Skip to Content

Cybersecurity & Standards, Government Surveillance, Privacy & Data

Polaris, “Let’s Encrypt” Will Mean More Ubiquitous Web Encryption and Privacy

2014-11-19 HTTPS

The state of Internet security and infrastructure has been rapidly changing of late in response to concerns about online privacy and security (i.e., surveillance revelations and extensive security breaches), and a series of announcements over the past several days have put a lot of momentum behind possible solutions.

Most recently, Mozilla and the Electronic Frontier Foundation (EFF) announced “Let’s Encrypt,” their collaboration with Cisco, Akamai, IdenTrust, and researchers at the University of Michigan in attempt to take the first big step towards a more universally secure Internet. One of the biggest weaknesses in the underlying architecture of the web as it exists currently is the highly bureaucratic and complex (not to mention costly) system required for websites to obtain and deploy the SSL/TSL certificates needed to protect your web surfing experience (these are the basic pieces of information that allow the little lock icon to work in your browser, signaling your session is private and secure). “Let’s Encrypt” will extend these digital certificates to all websites by starting an easy-to-use and free-of-charge certificate authority that issues them; this means that web encryption will not just be available to big players like banking services or email providers, but will set a much higher bar for Internet security across all websites, regardless of their ability to pay for a certificate or properly install it.

We are strong, adamant supporters of this initiative and are excitedly awaiting its unveiling in 2015 under a new nonprofit called the Internet Security Research Group (ISRG).

In addition to this, Mozilla announced its own strategic privacy initiative in collaboration the Tor Project and CDT. We’ll be consulting “on privacy technology, open standards, and future product collaborations” with the open-source browser to help it more effectively and appropriately bring privacy features into its products. “We want to accelerate pragmatic and user-focused advances in privacy technology for the Web, giving users more control, awareness and protection in their Web experiences,” the company explained via its privacy blog.

We believe in the possibilities that privacy innovations could make possible, and are excited and honored to be a part of the process.

What do these changes mean for the short- and long- term future of the security of the Internet?

There will soon be no excuses for not baking encryption into web services, and in turn, consumer privacy and protection into the tools we use to navigate the digital highway.