In response to the public outcry over mass Internet surveillance by the National Security Agency (NSA), the engineers who develop the protocols that underpin the Internet are deep into an effort to encrypt all Web traffic, and expect to have a revamped system ready to roll out by the end of next year.
The effort, by the Internet Engineering Task Force, or IETF, an informal organization of engineers that changes Internet code and operates by rough consensus, involves HTTP, or hypertext transfer protocol, which governs information exchanges between the Web browser on your phone and computer and the servers that hold the data of the website you are visiting.
Leaked documents brought to light by former NSA contractor Edward Snowden suggest the NSA routinely harvests and stores huge amounts of information from major cloud computing platforms and wireless carriers. Today, much of the Web traffic between your device and Web server is not encrypted unless websites choose to use a variant of the HTTP protocol called HTTPS—which includes an encryption step, called transport layer security. This is commonly used by banks, e-commerce sites, and by some big sites, including Google and Facebook. (If a website’s address starts with “https://” it already uses encryption.)
The IETF change would introduce encryption by default for all Internet traffic. And the work to make this happen in the next generation of HTTP, called HTTP 2.0, is proceeding “very frantically,” says Stephen Farrell, a computer scientist at Trinity College in Dublin who is part of the project.
To read more, click here.