You are here

HomeJohn Lister › US to Encrypt All Government Websites

US to Encrypt All Government Websites

John Lister's picture
by John Lister on June, 10 2015 at 07:06AM EDT

All US government websites accessible by the public must use secure connections by then end of next year. The new rules should protect the public, particularly "whistleblowers."

New rules laid down this week mandate the change for all public sites that are wholly or partly maintained by the federal government. This applies even if the site is operated by a contractor. The rules apply whether or not the site requires a user to log-in. (Source: cio.gov)

Under the rules, sites must use the most secure protection that is widely available. The initial implementation of the rule designates that as being the HTTPS system. Many sites that deal in confidential or sensitive data, such as online banks, already use HTTPS. It's also widely used by social networks. While some federal government websites already use it, it's by no means widespread on such sites.

HTTPS Brings Double Protection

An HTTPS connection can be identified in a couple of ways. Firstly, the page address (URL) will begin https:// rather than the more common http://. Secondly, most popular web browsers will have an icon, usually a padlock, that appears only when a secure page is displayed.

HTTPS incorporates two main security measures. The first is to check a security certificate held by the website operator, which confirms that the site really does come from the advertised source. This helps crack down on "man in the middle" attacks in which a criminal is able to intercept communication between a user and a website by effectively rerouting the data while posing as the website operator.

Encryption Could Boost Whistle-Blowing

The second measure is to encrypt the data as it passes back and forth. This covers both the content of the website and any information the user supplies. It's particularly important on dynamic websites where the content of the page is created automatically in response to information the user supplies, such as through a form. Encrypting the data means that even if a third party accesses it, they will find it difficult, if not impossible to make any sense of it.

The government believes encryption is important for sites that handle personal data such as people applying for government payments or documents. It also believes the website encryption will protect the confidentiality of anyone that reports government agency wrong-doing. (Source: pcmag.com)

What's Your Opinion?

Do you agree with the government making https mandatory on its websites? Does the measure go too far and cover pages where encryption isn't necessary? Or should the government go further and mandate https for privately run websites if they deal with sensitive data?

Filed under:
Government
| Tags:
user
,
websites
,
rules
,
data
,
encryption
,
https
,
sites
,
website
,
government
Rate this article: 
Average: 5 (4 votes)

Comments

infopackets.com_4228's picture

Submitted by infopackets.com_4228 on Wed, 06/10/2015 - 09:35

"The government believes encryption isn't important for sites that handle personal data"
Is that a typo? Should it say that they believe it IS important?

gdnealand_4736's picture

Submitted by gdnealand_4736 on Wed, 06/10/2015 - 11:36

I caught that too!

Dennis Faas's picture

Submitted by Dennis Faas on Wed, 06/10/2015 - 12:11

Thanks - it's been noted and corrected.

Need Help? Ask!



My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).

We are BBB Accredited

We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.