” Twitter announced Friday that it’s joining other tech companies in implementing “perfect forward secrecy.” While many online services already encrypt user communications and other data, this form of encryption ensures that snoops—we’re looking at you, National Security Agency—who break through the encryption get access to only a snippet of data, rather than everything belonging to a user. Even where a warrant is involved, perfect forward secrecy has the potential to limit intrusions, rather than acting as an open-ended skeleton key.
The Electronic Frontier Foundation’s Parker Higgins describes how perfect forward secrecy works:
How can perfect forward secrecy help protect user privacy against that kind of threat? In order to understand that, it’s helpful to have a basic idea of how HTTPS works in general. Every Web server that uses HTTPS has its own secret key that it uses to encrypt data that it sends to users. Specifically, it uses that secret key to generate a new “session key” that only the server and the browser know. Without that secret key, the traffic traveling back and forth between the user and the server is incomprehensible, to the NSA and to any other eavesdroppers.”