How Close Is Dot Gov To Basic Internet Security?
Federal websites are slowly but surely changing to HTTPS
The government is finally securing its websites. HTTPS is a secure protocol that’s as old as its shadier, insecure sibling HTTP, yet it’s not nearly as commonly used. The United States government, hardly an exemplar of early technological adoption, is trying to change that. Pulse, a project from the General Services Administration, is tracking progress in converting government domains to HTTPS. As of late January, a tidy 39 percent of government websites have converted to HTTPS.
The “S” at the end of HTTPS stands for “secure”, and it first saw major use as a way to make sure transactions online were secure. It works through a pretty basic encryption protocol. To access a secure site, the browser requests a public key. Using that key, it encrypts all messages sent to that site, which can decrypt them using its private key. Once the connection is set up, all messages sent over it are secure from eavesdropping. (There are plenty of better explanations elsewhere. For more depth, I can’t recommend Hartley Brody’s step-by-step guide enough.)
While guarding financial information is the primary purpose, HTTPS is also useful for sites where the users must log in. It’s somewhat less important if users aren’t logging into a site with usernames or passwords. (Full disclosure: PopSci.com doesn’t use HTTPS.) So why is the government trying to go full HTTPS?
Consumer protection, mostly, and to set a standard for the rest of the internet to use. From the U.S. Chief Information Officer:
The Pulse project began in June 2015, and their goal is to complete the transition to HTTPS by the end of 2016. Just 61 percent left to go.