It's 2020, and the two-year-old TLS 1.3 is still the best encryption protocol out there. Why aren’t we all using it? A few more reminders on the finer points of TLS 1.3 and why it’s successfully replaced all former protocols as the security standard of the internet. Whether we upgrade or not is a different story. And, at a time when privacy and civil rights are called into question by proposed legislation, data handovers and tracking techniques, we offer up for review a plagued history of the digital consumer privacy rights movement. And where it is now.
Pegged pants. Formica tabletops. HTTP. And now, TLS 1.2.
These things are out of date, but while curating your lava lamp collection won’t hurt anybody, not using TLS 1.3 just might.
We all rise together
With TLS 1.3 deriving its value from widespread adoption, we may have yet to realize the full safety of the internet as not everyone has made the transition. And, even those who have upgraded to TLS 1.3 may still be susceptible to downgrade attacks when dealing with other browsers, technologies, endpoints that haven’t. So we should all step up and adopt the latest standard.
What TLS 1.3 brings to the table
In addition, TLS 1.3 is faster and smoother than previous TLS iterations at authenticating the asymmetric “handshake” between client and server, and it may help circumvent censorship laws, as ISPs can no longer block access to certain websites. For more on the benefits of TLS 1.3, read up on Kim Crawley’s “Why TLS 1.3 is a huge improvement”.
Now that safer internet protocols are out there (TLS 1.3 has been around since 2018), it’s up to us to use them. Like shelter in place, we’re all safer if we do it.
In 2012, the Obama administration released “Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Economy,” which included the Consumer Privacy Bill of Rights. A good idea, the issue was largely ignored until the White House drafted up its own version in 2015. The Federal Communications Commission passed internet data regulations in 2016, only to get them repealed in 2017 by a Congressional Review Act. Telecoms said it treated them unfairly against large social platforms. Upon leaving the White House, President Obama left a review and recommendation to the incoming President Trump regarding furthering of the initiative, which was promptly discarded. A year later, Ro Khanna (D-CA) released his Internet Bill of Rights in another attempt to seal data protections into law.
Bringing the issue to Congress, Senator Edward J. Markey (D-MA) introduced his Privacy Bill of Rights Act last year, and it was “Read twice and referred to the Committee on Commerce, Science, and Transportation.” As far as we know, it’s still there.
While the fight may be ongoing, it’s not over yet. Both the EARN IT Act and Sen. Markey’s Bill of Rights are still up for debate.
Just to remind us, these were the principles behind the original 2012 Privacy Bill of Rights, as summarized by the Electronic Privacy Information Center (EPIC).
The more you know.
In 2018, Senator Markey and fellow Massachusetts Senator Richard Blumenthal both sponsored the CONSENT Act, a pro-privacy reaction to the Cambridge Analytica scandal.
Now, Sen. Markey is leading the Privacy Bill of Rights and Sen. Blumenthal is on the opposing side, sponsoring the pro-backdoor EARN IT Act.