Twitter protects its users from electronic snooping with 'impossible' encryption technique borrowed from GCHQ
Sunday 24 November 2013
Twitter has used an “impossible” mathematical problem first discovered by GCHQ to protect its users from electronic snooping.
The company said "perfect forward secrecy" (PFS) was now live on all its services, drastically increasing the effort required to intercept its traffic.
It is understood the move is intended to make it more difficult for data to be collected on its users without going through legal channels.
Jim Killock, director of the Open Rights Group (ORG), said it was a "policy move" driven by revelations about mass surveillance by British eavesdropping agency GCHQ and the American National Security Agency (NSA).
He said: "Companies have now realised precisely how vulnerable their information is on the internet. It's no longer a theoretical risk. We know it's been going on now.
"This is about asking users to trust the companies involved and to also force the legal authorities to approach companies directly rather than attempting to seize the data in transit."
In June it was revealed that GCHQ was using a project called Tempora to indiscriminately scoop data from fibre optic cables entering and leaving the UK.
In standard encryption each side of a communication independently generates paired keys - a public key telling others how to encrypt the messages they send to it and a private one used to decode them when they arrive.
The maths involved make it almost impossible to calculate the private key from the public one.
But if an attacker acquires a company's private key it can read anything sent to and from that company's servers - even if it was recorded years earlier.
PFS adds another stage where two machines collaborate on enormous sums to deduce a shared key which is never shared and never used again.
That means an attacker would have to use a more complicated and resource-intensive "man-in-the-middle" strategy specifically targeted at a single communication while it was still going on.
The so-called "Diffie-Hellman" method used by Twitter was first discovered by GCHQ analysts in the early 70s, but remained classified until it was independently patented by a pair of American cryptographers.
A post on Twitter's engineering blog explained: "If an adversary is currently recording all Twitter users' encrypted traffic, and they later crack or steal Twitter's private keys, they should not be able to use those keys to decrypt the recorded traffic."
It stressed that the move was simply "part of a continuing effort to keep our users' information as secure as possible" and that PFS should become "the new normal."
Dr Ian Brown, an ORG trustee and associate director of Oxford University's Cyber Security Centre, said PFS "effectively reinforces the rule of law about interception" and described the Diffie-Hellman problem as "effectively impossible."
He said: "In the States, the UK, and many other countries, there are laws that say governments can go to companies and request messages relating to individuals or subjects that they have a warrant for.
"What this means is that is the only way those intelligence agencies can get access - rather than, as we now know they have been doing, recording everything."
Life & Style blogs
The future of sex: The first female condoms were derided, mistrusted and shunned - but will their modern counterparts catch on?
Satoshi Nakamoto unmasked: Report claims bitcoin inventor is 64-year-old coder living in Los Angeles
Private school refuses to readmit anorexic pupil because her presence would be 'too disruptive to the rest of the year group,' mother claims
'It's brusquely intimate': A bereaved daughter tackles the task of emptying her father's flat
Study suggests that 'gaydars' are real - at least for women
Apple's Tim Cook: Business isn’t just about making profit
Thousands of young people forced to go without food after benefits wrongly stopped under 'draconian' new sanctions regime
Ukraine crisis: New navy chief 'defects' and surrenders Crimean HQ as Putin claims ultranationalists forced intervention
Britain's top vet sparks controversy with call for ban on slashing animals' throats in 'ritual' slaughters for halal and kosher meat products
Ukraine crisis: Russia dismisses '3am ultimatum' as 'total nonsense'
If you're horrified by a flame-roasted dog, you should be shocked at a hog roast
- 1 The future of sex: The first female condoms were derided, mistrusted and shunned - but will their modern counterparts catch on?
- 2 South African rhino finally put down after roaming Kruger park for days with horn hacked off and bullet in brain
- 3 Channel 4 announces two-hour TV show to be broadcast 'Live from Space' later this month
- 4 Man stabbed with Legend of Zelda Master Sword in serious condition
- 5 Study suggests that 'gaydars' are real - at least for women
iJobs Gadgets & Tech
£1000 per month: Inspiring Interns: Our client is a start-up mobile app develo...
£6.31 per hour: Inspiring Interns: This growing predictive analytical software...
£55000 - £70000 per annum + Benefits + Bonus: Harrington Starr: C# Developer (...
£60000 - £70000 per annum + Benefits: Harrington Starr: Senior C# ASP.NET Deve...