The battle between US & UK government agencies, and developers trying to save the last bit of online privacy you have left.
Adam Milton-Barker | Jul 14, 2015 | Web Apps, Security & Hosting | 2373 In the last two years we have seen a major outbreak of cyber related attacks aimed at the general public, businesses, developers, corporations and the governments. The attacks have pointed out some gaping flaws in the online systems and databases that power the world, and have resulted in massive amounts of data loss and people being put directly at risk as a result of the hacks. Also during this time we have been witness to the unveiling of some of the most dangerous bugs in tools used by millions of developers to keep you safe whilst you browse the internet. Bugs like PoodleBleed, HeartBleed, and Shellshock were majorly dangerous bugs that placed massive holes in the core of our online world. Developers have spent the last two years battling to protect systems from the latest attacks and searching for further vulnerabilities, to start patching up the internet one bug at a time. A lot of this goes unnoticed by the general public, but for developers the last two years have been a hair pulling couple of years, and things are only just getting going. While you are typing your messages on Facebook, buying things off Ebay and roaming about the vast space known as the internet, millions of developers throughout the world are working day and night to ensure that you can navigate around the internet securely and without risk. With more and more insecure systems being uploaded daily that weaken the internet, and more and more vulnerabilities being found and attacks happening, it is hard to focus on anything but security at the moment and the battle is on to lock down the internet before some real damage is caused. Right in the middle of all this there is a storm brewing between the developer community & tech giants such as Apple, Google and Facebook; and the US and UK governments who have now decided that they want to put a gaping big hole in the middle of the all of the hard work carried out over the last two years to keep the internet alive and secure. To bring you up to date if you haven't heard much about this, the increase in interest about modern encryption took a massive rise round about the time that Edward Snowden released information claiming that the NSA had been using technology to break the privacy of millions of people. In the year leading up to this I had began to notice an increase in the use of SSL certificates on sites like Google & Facebook. Previous to this, SSL encryption was mainly only used for E-Commerce and banking systems, but more and more sites began using SSL by default allowing them to serve up their data securely and take care of their visitors ensuring that their data was encrypted. There was a pretty high profile case where the US government were trying to retrieve data from Microsoft from one of their servers in Ireland, the DOJ announced that data of American citizens should be made available to the government, no matter where the server was located. Microsoft fought about this and whilst doing so attracted the attention and support of the development world including the big guys at Google. From this point things began to start getting hairy, tech companies lost clients through fear that their privacy was going to be breached, and the wall between developers and the governments was quickly getting higher. As the US began to notice that tech companies were stepping up their security in a massive way, they began to realize that they soon they would no longer have access to data stored on servers due to it being encrypted. For whatever reasons this seemed to upset them and whispers began floating around the internet that they wanted to get back door access to any data they wanted to get their hands on. What I saw over the next few months made me pretty angry, I began seeing articles flying around the internet that the US was saying that modern encryption and security was aiding terrorists and that encryption was bad. I could see the image clearly that was being painted through the media, an image that discredited the hard work and dedication of millions of people who were actively trying to secure BILLIONS of people from online attacks, and the general public seemed to be lapping it up, people have even begun to question why their privacy matters and have been willing to give it up. If for any reason these back doors were made compulsory, it would put an un-fixable flaw in the very foundations of our online security. Encryption is not only used to keep your data secure on social media sites etc, but it is the absolute keystone in the world of E-commerce and online banking. If back doors were programmed into online systems, it would instantly weaken the internet and become a single point of entry into ALL of your data, your entire identities. All of the hard work from developers around the globe would be absolutely wasted and every single person that uses the internet would be at risk of bank and credit card fraud, identity theft and what ever comes over the next few years. Sometimes it feels like the bigger picture isn't seen, the internet powers every aspect of our day to day life in someway or another. The stock markets, the banks, the military, businesses and hospitals, to name a few, all have online networks, for their infrastructure as well as their publicly available systems. If the internet was made vulnerable at times like we are living today, the entire world could be brought to its knees! This is what developers and techs are fighting to stop happening, and encryption is one of the most used tools to do this. We already have a big enough job of staying on top of security, we have the responsibility to help friends and families to get updated and secure, and now probably one of the biggest tasks the developer world will ever face: getting the general public to understand and care about security & why your privacy is important, on top of all this there is pressure from governments asking to knowingly make the internet insecure. The reason why developers pay so much attention to security is that we genuinely care! We know how things are at the moment, we see it everyday, we understand the risks and how much it matters to keep you guys safe, bit bit the contributions are leading us to a safer environment for all. The fact that governments are asking for this access can only mean that they really don't see or understand the dangers that are lurking around the corner, and this is bad, outlawing the methods used to secure us will only lead to to the downfall of the internet. It hasn't all been bad, laws have been passed in the US that go in favor of the public and their privacy, but as I said before, the battle still goes on. I hope that the governments will begin to understand the reasons why developers dedicate their lives to securing the internet, and that a mutual ground can be found that doesn't compromise the population. It really is time that developers and techs can be left to do what they do best in peace, keeping you all safe, and the internet alive.