Newspaper article The Christian Science Monitor

Digital Divide Widens as the Web Adopts Stronger Encryption Standard

Newspaper article The Christian Science Monitor

Digital Divide Widens as the Web Adopts Stronger Encryption Standard

Article excerpt

On New Year's Day, a change meant to strengthen online security will have the inverse effect, too, leaving millions of users' Web traffic completely exposed.

Microsoft, Google, and Mozilla will start phasing out older Internet encryption in Edge, Chrome, and Firefox browsers in favor of a newer, more secure standard. The aim is to get websites to adopt a beefier security method for ensuring private communications and safe bank transactions over the Internet.

But Web browsers that haven't been updated in the past few years or older generations of many mobile devices, which are commonplace in much of the developing world, will be unable to use the updated encryption standard. That means that many of those users will lose access to online functions protected by the Web protocol called Secure HTTP, or HTTPS.

Losing HTTPS access will put users at risk from hackers and digital thieves, says Kurt Rohloff, an associate professor of computer science at the New Jersey Institute of Technology. It will also block one of the simplest ways of avoiding online surveillance and censorship.

That's especially concerning because older phones are common in many countries with the highest levels of online censorship, says Mr. Rohloff. "If they're basically forced to use these older devices, they won't be able to protect themselves from local governments that would be snooping on their communications."

Insecure mobile access is a bigger concern in developing countries where many people depend on their phones to access the Web, sats Joseph Bonneau, a tech fellow at the Electronic Frontier Foundation (EFF). "Of course, for many users they only have Internet access through their mobile devices, so insecurity of mobile browsing means insecurity of all of their browsing," he said in an e- mail.

It is difficult to find hard data on the number of older smartphones in developing markets that could be affected by the change. Somewhere between 3 and 7 percent of Web browsers in use around the world cannot use the newer HTTPS standard, according to Facebook. Smartphones more than six or seven years old, ones that haven't been updated properly and many "dumbphones" with basic Web browsing functions will also be affected."A disproportionate number of those people reside in developing countries, and the likely outcome in those counties will be a serious backslide in the deployment of HTTPS by governments, companies and NGOs that wish to reach their target populations," Facebook's chief security officer, Alex Stamos, wrote in a blog post earlier this month.

In many African countries, for instance, cellphones take the place of banks as well as desktop computers, with usage of mobile money - and mobile cons - widespread. Phasing out the older encryption standard could leave those users even more exposed, experts worry.

HTTPS has become the standard for online banking and commerce. Recent concerns about data breaches and government surveillance have also made it increasingly popular across the Web - from social media to online news to the federal government.

Here's how it works: After some verification, a certificate authority uses an encryption algorithm to sign a digital certificate for a website that wants to use HTTPS. When a user connects to the site, their browser examines that certificate and, if it checks out, establishes a secure connection. The user then has some assurance that the site is what it says it is, and that the content of their communication with the site is encrypted. Most Web browser show a lock icon or a similar indicator in the address bar for HTTPS sites.

As computers have become more powerful and less expensive, experts have worried that it might soon be affordable to fake HTTPS signatures that use an older encryption algorithm, called SHA-1. In 2012, cryptography experts Jesse Walker and Bruce Schneier estimated that SHA-1 forgeries could be within the reach of organized crime by 2018. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.