'Reset the Net' promotes security at enterprise and individual levels

Share this article:
'Reset the Net' promotes security at enterprise and individual levels
Heavyweight tech companies and privacy advocates teamed for the initiative.

Heavyweight tech companies, like Google, Mozilla and Reddit, and privacy advocates have kicked off a campaign to help make users' online communications and data “NSA-resistant.”

Reset the Net” launched on Thursday, a year after Edward Snowden leaks began detailing NSA snooping practices upheld by government surveillance programs. Long-time privacy champions, like the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU), were among those that teamed up to join the initiative.

On June 5, campaign participants were urged to implement security tools, like HTTPs, HTTP Strict Transport Security (HSTS), and perfect forward secrecy (PFS), as a means of encrypting private communications.

Encryption techniques that utilize PFS, for instance, have no single master key to break encryption and are made possible due to a cryptographic key exchange known as Diffie-Hellman.

“Once all traffic is encrypted, [NSA's] mass surveillance apparatus depends on an ever-dwindling number of bugs in a small number of tools, extremely valuable bugs they are racing with other governments, organized crime, and security experts to discover,” a page on Reset the Net's website said. “Once we get there, governments are always just a few technical fixes away from losing their mass surveillance capabilities. At that point, the odds tip in our favor, and victory becomes possible.”

The campaign specifically encouraged website owners and mobile app developers to run the “Reset the Net” banner on their corresponding sites. Mobile app developers, for example, were directed to add SSL (secure sockets layer) to their security protocols, or use certificate pinning to validate trusted certs.

As part of the initiative, a privacy pack was also provided for individual users, as a means of helping them protect their private chats, calls or text messages from prying eyes. Included in the free software pack was HTTPS Everywhere, an extension available to Firefox, Chrome or Opera users, which provides web browsing security.

On Thursday, “Reset the Net” supporter SendGrid, a major email delivery service provider in Colorado, announced that, effective that day, all email sent via SendGrid would employ  transport layer security (TLS) – an encryption method also used by Google for its Gmail service.

David Campbell, CSO at SendGrid, told SCMagazine.com in an interview that, in joining the cause, the company aimed to “focus on using encryption as an effective way to stop surveillance,” rather than engage in a political debate about Snowden.

TLS for email, explained by Campbell as the equivalent of “sending your email in a sealed envelope, rather than on a postcard,” is just one of the ways that companies can engage in the campaign.

“We're joining with a number of other companies to promote the addition of privacy preserving features,” Campbell said. “That's what ‘Reset the Net' is. It's about pointing people towards tools that make protecting their privacy easier.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

TorrentLocker developers patch error

Victims had been able to restore encrypted files without paying a ransom.

Home Depot: breach risks 56M payment cards, 'unique' malware used

Home Depot confirmed that approximately 56 million payment cards may have been compromised as result of a malware attack.

Gartner: 75 percent of mobile apps will fail security tests through end of 2015

Gartner: 75 percent of mobile apps will fail ...

As BYOD and mobile computing become more critical to business, app downloads will raise security risks.