About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion

Advertisers

Technorati

  • Add to
Technorati Favorites

License

  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« China syndrome | Main | Moving transactions online »

Masters key

By Dave Birch posted Nov 23 2010 at 5:43 PM

[Dave Birch] This whole internet thing is getting more and more complicated. I'm trying to work out what government policies toward the internet are, so that I can help our clients to develop sound long-term strategies with respect to digital identity. To do this, we need to understand how the security environment will evolve and what the government's attitude to security is. Should people be allowed to send data over the internet without interference? The US government thinks so.

Since 2007, Congress has inserted a total of $50 million of earmarks into the State Department's budget to fund organizations dedicated to fighting Internet censorship.

[From Rebecca MacKinnon: No quick Fixes for Internet Freedom - WSJ.com]

Uh oh. This cannot be popular with people in favour of internet censorship, such as U2's boss.

U2 manager Paul McGuinness said that the only reason the music industry had tanked over recent years was not because outfits like U2 peddled the same boring crap that they did in the 1980s, but because of the introduction of broadband.

[From Comment: Broadband only useful for pirates - U2 manager screams blue murder | TechEye]

Setting aside the fact that the British music industry earned more money than ever before last year, U2 are totally wrong to expect the rest of society to pay to uphold their business model in face of all technological change. Bono is wasting his time calling for Chinese-style internet censorship in order to maximise record company profits, or at least he is if the US government is going to continue funding the opposition.

Talking about Chinese-style internet censorship, there were some very frightening reports in the newspapers this week.

A state-run telecoms firm is accused of diverting traffic including data from US military and government websites, and some in Britain, via Chinese servers. Experts fear that the authorities could have carried out “severe malicious activities” as a result of the 18-minute operation, even harvesting sensitive data such as the contents of email messages or implanting viruses in computers worldwide.

[From China may seek to 'control the internet', US report on web hijack warns - Telegraph]

But hold on. If you were trying to steal top secret e-mails from the Pentagon, why would you redirect all internet traffic? If you do that, people will notice, won't they? Surely it makes more sense to just take sneaky copies of the e-mails, doesn't it? When I read the story, I assumed it was a DNS error, the sort of thing that happens all the time.

In fact, it's so simple, that it happens every year to somebody through sheer accidental misconfiguration... Sometimes it's China, and sometimes it's Con-Ed.

[From China's 18 Minute Mystery - Renesys Blog]

I'm sure this is the explanation. But some of the newspapers pointed to a more disturbing aspect of the story.

While sensitive data such as emails are generally encrypted before being transmitted, the Chinese government holds a copy of an encryption master key which could be used to break into redirected traffic.

[From China 'hijacks' 15 per cent of world's internet traffic - Telegraph]

Wait? What? There's an encryption master key for the internet? That sounds like a bit of seriously bad design, doesn't it? Who's idea was it to make an encryption system for the internet and then create a master key that could break it? If there's a master key, then I want it: I can download porn and make it look like I'm Rupert Murdoch, withdraw money from other people's bank accounts and launch nuclear missles and, and...

Don't panic. Just take a deep breath and remember that the only people who understand less about the internet than politicians are journalists. This story is, naturally, bunk. There is no "master key" for internet encryption, and what little internet traffic there is that is encrypted is safe for the time being. The source of the ridiculous "master key" story seems to be the New York Times, which says (with no attribution) that

While sensitive data such as e-mails and commercial transactions are generally encrypted before being transmitted, the Chinese government holds a copy of an encryption master key, and there was speculation that China might have used it to break the encryption on some of the misdirected Internet traffic.

[From Chinese Scrutinized for Meddling With Web Traffic - NYTimes.com]

Think about it for a second: if the Chinese government has a copy of the master key for the internet, then that means that someone else has the original and whoever that is can read all of the Chinese government's internet traffic! So if such a master key did exist, then no-one would use the encryption system and they'd use an alternative instead. What a load of rubbish.

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341c4fd753ef0147e01907a3970b

Listed below are links to weblogs that reference Masters key:

Comments

The comments to this entry are closed.