digital age hostage

‘Today two computer security researchers released a draft of a forthcoming research paper in which they present evidence that certificate authorities (CAs) may be cooperating with government agencies to help them spy undetected on “secure” encrypted communications. More details and reporting are available at Wired today. The draft paper includes marketing materials from Packet Forensics, an Arizona company, which suggests that government “users have the ability to import a copy of any legitimate keys they obtain (potentially by court order)” into Packet Forensics products in order to impersonate sites and trick users into “a false sense of security afforded by web, e-mail, or VoIP encryption”. This would allow those governments to routinely bypass encryption without breaking it.’

- EFF | New Research Suggests That Governments May Fake SSL Certificates