2013 in Review: Encrypting the Web Takes A Huge Leap Forward
As the year draws to a close, EFF is looking back at the major trends influencing digital rights in 2013 and discussing where we are in the fight for free expression, innovation, fair use, and privacy. Click here to read other blog posts in this series.
This year the public got some hints of the scale on which governments are using electronic surveillance to spy on all of us. We learned how pervasively compromised our communications infrastructure is, and how cavalierly governments have spliced, bribed, lied, hacked, cozened, and secret-ordered their way into network backbones. We saw that individual Internet engineers were seen as legitimate hacking targets. We saw that spy agencies speak casually of mastering, controlling, dominating the Internet.
People everywhere fought back by increasing their use of encryption to protect their privacy. From journalism schools to boardrooms to parliaments, crypto tools were the talk of the town. Around the world, cryptoparties taught people more about adopting encryption tools, often teaching the "Encryption Works" guide written by former EFF Staff Technologist Micah Lee for the Freedom of the Press Foundation (an EFF client). Just last week, CyanogenMod adopted TextSecure to protect the text messages of its ten million users against mass surveillance. (Hey, other mobile vendors! Are you going to match Cyanogen's lead?)
We were particularly happy to see a sharp increase in the use of HTTPS encryption to protect everybody's connections to popular web sites, as well as back-end encryption to protect the exchange of data (like our e-mail) within and between companies. This year major providers took seriously the need to turn on encryption for their services, and a notion that secure connections are a basic industry standard began to take root. We had productive conversations about encryption with the operators of several major sites, and many sites rolled out or pledged to roll out secure connections on a major scale. Some mobile carriers started upgrading the encryption they apply to voice calls, and secure mobile communications apps became much more widely available. We're especially grateful to the many engineers, lawyers, and policy people throughout the Internet industry who have taken on this project as their own.
There's much we don't know about the ways that encryption tools and standards may have been subverted and undermined, and the ways governments may have talked companies out of their plans to roll out encryption. (There's also much we don't know about how governments' secret legal theories and secret industry partnerships may influence the design of communications systems.) We need journalists, engineers, mathematicians, and parliamentary committees to keep digging into these questions. But crypto adoption has a momentum now. In 2014, let's keep up that momentum—and keep up the conversation about end-to-end and host-proof encryption designs, which protect our data against all intermediaries, not just network operators.
This article is part of our 2013 Year in Review series; read other articles about the fight for digital rights in 2013.