Welcome to the era of encryption by default

From here on out, it'll be impossible to think about networking without it being encrypted -- to everyone's benefit

With Yahoo promising "encryption everywhere," Google moving to 2,048-bit certificates by year's end, HTTP 2.0 to be automatically encrypted, and a renewed interested in secure email, we've entered a new phase: the era of encryption by default over the network -- and maybe everywhere else, too.

Encryption has long been thought of as a bonus, a luxury, a sidecar add-on that only people who really, really need it should bother with. Now it looks like we all really, really need it.

The benefits of an everything-encrypted world

The most obvious spur has been the discovery of NSA spying programs and their essentially unlimited latitude and disturbingly broad reach -- up to and including spoofing sites on the public Internet to hijack its targets' computers. In the long run, as InfoWorld's Roger Grimes argues, NSA spying would "ultimately benefit us all," in big part because it would force providers of all kinds to switch to an encrypted-by-default infrastructure.

Bruce Schneier has taken much the same stance. In a recent article for The Atlantic, he pointed out how covert collaboration between tech companies and government -- what he calls the "public/private surveillance partnership" -- has crumbled in the post-Snowden era.

"It's impossible to build an Internet where the good guys can eavesdrop," he wrote, "and the bad guys cannot. We have a choice between an Internet that is vulnerable to all attackers, or an Internet that is safe from all attackers. And a safe and secure Internet is in everyone's best interests, including the US's."

Encrypting all data in transit by default still wouldn't thwart direct attacks, such as from social engineering, a tool that's still commonly used to steal data. (A recent example: Experian unwittingly selling personal data to someone posing as a law enforcement official.) But such protection would bolster security against run-of-the-mill cyber criminals -- a threat that's far more immediate and pervasive to many than the NSA. It ought to make casual snorting of passwords or cookies a relic of the past, for one.

The logistics of encrypting data everywhere also aren't nearly as thorny as they used to be. Sure, Google's 2,048-bit certificates would mean encryption and decryption would take that much longer -- but the amount of computing power we have to throw around now means such issues aren't the stumbling block they were a decade ago. Likewise, encrypting data at rest can now be done in hardware with minimal added cost.

No silver bullet

But switching to encryption by default is just the beginning. How encryption's implemented determines how effective it is or even if it's effective at all.

Nathaniel Couper-Noles, principal security consultant for Neohapsis, pointed out in an email to me that encryption is "not a silver bullet," as it requires maintenance on many levels -- "key management and rotation, identity management" and updates to the encryption schemes themselves -- to be useful.

"To make matters worse," he adds, "there is a very limited supply of talent with cryptography expertise. I'm encouraged to see companies like Yahoo and Google taking steps, but I expect it may be some time before the processes and architectures mature and yield full benefits."

The lack of expertise doesn't just make it hard to create good implementations of cryptography. It also creates difficulties in ensuring existing, widely used implementations work well, since such talent tends to be expensive and in high demand. The popular TrueCrypt disk-encryption system has its source code available for inspection, but its lack of a rigorous code audit spurred security experts to start a fundraiser for such an action.

The weakest link is always the user, of course. Vint Cerf himself recently went on record at a U.S. Federal Trade Commission workshop to note how much of the problem with privacy lies with us for being too eager to share too much. Against the urge to Snapchat everything, even the greatest privacy advocates labor in vain.

The most radical proposal yet would be to re-architect both computing and networking as we know it from a security-first standpoint. Such a pie-in-the-sky answer has in fact been proposed by Peter G. Neumann, who has long bemoaned the way security, to say nothing of encryption, is often a bolt-on rather than a bake-in. With VMs and virtual networks being baby-simple to construct these days, we might well see sandboxed examples of how to rework computing and networking at large springing up.

We have a long way to go before we can step into that particular brave new world. But with "encryption first" as a mantra, we're already nosing our way into one very different from even a year ago.

This article, "Welcome to the era of encryption by default," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow InfoWorld.com on Twitter.

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies