Only one-third of federal agencies use HTTPS encryption for their websites, essentially making the other two-thirds far more vulnerable to attacks, and by extension, making users of those websites easy targets for hackers.
The White House, however, is making moves to change this and recently issued a directive requiring all publicly-accessible government websites to adopt HTTPS encryption.
“Unencrypted HTTP connections create a vulnerability and expose potentially sensitive information about users of unencrypted Federal websites and services. This data can include browser identity, website content, search terms, and other user-submitted information,” said the White House in a statement. “To address these concerns, many commercial organizations have already adopted HTTPS-only policies to protect visitors to their websites and services. Today’s action will deliver that same protection to users of Federal websites and services.”
For those unaware of what HTTPS actually means, it essentially creates a type of protected tunnel for the user to access a website without the threat of someone else spying on that user from outside the website. The “S” in HTTPS stands for “secure,” and without this encryption, Internet Service Providers and hackers would be able to far more easily check in on the user and see what they’re doing on the website.
It may, however, take a while for the encryption to be put in place. The directive requires websites to implement HTTPS encryption by December 1, 2016, almost a year and a half away. In the meantime, users should be very careful about where they access these websites and avoid entering personal information on public Wi-Fi hotspots.
The good news is that many websites will likely implement the encryption before the deadline. In fact, the Federal Trade Commission began automatic use of HTTPS for many of its websites in March, before the directive was even released. Because of the fact that federal agencies have control over their own websites, however, many simply haven’t taken the time and resources to implement HTTPS, resulting in only 31 percent of federal websites using the encryption.
“It is critical that federal websites maintain the highest privacy standards for the users of its online services. With this new action, we are driving faster internet-wide adoption of HTTPS and promoting better privacy standards for the entire browsing public,” continued the statement.
Google itself is heavily pushing the use of “HTTPS everywhere,” and even began giving a slight edge to websites using HTTPS in search rankings, encouraging website owners to implement HTTPS encryption.