'Reset the Net' promotes security at enterprise and individual levels

Share this article:
'Reset the Net' promotes security at enterprise and individual levels
Heavyweight tech companies and privacy advocates teamed for the initiative.

Heavyweight tech companies, like Google, Mozilla and Reddit, and privacy advocates have kicked off a campaign to help make users' online communications and data “NSA-resistant.”

Reset the Net” launched on Thursday, a year after Edward Snowden leaks began detailing NSA snooping practices upheld by government surveillance programs. Long-time privacy champions, like the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU), were among those that teamed up to join the initiative.

On June 5, campaign participants were urged to implement security tools, like HTTPs, HTTP Strict Transport Security (HSTS), and perfect forward secrecy (PFS), as a means of encrypting private communications.

Encryption techniques that utilize PFS, for instance, have no single master key to break encryption and are made possible due to a cryptographic key exchange known as Diffie-Hellman.

“Once all traffic is encrypted, [NSA's] mass surveillance apparatus depends on an ever-dwindling number of bugs in a small number of tools, extremely valuable bugs they are racing with other governments, organized crime, and security experts to discover,” a page on Reset the Net's website said. “Once we get there, governments are always just a few technical fixes away from losing their mass surveillance capabilities. At that point, the odds tip in our favor, and victory becomes possible.”

The campaign specifically encouraged website owners and mobile app developers to run the “Reset the Net” banner on their corresponding sites. Mobile app developers, for example, were directed to add SSL (secure sockets layer) to their security protocols, or use certificate pinning to validate trusted certs.

As part of the initiative, a privacy pack was also provided for individual users, as a means of helping them protect their private chats, calls or text messages from prying eyes. Included in the free software pack was HTTPS Everywhere, an extension available to Firefox, Chrome or Opera users, which provides web browsing security.

On Thursday, “Reset the Net” supporter SendGrid, a major email delivery service provider in Colorado, announced that, effective that day, all email sent via SendGrid would employ  transport layer security (TLS) – an encryption method also used by Google for its Gmail service.

David Campbell, CSO at SendGrid, told SCMagazine.com in an interview that, in joining the cause, the company aimed to “focus on using encryption as an effective way to stop surveillance,” rather than engage in a political debate about Snowden.

TLS for email, explained by Campbell as the equivalent of “sending your email in a sealed envelope, rather than on a postcard,” is just one of the ways that companies can engage in the campaign.

“We're joining with a number of other companies to promote the addition of privacy preserving features,” Campbell said. “That's what ‘Reset the Net' is. It's about pointing people towards tools that make protecting their privacy easier.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Millenials improve security habits, more interested in cyber careers, still need guidance

Millenials improve security habits, more interested in cyber ...

Raytheon's second annual survey on the online and security behavior of Millennials shows improvement but still a long way to go.

Pakistani man indicted over spyware app creation

Hammad Akbar created StealthGenie, which allowed the purchaser to secretly monitor a cell phone's communications.

FDA finalizes guidelines on medical device, patient data security

The recommendations are aimed at providing better protecting patient health and data, as well as hoping device manufacturers take into account cybersecurity risks in the early stages of development.