A Clinton-era Internet law is coming back to haunt us by exposing our private online messages to hackers. Now, the Obama administration is lobbying Congress to repeat the same policy all over again.
This week, computer researchers announced they found a massive weakness in Internet software. “Logjam,” as they called it, allows hackers to spy on your online communications. It affects thousands of websites and every browser. Logging into your email, bank or Facebook on public Wi-Fi or over a virtual private network (VPN) isn’t safe.
How did this happen? In the 1990s, the Clinton administration wanted to control who got to use online encryption, a tool that keeps your messages private by turning a regular sentence into nonsense code before it travels across the Internet.
The Clinton White House wanted encryption in the hands of Americans — not foreigners. And it wanted spies and cops to be able to break that encryption and listen in on private communications whenever they wanted.
So, it restricted the export of powerful data encryption, forcing American companies to sell two versions of encryption: weak and strong.
We’ve since moved on. Export controls were relaxed. But it turns out the weak stuff remained buried in code everywhere.
A team of computer researchers on Wednesday revealed how pervasive this weakness is: Every major Web browser has it (Google Chrome, Android, Mozilla Firefox, Microsoft Internet Explorer, Apple Safari). And 8% of the top million websites are vulnerable.
Everyone has to update their Web browsers, and websites must patch their computer servers.
There’s a lesson here
Meanwhile, American police and intelligence agencies want backdoors again. In recent months, they’ve been railing against Apple and Google for better securing the privacy on their products. An iPhone passcode prevents police from sneaking into phones without a person’s permission. Google allows Android users the same protection (although not by default).
The FBI director says iPhone encryption protects pedophiles by restricting police. He and others in the Justice Department have been repeating a mantra, asking for “a balance of liberty and privacy.” They’re asking for a golden key.
Logjam shows the problem with the government weakening security, computer experts and privacy advocates say.
“It’s a bad idea to deliberately insert backdoors,” said University of Michigan computer security professor J. Alex Halderman, one of the researchers who discovered Logjam. “This sort of thing is what we expect to happen again if we get what the FBI is calling for.”
Johns Hopkins University cryptography professor Matthew Green, who also helped discover Logjam, says that when hackers exploit these backdoors, the effects can be disastrous. Hackers could funnel millions of dollars out of customers’ bank accounts, for example.
“In the course of making the world safe for the U.S. by putting in backdoors, we might be making the world less safe for the U.S.,” Green said.
This is actually the second time since March that Clinton-era encryption controls cause a privacy crisis. The other was the “FREAK computer bug.”
But there’s some hope. Politicians are starting to push back against backdoors for law enforcement. They’re listening to tech companies that take a stand, and folks like Apple CEO Tim Cook who say privacy is a matter of “life and death.”