How Close Is Dot Gov To Basic Internet Security?

Federal websites are slowly but surely changing to HTTPS

Pulse Screenshot

Pulse Screenshot

Screenshot by author, from Pulse

The government is finally securing its websites. HTTPS is a secure protocol that's as old as its shadier, insecure sibling HTTP, yet it's not nearly as commonly used. The United States government, hardly an exemplar of early technological adoption, is trying to change that. Pulse, a project from the General Services Administration, is tracking progress in converting government domains to HTTPS. As of late January, a tidy 39 percent of government websites have converted to HTTPS.

The "S" at the end of HTTPS stands for "secure", and it first saw major use as a way to make sure transactions online were secure. It works through a pretty basic encryption protocol. To access a secure site, the browser requests a public key. Using that key, it encrypts all messages sent to that site, which can decrypt them using its private key. Once the connection is set up, all messages sent over it are secure from eavesdropping. (There are plenty of better explanations elsewhere. For more depth, I can't recommend Hartley Brody's step-by-step guide enough.)

While guarding financial information is the primary purpose, HTTPS is also useful for sites where the users must log in. It's somewhat less important if users aren't logging into a site with usernames or passwords. (Full disclosure: PopSci.com doesn't use HTTPS.) So why is the government trying to go full HTTPS?

Consumer protection, mostly, and to set a standard for the rest of the internet to use. From the U.S. Chief Information Officer:

Every unencrypted HTTP request reveals information about a user’s behavior, and the interception and tracking of unencrypted browsing has become commonplace.

Ultimately, the goal of the internet community is to establish encryption as the norm, and to phase out unencrypted connections.

Investing in HTTPS makes it faster, cheaper, and easier for everyone. Many of the advancements of the last several years have come from major institutions and technology companies committing to migrate websites and services, improving the status quo, and contributing their improvements back to the public.

The Pulse project began in June 2015, and their goal is to complete the transition to HTTPS by the end of 2016. Just 61 percent left to go.