November 20, 2013
The engineers behind the Internet Engineering Task Force are responding to public outcry over Internet surveillance by encrypting Web traffic with plans for a revamped system by the end of next year. In light of National Security Agency contractor Edward Snowden’s exposure of the agency’s mass Internet surveillance, the effort will introduce the default of encryption in Internet browsing, intended to reduce the ease of snooping.
“Many experts have pointed out that mass Internet spying is done in part because it’s so easy to do,” Technology Review writes. “Some argue that making life a little harder for agencies like the NSA may make them focus on legitimate national security targets rather than scooping up everything and asking questions later.”
And that’s essentially the idea with IETF’s encryption efforts. The organization, which is made up of engineers who change Internet code, plans to make HTTPS — a variant of the standard HTTP — the norm. When website URLs have “HTTPS” at the beginning of the link, it automatically includes an encryption step called transport layer security, TR notes.
The transition to HTTPS as standard Internet practice is what’s being called the next generation of HTTP, or HTTP 2.0.
“This is commonly used by banks, e-commerce sites, and by some big sites, including Google and Facebook,” TR writes. But the majority of Web traffic between devices and Web servers isn’t encrypted, making it more susceptible to surveillance.
HTTP 2.0 is proceeding “very frantically,” Trinity College computer scientist Stephen Farrell, who is part of the project, tells TR. “The hope is that a specification will be ready by the end of 2014. It would then be up to websites to actually adopt the technology, which is not mandatory,” explains the post.