Communications of the ACM
The Internet's Secret Back Door
The United Arab Emirates continues to wrestle with Research in Motion over government access to BlackBerry messages, threatening to ban the company's services if it doesn't severely weaken the anti-snooping protections on its smartphones. But years before the RIM battle boiled over, other Western companies handed the country a far greater power: the capability to infiltrate the secure system used by most banking, mail, and financing sites, making the most protected data on the Web available to the prying eyes of the emirates' government-connected telecommunications giant.
To understand how this happened, you need to understand the way much of the Web's private traffic stays private. Whenever you're sending sensitive information online—say, your credit card number to Amazon or a message over Gmail—the content is encrypted before being sent and then decrypted by the Web site you sent it to. (Sites using this secure mode have URLs that start with "https," and browsers add a padlock icon as well to demonstrate you're communicating securely.) Every vendor has its own rules for how to scramble information so that only it, the intended recipient, can decode it. If anyone intercepts the message along the way, it will appear to be a meaningless digital jumble.
Cryptographers are reasonably confident that the mathematics behind this method of encryption makes it unassailable by direct assault, even by the most well-funded intelligence agencies. But they have also long been aware of a potential weakness in its design: There's no way for your computer to know if the recipient is who they say they are...
From Slate
View Full Article
No entries found