Personal Democracy Plus Our premium content network. LEARN MORE You are not logged in. LOG IN NOW >

What Do We Want? More HTTPS! Why Do We Want It? Well, Here's Why We Might...

BY Nancy Scola | Wednesday, November 10 2010

At this point in the evolution of our relationship with the World Wide Web, it's probably safe to say that a critical mass of us have been trained to keep an eye out for that tiny little lock in the corner of our web browser that lets us know that, say, our online banking session at BankofAmerica.com is locked-down and secure. That little lock lets us know that our bank or credit card company's website is chugging along using the security protocol called HTTPS.

That's all well and good. But, of course, with so much of our lives being lived online, the valuable information we send across the Internet day in and day out doesn't begin and end with our bank account number. Facebook, for example, gets used to plan political rallies, and Twitter's now a key part of how the communications landscape, including when it comes to governing. Sites like YouTube and Amazon and Wikipedia know a nearly unholy amount about the ideas we explore. We use Yahoo to email our innermost thoughts. Is it crazy of us to let ourselves use sites that don't apply the same level of security and protection to the trafficking of ideas and the organizing of social movements as sites do to our banking?

Yep, kinda.

At least, that's what a group called Access is arguing. Born in the wake of the 2009 Iranian election, Access aims to empower activists around the planet with the tools that make their work possible, and safer. Access has launched an effort they're calling "Demand HTTPS," which calls on the people behind the one hundred most popular websites on the Internet to default to using HTTPS, the same secure protocol that banking and other financial transaction sites nearly uniformly do. "The top sites in the world are not protecting your privacy and security," Access's Executive Director Brett Solomon told me in a call today, "even though they can."

What's the big worry? "If a site isn't encrypted," warns Solomon, "then it means that a government, or your ISP, or, in your on a wireless network, an individual can view your online activity. They can see what you're searching for on Amazon, which flights you've booked on Expedia, which purchases you've made on eBay." In free societies, argues Solomon, that risk might amount to a privacy one for most people. But in more monitored or even oppressed societies, like, say, China or Iran, the lack of secured online browsing can become a risk to someone's own personal security.

And so, comes this call to leaders of some of the biggest-name and most-used sites on the planet, websites like, in addition to some of those named above, craigslist, Wordpress, Blogspot, and the New York Times. What Solomon and Access are asking is for those sites to default to using HTTPS on every page that they serve up, rather than its less-secure HTTP counterpart protocol. (If you're unfamiliar with the particulars, the "S" in HTTPS is a tell letting users know that the site's server is using either Transport Layer Security, a.k.a. TLS. or Secure Sockets Layer, a.k.a. SSL, protocols. What that means, at a technical level, probably falls beyond the bounds of this discussion, but basically it indicates that the computers involved in that bout of online communications have agreed to do so through encrypted channels.)

So, from the perspective of those sites, why not do it? Why not default to HTTPS and move on with things? The argument that you hear is that HTTPS is more taxing for computers. Access, though, points to a trio of Google engineers who, in June, laid out the case for the notion that HTTPS "is not computationally expensive any more." Google's own Gmail system has, in fact, run on HTTPS on an opt-out basis since the company made the switch in June. And just yesterday, Hotmail introduced the option for its users to choose a HTTPS-based browsing session from beginning to end. There's also a cost involved for the purchase of security certificates, but those costs are minimal for the major sites being targeted by this action.

A World Wide Web that involved more big websites more often relying upon HTTPS would seem to have implications for the privacy and security from everyone from hard-core political activists to those of us who merely prefer having a little privacy online. And should HTTPS take root beyond banking and online commerce and on the social platforms and other transactional sites that make up a big part of the web, an added bonus for the activist-minded is that it's a layer of security that becomes tough for even intrusive governments to openly object to. If it becomes just the way that the Internet is, then that's just the way it is. "We want HTTPS to be industry-standard across the board," said Solomon, "so that it's the default, not the exception."

Solomon says that the web is flowing in the direction of HTTPS; the only question is how quickly the big big sites on the web will get there. In the meantime, the Electronic Frontier Foundation offers up HTTPS Everywhere, a Firefox plug-in that pushes your browser towards HTTPS versions of websites wherever they do, in fact, exist.

News Briefs

RSS Feed thursday >

Civic Hackers Call on de Blasio to Fill Technology Vacancies

New York City technology advocates on Wednesday called on the de Blasio administration to fill vacancies in top technology policy positions, expressing some frustration at the lack of a leadership team to implement a cohesive technology strategy for the city. GO

China's Porn Purge Has Only Just Begun, And Already Sina Is Stripped of Publication License

It seems that China is taking spring cleaning pretty seriously. On April 13 they launched their most recent online purge, “Cleaning the Web 2014,” which will run until November. The goal is to rid China's Internet of pornographic text, pictures, video, and ads in order to “create a healthy cyberspace.” More than 100 websites and thousands of social media accounts have already been closed, after less than a month. Today the official Xinhua news agency reported that the authorities have stripped the Internet giant Sina (of Sina Weibo, the popular microblogging site) of its online publication license. This crackdown on porn comes on the heels of a crackdown on “rumors.” Clearly, this spring cleaning isn't about pornography, it's about censorship and control.

GO

wednesday >

Another Co-Opted Hashtag: #MustSeeIran

The Twitter hashtag #MustSeeIran was created to showcase Iran's architecture, landscapes, and would-be tourist destinations. It was then co-opted by activists to bring attention to human rights abuses and infringements. Now Twitter is home to two starkly different portraits of a country. GO

What Has the EU Ever Done For Us?: Countering Euroskepticism with Viral Videos and Monty Python

Ahead of the May 25 European Elections, the most intense campaigning may not be by the candidates or the political parties. Instead, some of the most passionate campaigns are more grassroots efforts focused on for a start stirring up the interest of the European electorate. GO

At NETmundial Brazil: Is "Multistakeholderism" Good for the Internet?

Today and tomorrow Brazil is hosting NETmundial, a global multi-stakeholder meeting on the future of Internet governance. GO

Brazilian President Signs Internet Bill of Rights Into Law at NetMundial

Earlier today Brazil's President Dilma Rousseff sanctioned Marco Civil, also called the Internet bill of rights, during the global Internet governance event, NetMundial, in Brazil.

GO

tuesday >

Ruck.us Reboots As a Candidate Digital Toolkit That's a Bit Too Like Democracy.com

Ruck.us launched with big ambitions and star appeal, hoping to crack the code on how to get millions of people to pool their political passions through their platform. When that ambition stalled, its founder Nathan Daschle--son of the former Senator--decided to pivot to offering political candidates an easy-to-use free web platform for organizing and fundraising. Now the new Ruck.us is out from stealth mode, entering a field already being served by competitors like NationBuilder, Salsa Labs and Democracy.com. And strangely enough, Ruck.us seems to want its early users to ask Democracy.com for help. GO

Armenian Legislators: You Can Be As Anonymous on the 'Net As You Like—Until You Can't

A proposed bill in Armenia would make it illegal for media outlets to include defamatory remarks by anonymous or fake sources, and require sites to remove libelous comments within 12 hours unless they identify the author.

GO

monday >

The Good Wife Looks for the Next Snowden and Outwits the NSA

Even as the real Edward Snowden faces questions over his motives in Russia, another side of his legacy played out for the over nine million viewers of last night's The Good Wife, which concluded its season long storyline exploring NSA surveillance. In the episode titled All Tapped Out, one young NSA worker's legal concerns lead him to becoming a whistle-blower, setting off a chain of events that allows the main character, lawyer Alicia Florrick (Julianna Margulies), and her husband, Illinois Governor Peter Florrick (Chris Noth), to turn the tables on the NSA using its own methods. GO

The Expanding Reach of China's Crowdsourced Environmental Monitoring Site, Danger Maps

Last week billionaire businessman Jack Ma, founder of the e-commerce company Alibaba, appealed to his “500 million-strong army” of consumers to help monitor water quality in China. Inexpensive testing kits sold through his company can be used to measure pH, phosphates, ammonia, and heavy metal levels, and then the data can be uploaded via smartphone to the environmental monitoring site Danger Maps. Although the initiative will push the Chinese authorities' tolerance for civic engagement and activism, Ethan Zuckerman has high hopes for “monitorial citizenship” in China.

GO

The 13 Worst Bits of Russia's Current and Maybe Future Internet Legislation

It appears that Russia is on the brink of passing still more repressive Internet regulations. A new telecommunications bill that would require popular blogs—those with 3,000 or more visits a day—to join a government registry and conform to government-mandated standards is expected to pass this week. What follows is a list of the worst bits of both proposed and existing Russian Internet law. Let us know in the comments or on Twitter if we missed anything.

GO

More