Why and How to Encrypt the Entire Web

Monday, March 11, 2013
12:00 PM - 1:30 PM
CISAC Conference Room

In 1990, hypertext was a utopian conjecture. Since then, a hypertext system called the World Wide Web not only become the predominant medium of human communication, but also one of the primary methods for distributing software. Obviously, this transition has had implications for subjects of geopolitical interest including software security, political discourse, and the ability of states to surveil their citizens' communications and reading habits.

Because it was hard enough to build a global hypertext system in the first place, security was generally an afterthought in the design of the World Wide Web. One necessary component of a secure website is HTTPS encryption, but it is still only used correctly by a tiny fraction of websites. Any website that allows http:// as well as https:// is inherently vulnerable to network surveillance, account hijacking, and other forms of insecurity. To make matters worse, HTTPS itself has been plagued by numerous security problems and design flaws.

The Electronic Frontier Foundation has been engaged in a series of projects to encrypt the entire Web, retiring the insecure HTTP protocol, and ensuring that "HTTPS" actually delivers what it promises. These projects include HTTPS Everywhere, the SSL Observatory, Sovereign Keys, and efforts to persuade major sites to deploy HTTPS. In this talk Peter will give an overview of these projects, the significant progress they have made to date, and the work that remains to be done.

About the speaker: Peter Eckersley is Technology Projects Director for the Electronic Frontier Foundation. He keeps his eyes peeled for technologies that, by accident or design, pose a risk to computer users' freedoms—and then looks for ways to fix them. He explains gadgets to lawyers, and lawyers to gadgets. Peter's work at EFF has included privacy and security projects such as Panopticlick, HTTPS Everywhere, SSDI, and the SSL Observatory; helping to launch a movement for open wireless networks; fighting to keep modern computing platforms open; and running the first controlled tests to confirm that Comcast was using forged reset packets to interfere with P2P protocols.

Peter holds a PhD in computer science and law from the University of Melbourne; his research focused on the practicality and desirability of using alternative compensation systems to legalize P2P file sharing and similar distribution tools while still paying authors and artists for their work.