The Computer Corner: The Man in the Middle

The Computer Corner: The Man in the Middle

“The sky is falling, the sky is falling!” cried Chicken Little. “The internet is going dark, the internet is going dark!” cry law enforcement and government snoops. Previously there were people who were concerned with their privacy online, but the revelations seven years ago by whistleblower Edward Snowden brought about a general awareness of the pervasiveness of government-sponsored eavesdropping.


Historians are likely to look back on this decade as the time when the general public first became aware of all the massive governmental surveillance programs highlighted in the news the last few years. History may record that as people became more cognizant of online security, many of them took steps to thwart surveillance of their online activities. For the government snoops, the internet is going dark.


Secure Sockets Layer (SSL), a proven technology, is used by banks and other institutions to provide a secure private connection between internet browsers and websites. An SSL tunnel allows you to transmit private data online from your computer to a web site guaranteeing that nobody is able to eavesdrop on that communication.


The list of popular email and messaging services that use SSL has expanded to include AOL, Facebook, Gmail, Hotmail, Twitter, Yahoo, and most of the others. Using SSL does not guarantee privacy but does make it harder for unauthorized people to read your mail. The internet is going a little darker for the snoops.


Eavesdroppers at the U.S. National Security Agency and its counterparts in other countries are bound to push back against this trend. One Orwellian solution for government snoops would be to follow the model of the “Great Firewall of China.” China has long censored and tightly controlled its citizen’s access to the internet. Nothing goes in or out of China without the government being able to read, record, and/or censor it. One of the ways this is accomplished is by not allowing SSL traffic that cannot be inspected by the government; another way is called “man in the middle.”


Some universities and large corporations use the man-in-the-middle technique to supervise how their internet access is used. Arguably this is their prerogative and people who use that network should follow the owner’s rules.


Let us suppose that one day in our dystopian future you receive a notice from your Internet Service Provider (telephone company or cable provider) stating, “To help guard your privacy and security you must install our SSL certificate.” What that really says is, “Installing our SSL certificate allows us to be a man in the middle and read all your mail and your other online activities that used to be private.” I hope it will be obvious that you do not want to give your ISP permission to do that.


Charles Miller is a freelance computer consultant, a frequent visitor to San Miguel since 1981 and now practically a full-time resident. He may be contacted at 415 101 8528 or email