they can make some exempt from a user's data consumption cap. AT&T has already announced plans for such a service, called Sponsored Data, on its cellular data network. Among other things, this could allow content providers to cover the cost of delivering their data to consumers, making their content more attractive.
That concept may get more complicated if encryption comes into play, Meinrath said. For example, in some developing countries, Facebook and mobile operators together are offering cheap mobile data deals that only cover Facebook. There are encrypted services that can tunnel through Facebook to give users access to other service, but carriers will want to know if anyone is circumventing the exclusive Facebook deal.
"The problem is that providers are going to say, 'We need to be able to know that you're not doing that, therefore we need to be able to ensure that you are not encrypting,'" he said.
All this doesn't necessarily spell doom for your favorite banking, health insurance or video chat sites. The implications are deeper and longer term, Meinrath said.
"The problem is usually not the big 50 or big 100 services," he said. "They always carve out for themselves an exemption." But if a new competitor comes along that does the same thing better, it may be a different story.
"If you want to create the new Skype, or the new Facebook, or the new Google, you will have a hell of a time getting the same treatment as the incumbents," Meinrath said.
Because of the way network discrimination could affect encrypted services, guaranteeing Net neutrality will be critical to ensuring consumers' right to privacy online, the authors wrote. They also call for regulators to keep control of communications in the hands of users and in their own devices at the edge of networks, giving consumers the power to encrypt their communications from end to end.