Considering that many vendors and online services are rushing to encrypt their user communications and other network traffic in the wake of the Edward Snowden revelations, it’s surprising that Twitter may have shelved its own encryption project.
Anonymous sources told The Verge that Twitter has stopped a project to encrypt direct messages sent between users. Rumors of this project, which would “prevent unauthorized snooping by hackers or the state,” originally swirled back in November. “But the project was dropped earlier this year without explanation, to the confusion of employees who were working on it and those in the internet security community who were aware of it,” The Verge reported.
While most of Twitter’s content is visible to anyone with a Web browser, Twitter provides some private channels, such as posts by protected accounts and direct messages sent privately between users. The Verge suggests Twitter decided to shift efforts away from the project because it has too many other things to work on, and not because it no longer cares about encryption. Twitter has rolled out other security projects recently, such as encrypting emails to users and adding perfect forward secrecy so that anyone who has access to the private key cannot use it decrypt older messages.
After ex-NSA contractor Edward Snowden leaked documents detailing the National Security Agency’s extensive surveillance programs, major tech companies such as Yahoo, Google, and Facebook rushed to encrypt user data stored on their servers as well as in transit between their servers.
“We’re pretty sure that any information that’s inside of Google is safe from the government’s prying eyes, including the U.S. government’s,” Google executive chairman Eric Schmidt said at a SXSW panel earlier this month.
Twitter will likely resume this project at some point, but if it doesn’t want to lose users to messaging upstarts such as Wickr, it will have to act soon.
Fahmida Y. Rashid is an accomplished security journalist and technologist. She is a regular contributor for several publications including iPCMag.com where she is a networking and security analyst. She also was a senior writer at eWeek where she covered security, core Internet infrastructure and open source. As well, she was a senior technical editor at CRN Test Center reviewing open source, storage, and networking products.