By Elizabeth Dwoskin
Companies are racing to encrypt their data to block hackers and government spies. But researchers have found that data mining techniques can get around one widely used version of the technology.
Researchers from the University of California at Berkeley and Intel [including School of Information professor Doug Tygar] say they were able to use statistical models to infer what pages were visited on 10 websites that contain sensitive information and use a standard encryption technology. The sites include those operated by the Mayo Clinic, Planned Parenthood, Kaiser Permanente, Wells Fargo, Bank of America, Netflix, YouTube and the American Civil Liberties Union.
In a recent research paper, the researchers state their techniques were able to identify sensitive information that a person was searching for on the encrypted sites with 90% accuracy....
Read the original research paper: I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic Analysis, by Brad Miller, Ling Huang, A. D. Joseph, and J. D. Tygar