Matthew Green over at Cryptography Engineering has a depressing piece on the security status of the network. He says that the network is hostile and that that hostility is baked in by its design. Our packets travel through routers and intermediate machines that we have no control over and, indeed, we usually don’t even know what machines or routers those packets pass through.
The situation is now known to be even worse than we thought. On August 15th, ProPublica published an article revealing AT&T’s almost complete capitulation to the whims of the NSA. That includes allowing them to tie into and monitor major fiber-optic cables. The NSA, in internal documents, praised AT&T’s extreme willingness to help them. Matt Blaze sums up the situation nicely in this tweet
Turning point, some time during my tenure there, was when AT&T valued its relationship with the government over its customers.
— matt blaze (@mattblaze) August 15, 2015
This hostility means that ubiquitous encryption is an absolute necessity but even that, Green says, isn’t enough because current protocols leak a lot of metadata that can be revealing to those who wish to mind our business. The NSA, Green reminds us, isn’t the only state-operated entity that’s interested in and has the capability to monitor our communications. Some are even worse than the NSA.