Berners-Lee Says No To Internet Snooping 113
Jack Spine writes "The inventor of the World Wide Web has pointed out some of the dangers of deep packet inspection. Sir Tim said that ISPs 'snooping' on data was similar to the interception of mail. 'This is very important to me, as what is at stake is the integrity of the internet as a communications medium,' Berners-Lee said on Wednesday. TBL's comments come as the UK government is gearing up to intercept all web communications in the UK through the Intercept Modernisation Programme, and echo comments he made last year about Phorm."
Re:The dream of encryption (Score:2, Interesting)
The promise of the internet is free and open data. Encryption is anti-everything the internet is about.
The real death of the internet was ~10 years ago, when anonymous posting disappeared.
Re:The dream of encryption (Score:4, Interesting)
PGP keys only help with email.
Far better to move the entire web to ONLY ssl based servers, (after fixing ssl of course).
Re:The dream of encryption (Score:5, Interesting)
Where have YOU been living?
1. I have _multiple_ active GPG keys. All Ubuntu has GPG on them by default.
2. I use TOR regularly, which uses multiple levels of encryption.
3. I use HTTPS sites regularly. Not the old dinky 40bit keys either.
4. My filesystem on my laptops are encrypted via DM_CRYPT and Luks.
5. Every machine I communicate with has SSH. Therefore, I also have encrypted data tunnels for everything.
6. I use W.A.S.T.E.
Yeah. That whole encryption thing died out a while back. Uh huh.
Re:The dream of encryption (Score:5, Interesting)
the promise of the internet is free and open communications.
What we do with our data is entirely up to us, and nobody else. Not "the government", not ISPs. This includes encrypting whatever is being transmitted.
You may share any paper, report, program, comment that is yours to publish. Some communications using the Internet should be more like a phone conversation (before USAPATRIOT stupidity), in which a modicum of privacy is a reasonable presumption.
bad long-term solution (Score:5, Interesting)
When governments start snooping on everything they make it harder to snoop on criminals in the future. This makes lots more people want secure networks, which makes more people create tools to make it easy to send/receive encrypted data, which makes even the people who don't know about the issues aware of the issues and tools. Once the tools/protocols become normal, police won't be able to snoop on suspected criminals even with a court order because everything is encrypted.
That'll just make them pass more laws and restrict ISPs so that unsnoopable content isn't allowed. Which will make people start creating stenogrphy tools so things look snoopable, which will make other people aware of the issues and wonder why the gov't is so concerned and start using them.
Then people start using those tools and snooping becomes more expensive (trying to detect stenogaphy) and still useless. But it will get lots of otherwise innocent people in trouble for using encryption or stenography to do something unimportant like send email to their mother.
If police stick to treating everyone as innocent until they had a valid reason to think otherwise and then got a court order they will have a lot more ability to snoop in the future.
Re:The dream of encryption (Score:2, Interesting)
Encryption works for very important data (that you would die to protect), less important data transferred over a network (moderately important e-mails), and unimportant data as a form of misdirection (if everything is encrypted, no one can tell what's important or not).
Full disk encryption, while nice, is not a protection for your data from someone who really wants it, unless you will die to protect it. It is protection from casual thieves for things like passwords, credit card data, personal information (your contact lists, for instance).
Post office also ask about the content in mail (Score:2, Interesting)
>> Sir Tim said that ISPs 'snooping' on data was similar to the interception of mail
Actually, if you think about it, the Post Office also ask about the _type_ of content in your mail: document (letter) ? CD/books ? or fire arms ? ;-)
i admit Post office does not read the words in your letter.
Re:At this point does it need to be said? (Score:3, Interesting)
Re:The dream of encryption (Score:3, Interesting)
We never went anywhere. I still read Applied Cryptography from time to time. I also:
The problem is mostly that there are so few other people who seem to care. I send a digital signature on every e-mail, but as far as I know no one ever verifies it. I've sent and received maybe two *encrypted* messages in my life. I talk to my girlfriend through a private XMPP server, because she's a huge nerd just like me, but pretty much every other IM conversation I have goes out over the wire in plaintext and passes through some faceless corporation's servers. Anonymous digital cash is full of awesome, and I keep meaning to write a implementation of it one of these days, but there just don't seem to enough of us anarchistic crypto nerds around thinking that to make it economically viable. Of all the cool cryptographic tricks I've read about, the only one that seems to have gotten to the point of a practical, usable system is tor.
I think part of that is that a lot of the existing cool ideas have had flawed implementations that impede practical use. I think PGP's web of trust is seriously flawed, for example. Most of the time the only thing about a key that I care about is whether the person that knows the private key is also the legitimate owner of the associated e-mail address, but in order to sign someone's key, I also need to assent to whole list of other, harder to verify statements about that key. It should have had people sign separate statements relating the key to some other form of identity rather than the key itself, so I could say "The person who knows the private key corresponding to public key ID 20344213 also has the e-mail address blah@blah.com" without also having to say, for every other bit of identity attached to their public key, "The person who knows the private key corresponding to public key ID 20344213 also has the legal name Blah X. Blahson" or even "The photograph attached to public key ID 20344213 is a photograph of the person who knows the corresponding private key".
Somehow, I think if that issue went away, we wouldn't magically see everyone in the world suddenly using PGP, though. Fundamentally, the problem is that 99% of the people just don't give a damn about privacy. Out of the remaining 1%, most either still don't care enough to bother with cryptography, or don't understand how it works and are convinced the NSA has a secret backdoor in everything or something. Look at every Slashdot article about electronic voting. Everyone complains that, as actually implemented, it fundamentally depends on trusting the voting machines, and there is every reason to believe that they can't be trusted. Okay, that's pretty much true, but then the proposed solution is always "leave a paper trail", but that just requires you to trust a handful of corruptible humans instead of a machine. Maybe that's better, but it's not much better. No one ever mentions those all those lovely cryptographic voting protocols from Applied Cryptography, that, if implemented properly, could let you vote from your own machine using an open-source client speaking a standard protocol, and not have to trust *anyone*. Well, I guess for the mindless masses understanding cryptography like that is so far over their heads that they might as well just be blindly trusting the protocol designers, but I would have hoped for better from Slashdot geeks.