Internet Society Responds to Reports of the U.S. Government’s Circumvention of Encryption Technology

The Internet Society is alarmed by continuing reports alleging systematic United States government efforts to circumvent Internet security mechanisms. The Internet Society President and CEO, Lynn St. Amour, said, “If true, these reports describe government programmes that undermine the technical foundations of the Internet and are a fundamental threat to the Internet’s economic, innovative, and social potential. Any systematic, state-level attack on Internet security and privacy is a rejection of the global, collaborative fabric that has enabled the Internet’s growth to extend beyond the interests of any one country.”

The Internet Society believes that global interoperability and openness of the Internet are pre-requisites for confidence in online interaction, they unlock the Internet as a forum for economic and social progress, and they are founded on basic assumptions of trust. We are deeply concerned that these principles are being eroded and that users’ legitimate expectations of online security are being treated with contempt.

As the institutional home of the Internet Engineering Task Force (IETF), we believe that open and transparent processes are essential for security standardization, and result in better outcomes than any alternative approach. For example, protocols developed by the IETF are open for all to see, inspect, and verify, as are the open and inclusive processes by which they are specified.

IETF Chairman Jari Arkko has strongly reiterated the IETF’s commitment to improving security in the Internet, and to seeking ways of improving security protocols in light of these new revelations and security threats. “The IETF has a long-standing commitment to openness and transparency in developing security protocols for the Internet, and sees this as critical to confidence in their use and implementation.” To read more, visit: http://www.ietf.org/blog/2013/09/security-and-pervasive-monitoring/.

However, the open development of robust technical specifications is just one link in the chain. Security standards must be properly implemented and used. This is a wake-up call for technology developers and adopters alike, to reexamine what we can do to ensure that all links in the chain are equally strong. This is key to helping restore public trust and confidence in the Internet.

The Internet has tremendous potential for economic and social good, but unless all stakeholders trust the Internet as a safe place for business, social interaction, academic enquiry, and self-expression, those economic and social benefits are put at risk. To fulfill its potential, the Internet must be underpinned by the right combination of technology, operational processes, legislation, policy, and governance. The recent reports suggest that U.S. Government programmes have systematically undermined some or all of those measures, and that is why we view the revelations with such grave concern.

With this mind, we issue these calls to action for the global community:

  • To every citizen of the Internet: let your government representatives know that, even in matters of national security, you expect privacy, rule of law, and due process in any handling of your data.

Security is a collective responsibility that involves multiple stakeholders. In this regard, we call on:

  • Those involved in technology research and development: use the openness of standards processes like the IETF to challenge assumptions about security specifications.
  • Those who implement the technology and standards for Internet security: uphold that responsibility in your work, and be mindful of the damage caused by loss of trust.
  • Those who develop products and services that depend on a trusted Internet: secure your own services, and be intolerant of insecurity in the infrastructure on which you depend.
  • To every Internet user: ensure you are well informed about good practice in online security, and act on that information. Take responsibility for your own security.

At the Internet Society, we remain committed to advancing work in areas such as browser security, privacy settings, and digital footprint awareness in order to help users understand and manage their privacy and security. The citizens of the Internet deserve a global and open platform for communication built on solid foundations of security and privacy.