The environmental impact of encrypting the web by default
Introduction
Encrypting websites and web traffic by default is great for security, but the hidden downside is that in doing so, we are impacting the environment in a negative way. If we convert the amount of CO2 generated, some websites are outputting the equivalent of boiling water for 67,289 cups of tea!
In recent years, there has been a concerted effort by major internet stakeholders to encourage and steer websites worldwide to implement encryption by default for all web traffic. While the intent is well-meaning, it seems that little attention has been paid to the environmental impact of the energy-overhead of encryption, and the problem is getting worse. The question to ask is why is this the case, and what can be done about it?
Architects of the Internet
Most of us use the internet on a daily basis not knowing how it actually works, and that is fine. If we use a vehicle, we can go to our local friendly mechanic to service our preferred mode of transport and they take care of things. We trust our local mechanic to ensure that our vehicle will operate like a finely tuned clock and that they will use the latest techniques to ensure we are moving from place to place at maximum efficiency. Transport is a really important part of our lives, moving millions between point A and B every second of the day, and everyone is very aware of the environmental impact of transport and there are global efforts to ensure we minimise this impact while still having the freedom to move around.
The internet however is different, and we seldom consider the impact of moving the data we use from a server in Boston, to an iPhone being used to find the nearest chippie in Boggy Bottom Hertfordshire! Unbeknownst to mere mortals, the efficient operation of the internet is designed by a group of folk that are hidden in plain sight – these are the Architects of the Internet, and include organisations such as the W3C Technical Architecture Group (TAG), and the Internet Engineering Task Force (IETF). Together, these different groups of organisations and individuals, design standards for the web that include, for example, agreed specifications on how to render a webpage using HTML, how to enable the Web on mobile devices and emerging technology like car-tech, and how to make the web a secure and safe place.
A brief history of web security
Way back in the 1988, what started out as an experiment, ended up with the first person charged for Cybercrime. Since those early days, an entire industry has grown up to fight the growth of cyber-attacks on computers, designed to cause damage and steal money from both organisations and individuals alike. By the 1990s, malicious activities were on the rise, and a new method to help protect web browsing was invented, ‘SSL security’; this is the ubiquitous ‘padlock’ that now appears in the top of all modern browser windows, indicating that your communication with a website is secure.
SSL security was originally quite slow. An early study in 1998 demonstrated that the time to access a website increased by 22% when using encryption. Subsequent research has demonstrated numerous improvements over the years, with response increase times dropping from 12-15%, down to the now widely quoted ‘less than 2% network traffic overhead’. Thanks to consistent advances in technology and the commoditisation of hardware prices, the influential W3C Technical Architecture Group (TAG) now consider that the performance impact of encryption is ‘minor -- often, imperceptible’. As internet users, we have learned over time that HTTP is insecure, and HTTPS is secure, in general this makes sense, but there is more to the story.
Does low impact mean no impact?
As internet technologies have developed over the years, many changes and improvements have been made, one of these is the progression of version 2 of the HTTP protocol (HTTP/2).
It is claimed that HTTP/2 offers great benefits, especially from a speed point of view. The new protocol has not been without its detractors. In ‘Bad protocol, bad politics’, -Henning Kamp claims that not only is the protocol problematic, but that it will also require more computing power than HTTP/1.1 and cause increased CO2 pollution. Experiments carried out by Naylor in 2014 also demonstrate that the additional compute overhead imposed by encryption carries both a fiscal and energy consumption/environmental cost, and that the ‘extra latency introduced by HTTPS is not negligible’.
We see that the loss of caching could cost providers an extra 2 TB of upstream data per day and could mean increases in energy consumption upwards of 30% for end users in certain cases. Naylor et al., 2014
It is asserted by various groups that the performance impact of encryption is no longer a barrier to enabling strong security, research clearly demonstrates that such security does not come for free, and that there is a cost incurred both fiscally and environmentally that needs to be addressed.
The W3C TAG group has a specific section in their finding document that recommends the adoption of HTTPS by default, headed ‘Other Concerns about HTTPS’, where they address server-side security, processor speed and perceived performance. Given the very visible focus worldwide on the environment, and the commitment of almost all of the large tech companies in the sector to environmental protection and carbon footprint reduction, it is unclear why the W3C Technical Architecture Group did not mention or acknowledge the potential impact on the environment when they found that the web platform should be designed to actively prefer secure communication.
Fair comparison?
Due to the complex nature of computer security, non-experts generally accept the recommendations and observations of those deeply embedded in the field who have very specialist knowledge. If the experts state that everything should be secured by default, then it should be, and indeed when it is shown that sending data in a secure manner is actually faster than sending without encryption, surely that is the end of the matter? As it happens, there is more to this claim than at first appears.
We shouldn’t second-guess security officials Solove, 2011
Internet security is extremely important and must never be taken lightly, however, it should not be assumed that a security first approach is always correct and must not be questioned; to do so is analogous to the dangerous ‘nothing to hide’ argument often quoted in relation to regulations surrounding data privacy issues.
The website ‘http versus https’ aims to demonstrate in a very visual manner, that sending data using HTTPS is not only more secure, but actually faster, than plain unencrypted HTTP. The headline claims, “Encrypted Websites Protect Our Privacy and are Significantly Faster” and allows visitors to run two different tests to load images, one unencrypted, the other encrypted, with the goal of demonstrating the benefit of HTTPS over plain HTTP. This website has a high profile, with over 10,000 links to the site, is in the top results for ‘http vs https’ on both the Google and Bing search engines, and is referenced from the highly regarded Google security blog.
There is a problem with the claim, however, in that it is not based on a fair ‘like for like’ comparison. The assumption given by the page is that implementing security using HTTPS makes the data transfer process both more secure, and faster. Unless the webpage visitor is well versed in HTTP protocols, the footnote at the bottom of the page referring to the using different network data exchange mechanisms will bear little significance.
However, to those in the know, the footnote contains a dirty little secret! The website is transmitting the data using an older ‘HTTP/1.1’ protocol, whereas the ‘secure’ data is being transmitted using the most up to date, and quite different ‘HTTP/2’ protocol and it is this part that makes the difference in speed, not the actual security side of things.
A particularly good analysis of the issue has been written by Barry Pollard, the author of the renowned engineering book ‘HTTP/2 in Action’, who provides a more transparent experiment correctly comparing the systems on a ‘like for like’ basis. This experiment demonstrates that in a fair comparison, HTTPS is clearly slower than HTTP. The following screenshot shows an online ‘like for like’ comparison between secure, and insecure data transfer from the website ‘tune the web’ which clearly demonstrates that HTTPS is slower that HTTP.
Leadership, stewardship, ethics
Computer and information security generally reside in the field of computer science and engineering. As a profession, engineers have traditionally held themselves to operate at a high level of technical rigour, and many engineering organisations have codes of ethics that members subscribe to. IEEE members for example commit to make decisions ethically and to take environmental impact into account.
We, the members of the IEEE, … do hereby commit ourselves to the highest ethical and professional conduct and agree: 1. to accept responsibility in making decisions consistent with the safety, health and welfare of the public, and to disclose promptly factors that might endanger the public or the environment; IEEE code of ethics
Given the fact that such a small number of organisations and individuals have the power to architect and steer the direction of the internet, it would seem appropriate that the implications of every decision made is carefully examined through multiple lenses. The technology industry has a history of a myopic view when developing solutions, with some tragic outcomes as a result of bad design or unintended consequences. In the research community, the concept of an ethics and risk evaluation approval committee is well established. The job of the committee is to examine proposals for work and having examined the proposal from multiple different view points, including ethical concerns, unintended impact, diversity, and inclusion, to either reject or approve the work, or to ask for further work or clarification. Governance, risk, and compliance oversight should not be restricted to obvious areas such as finance, government, and healthcare. Where power is consolidated in a small bubble and has the potential for a deep and long-lasting impact on part of the very fabric of society that is the world wide web, it is imperative that scrutiny ‘in the open’ is embedded right at the core of decision making.
It is heartening to see that progress is starting to be made in the area of ethics in leadership of the web. The W3G TAG group published a finding in October 2020 that commits the group to consider the ethical implications of their work. The findings list a set of core principles that include a commitment to ensuring that the web must be an environmentally sustainable platform.
While encryption and privacy are extremely important, the cost of sending every resource required for a web page to operate in a secure mode, and at the same time removing options such as browser caching, cross site and ISP data caching for efficiency has a significant impact and should have been addressed. It is assumed that the commitment to ethical web principles by the W3C TAG will now be used to re-examine existing findings as they pertain to security by default, and a wider group of stakeholders will be engaged.
New research
Read the new research.
Following on the work of others, new research has been carried out to attempt to quantify the impact of actively preferring secure communication when transferring data as recommended by the architects and leadership of the web. This research focused on the environmental footprint of web development frameworks and digital assets such as web-fonts, and broadly followed the workflow design of the Carbon-API-2.0 calculator.
The results of this research found that:
- security by default generates an unnecessary overhead in aggregate for web traffic that can be damaging to the environment
- by extension, this overhead is potentially incurring millions of dollars in extra costs of running both cloud data centres and related internet infrastructure worldwide, and the overall cost in aggregate on end user devices.
The research recommends:
- that there are sufficient existing mechanisms in place to be able to ensure security and privacy without incurring extra compute, storage, and network transmission costs.
- that relevant stakeholders review the current policy taking particular note of the impact of any engineering decisions on the environment and related economic impact.
- further work is required to identify concrete solutions that can both satisfy and balance the needs of all stakeholders towards a positive sum outcome.
There be Cuppa's!
In order to convey the gravity of the problem to non-technical readers, the research attempted to quantify the overhead of using ‘security by default’, and using different metrics and calculators, came up with some interesting results that we now share.
The ‘Carbon Calculator’ estimated that one months’ worth of user visits to one of the websites investigated converted to CO2, was equivalent to boiling water for 67,289 cups of tea.
When the results of the research were given to the US Environmental Protections Agency (EPA) greenhouse gas equivalence calculator, it estimated that the CO2 produced by using ‘Secure by default’ in the top sites tested for one month, used the equivalent power that could have been used to charge all of the mobile phones in the UK for a number of months.
Summary
Making the internet a safer place is important, but so is our stewardship of the environment. We should not think in terms of quick wins and fiscal quarters, but rather the impact our actions have on generations to come. In the technical realm, architects guide our direction, and engineers build the future. It is incumbent on the architects of the internet to think about the impact of their decisions and designs in a holistic manner, including the impact that each CPU cycle required to send fonts over the web in a secure manner, has on the environment.
The UK is hosting the UN COP26 climate change summit in Glasgow in 2021 and is looking at innovative ways to cut carbon emissions. In an article by the Financial Times covering the event, the associate director for climate, environment and sustainability at TechUK, a non-profit industry group said that it is important to recognise that web traffic has an energy and carbon penalty. In the same article, Professor Mike Berners-Lee of Lancaster University, brother of the creator of the web, Sir Tim Berners-Lee, is quoted saying that while our technology efficiency has increased, so too has our carbon footprint.
The [efficiency] of information storage and transmission and analysis has gone up by a factor of millions, but . . . the carbon footprint of our information storage and transmission analysis has also gone up because we’re doing millions and millions of times more of that activity. Prof. Mike Berners-Lee
This very much sums up the overall message of this article. While it is important to improve efficiency, it is critical that we question decisions made by a small number of increasingly powerful groups with far reaching impact on both society and the environment.
We must create technical standards environments that are conducive to revisiting and challenging past decisions and that ensure we consider climate change alongside other important issues at all times.