Wednesday, December 11, 2013
In the past 20 years, internet-based financial transactions have become integral to the global economy, from online personal banking to multi-million dollar stock transactions executed within microseconds.
We've come to trust the security of those transactions thanks to the Secure Socket Layer (SSL) protocol, which uses huge, unsolvable math problems to hide our personal data until it reaches a trusted recipient. Here's a metaphorical video of how it works:
We're not literally sending keys and padlocks over the internet, though. Instead, we're trading huge numbers that, when multiplied together like a key fitting a lock, generate even bigger numbers that can't be unscrambled into the original factors. The wikipedia article about prime factors explains:
"Determining the prime factors of a number is an example of a problem frequently used to ensure cryptographic security in encryption systems... it is relatively easy to construct a problem that would take longer than the known age of the universe to solve on current computers using current algorithms."
But yesterday, thanks to Edward Snowden's leaks, we learned that the government has been spending billions of dollars to crack and weaken these common internet encryption methods, collecting the secret "key" numbers from various institutions and introducing "back doors" to allow its agents to decode encrypted messages.
"The N.S.A. has been deliberately weakening the international encryption standards adopted by developers," reported the New York Times. "One goal in the agency’s 2013 budget request was to 'influence policies, standards and specifications for commercial public key technologies,' the most common encryption method."
In other words, we can't really trust SSL and other "secure" internet protocols to protect our online financial transactions (not to mention our emails, medical records and all the other stuff we send over the internet). Nate Thompson, writing on Ars Technica, points out that "backdoors create security breaches exploitable by unintended users—remember the Athens Affair? A built-in backdoor meant for law enforcement was accessed by others to spy on some of Greece's top leaders."
If NSA agents use their access to spy on their exes (as frequently happens, as we recently learned) what's to prevent them from "borrowing" our credit card numbers? Or rigging a short spike in certain stock prices for personal financial gain?
While the Syrian Electronic Army may be emboldened to leave Justin Bieber alone for a bit while they try to hack the Federal Reserve, these new revelations are having definite short-term effects on the U.S. software industry. Bloomberg cites a report that U.S. cloud computing providers may lose up to $35 billion by 2016 as foreign firms shift their data to more trustworthy servers. And in today's paper, we have a story about how worries over a networked motion-sensing camera in the new XBox One game console has created a huge backlash among gamers.
Financial transactions (even with cash) have always had issues with security, but SSL encryption was supposed to usher in a golden era of easy, secure, cashless transactions. These revelations might give banks, consumers and investors second thoughts about how they wire funds over the internet.
Commercial Confidential tracks Maine's business leaders and economic indicators.
I'm an economics wonk and an online content producer for the Portland Press Herald.
"On the Move": Submit items of interest regarding new employees, promotions and professional honors — with photos and LinkedIn URLs — to business [at] pressherald.com.