Within the last weeks there has been several things that can affect to the future of the Internet. First United Nations officially condemned the practice of countries shutting down access to the internet at a meeting of the Human Rights Council. It effectively extends human rights held offline to the internet – including freedom of expression. A resolution entitled The promotion, protection and enjoyment of human rights on the Internet effectively extends human rights held offline to the internet. It was passed by consensus, but only after a determined effort by a number of countries, including China and Russia, to pull out key parts of the text. UN council effectively says Seriously, nations, stop switching off the damn internet. That was the good news.
The bad news is that many countries have already tried to exploit the emotions from latest terrorist attacks to pass all kinds of invasive legistlation in the name off protecting against terrorism. The worst news comes from Russia where Putin Is Literally Breaking The Internet. A few weeks ago there was push by the Russian Duma to pass a massive new surveillance bill that would mandate backdoors to encryption as well as massive data retention requirements for service providers, including saying that they need to store recordings of phone calls. Now Vladimir Putin signed that controversial anti-terrorist legislation bill into law.
Putin has also signed an executive order telling the FSB (the modern version of the KGB) to make sure it gets encryption keys to unlock everything within the next two weeks. It seems that President Putin ordered the Federal Security Service to produce “encryption keys” capable of decrypting all data on the internet. No one is really sure what this means exactly, but the FSB has two weeks to make them. And that is practically impossible to do in practice in many cases as more and more communications is encrypted locally or where there are private keys, there isn’t any way for service providers to turn over any keys. What happens next is a little unclear. But it seems likely that the Russian government will use this to attack certain encrypted communications services, and potentially block and/or fine them for failing to comply with the new law.
And all this is done in name of protecting against terrorism.In theory, the new laws pretend to stop “terrorist acts” and “armed uprisings.” What does all this have anything to do with “anti-terrorism?” Encryption does much more to protect everyday citizens than it does to hide the communications of “terrorists.” Undermining that puts a lot more people at risk of people hacking into their stuff than being a victim of a terrorist attack. The end game of the “anti-terrorist” legislation bundle would presumably be to create a central data center (let’s call it “basket”) to store all of the keys (let’s call them “eggs”).
These regulations aren’t just terrifyingly invasive – just read the details from Putin Is Literally Breaking The Internet article. They’re technically nonsense, and they’re so costly to try to implement that they could put many internet and phone service providers out of business, force noncomplying foreign companies out of Russia and kick a massive dent into Kremlin’s already crumbling infrastructure budget.
For the rest of thw world end-to-end encryption gets more and more widely used. Just a few years ago, end-to-end encryption was a nerdy niche – but this year it has hit mainstream. Apple has used a form of end-to-end encryption in iMessage for years. WhatsApp rolled out full end-to-end encryption to its billion-plus users in April. Viber added the protection to its 700 million users’ messages just weeks after WhatsApp. Google announced in May that its new messaging app Allo would offer end-to-end encryption as an option. On Friday, Facebook plans to roll out a beta version of a new feature it calls “secret conversations.” Facebook’s secret conversations will use a protocol called Signal. Communications companies are doing this despite complaints from law enforcement agencies that the feature hampers surveillance capabilities.