The Internet crisis coming January 1, 2016 is way worse than Y2K
Those of us who remember the days leading up to the year 2000 remember that basically all anyone could talk about was Y2K, and how this Millennium Bug that made the year 2000 indistinguishable from the year 1900 to computers was going to lead to the fall of civilization and by the time 2001 rolled around we’d all be be wearing animal pelts and hunting and gathering like in the good old B.C. days.
So, as all of us living in 2015 know, Y2K was NOT the harbinger of the End Times, and we’ve spent the last decade and a half celebrating New Years with nary a worry about January 1st bringing with it bad tech news.
That may be about to change. As BuzzFeed reports, on January 1, 2016, anyone with a phone that’s more than five years old will not be able to access the encrypted web, which includes sites that are extremely important for most people to access, like Google, Facebook, and Twitter.
The population this change will most affect are residents of the developing world, where up to 7% of people could find themselves without Internet because their 5+ year old phones don’t pass encryption muster.
Most sites are encrypted. If you see that https with a green lock at the start of a URL, that means the site has been certified, and you know that you’re on, say, the real HelloGiggles, as opposed to a dastardly impostor hellbent on destroying all the cat videos in the world. No, but in all seriousness, encryption means that you can browse the Internet with an easy mind, and not worry that one wrong click will jeopardize your security.
The problem is, the current version of the cyptographic hashing algorithm, SHA-1, is no longer secure; so the CA/Browser forum (AKA, the organization that regulates encryption policy) recently announced that as of January 1, they’ll no longer be issuing SHA-1 certificates. Instead, they will have updates to the much, much more secure SHA-2.
This is great for all of us who have new phones, and terrible for people who lack access to the latest tech. As content delivery network company CloudFlare reports, 6% of people in China will no longer be able to access encrypted sites, while countries like Cameroon, Yemen, Egypt, and Libya will also have about 5% of their population lose access. The over 20 countries with populations that will experience blocks are largely located in Africa, Asia, and the Middle East, with some Central and South American countries also containing populations that will be shut out with this shift. In total, as Matthew Prince, CEO of Cloudflare told BuzzFeed, over 37 million people could be cut off.
“This is a story about encryption and the conflict between how you support the future and the past at the same time,” Prince told BuzzFeed News. “It is important to remember that the internet is not just guys with the newest laptops and an iPhone 6.”
Facebook chief security officer Alex Stamos is also troubled by this change. As he explained in a blog post last week:
Both Prince and Stamos are urging CA/Browser Forum to roll back the January 1st deadline to give encrypted websites a chance to find a solve for this problem. Facebook has a solution they’re currently working on, a tool that would allow certificates to be switched off based on the browser.
This story brings up a problem we don’t talk about enough: When it comes to tech and innovation, accessibility and security are often at odds with one another. It is both near impossible and of the utmost importance to ensure that the internet is both safe and secure for all users. In this particular situation, we hope that fixes are able to happen in time, so that websites won’t have to choose between offering security and accessibility, with hope, the timeline will lay out in a way where sites can offer both.
(Image via Shutterstock)