That is the takeaway from a new piece in the Washington Post. After discussing how Chinese Internet stipulations, including insisting on access to source code in products such as iPhones, Yahoo and LinkedIn personal data, threaten security and privacy (an easy call), the piece continues by observing that:
To be fair, the Chinese is not the only government your browser probably trusts. Despite reports that the U.S. National Security Administration is engaged in a similarly massive effort to spy on its own citizens’ communications, certificates issued by the U.S. Department of Defense are also widely trusted.
What that means, according to Kevin Bocek, vice president of security strategy and threat intelligence at the cyber security firm Venafi in San Francisco,is that the Internet’s own immune system is capable of being turned against users anywhere in the world, giving governments the ability to “take control of our browsers and our smartphones.”
The metaphor of the Internet being “infected” by a virus, back-door or malware is often-used. But here it’s being used as push-back against the cited need for back-doors or weakened encryption, not just in China but as a cyberwarfare retaliation to China. “Browser trust” (or certificate trust) as the new frontier in cyberwar.