c.2013 New York Times News Service

c.2013 New York Times News Service

A year ago, hardly anyone, save for cryptographers, had heard of Perfect Forward Secrecy. Now, some customers are demanding it, and technology companies are adding it, one by one, in large part to make government eavesdropping more difficult.

On Friday, Twitter announced that it had added Perfect Forward Secrecy, after similar announcements by Google, Mozilla and Facebook. The technology adds an extra layer of security to Web encryption to thwart eavesdropping, or at least make the National Security Agency’s job much, much harder.

Until Edward J. Snowden began leaking classified documents this summer, billions of people relied on a more common type of security called Transport Layer Security or Secure Sockets Layer (SSL) technology to protect the transmission of sensitive data like passwords, financial details, intellectual property and personal information. That technology is familiar to many Web users through the “https” and padlock symbol at the beginning of Web addresses that are encrypted.

But leaked NSA documents make clear that the agency is recording high volumes of encrypted Internet traffic and retaining it for later cryptanalysis. And it is hardly the only one: Iran, North Korea and China all store vast amounts of Internet traffic. More recently, Saudi Arabia has been trying to intercept mobile data for Twitter and other communication tools.

The reason governments go to great lengths to store scrambled data is that, if they later get the private SSL keys to decrypt that data — via court order, hacking into a company’s servers where they are stored or through cryptanalysis — they can go back and decrypt past communications for millions of users.

Perfect Forward Secrecy ensures that, even if an organization recording web traffic gets access to a company’s private keys, it cannot go back and unscramble past communications all at once. Perfect Forward Secrecy encrypts each Web session with an ephemeral key that is discarded once the session is over. A determined adversary could still decrypt past communications, but with Perfect Forward Secrecy the keys for each individual session would have to be cracked to read the sessions’ contents.

Perfect Forward Secrecy does add a slight delay to a user’s initial connection to Twitter — about 150 milliseconds in the United States and up to a second in countries like Brazil that are farther away from Twitter’s servers. But the company said the extra protection was worth the delay.