Personal Democracy Plus Our premium content network. LEARN MORE You are not logged in. LOG IN NOW >

What Do We Want? More HTTPS! Why Do We Want It? Well, Here's Why We Might...

BY Nancy Scola | Wednesday, November 10 2010

At this point in the evolution of our relationship with the World Wide Web, it's probably safe to say that a critical mass of us have been trained to keep an eye out for that tiny little lock in the corner of our web browser that lets us know that, say, our online banking session at is locked-down and secure. That little lock lets us know that our bank or credit card company's website is chugging along using the security protocol called HTTPS.

That's all well and good. But, of course, with so much of our lives being lived online, the valuable information we send across the Internet day in and day out doesn't begin and end with our bank account number. Facebook, for example, gets used to plan political rallies, and Twitter's now a key part of how the communications landscape, including when it comes to governing. Sites like YouTube and Amazon and Wikipedia know a nearly unholy amount about the ideas we explore. We use Yahoo to email our innermost thoughts. Is it crazy of us to let ourselves use sites that don't apply the same level of security and protection to the trafficking of ideas and the organizing of social movements as sites do to our banking?

Yep, kinda.

At least, that's what a group called Access is arguing. Born in the wake of the 2009 Iranian election, Access aims to empower activists around the planet with the tools that make their work possible, and safer. Access has launched an effort they're calling "Demand HTTPS," which calls on the people behind the one hundred most popular websites on the Internet to default to using HTTPS, the same secure protocol that banking and other financial transaction sites nearly uniformly do. "The top sites in the world are not protecting your privacy and security," Access's Executive Director Brett Solomon told me in a call today, "even though they can."

What's the big worry? "If a site isn't encrypted," warns Solomon, "then it means that a government, or your ISP, or, in your on a wireless network, an individual can view your online activity. They can see what you're searching for on Amazon, which flights you've booked on Expedia, which purchases you've made on eBay." In free societies, argues Solomon, that risk might amount to a privacy one for most people. But in more monitored or even oppressed societies, like, say, China or Iran, the lack of secured online browsing can become a risk to someone's own personal security.

And so, comes this call to leaders of some of the biggest-name and most-used sites on the planet, websites like, in addition to some of those named above, craigslist, Wordpress, Blogspot, and the New York Times. What Solomon and Access are asking is for those sites to default to using HTTPS on every page that they serve up, rather than its less-secure HTTP counterpart protocol. (If you're unfamiliar with the particulars, the "S" in HTTPS is a tell letting users know that the site's server is using either Transport Layer Security, a.k.a. TLS. or Secure Sockets Layer, a.k.a. SSL, protocols. What that means, at a technical level, probably falls beyond the bounds of this discussion, but basically it indicates that the computers involved in that bout of online communications have agreed to do so through encrypted channels.)

So, from the perspective of those sites, why not do it? Why not default to HTTPS and move on with things? The argument that you hear is that HTTPS is more taxing for computers. Access, though, points to a trio of Google engineers who, in June, laid out the case for the notion that HTTPS "is not computationally expensive any more." Google's own Gmail system has, in fact, run on HTTPS on an opt-out basis since the company made the switch in June. And just yesterday, Hotmail introduced the option for its users to choose a HTTPS-based browsing session from beginning to end. There's also a cost involved for the purchase of security certificates, but those costs are minimal for the major sites being targeted by this action.

A World Wide Web that involved more big websites more often relying upon HTTPS would seem to have implications for the privacy and security from everyone from hard-core political activists to those of us who merely prefer having a little privacy online. And should HTTPS take root beyond banking and online commerce and on the social platforms and other transactional sites that make up a big part of the web, an added bonus for the activist-minded is that it's a layer of security that becomes tough for even intrusive governments to openly object to. If it becomes just the way that the Internet is, then that's just the way it is. "We want HTTPS to be industry-standard across the board," said Solomon, "so that it's the default, not the exception."

Solomon says that the web is flowing in the direction of HTTPS; the only question is how quickly the big big sites on the web will get there. In the meantime, the Electronic Frontier Foundation offers up HTTPS Everywhere, a Firefox plug-in that pushes your browser towards HTTPS versions of websites wherever they do, in fact, exist.

Transparency and Public Shaming: Pakistan Tackles Tax Evasion

In Pakistan, where only one in 200 citizens files their income tax return, authorities published a directory of taxpayers' details for the first time. Officials explained the decision as an attempt to shame defaulters into paying up.


wednesday >

Facebook Seeks Approval as Financial Service in Ireland. Is the Developing World Next?

On April 13 the Financial Times reported that Facebook is only weeks away from being approved as a financial service in Ireland. Is this foray into e-money motivated by Facebook's desire to conquer the developing world before other corporate Internet giants do? Maybe.


The Rise and Fall of Iran's “Blogestan”

The robust community of Iranian bloggers—sometimes nicknamed “Blogestan”—has shrunk since its heyday between 2002 – 2010. “Whither Blogestan,” a recent report from the University of Pennsylvania's Iran Media Program sought to find out how and why. The researchers performed a web crawling analysis of Blogestan, survey 165 Persian blog users, and conducted 20 interviews with influential bloggers in the Persian community. They found multiple causes of the decline in blogging, including increased social media use and interference from authorities.


tuesday >

Weekly Readings: What the Govt Wants to Know

A roundup of interesting reads and stories from around the web. GO

Russia to Treat Bloggers Like Mass Media Because "the F*cking Journalists Won't Stop Writing"

The worldwide debate over who is and who isn't a journalist has raged since digital media made it much easier for citizen journalists and other “amateurs” to compete with the big guys. In the United States, journalists are entitled to certain protections under the law, such as the right to confidential sources. As such, many argue that blogging should qualify as journalism because independent writers deserve the same legal protections as corporate employees. In Russia, however, earning a place equal to mass media means additional regulations and obligations, which some say will lead to the repression of free speech.


Politics for People: Demanding Transparent and Ethical Lobbying in the EU

Today the Alliance for Lobbying Transparency and Ethics Regulation (ALTER-EU) launched a campaign called Politics for People that asks candidates for the European Parliament to pledge to stand up to secretive industry lobbyists and to advocate for transparency. The Politics for People website connects voters with information about their MEP candidates and encourages them to reach out on Facebook, Twitter or by email to ask them to sign the pledge.


monday >

Security Agencies Given Full Access to Telecom Data Even Though "All Lebanese Can Not Be Suspects"

In late March, Lebanese government ministers granted security agencies unrestricted access to telecommunications data in spite of some ministers objections that it violates privacy rights. Global Voices reports that the policy violates Lebanon's existing surveillance and privacy law, Law 140, but has gotten little coverage from the country's mainstream media.


friday >

In Google Hangout, NYC Mayor de Blasio Talks Tech and Outer Borough Potential

New York City Mayor Bill de Blasio followed the lead of President Obama and New York City Council member Ben Kallos Friday by participating in a Google Hangout to help mark his first 100 days in office, in which the conversation focused on expanding access to technology opportunities through education and ensuring that the needs of the so-called "outer boroughs" aren't overlooked. GO