Washington Post Tackles Snooping, Encrypts Webite

The Washington Post has begun to encrypt parts of its website to prevent ‘outside parties’ from monitoring what its readers are accessing.

The move will add to the unease among government officials and the security agencies about the increasing adoption of encryption technologies in everyday life.

Security Scares

The Washington Post has been at the centre of a number of security scares in recent years. In 2011, it was hacked by Chinese attackers that exposed private data. And then in August 2013, the Post as well as a number of other media outlets was hacked by the Syrian Electronic Army, a hacker collective aligned with Syrian President Bashar al-Assad.

Then in December 2013, hackers (again thought to be Chinese) breached its servers and compromised the usernames and passwords of employees.

And the Post and other media outlets and technology firms are also contending with state-sponsored monitoring revealed by whistleblower Edward Snowden.

Encryption Move

In response to all of the above, the Washington Post from Tuesday this week, began encrypting parts of its web in to make it “more difficult for hackers, government agencies and others to track the reading habits of people who visit the site.”

It will roll-out the encryption to the rest of the website over the coming months.

“The biggest gain is letting users feel secure,” Shailesh Prakash, the company’s chief information officer was quoted as saying in a blog posting. The only change for readers will be the display icon in their web browsers that will show a small lock, in the Web address bar. At the website address will begin with the letters “https” rather than “http.

“The articles you read paint a picture of your life. They can reveal your political interests, suggest your sexuality, your interest in medical issues and other sensitive topics that are really no one else’s business but your own,” Christopher Soghoian, a privacy researcher and technologist with the American Civil Liberties Union, was quoted by the Post as saying.

The type of encryption being rolled out by The Post, known as https or SSL, establishes a private connection between the website and the user, which makes it much more difficult for outside forces to monitor or hijack web traffic.

That said, it is thought the NSA and GCHQ already has the supercomputing power to crack 512-bit encryption in just a few minutes. And the NSA is widely believed to be capable of breaking 1024-bit encryption as well.

The Post did admit that there could be a drop-off in online advertising revenue in response, as the new security measures will require advertisers to make sure their content is also secure.

Encryption Battle

Last month, a group of major American technology companies including the likes of Google, Microsoft, Apple, Facebook and IBM signed the open letter to President Obama, calling on his government to respect the privacy rights of consumers by not weakening encryption systems.

In the past US law enforcement have complained that encryption can prevent the FBI and the Department of Homeland Security from examining data during investigations. President Obama has previously recognised the need for privacy, but has asked tech companies to allow the government to break that encryption when necessary, much to the alarm of many.

On this side of the pond, Prime Minister David Cameron said earlier this year that he wanted British intelligence agencies to be able to monitor the encrypted communications of terror suspects.

The chief of Europol also recently said that the increasing prevalence of encrypted Internet communications is a major difficulty for law-enforcement and national security efforts.

And in April the leading counter-terrorism policeman in the UK said that some tech firms are helping militants avoid detection by developing systems that are “friendly to terrorists”.

Can you protect your privacy online? Take our quiz!