Blocking encryption makes us all less safe

Oct 15, 2014 11:36 GMT  ·  By

We need net neutrality for so many reasons that it’s hard to comprehend why some people are opposing it. Of course, it’s interesting to note that most of those who are against the notion are actually the very same corporations that would profit from this, namely the Internet service providers.

Many have argued that we don’t need net neutrality rules because there’s actually no evidence that they have been abusing a lack of such rules in the past. Well, outside of the “accidental” steep drop in connection speeds for those clients of Comcast and Verizon who were trying to access Netflix, that is, and which has ultimately pushed the movie streaming service to pay for a peering deal.

Of course, there are many other violations, most of which we may never even actually hear about. But there’s one that’s slowly making its way across the news, namely how ISPs are violating the principles of the open Internet by creating a way to block encryption.

Yes, you read that right. They’re blocking encryption. This makes us all a lot less safe since it makes our data available for anyone to grab, but it sure makes the life of NSA agents that much easier when snooping in on innocent people.

Throttling speeds

VPN company Golden Frog filed a document with the Federal Communications Commission in which it discusses two recent examples that show that users are not, in fact, receiving the open, neutral and uninterrupted service to which the Commission says everyone is entitled to.

The first example Golden Frog brings to the table is a video created by Colin Nederkoorn back in July showing how Verizon was throttling his Netflix connection. When he logged into a VPN, his Netflix stopped bumping into every corner; he could actually view the movies he wanted to watch. While Verizon and other ISPs denied hackling with Netflix’s speed, it’s obvious that the situation is a lot different.

Nederkoorn was actually using the Golden Frog VPN tool, which makes the company look pretty good for managing to fight off such issues, even though the issue stands – ISPs shouldn’t be throttling their own network to their own users’ detriment.

Breaking encryption

The second example, however, is the one that will likely make your blood boil, especially if you value your online safety.

“In the second instance, Golden Frog shows that a wireless broadband Internet access provider is interfering with its users’ ability to encrypt their SMTP email traffic. This broadband provider is overwriting the content of users’ communications and actively blocking STARTTLS encryption. This is a man-in-the-middle attack that prevents customers from using the applications of their choosing and directly prevents users from protecting their privacy,” reads the document.

If ISPs commonly block the use of encryption, they might soon start blocking VPNs, as well as other security protection measures, leaving us all bare to hackers, online criminals and mass surveillance.

Golden Frog explains that it has performed tests using one mobile wireless company’s data service by manually ripping the SMTP commands and requests, and monitoring the responses from the email server in issue. The data shows that the provider was intercepting the server’s banner message and modifying it in-transit, while further modifying the server’s response to a client command that lists the extended features supported by the server.

The ISP modified the server’s “250-STARTTLS” response which informs the client of the server’s capacity to enable encryption by changing it to “250 – XXXXXXXA. This means that the email client did not receive the proper acknowledgement that the server supported STARTTLS so it didn’t make any attempt to turn on encryption.

“When it detects the STARTTLS command being sent from the client to the server, the mobile wireless provider modifies the command to “XXXXXXXX.” The server does not understand this command and therefore sends an error message to the client,” the note continues.

Same tactic, different application

This is a concept similar to what happened a few years back, when Comcast was trying to block BitTorrent, just at a bigger scale and with a much worse twist since this is about encryption.

It’s also important to note that this is a mobile Internet access provider and not a wired provider. The FCC’s net neutrality rules didn’t previously apply to wireless broadband, but the Commission is considering whether it should apply new rules to wireless too.

“There have been problems in the past and there are problems now. The proposed rules do not resolve all of the problems identified in the NPRM. Further broadband Internet access providers are still interfering with beneficial and privacy-enhancing applications users want to employ,” Golden Frog writes in the filing.