Jimmy Wales: “All major internet traffic is going to be encrypted very, very soon”

Jimmy Wales wants every website to switch to encryption, and he looks set to get his wish. We hear the Wikipedia founder’s thoughts on total internet encryption, government spying and the slow battle with China

“A few years back we were in the golden age for spying on the general public,” says Jimmy Wales, founder of Wikipedia. He is giving the keynote address at the IP Expo Europe in London, and it’s clear that he is confident of two things: total internet encryption is coming, and this is a very good thing.

“Virtually all chat was not encrypted at all, it all went in the clear, anybody could sniff your connection, whether it was the NSA or somebody in your local network, [they] could see what you were saying on chat,” he continues. “It was a really bad situation. A lot of privacy activists, security people were worried about this, but no one was really listening. It was very, very easy to spy on people.”

A lot has happened since then, including a dramatic drop in the cost of encryption-supporting servers and Edward Snowden’s leak of the NSA’s data spying practices. In other words, just as encryption has become more feasible to implement, the demand for it has surged.

Inline images courtesy of Lane Hartwell. Featured image courtesy of Joi Ito

Image and featured image courtesy of Lane Hartwell.

“There is a massive trend going on, on the internet, towards SSL: secure connections. So you know  when you go to a website and it says https – that’s a secure connection,” Wales explains. “This is what you used to find, mainly in places like when you’d go to your bank – that would be an SSL connection. Most websites were unencrypted, and we didn’t worry too much about it.”

But things have changed. According to data company Sandvine, 29.1% of data packets sent over the internet in April 2015 were encrypted. By 2016, this number is expected to jump to 64.7%, as Netflix switches completely to SSL.  Wales believes that this will prompt a steady move across the web, until only the very smallest sites remain, as he calls it, ‘in the clear’.

“Over the next couple of years that’s going to end up being a 5 to6% slice [that isn’t encrypted], and it’s going to be some very small websites and things like that which haven’t bothered to do it,” he says.

“All major internet traffic is going to be encrypted very, very soon, that’s a very, very good thing when you think about all of the issues around stolen credit card numbers, people sniffing networks, stolen passwords, identity theft. All of these things become much, much harder when your passwords and your data information aren’t flying over the clear every time they’re on an open network.”

Jimmy Wales’ guide to encryption

While SSL is the standard way to encrypt webpages, when it comes to chat applications, things are a little different.

“People are using chat on their phone, using chat on their computer, talking to friends – this is a huge proportion of internet communication, and something that is generally very personal,” says Wales.

However, there are two types of encryption available for chat, and knowing how they differ is quite important if you are serious about privacy.

“The first level would be encryption between you and the chat company, but then they can read your message – you’re just sending it to them so nobody can spy in between and they get your message, and they send it on to the person you’re chatting with, and that connection is also encrypted,” explains Wales.

“So that is a pretty good level of encryption – it stops people on your local network from spying on you and things like that – but it leaves a huge vulnerability in the middle, which is inside that company.”

If you trust the company in question, you may feel your data is safe with this method, but according to Wales this still leaves your data vulnerable.

End-to-end encryption is really important. It’s something we want to see for all channels and discussions

“One of the shocking revelations from Ed Snowden is that the NSA had tapped into cables between Google data centres,” he says. “So when Google thought ‘alright, your Gmail is safe from out there to in here; it’s safe in our data centre, it’s safe there’, there was a hole inside the data centre because they were tapping into those cables and therefore were able to read a lot of internal Google traffic that they thought had been secure.”

The best solution, then, is end-to-end encryption, something which Edward Snowden has also called for.

“So when you type a message on your phone, it’s encrypted by your phone, it is sent to your friend through the servers and back down to them, it’s encrypted all the way and its decrypted at the other end,” Wales explains.

“This is the best level of security, and as long as the encryption protocols work, as long as the math works. And this is the one I do believe: the math works. Sometimes I’ve heard people who are sceptical and not very well informed saying ‘oh well the NSA’s probably cracked all of the encryption algorithms anyway’. There is no evidence to suggest that they’ve done it, and no evidence to suggest that they are going to be able to do it anytime soon.

“End-to-end encryption is really important. It’s something we want to see for all channels and discussions so that everything you’re saying to your friend in private is actually held in private.”

A spy-free internet

Wales is keen to point out the irony of this move to end-to-end encryption, which has gained considerable support in the wake of Snowden’s NSA revelations.

Image courtesy of Joi Ito

Image courtesy of Joi Ito

“The overreaching efforts to spy on the public have made it actually harder – and permanently harder – to engage in lawful, warranted investigations,” he says.

“If we lived in a world where I wasn’t concerned about the NSA hacking into a chat company, for example, to steal everybody’s chats, if we didn’t live in that world I would say ‘I don’t mind if there are points in the network where with a warrant, with appropriate judicial oversight, you can actually listen in on people’.

“That’s not an absolute right. But because they’ve been so ridiculous and so overreaching people are moving, and I recommend you move to end-to-end encryption.”

Of course, if everyone follows Wales’ advice then the NSA and similar agencies will lose the chance to ever access such data, even if they have a just cause for doing so.

“There is a bit of an irony that the overreach has actually cost the security services any hope of doing what they hope to do in a legitimate sense,” he says.

Wikipedia’s move

It’s a common misconception that SSL is only important when websites are handling private data

Wikipedia itself is now completely encrypted, having undergone a rapid transition to SSL following the NSA leak.

“Wikipedia used to be totally in the clear and unencrypted, and so then we went through a long period of technical evaluation and preparation, which was massively accelerated when we saw one of the slides from the NSA that made clear that the NSA considered Wikipedia traffic to be an easy target,” says Wales.

“It was a site that was transmitted in the clear, so it was easy for them to spy on everything that you’re reading and everything that you’re doing on Wikipedia. We’ve now gone to SSL everywhere. So everywhere in the world, when you visit Wikipedia it’s an encrypted connection.”

It’s a common misconception that SSL is only important when websites are handling private data, however this was not the reason Wikipedia was transitioned.Instead, it was the ability for governments with poor human rights records to tell when citizens were reading articles covering controversial or anti-government topics, and arresting them as a result. It may seem like something out of dystopian fiction, but Wales is adamant that this situation occurs, and says he is aware of particular Wikipedia editors being affected.

As a result, he believes newspaper websites, which often do not have SSL, should be making far greater efforts in this area.

“If you’re a newspaper that cares about freedom of expression and freedom of speech, it’s probably not good to allow the government of the Maldives to be profiling people in their communities based on what news stories they’re reading, and if you aren’t secure you’re allowing that to happen – it’s a really important point,” he says.

[For those of you at this point wondering why we haven’t taken his advice, we’re currently in the process of persuading our IT department to do just that.]

Dealing with China

It would be inappropriate for us, given our mission of free knowledge for the world, to ever participate in government censorship

For Wikipedia, however, switching to SSL has produced another dent in its interactions with China.

“We’ve been subject over the years to a lot of different problems in China: one of the biggest problems has been direct censorship,” Wales says. “For a long period of time, for about three years, we were completely banned in China.”

While some digital heavyweights have tried to cooperate with China, Wales makes it clear that compromising Wikipedia to get it unblocked in the country is something he was never prepared to do.

“My view is that access to knowledge is a fundamental human right, it’s a corollary of the right to freedom of expression, and it would be inappropriate for us, given our mission of free knowledge for the world, to ever participate in government censorship,” he says.

However, without concessions being made by Wikipedia, China changed its approach to the website in 2008, when the world’s focus was on the country.

“Around the time of the Beijing Olympics Wikipedia was opened up, the Chinese had a period of liberalisation of the internet, and they opened up and they allowed access to almost all of Wikipedia,” adds Wales. “But they were filtering certain pages, they were filtering about the usual suspects: things that are sensitive issues in China. So the Tiananmen Square incident; the artist Ai Weiwei; there’s a religious cult called Falun Gong; anything to do with Taiwanese independence -these are the kinds of things they were filtering, just those pages.”

This continued for some time without change, but with SSL on the horizon, China once again changed its approach.

“There was a long equilibrium for a long time, they were filtering certain pages, but as we were working to move to SSL — we had implemented in many countries, we were rolling it out country-by-country to make sure it was robust — just before we were going to roll out in China, they blocked Wikipedia again,” says Wales.

The reason for this sudden re-blocking is likely to be that under SSL, China wouldn’t have the option to selectively block particular Wikipedia entries: it forces the country to take an all-or-nothing approach.

“With https, the only thing that the Chinese authorities can see today is if you’re talking to Wikipedia or not, they can’t see which pages you’re joining, which means they no longer have the ability to filter on a page-by-page basis, so they can’t block just Tiananmen Square,” says Wales. “They now have a very stark choice: the entire country of China can do without Wikipedia, or they can accept all of Wikipedia.”

mag-1511--feature-footer

At present, this means that Wikipedia is not accessible in mainland China, but Wales remains optimistic about the future.

“Right now they’ve made the choice to ban all of Wikipedia, so it’s a bit of a standoff, it’s all or nothing, so they’ve invited me to China and I’m going there in the next few weeks to meet with them and see what we can do,” he says.

“It’s a funny bit of my career that I started as a technologist and now I’m some kind of diplomat and I have to go and talk to the Chinese government. It’s kind of fun.”

Wanted man captured thanks to facial recognition

A Chinese man who was wanted by police for “economic crimes” – which can include anything from tax evasion to the theft of public property – was arrested at a music concert in China after facial recognition technology spotted him inside the venue.

Source: Abacus News

SpaceX president commits to city-to-city rocket travel

SpaceX president and chief operating officer Gwynne Shotwell has reiterated the company’s plans to make city-to-city travel — on Earth — using a rocket that’s designed for outer space a reality. Shotwell says the tech will be operational “within a decade, for sure.”

Source: Recode

Businessman wins battle with Google over 'right to be forgotten'

A businessman fighting for the "right to be forgotten" has won a UK High Court action against Google.. The businessman served six months’ in prison for “conspiracy to carry out surveillance”, and the judge agreed to an “appropriate delisting order".

Source: Press Gazette

UK launched cyber attack on Islamic State

The UK has conducted a "major offensive cyber campaign" against the Islamic State group, the director of the intelligence agency GCHQ, Jeremy Fleming, has revealed. The operation hindered the group's ability to co-ordinate attacks and suppressed its propaganda.

Source: BBC

Goldman Sachs consider whether curing patients is bad for business

Goldman Sachs analysts have attempted to tackle the question of whether pioneering "gene therapy" treatment will be bad for business in the long run. "Is curing patients a sustainable business model?" analysts ask in a report entitled "The Genome Revolution."

Source: CNBC

Four-armed robot performing surgery in the UK

A £1.5m "robotic" surgeon, controlled using a computer console, is being used to shorten the time patients spend recovering after operations. The da Vinci Xi machine is the only one in the country being used for upper gastrointestinal surgery.

Source: BBC

Virgin Galactic rocket planes go past the speed of sound

Virgin Galactic completed its first powered flight in nearly four years when Richard Branson's space company launched its Unity spacecraft, which reached supersonic speeds before safely landing. “We’ve been working towards this moment for a long time,” Virgin Galactic CEO George Whitesides said in an email to Quartz.

Source: Quartz

Google employees protest being in "the business of war"

Thousands of Google employees, including dozens of senior engineers, have signed a letter protesting the company’s involvement in a Pentagon program that uses AI to interpret video imagery and could be used to improve the targeting of drone strikes. The letter, which is circulating inside Google, has garnered more than 3,100 signatures

Source: New York Times

Computer system transcribes words users “speak silently”

MIT researchers have developed a computer interface that transcribes words that the user verbalises internally but does not actually speak aloud. The wearable device picks up neuromuscular signals in the jaw and face that are triggered by internal verbalisations — saying words “in your head” — but are undetectable to the human eye.

Source: MIT News

Drones could be used to penalise bad farming

A report by a coalition of environmental campaigners is arguing squadrons of drones should be deployed to locate and penalise farmers who let soil run off their fields. Their report says drones can help to spot bad farming, which is said to cost more than £1.2bn a year by clogging rivers and contributing to floods.

Source: BBC

Californian company unveil space hotel

Orion Span, a California company, has unveiled its Aurora Station, a commercial space station that would house a luxury hotel. The idea is to put the craft in low-earth orbit, about 200 miles up, with a stay at the hotel likely to cost $9.5 million for a 12-day trip, but you can reserve a spot now with an $80,000 deposit.

UK mobile operators pay close to £1.4bn for 5G

An auction of frequencies for the next generation of mobile phone networks has raised £1.36bn, says regulator Ofcom. Vodafone, EE, O2 and Three all won the bandwidth needed for the future 5G mobile internet services, which are not expected to be launched until 2020.

Source: BBC