Many major websites already encrypt by default. Here’s why encryption and multifactor authentication should be everywhere.
If you’ve been paying attention lately, you’ve likely noticed that more of your everyday websites are going HTTPS by default: Twitter, Facebook, LinkedIn, and even your favorite search engine.
This is a good development. For years, critics have derided default, widespread HTTPS encryption and authentication as unnecessary and performance-wasting. But now that we’ve seen most of the biggest websites go HTTPS, led by Google, the world is finding out it isn’t such a bad idea.
In fact, it’s great. It’s time for us to go all the way and encrypt and authenticate everything!
At a time where the U.S. Congress is allowing ISPs to continue spying on users’ private sessions, we need default HTTPS to protect our privacy. We need to incorporate security and privacy protections in all our communications, whether over the internet, telephone, cable, mobile phones, instant messaging — any form of networked communications. We should demand constant protection of all that. It’s the only way to make the internet truly more secure and private.
Tell it to the CIA
Computer security students use the acronym of CIA — aka “confidential, integrity, availability” — to describe why computer security is needed.
Confidentiality refers to keeping information from being seen by unauthorized parties. Integrity means making sure a person or computer is who they say they are (or that content has been unmodified since it’s intended distribution). Availability is ensuring that a computer asset is accessible to authorized parties, thanks to such practices as preventing denial-of-service attacks.
We should apply the security CIA triad to all computing and network communications. That doesn’t mean we have to apply the strongest and most expensive security to everything; security measures should be commensurate with data they protect. You wouldn’t protect a website containing public information as strenuously as you’d protect weapon systems or classified information. But in general, all websites and services should have some basic level of encryption and integrity.
Why is default security needed?
Conventional wisdom dictates that protecting assets and content that don’t seem to demand strong computer security is wasteful, unnecessary, and performance-killing. As a result, only content that supposedly needs better protecting receives it. What we end up with is a hodgepodge of protection, often within the same site or service.
We’re all accustomed to connecting to banking websites that start off unprotected, then switch to protected for a logon or transaction, often with single pages that contain a mix of protected and unprotected content. Sometimes it’s hard to determine which is which. The complexity of sustaining differing levels of protection on the same site is confusing to us and our browsers.
As it turns out, it’s simply easier for developers, browsers, and users to protect everything all the time.
I liken it to file-based encryption. With file-based encryption, either you or the system encrypts files on a file-by-file or folder-by-folder basis. This supports the idea that only certain items need to be protected. But file-based encryption almost always fails as true protection over the long run. Objects that should be protected don’t get protected. Sensitive data leaks out. A simple application crash can leave confidential data exposed. Moreover, it’s difficult to remove all confidential data even if you try, especially in today’s growing world of memory storage media (which doesn’t even let the operating system choose what data to delete or encrypt).
Volume- and disk-based encryption is becoming the norm. You turn it on, and every file, every data bit remnant is protected by default. This approach makes an unintended data reveal much less likely, and usually the protection is invisible to the user. We need to take lessons learned in the storage arena and apply them to the rest of the world. Widespread, default, pervasive protection works best.
Getting rid of all HTTP connections and moving to (or even requiring) HTTPS is a good way to start. HTTPS gives us encryption and integrity during network transmission. We need to require default, total media encryption on all disks and storage media. No USB key or camera memory card should be without it.
We also need to move from one-factor authentication to two-factor (or greater) authentication. Stronger authentication doesn’t prevent all attacks, but it stops the phishing of credentials, which is very prevalent right now.
It’s also important to authenticate all content to protect its integrity, although this flies in the face of conventional thinking. Why protect content anyone can acquire? Mainly because it’s easier to encrypt everything, but also because all content needs integrity protection.
Suppose a government agency offers public documents that anyone can have, use, and share. It’s important that what users download and share is authentic. You don’t want someone changing a public document to say something else and disseminate it as if it were the genuine article.
You might argue that many documents, where the original author or distributor doesn’t mind any modification, shouldn’t be integrity-protected. Again I’ll argue that it’s easier, more accurate, and cheaper to protect everything than singling out winners and losers.
Even availability issues need to be worldwide. You might think it’s OK for your site or service to go down, but in today’s world, you never know what upstream or downstream entity is integrating with your offering. Besides, almost everything in the cloud is redundant already, and it’s cheaper to protect everything rather than a few bits.
It’s inevitable that enabling security universally, such as HTTPS or default encryption, will break some objects, especially those that were built before these security options were available or pervasive. So what? Welcome to the real world. If something breaks, it’s time to fix it or forget it. Pervasive computer security shouldn’t be held back by dinosaur apps and services.
All spies dislike the idea of pervasive encryption and other security protections. Again, so what? The ability to protect our personal privacy should trump any other societal need.
I and millions of others don’t buy that government must be able to infiltrate every digital transaction to protect society from criminals and terrorists. Let me be clear: We are willing to put up with the idea that pervasive security makes it harder for law enforcement to do its job.
That said, I’m not suggesting that default, pervasive security is a panacea. If a bad group successfully breaks into your computer or into a website, it can pretty much do anything it wants, including disabling default security.
But having good security always turned on as default means even those events are less likely to happen. Requiring seat belts in cars and helmets on motorcycle riders doesn’t stop car or motorcycle deaths. But it absolutely, significantly reduces the number of deaths and horrible, disabling injuries.
The internet and every device connected to it will one day have built-in, pervasive security, turned on by default. It’s already happening. I want us all to recognize it, hop on the bandwagon, and get it done. It’s the only way the internet has a chance to be significantly more secure.