As free speech organizations continue to push the government for changes in surveillance policies, there are technical changes we can implement to thwart online mass surveillance that require no government permission at all.
Imagine sending a postcard through the mail. Anyone who handles, or even passes within view of, that postcard can look at the contents. That is how most websites currently work. When users request a page from a website, that request passes from server to server until the user’s computer connects with the computer hosting the site. The nature of that request is transparent to all of the in-between servers (and the administrators that control them). This “postcard-through-the-mail” nature of web interactions is part of what allows the government to surveil and store massive amounts of data with ease.
Reset the Net is calling on everyone who manages a website or publishes an app to use tools that put our metaphorical postcards in lockboxes before sending them on their way. One tool is called SSL, and is already used by most websites that handle your sensitive data. Reset the Net is calling for all websites to adopt SSL and other tools that make it more difficult to circumvent or crack.
SSL encrypts (scrambles) your web transactions so that only the intended receiver can read them. It’s not “un-hackable”, just like no lockbox is impervious. However, think of how much effort it takes to pry open a lockbox, compared to simply glancing at an exposed postcard. Multiply that excess effort by millions of transactions per second, and mass surveillance of the kind that Edward Snowden exposed may become untenable.
No one entity controls the SSL protocol, which means no government or corporation can revoke it. No implementation of SSL is perfect (as the recent Heartbleed bug demonstrated), just like there is no such thing as 100% security in the physical world. But that doesn’t keep us from wearing seatbelts or locking our front doors when we leave for work in the morning. Reset The Net is calling for that kind of basic prevention to secure the web from prying eyes.
If you’re a web administrator or mobile app developer, Reset the Net has an overview of how and why you should implement these tools to protect your users. The rest of us can help spread the word. Everyone needs to build awareness and momentum toward the day of action on June 5, the anniversary of the first NSA surveillance story revealed by whistleblower Edward Snowden.
More than 20 organizations and companies support the launch of the campaign including Fight For The Future (who initiated the campaign) along with reddit, CREDO Mobile, Namecheap, Imgur, Greenpeace, Libertarian Party, FireDogLake, Thunderclap, DuckDuckGo, Disconnect.Me, Demand Progress, Access, Free Press, Restore the Fourth, AIDS Policy Project, PolitiHacks, OpenMedia, Free Software Foundation, Bill of Rights Defense Committee, Code Pink, Popular Resistance, Participatory Politics Foundation, BoingBoing, Public Knowledge, Amicus, New America Foundation’s Open Technology Institute, Progressive Change Campaign Committee, Student Net Alliance, and the Center for Democracy and Technology.
We must continue to demand changes to laws and policies, but there is nothing stopping us from implementing these security improvements today.