Wednesday 6 August 2008

If Conroy filters the Internet online banking may grow riskier

In Securify This! by Liam Tung at ZDNet Australia on Tuesday the spectre of Conroy's internet censorship weakening data security raised its ugly head.

Communications Minister Stephen Conroy has welcomed "improvements" in ISP filtering technologies, but will a broad-scale roll-out make ISPs a thief's favourite target?
The great success of the ISP filtering trial was that current technologies impose far less interference on an ISP's network than similar tests done five years ago.
Improvements like this give the impression that yes, the government has its collective head around the challenge of making the internet a safe place.
But after an interesting chat with Internode's core networks and infrastructure group team leader Mark Newton, I came to the conclusion that any concerns about network degradation are peanuts compared to security worries around what could happen if the technology is implemented — in particular to the protocol used to conduct secure Web sessions with your bank or the tax office — HTTPS.
Newton raised an interesting idea: for an ISP to filter HTTPS sessions it would have to engage in a Man in the Middle attack, where the attacker intercepts and changes information being transmitted between two parties...
Normally HTTPS means that data streams pass unfettered between your computer and the bank's servers, but ISP filtering would see that data unencrypted at the ISP, inspected, re-encrypted and then forwarded on to you and the bank.
Now, I don't use Dodo, Exetel or TPG, but these ISPs don't seem to be able to afford call centre staff, so can we rely on these ISPs to implement whatever technology the government approves?
And if the filtering products run on Windows operating systems, what happens if and when those systems become infected with a trojan or virus that siphon information to cybercrims?
Let's hope we find out a little more about the security and privacy implications in the "live" trials the government plans to run in the coming months.

Unfortunately for Liam and the blogosphere, it is highly unlikely that Senator Conroy or his staff have even given this issue a passing thought.
From where I am sitting, the progressing of this national ISP filtering scheme is principally about a narrow, faith-based, ideology ridden agenda.

1 comment:

Anonymous said...

... "ISP filtering would see that data unencrypted at the ISP, inspected, re-encrypted and then forwarded on to you and the bank" ...

Um, I don't think so, unless every ISP is going to hold the private encryption keys of every bank, which is absurd. However, the filtering scheme is silly for many other reasons.