Image: Diego Cambiaso/Flickr
WhiteHouse.gov, arguably the most important government website in the world, is now encrypted by default, making your visits to it private and more secure."In the ongoing battle to protect user data, the White House's action is both a substantive and a symbolic victory," said Amie Stepanovich, the senior policy counsel at Access, a digital rights organization that has been pushing for web encryption with a campaign named "Encrypt all the Things."The use of HTTPS on WhiteHouse.gov "will better protect users in their interactions with government," Stepanovich told Motherboard, but it is also "a public recognition of the importance of encryption across the internet."Eric Mill, a technologist at 18F, a federal agency that helps other parts of the government with digital services, said that this was a big step toward more and more websites getting behind the idea that "all web browsing is private.""That's what people should expect from the government and from the web," he told Motherboard.If you're wondering why that "S' in the URL makes any difference, you should know that without it, everything you do on a website is in the open. That means anyone snooping on your connection, be it a hacker at a coffee shop or a repressive government, could intercept the passwords you type, or the private messages you send to your friends. That's why your bank website or Facebook are encrypted by default.Without it, it's also easier to censor specific parts of a website, know exactly what pages you're visiting (which might reveal a lot about you if you're visiting a healthcare website, for example), and even hijack cute cat videos to launch sophisticated cyberattacks on you.Not everyone celebrated the news though, noting that the White House took a while to switch on HTTPS.
With the White House website switching to HTTPS by default, the ever-growing movement to get all the web encrypted just scored a big win.The @Whitehouse is taking steps to improve your privacy. Starting today we use HTTPS by default: https://t.co/V14GDg1Ne1
— WH.gov (@WHWeb) March 11, 2015
Advertisement
HTTPS is a way of putting a layer of protection of top of regular HTTP traffic, using Transport Layer Security (TLS) or the older Secure Sockets Layer (SSL). The easier way to know whether the site you're visiting is protected is checking whether there's a green lock before the site's address."That's what people should expect from the government and from the web."
Advertisement
It's unclear why it took so long, as the White House did not respond to my request for comment. But traditionally, there have been multiple reasons for such a switch to be delayed. In some cases, switching HTTPS might be costly, or time consuming, and a website administrator might think it's just not worth it.But the costs are going down, and companies like CloudFlare are now offering free HTTPS on all their websites.With the White House switching over, activists hope that other government agencies that still don't offer encryption on their sites, such as the IRS or the Department of Health and Human Services, will soon follow suit. In a sign that this is now a trend in the government, other agencies, such as the Federal Trade Commission, have recently enabled encryption by default, signaling a trend for government agencies.Obama lectures private sector about #DataSecurity—but only just now turned on HTTPS encryption for White House email? pic.twitter.com/qEpApz4nDI
— TechFreedom (@TechFreedom) March 11, 2015