Andrea Danti - Fotolia

Wikipedia founder Jimmy Wales attacks UK government surveillance

Websites must use SSL to prevent the UK government monitoring users' activities, Wikipedia founder Jimmy Wales tells delegates at IP Expo in London

Wikipedia founder Jimmy Wales used his keynote presentation at IP Expo in London to blast the UK government’s ambition for mass internet monitoring.

Wales warned that the basic human right to privacy should not be eroded.

Speaking about prime minister David Cameron’s recent comments about the need for the country’s administration to read communication between people, Wales said: "It is not feasible and it is completely moronic and stupid!"

Wales said security is built into the strategy for most new websites. "It is the moral thing to do.

"Using https by default is the only option for users. If you are not secure, you allow the administration to look at user data."

In his presentation Wales showed a slide which estimated that, in 2016, 65% of all internet traffic would be encrypted. All Wikipedia pages are now encrypted he said; while the authorities can see that someone has visited Wikipedia, they cannot tell what pages the user has viewed.

He said: "As a direct result of Edward Snowden, people have a high level of understanding of the need to be safe and diligent on the internet. Demand for SSL (secure socket layer encryption) on service providers has surged. Global SSL traffic has surged. Over 80% of traffic on mobile network will be encrypted in 12 months."

Read more about cyber surveillance

Cyber Reconnaissance, Surveillance and Defense author Robert Shimonski describes commonly used mobile technology and how phone-tracking works.

The National Security Agency (NSA) considered its relationship with AT&T unique and especially productive, leaked documents show.

But SSL is open to attacks. As Computer Weekly previously reported, the recent OpenSSL certificate verification flaw lets attackers impersonate cryptography-protected websites, email servers and virtual private networks (VPNs). Wales expected government hackers may end up targeting internet organisations directly, if encryption is widely adopted among internet users.

Mass data harvesting

According to Wales, forcing internet companies to store all user data is a pointless exercise. He argued that encrypted data cannot be read, so the security services cannot track what people are doing. He claimed that collecting data would put those internet companies at increased risk of cyber breach – as with the recent attack on Ashley Madison.

Wales also spoke about freedom of expression, which could be abused if websites are not encrypted. He discussed the case of Raif Badawi in Saudi Arabia, and argued that governments used internet surveillance to curb freedom of expression.

"Our technological decisions have impact all around the world," said Wales.

"Badawi set up a website to promote liberal values in Saudi Arabia – an intellectual forum we would all recognise.

"He was sentenced to 1,000 lashes."

Wales argued that Cameron and the Tory government had been complicit in dealing with the government in Saudi Arabia. Wales said there was no excuse for the UK government to sign a £50.9m deal for training the Saudi prison system. 

Read more on Network security management