Dr Phillip Hallam-Baker, a vice president and principal scientist in charge of web security software development at security software vendor Comodo, has published a paper calling for a more robust internet architecture that can combat web spying by governments.
The Internet Engineering Taskforce (IETF) draft paper, called "Prism-Proof Security Considerations", explores "the security controls that may be employed to mitigate the risk of pervasive intercept capabilities regardless of source".
It follows a call by IETF chairman Jari Arkko, who works for Ericsson, and IETF security area director Stephen Farrell, for improvements to internet protocols and architecture in a bid to combat government spying.
Items under consideration by the IETF, according to the jointly authored blog post, include:
However, the US National Security Agency (NSA) in the past has infiltrated IETF standards-setting committees with agents in a bid to subvert and undermine global computer security standards.
Having set standards that are both complicated and weak, it has subsequently sought to exploit those weaknesses in mass information-gathering campaigns.
Writing about how the IPSec security standard was drawn up, Electronic Freedom Frontier co-founder John Gilmore wrote in a recent blog posting:
"Every once in a while, someone not an NSA employee, but who had long-standing ties to NSA, would make a suggestion that reduced privacy or security, but which seemed to make sense when viewed by people who didn't know much about crypto...
"The resulting standard was incredibly complicated - so complex that every real cryptographer who tried to analyse it threw up their hands and said, 'We can't even begin to evaluate its security unless you simplify it radically'."
He continued: "I also found situations where NSA employees explicitly lied to standards committees, such as that for cellphone encryption, telling them that if they merely debated an actually-secure protocol, they would be violating [US] export control laws unless they excluded all foreigners from the room (in an international standards committee!)."
The revelation that the NSA attempted to subvert standards directly on the bodies of global organisations established to specify them has hardened opinion in favour of more secure internet protocols - and has also damaged the idea of US leadership of internet design and security.
Prism-proof by design
Hallam-Baker's paper is the first officially published that begins to explore how the threat to web privacy and security can be tackled.
"The term 'Prism-proof' is used in this series of documents to describe a communications architecture that is designed to resist or prevent all forms of covert intercept capability.
"The concerns to be addressed are not restricted to the specific capabilities known or suspected of being supported by Prism or the NSA or even the US government and its allies," explains Hallam-Baker.
Much of the covert data collection perpetrated by the NSA involves metadata - information about data - making the IETF one of the best fora for devising systems that can stymie its efforts and similar initiatives in the UK, France, Germany, the Netherlands, Australia and New Zealand.
The IETF can, for example, redesign email standards to obscure email headers or require transport layer security connections between email servers to make it more difficult to eavesdrop on online communications, for example.
While the paper is somewhat light on concrete suggestions, it is intended to instigate contributions from other IETF members in order to develop workable technologies and specifications.