crypto scene


A tectonic shift for the Internet’s crypto landscape is coming.

The current share of encrypted traffic on the web is largely due to Google GOOG -0.47% , Facebook FB 0.09% , and Twitter TWTR -2.57% , which have all by now adopted HTTPS by default. They mostly account for the red portion in chart above, an aggregated breakdown of the Internet’s current crypto-scape in North America can be seen above.

The networked world may reach a crypto-tipping point this year. More than half of the world’s Internet traffic will likely be encrypted by year end, says a report released by the Canadian networking equipment company Sandvine on Thursday morning.

Encryption, which keeps the content of digital communications hidden from prying eyes, protects about 30% of the Internet traffic in North America at present, according to the report. By the end of 2016, that figure should more than double to more than two-thirds of the continent’s Internet traffic.

Why the upswing? In a word: Netflix NFLX -0.09% .

Sandvine, the Waterloo, Ont.-based company that made the projections, is best known for its previous reports that have revealed the extent to which Netflix dominates the world’s digital pipes. With more than 40 million subscribers in the United States (about 60 million globally) and 10 billion hours of video streamed in the first quarter of the year, Netflix accounts for more than a third of all downstream (or downloaded) north american Internet traffic during peak evening hours. It’s a pipe hog. (As Internet service providers have long complained.)

That’s why, when the video streaming king earlier this month announced its plan to begin encrypting the data it serves up to its customers, Sandvine took note. In its 2015 first quarter letter to shareholders, Netflix set out its plans to switch from using the unencrypted hypertext transfer protocol (HTTP) to the secure version “HTTPS.” (The “S” stands for secure.) From the letter:

Over the next year we’ll evolve from using HTTP to using Secure HTTP (HTTPS) while browsing and viewing content on our service. This helps protect member privacy, particularly when the network is insecure, such as public wifi, and it helps protect members from eavesdropping by their ISP or employer, who may want to record our members’ viewing for other reasons.
Because Netflix contributes to so much of the world’s data flow, the switch represents a tectonic shift for the Internet’s crypto landscape.

“We now believe we can deploy HTTPS at a cost that, whilst significant, is well justified by the privacy returns for our users,” wrote Mark Watson, Netflix’s director of streaming standards, in a public email that appeared the same day as the company’s shareholder letter. (The increase in cost is due mostly to infrastructural issues: obtaining the right security certificates, optimizing software and hardware, preparing for the higher computing power needed.)

Unmentioned by Watson: Those privacy returns are a two-way street. Netflix has always been incredibly secretive about its programming viewership numbers, and encrypting its traffic will help prevent outside firms from getting at the company’s user data.

Sandvine, for its part, has no interest in that information, says Dan Deeth, the company’s media and industry relations manager. He assures Fortune that the company he represents does not decrypt any traffic as part of its analysis. Which is a common misconception, he says, given the invasively snoop-sounding name of its technology: “deep packet inspection.”

“Our whole business centers around traffic intelligence,” Deeth says. “But we stay away from that icky area of knowing exactly what people are doing.”

Instead, Sandvine’s filters read the metadata—such as the address or “to/from” fields—on those unit of Internet traffic known as packets. That’s how the company can tell which service you’re connecting to—whether that be Netflix, YouTube, Facebook, or something else. Knowing where data is flowing allows clients to manage and prioritize traffic.

Sandvine cannot tell, however, exactly what you’re watching, listening to, saying, reading or writing. (And neither can any other third party, when encryption is done properly.)

Deeth, who has authored the biannual “global internet phenomena spotlight” report for the past eight years, says that Sandvine fully supports the adoption of HTTPS encryption. “We’re in favor of encrypting traffic. We think its a very good thing for protecting people’s privacy,” he says.

That stance jibes with a longstanding mission of the San Francisco non-profit Electronic Frontier Foundation, which has been strongly advocating for more encryption on the web since 2009. Deeth cites the foundation’s “let’s encrypt” project as another impending booster for encrypted web traffic, on top of Netflix’s big move.

In that project, the foundation aims to cut through the current complexity and bureaucracy inhibiting encryption’s adoption, making it simple and seamless for any system administrator to deploy. “If the internet were designed today that’s how it would have been designed,” says Jeremy Gillula, an Electronic Frontier Foundation staff technologist. “But it was designed in the ’80s—or even earlier depending on which protocol you’re talking about—and was an academic network where people weren’t initially thinking about privacy, or security, or that our lives would eventually revolve around this technology.”

“Secure by default is how we want that system to be,” he adds.