Heavyweight tech companies, like Google, Mozilla and Reddit, and privacy advocates have kicked off a campaign to help make users' online communications and data “NSA-resistant.”
“Reset the Net” launched on Thursday, a year after Edward Snowden leaks began detailing NSA snooping practices upheld by government surveillance programs. Long-time privacy champions, like the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU), were among those that teamed up to join the initiative.
On June 5, campaign participants were urged to implement security tools, like HTTPs, HTTP Strict Transport Security (HSTS), and perfect forward secrecy (PFS), as a means of encrypting private communications.
Encryption techniques that utilize PFS, for instance, have no single master key to break encryption and are made possible due to a cryptographic key exchange known as Diffie-Hellman.
“Once all traffic is encrypted, [NSA's] mass surveillance apparatus depends on an ever-dwindling number of bugs in a small number of tools, extremely valuable bugs they are racing with other governments, organized crime, and security experts to discover,” a page on Reset the Net's website said. “Once we get there, governments are always just a few technical fixes away from losing their mass surveillance capabilities. At that point, the odds tip in our favor, and victory becomes possible.”
The campaign specifically encouraged website owners and mobile app developers to run the “Reset the Net” banner on their corresponding sites. Mobile app developers, for example, were directed to add SSL (secure sockets layer) to their security protocols, or use certificate pinning to validate trusted certs.
As part of the initiative, a privacy pack was also provided for individual users, as a means of helping them protect their private chats, calls or text messages from prying eyes. Included in the free software pack was HTTPS Everywhere, an extension available to Firefox, Chrome or Opera users, which provides web browsing security.
On Thursday, “Reset the Net” supporter SendGrid, a major email delivery service provider in Colorado, announced that, effective that day, all email sent via SendGrid would employ transport layer security (TLS) – an encryption method also used by Google for its Gmail service.
David Campbell, CSO at SendGrid, told SCMagazine.com in an interview that, in joining the cause, the company aimed to “focus on using encryption as an effective way to stop surveillance,” rather than engage in a political debate about Snowden.
TLS for email, explained by Campbell as the equivalent of “sending your email in a sealed envelope, rather than on a postcard,” is just one of the ways that companies can engage in the campaign.
“We're joining with a number of other companies to promote the addition of privacy preserving features,” Campbell said. “That's what ‘Reset the Net' is. It's about pointing people towards tools that make protecting their privacy easier.”