People With Older Phones May Not Have Safe Internet Access After Jan. 1 — Here's Why


Anyone who's still clinging to the original iPhone should really consider going for the upgrade before the ball drops: At midnight on Jan. 1, BuzzFeed reports, people with a cellphone five years or older will be shut out of the encrypted web, barred from browsing Facebook, Google and Twitter on the go. According to CA/Browser Forum, which dictates web encryption, the current algorithm, SHA-1, is no longer safe, so when the new year begins, a more secure iteration, SHA-2, which older cellphones won't be able to support, will be put into play.

"SHA-2 will have a sort of 'You Must Be This Tall to Ride' measure on browsers," writes Joe Carmichael at Inverse. "Essentially, if your phone or computer is not 'tall enough' — read: new enough, updated enough — to 'ride,' SHA-2–encrypted sites will turn you away." 

SAEED KHAN/Getty Images

The problem with SHA-1: In October, a group of researchers at Centrum Wiskunde & Informatica released a paper stating that SHA-1 was in peril because it could be broken by "criminal syndicates," which fueled their "recommendations for industry standard SHA-1 to be retracted as soon as possible." The code that keeps websites secure — locks user information from prying eyes — was easy to break, and needed to be updated. 

Enter SHA-2.

CloudFlare, a tech company that both tracks and prevents cyber threats, says on its website that a more secure encryption code is mostly a positive change. "Prohibitively difficult to forge certificate signatures are part of what keeps encryption systems secure," the website reads. "As computers get faster, the risk that, for any given hashing algorithm, you can forge a certificate with the same signature increases." 


But there's a downside. CloudFlare estimates that "over 37 million people," mostly in developing countries, will lose their web access with the update. "The problem is that people across the world, most of them in the developing world, use old phones or desktops that don't update themselves," CEO Matthew Price told BuzzFeed

"And they won't be able to access the internet." Facebook's Chief Security Officer Alex Stamos agreed, saying, "We don't think it's right to cut tens of millions of people off from the benefits of the encrypted internet."

The debate over cybersecurity: Encryption featured prominently in Tuesday night's debate, with former Hewlett-Packard CEO Carly Fiorina stressing the necessity of getting government technology up to speed. Donald Trump has vowed that he will shut down the internet, or certain parts of it, in order to keep terrorists from accessing American intelligence and influencing the country's young and malleable minds.