Personal Democracy Plus Our premium content network. LEARN MORE You are not logged in. LOG IN NOW >

What Do We Want? More HTTPS! Why Do We Want It? Well, Here's Why We Might...

BY Nancy Scola | Wednesday, November 10 2010

At this point in the evolution of our relationship with the World Wide Web, it's probably safe to say that a critical mass of us have been trained to keep an eye out for that tiny little lock in the corner of our web browser that lets us know that, say, our online banking session at BankofAmerica.com is locked-down and secure. That little lock lets us know that our bank or credit card company's website is chugging along using the security protocol called HTTPS.

That's all well and good. But, of course, with so much of our lives being lived online, the valuable information we send across the Internet day in and day out doesn't begin and end with our bank account number. Facebook, for example, gets used to plan political rallies, and Twitter's now a key part of how the communications landscape, including when it comes to governing. Sites like YouTube and Amazon and Wikipedia know a nearly unholy amount about the ideas we explore. We use Yahoo to email our innermost thoughts. Is it crazy of us to let ourselves use sites that don't apply the same level of security and protection to the trafficking of ideas and the organizing of social movements as sites do to our banking?

Yep, kinda.

At least, that's what a group called Access is arguing. Born in the wake of the 2009 Iranian election, Access aims to empower activists around the planet with the tools that make their work possible, and safer. Access has launched an effort they're calling "Demand HTTPS," which calls on the people behind the one hundred most popular websites on the Internet to default to using HTTPS, the same secure protocol that banking and other financial transaction sites nearly uniformly do. "The top sites in the world are not protecting your privacy and security," Access's Executive Director Brett Solomon told me in a call today, "even though they can."

What's the big worry? "If a site isn't encrypted," warns Solomon, "then it means that a government, or your ISP, or, in your on a wireless network, an individual can view your online activity. They can see what you're searching for on Amazon, which flights you've booked on Expedia, which purchases you've made on eBay." In free societies, argues Solomon, that risk might amount to a privacy one for most people. But in more monitored or even oppressed societies, like, say, China or Iran, the lack of secured online browsing can become a risk to someone's own personal security.

And so, comes this call to leaders of some of the biggest-name and most-used sites on the planet, websites like, in addition to some of those named above, craigslist, Wordpress, Blogspot, and the New York Times. What Solomon and Access are asking is for those sites to default to using HTTPS on every page that they serve up, rather than its less-secure HTTP counterpart protocol. (If you're unfamiliar with the particulars, the "S" in HTTPS is a tell letting users know that the site's server is using either Transport Layer Security, a.k.a. TLS. or Secure Sockets Layer, a.k.a. SSL, protocols. What that means, at a technical level, probably falls beyond the bounds of this discussion, but basically it indicates that the computers involved in that bout of online communications have agreed to do so through encrypted channels.)

So, from the perspective of those sites, why not do it? Why not default to HTTPS and move on with things? The argument that you hear is that HTTPS is more taxing for computers. Access, though, points to a trio of Google engineers who, in June, laid out the case for the notion that HTTPS "is not computationally expensive any more." Google's own Gmail system has, in fact, run on HTTPS on an opt-out basis since the company made the switch in June. And just yesterday, Hotmail introduced the option for its users to choose a HTTPS-based browsing session from beginning to end. There's also a cost involved for the purchase of security certificates, but those costs are minimal for the major sites being targeted by this action.

A World Wide Web that involved more big websites more often relying upon HTTPS would seem to have implications for the privacy and security from everyone from hard-core political activists to those of us who merely prefer having a little privacy online. And should HTTPS take root beyond banking and online commerce and on the social platforms and other transactional sites that make up a big part of the web, an added bonus for the activist-minded is that it's a layer of security that becomes tough for even intrusive governments to openly object to. If it becomes just the way that the Internet is, then that's just the way it is. "We want HTTPS to be industry-standard across the board," said Solomon, "so that it's the default, not the exception."

Solomon says that the web is flowing in the direction of HTTPS; the only question is how quickly the big big sites on the web will get there. In the meantime, the Electronic Frontier Foundation offers up HTTPS Everywhere, a Firefox plug-in that pushes your browser towards HTTPS versions of websites wherever they do, in fact, exist.

News Briefs

RSS Feed tuesday >

Messin' with Lamar Smith, Revisited

Remember that grassroots fundraising campaign to put a "Don't Mess with the Internet" billboard in the home district of Rep. Lamar Smith, Republican of Texas and sponsor of the controversial Stop Online Piracy Act? All of the money required came in, and Fight for the Future, the advocacy group opposing more stringent copyright protections online, writes that the billboard went up. GO

Republican National Convention Organizers Sever Ties With Becki Donatelli's Campaign Solutions

After eight years producing online content for the Republican National Convention, GOP web consultant Becki Donatelli's Campaign Solutions is off of the project. "Campaign Solutions was retained to help develop our convention website and digital strategy, but they are no longer involved in convention planning," James Davis, the convention's communications director, told techPresident Tuesday. It's unclear what precipitated the of the relationship between the convention organizers and Campaign Solutions, which has been producing the online component of the event since 2004. But Donatelli's name surfaced in a controversial anti-Obama ad pitch sent to a Super PAC backed by TD Ameritrade founder Joe Ricketts, which appeared in its entirety in the Times last week. Ricketts has since disavowed the proposal and Donatelli has denied any involvement. GO

PD+ This Thurs 1pm: Thriving Online With Howard Rheingold

I'm really looking forward to talking with author Howard Rheingold this Thursday on the next PD+ teleconference. His new book, Net Smart, is a concise and thoughtful guide to understanding and making the most of the hyper-networked, always-on, firehose of information and distraction that is the contemporary experience of anyone who uses ... GO

City of Joplin, Mo. Launches New Online Center Ahead of Tornado's Anniversary

The city of Joplin, Missouri launched its new web site over the week-end ahead of the May 22 anniversary of the massive tornado that devastated the city and killed 161 people. The new site enables Joplin citizens to sign up for emergency alerts via text message, e-mail and RSS. In addition to those alerts, individuals can also sign up for ... GO

In Virginia, City Council Debates to Include Questions Posed Online

The Alexandria Democratic Party in Alexandria, Virginia has partnered with online civic engagement platform ACTion Alexandria to include questions solicited in an online forum in the final Democratic primary debate for a City Council election there on June 4, ahead of the June 12 election, according to a statement released by the group. ACTion Alexandria hopes to work with both parties during the general election.

Participants in the project can add questions to the forum, or vote on questions that have already been posed, although each user is only given three votes to distribute. Users are also encouraged to use their real names. Questions submitted so far hit on topics ranging from broadband access to a ban on food trucks in the city.

GO

Motion Picture Association Names Marc Miller As Its New Online Copyright Cop

The Motion Picture Association of America on Monday named Marc Miller its vice president of online content protection. Miller comes to the MPAA from Nintendo of America, where he was the company's anti-piracy counsel for the Americas and the Asia-Pacific region. GO

friday >

Google to Charlie Rangel: You Are Dead to Me.

Rep. Charlie Rangel (D-NY) might be facing particularly challenging reelection odds this year, at least acording to Google: based on its new Knowledge Graph interface, the search engine says that the very-much-alive Congressman died on November 20, 2004, as Colin Campbell first reported for Politicker via Azi Paybarah and Anthony Adragna. GO

Roemer to Americans Elect: Thanks Anyway

Americans Elect announced recently that it would suspend its online candidate selection process, leaving organizations in several states with an open slot on the ballot. Naturally, potential candidate Buddy Roemer is not enthused. "I am taking the next few days to review with supporters how best to proceed from here," he says. GO

More