Svenska English Dansk
  • Menu
  • Select language

Andreas Karlsson — 25/06/19

The woman with the key to the internet

Anne-Marie Eklund Löwinder, Chief Information Security Officer at the Swedish Internet Foundation (Internetstiftelsen), always carries an important key with her. She is one of 14 carefully chosen people who have responsibility for these extraordinary keys to the internet. Without these keyholders, the internet wouldn’t work in a safe way...talk about responsibility!

I get a bit nervous just thinking about carrying such an important key. When I first heard about it, I assumed it was some sort of digital device but, no, it’s an actual, physical key. Not much bigger than the one you use to lock your bike. In all likelihood, Anne-Marie doesn’t keep it on a string round her neck like I used to do with my house key when I was 9.

The name for this esteemed role is cryptographic officer and there is only a select group of people from across the world who have been chosen to take responsibility for these special keys. Anne-Marie stands out from the rest, not because she’s from Sweden, but because she is the only woman.

 

Why do we need these keyholders and how does it actually work?

Yes, we do need them! Since we wouldn’t be able to remember long complex IP addresses when we send emails or visit websites, we use domain names instead –  Dotkeeper.com for example. These work thanks to the so-called domain name system, DNS. You can think of it like the internet’s own telephone operator: a hidden group of ridiculously quick and somewhat sweaty people linking cables together, making sure you get connected to the right website.

There is also a security system called DNSSEC that makes sure that all domain names point to the right IP address, as well as preventing digital criminals from manipulating the domain system. This security system is protected by specific cryptographic keys.

These keys are renewed a couple of times a year, and this is where Anne-Marie, her colleagues and their physical keys come into the picture.

 

Key Ceremony

A data centre in the small town of Culpeper, outside Washington, DC, holds the internet’s best-kept secret. The data centre demands extremely high security, so it’s surrounded by both fences and guards. Anne-Marie travels here a few times a year to go through the key ceremony, along with some of the other key holders. Specifically, there needs to be at least three keyholders present at the ceremony for new security keys to be generated.

Like a scene from a spy film, the key holders are escorted together through security doors, with eye scanners and access cards, until they reach a steel cage where two large safes are bolted to the ground. The safes contain a cryptography machine that can generate security keys, a portable computer and seven small boxes containing smartcards. Anne-Marie has the key to one of the boxes where her smartcard is kept.

When she and two other keyholders finally activate the cryptography machine with their smartcards, and have confirmed that the process is ongoing, only then can the internet work properly, letting us keep surfing for a few months more.

 

Picture: iis.se (internetstiftelsen i Sverige)