The battle for default encryption

The battle for default encryption

The ACLU’s Christopher Soghoian has been leading a charge for companies to add another level of encryption to their websites by adding one letter – “s” – turning “HTTP” into “HTTPS” in their web addresses.

This might not sound like much, but an encrypted site, essential practice for highly sensitive online transactions, such as retail purchases and banking, goes a long way to shield your personal information from the bad guys. The ACLU takes this further, claiming that site encryption will also ward off government surveillance and censorship.

Soghoian also contends that so-called “mundane” Internet activity might not be mundane for everybody. For instance, someone searching sites on alcoholism or suicide prevention would be easily identified without encryption.

The main barrier for companies to adopt total encryption is cost, mainly due to content delivery networks (CDNs), such as Akamai, that charge a premium for encryption. CDNs are used by most websites to distribute their content across servers in multiple locations, helping to ensure that their sites load quickly worldwide.

Akamai is currently the largest CDN, but competitors, such as CloudFlare, are beginning to offer HTTPS for free, so total encryption might not be far off. Another indication is Google’s decision to encrypt searches on its site. Given Google’s massive impact on the Internet, among other things, other major sites just might follow suit.

The fight for HTTPS

By Matthew Braga, Fast Company

Since 2009, Christopher Soghoian, principal technologist with the Speech, Privacy, and Technology Project at the American Civil Liberties Union (ACLU) has been trying to make the Internet more secure.

His goal–getting companies to add a layer of encryption to their websites, turning HTTP to HTTPS–might not sound like much. After all, what’s one letter on a URL?

But that extra letter, it turns out, is all it takes to make government surveillance, censorship attempts by authoritative regimes, and attacks by ill-intentioned hackers more difficult to pull off.

Soghoian has been wielding both the carrot and the stick on a near daily basis, until recently offering bottles of whiskey to companies that implemented HTTPS, and getting into public Twitter spats with companies such as Symantec, and the Internet company Akamai, which haven’t welcomed to his overtures. “I use whatever argument works,” Soghoian says. “I will ask. I will beg. I will offer to bribe. And then I will threaten. I will use every technique at my disposal.” Read more …