By the end of 2014 or the beginning of 2015, various large cloud providers as well as the Internet Engineering Task Force (IETF) will have developed mechanisms to protect most Internet traffic against the pervasive domestic spying performed by the U.S. National Security Agency. The NSA won’t be unable to decrypt the traffic it really cares a lot about, but it will just take too much computer time to decrypt all traffic, as it can do right now.
I predict this because there is a great convergence happening. First, the NSA’s antics have finally made companies aware of the security issues involved in taking client-server traffic that used to be inside the firewall and moving it to the Internet in order to access a cloud-based system. Secondly, the IETF is expecting to release the HTTP 2.0 protocol by the end of 2014, at which point it will be possible to encrypt Web traffic by default. Thirdly, large cloud providers such as Google and Microsoft will not be able to convince major clients to move to the cloud unless the data is protected in transit.
The irony, at least for the NSA, is that while the NSA’s powers will probably end up being curbed through legislative action, its technical capability will also be curtailed through these moves. By 2015, the Internet will be more secure… and regardless of what we may otherwise think about him, we’ll have Edward Snowden to thank for it!
Cloud customers should already be asking their suppliers what measures they offer to protect the traffic. The urgency just got greater.
[Editor’s Note: This post is part of the annual “Cutter Predicts …” series.]