As I look back over the past year, I see a lot of healthy (and some unhealthy) discussion about the value of privacy vs law enforcement. And encryption is at the core of that conversation. Indeed, at the close of 2018 we saw the first government mandated encryption backdoor laws passed in Australia. And in 2019, that debate has continued to rage across continents. With encryption front and center, the U.S. government has also been quite active in issuing warnings about encryption threats. And then there are the implications of Quantum cryptography, DoH, TLS inspection issues and more. Join me in taking a glance back at the key issues that impacted encryption over the past year.
Here are the top 10 encryption news stories that we covered in 2019 [in chronological order].
- Distracted by Shutdown, U.S. Agencies Allow Certificates to Expire
During the U.S. Government shutdown in early 2019, there was some question about which functions were critical. During that time, some agencies may have taken their eyes off the encryption ball to focus on other priorities.
- U.S. DHS Warns Civilian Agencies about DNS Hijacking Attacks
After a warning from FireEye researchers, the U.S. Department of Homeland Security issued an emergency directive to civilian agencies that requires immediate action to mitigate the impact of a global Domain Name System (DNS) hijacking campaign.
- Google, Apple, GoDaddy Mis-Issue Over 1 Million Faulty Certificates
When over 1 million certificates were mistakenly issued by GoDaddy, Apple and Google with 63-bit serial numbers, instead of the 64-bits required by binding industry mandates, many organizations struggled to find and replace impacted certificates within the required 5-day window.
- Mozilla and Google Decide Not to Include DarkMatter in Trust Stores
After a lengthy industry debate as to the ethics of allowing suspiciously connected entities to run the gauntlet on the internet, Mozilla decided to reject the inclusion of DarkMatter into its trust store. Google follows suit.
- GCHQ Ghost Proposal Threatens Privacy, According to Technology Giants
Apple, Google, Microsoft and others published an open letter opposing a proposal by the GCHQ to silently inject a law enforcement officer, or “ghost,” into encrypted chats on the grounds that it would threaten fundamental human rights including privacy.
- FBI Warns about Phishing Campaigns that Use HTTPS Websites
In June, the FBI’s Internet Crime Complaint Center (IC3) issued a public service announcement about phishing attacks that use “HTTPS” and a lock icon in the address bar to lull users into a false sense of security so that they’ll feel safe enough to share their data.
- U.S. Attorney and FBI Director Re-ignite Backdoor Debates
Attorney General William Barr and FBI Director Christopher Wray argue that existing barriers to law enforcement agencies to access otherwise encrypted and, thus, private communications is putting American security at risk.
- Quantum Breakthroughs May Impact Cryptography as We Know It
Google’s apparent “quantum supremacy” has sparked debate over the impact of quantum computing in cryptography. Industry experts weigh in on whether quantum computing will accelerate advances in encryption or threaten them.
- The Fight Over DNS Over HTTPS Heats Up
If DNS over HTTPS is deployed through a major web browser platform, ISPs will have a harder time tracking how their users use the internet. Comcast argues that if Google handles DNS over HTTPS, they’ll have a dangerous monopoly over user data.
- NSA Warns about Problems with TLS Inspection
U.S. National Security Agency released a warning about the potential risks of TLS inspection where complications associated with TLS chains may introduce new vulnerabilities.
As the number of machine identities we rely on continues to accelerate rapidly in 2020, I’m sure we’ll see a corresponding increase in debate over their control—as well as consequences of inadequate control. Stay tuned for a top 10 list of encryption threats in 2019.