How we secure the web (HTTPS, HSTS & PFS)

For many of us, communicating, reading, working, and socializing on the Internet starts and ends with the web. So, any push to end mass surveillance must start there.

HTTPS, HSTS, and PFS (perfect forward secrecy) are powerful tools that make mass spying much more difficult. Until websites use them, we’re sunk: agencies like the NSA can spy on everything. Once they’re ubiquitous, mass surveillance is much harder and more precarious—even if you’re the NSA.

Here’s how sites can do their part to end mass surveillance, what it gets us, and why it matters so much to Reset the Net and the overall fight.

1. Sites need to use HTTPS

The basic technology we use to secure the web is HTTPS, and we all use it every day, without even noticing it. You know that lock icon you see in your browser, especially on shopping sites but now, increasingly, everywhere? That’s HTTPS!

If a site isn’t 100% HTTPS, anyone can spy on you. Police can do it. The FBI can do it. Really clueless governments can do it. Even random creepy dudes on the same public wifi network as you can do it.

(And through a sort of strange quirk of how “logging in” works on the web, attackers can do even more than just spy: they can access your password-protected accounts as you.)

Adding HTTPS is pretty easy to do. Unless you’re running a huge site it’s very inexpensive. If you are running a huge site, then with success comes responsibility: your site is too important not to have it.

2. Sites also need to use HSTS

Now, the NSA has ways to keep on spying even when sites do the right thing and add HTTPS protection. Some of these methods are difficult or impossible to defend against. But right now, the hands-down easiest way to break HTTPS encryption is to trick people into not even using it, with a technique called SSLstrip.

Here’s how it works. You type “facebook.com” into your browser, but somebody else tells your computer “I’m facebook.com”. You may think you’re talking to Facebook, but really you’re talking to the NSA. If you typed, “https://facebook.com” every time you went to Facebook, SSLstrip wouldn’t work. But who does that? Nobody.

In theory, you could notice it was happening. But usually, nobody does. Even skilled hackers get tricked by SSLstrip.

This is where HSTS comes to the rescue. HSTS tells every browser, “Hey, this site always uses HTTPS. If you ever get a version of this page that doesn’t, don’t load it, it’s fake.” The best thing about HSTS is that it’s easy to add, and doesn’t cost anything.

As a stopgap measure, individuals can (and should!) install the HTTPS Everywhere browser addon. But to resist the NSA, the web needs privacy built-in. We can’t depend on optional extras.

3. Sites should use Perfect Forward Secrecy (PFS).

The security of any HTTPS connection depends on the security of private keys. Once the NSA or any attacker gets these keys, they can break HTTPS encryption until the site switches to new keys.

Losing control of private keys is a catastrophe every site tries to avoid. But the security version of Murphy’s Law says it will happen eventually. Recently, the “Heartbleed” bug meant as many as 2 out of 3 sites on the Internet could have leaked their keys.

So, it’s good to think about how to limit the damage when it happens. Perfect Forward Secrecy (PFS) limits damage, by protecting all the data sent before the keys leaked.

To government spies an HTTPS connection could look like a bunch of encrypted, incomprehensible gobbledygook. But they can still collect it! With PFS, that old data is still safe. Only the new stuff is vulnerable. PFS even offers some protection after keys have leaked, by forcing attackers to perform active man-in-the-middle attacks rather than just decrypting traffic they collect with passive surveillance methods.

In the case of a public bug like Heartbleed, sites will freak out and change their keys pretty fast. So in that common scenario, you only lose privacy for a short amount of time.

Note: if you’re adding PFS on your site, there are some pretty significant problems with many implementations of PFS that could make sites easier to spy on. Whether you’re considering adding it or you already have, you should read this paper.

Why everyone needs to do this.

There’s no way to tell exactly how much HTTPS with HSTS and PFS limits the NSA’s ability to spy on the web. But we do know a few things.

First, there are some known victories. HTTPS keeps data out of the hands of surveillance-friendly ISPs (telephone & cable companies) who are always the worst when it comes to handing over data. And it puts almost every government on the planet out of the mass surveillance business; only the most sophisticated governments, if any, can spy on HTTPS traffic.

Second, we know that if the NSA can crack HTTPS on a large scale without being detected, it’s by exploiting specific bugs. If we can get every site using the latest security measures, they’ll upgrade when bugs are discovered.

Then the NSA is in a precarious position. Once all traffic is encrypted, their mass surveillance apparatus depends on an ever-dwindling number of bugs in a small number of tools, extremely valuable bugs they are racing with other governments, organized crime, and security experts to discover.

Once we get there, governments are always just a few technical fixes away from losing their mass surveillance capabilities. At that point, the odds tip in our favor, and victory becomes possible.

For more information on the steps you should take to protect your service and your users from government surveillance, see the Data Security Action Plan from Access and their “Encrypt all the Things" campaign.