Censorship is proportional. We tend to think of it as a binary – “censored” or “uncensored” – but a better way to think about it would be in gradations, or maybe as a percentage. Suppose you write a book and it is banned in Massachusetts but legal in New Hampshire. You have lost some percentage of your readers (the ones in MA); and so, you are not entirely censored; your readership is not gone but reduced by some fraction.

Proportional censorship has to do with ease of access to materials. Something can be censored by making it hard to get without making it illegal. If bookstores refuse to stock your book, even if it is legal to buy, that will make it harder for people to find your book. This will reduce your readership relative to what it would be if bookstores stocked the book.

However, bookstores refusing to carry books they don’t like isn’t always evil; and this principle of censorship is a fuzzy one because, at the ultimate level, even a bad review could be called “censorship” because it dissuades people from looking at something. If a bookstore only sells books the owner likes, is it “censorship” if they fail to include your book, even though doing so might reach other readers? Probably not.

Nevertheless, making something difficult to access can be used as a tool to shut down opponents in a debate. We should therefore take a careful look whenever a large organization with wide reach has the power to make it difficult for many people to access something. At present, this is the situation with the SSL/TLS trust chain used as the basis for security on the modern web. This essay examines that problem and points in the direction of some potential solutions.

Not so long ago banking and government websites used to tell people to check for the “green lock” in the upper-left corner of the browser. If you were visiting a website without the green lock, you’d get a warning if you tried to input a password or other sensitive information, but other than that there’d be no issue.

This situation is slowly changing. In 2018, Chrome began marking those sites “Not Secure” in the corner of the browser; other browsers also did so. Google also penalizes webpages that are not served with HTTPS, i.e. those pages without the “green lock”. And the lock is no longer green, it is black; because now, using it is normal and not using it is a dangerous exception.

This isn’t exactly a bad thing. The lock means that your browser was able to establish two guarantees:

1. No one is spying on what you send and receive. They can know who you’re connected to, but not what you’re saying.

2. The person you’ve connected to is who they say they are, and not a malicious actor impersonating them.

Both guarantees are important for secure communication. Establishing them, however, can be quite tricky. The first problem is partially solved by using an encryption suite called asymmetric encryption, which ensures that no one is listening. However, an attacker could do the following:

1. Pretend to be the website, to you.

2. Pretend to be you, to the website.

3. Pass messages from you to the website, and back again, reading them as it does.

All the attacker has to do is fool you into thinking you’re talking to the website, and it can eavesdrop on your communication. In other words, Guarantee 1 (no eavesdropping) is dependent on Guarantee 2 (no imposters). To completely satisfy Guarantee 1, we need to satisfy Guarantee 2.

As usual, this bears an analogy to real life. If you meet someone for the first time, your trust of them will be low (assuming you are reasonably cautious) until you get to know them better. However, if an old friend of yours introduces someone and says “he’s trustworthy”, then your initial level of trust will be higher (assuming you trust the friend).

Formally, this means that trust is transitive. If A trusts B, and B trusts C, then A can trust C.

Suppose your trusted friend has a very distinctive signature. If someone brings you a letter with that signature affixed saying “you can trust the bearer of this letter”, then you should be able to trust the letter-bearer assuming he didn’t gain access to the signature by force or guile. Such a letter would be a certificate of authenticity; it guarantees to you that the holder knows your friend and can be trusted.

Now, consider a slightly more complicated situation:

1. A person comes up to you and hands you a sealed envelope.

2. Breaking the seal and opening the envelope, you discover two letters. One is a certificate of authenticity from your old friend. But instead of saying, “You can trust the bearer,” it instead reads: “You can trust whatever is written on the other letter.”

3. The other letter reads “You can trust the bearer of this envelope” and is signed by someone you’ve never heard of.

Should you trust the envelope bearer?

Let’s review the situation. Your old friend has endorsed a third party, unknown to you, who has in turn endorsed the person standing in front of you. How sturdy is the trust chain, exactly? If trust is completely transitive, this shouldn’t be an issue, since:

A (you) trusts B (your old friend) trusts C (the unknown third party) trusts D (the man before you)

Therefore, argues the mathematical logic, A trusts D.

Is this true?

This is closely similar to how it works on the Web. When you connect to a website, the website presents your browser with a certificate of authenticity signed by someone the browser trusts (called a certificate authority, or CA for short). You trust the browser; the browser trusts the author of the certificate; the author of the certificate trusts the website. Therefore the website is trustworthy, and Guarantee 2 is satisfied.

A (you) trusts B (your browser) trusts C (the certificate authority) trusts D (the website)

(In fact, certificate authorities can issue certificates for one another, making the chain even longer.)

The browser (together with the operating system) maintains a list of trustworthy certificate authorities called the trust store. Anyone in the trust store is implicitly trusted by you, since you trust the browser.

If the browser or OS manufacturer decides they don’t like a certificate authority, they can revoke their authority by removing them from the trust store. Then, websites certified by that authority will no longer be trusted: no more green lock!

This gives browser and OS manufacturers power over the CAs. They could order a CA to revoke their certificate for a website by threatening the CA with removal from the trust store if they don’t comply.

This has happened in the past. The browser companies have revoked certificates for various companies, usually over concerns about spyware in both the US and China. Presumably this is to the advantage of the customer; however, it is concerning that the customer is usually ignorant of this entire part of the chain.

Whole companies are dedicated to the business of certifying websites. Because most users are unaware of the trust chain, these companies operate more or less without oversight; nor are there laws which govern their operation (and any attempt to make some would be staunchly opposed by those who point out the government’s inability to make good laws about the Internet).

The push for HTTPS is ongoing; it is all but inevitable that Google, Firefox, and the other browser manufacturers will make it harder and harder to access non-certified websites. This makes us dependent on the good word of the certificate authorities, who themselves are dependent on the goodwill of the browser manufacturers. This presents a problem if one of those browser manufacturers decides to use their power to implement censorship.

Censorship is about relative difficulty of access. If a browser company revokes a website’s certificate, they could argue that they are not censoring the website because the website is still there; the browser is just showing a warning. Some people will click through the warning, yes, but some, who would have seen the website’s content otherwise, will not. Again, the website has lost some percentage of viewers and is being proportionally censored. It will also be penalized in Google Search because it is no longer certified, enhancing the effect of the censorship.

What do we do about this? For starters, users should be more educated about the hidden processes behind their technology. In today’s world, if you are ignorant of the workings of your belongings you run a significant risk of being abused by those who are in the know: overcharged for car repairs, forced to buy a new PC every few years, addicted to a smartphone, and so on. Knowledge is power.

With more informed users it would be possible to change the dynamics of trust on the web to a more community-oriented or federated structure. For example, towns could act as certificate authorities for businesses within their walls; and you could accept a certificate from a trusted friend as proof that their social-media website is authentic. Presently neither the software nor the motivation for this exists; but the time is ripe.