SoylentNews

All U.S. Federal Websites to Move to HTTPS

posted by n1 on Wednesday June 10 2015, @06:57AM   
from the fbi-encryption-prevention dept.

takyon writes:

The White House Office of Management and Budget (OMB) has issued a directive that requires all publicly accessible federal Web sites to adopt HTTPS:

An HTTPS-Only standard will eliminate inconsistent, subjective determinations across agencies regarding which content or browsing activity is sensitive in nature, and create a stronger privacy standard government-wide. Federal websites that do not convert to HTTPS will not keep pace with privacy and security practices used by commercial organizations, and with current and upcoming Internet standards. This leaves Americans vulnerable to known threats, and may reduce their confidence· in their government. Although some Federal websites currently use HTTPS, there has not been a consistent policy in this area. An HTTPS-only mandate will provide the public with a consistent, private browsing experience and position the Federal Government as a leader in Internet security.

United States Chief Information Officer Tony Scott adds:

Per the issuance of this Memorandum, all publicly accessible Federal websites must meet the HTTPS-Only Standard by December 31st of 2016.

OMB first proposed the HTTPS-Only Standard in March and requested comment from the public. During the feedback period, OMB's proposal received numerous comments and suggestions from Internet's standards bodies, popular web browsers, and concerned citizens. To assist with the conversion to HTTPS, technical assistance and best-practices for migration are available at https://https.cio.gov – a site that is open to contribution from technical experts around the world. Finally, a public dashboard has been constructed to monitor progress.

---

Original Submission

• What HTTPS has to do with privacy? What HTTPS has to do with privacy? (Score: 2) by c0lo on Wednesday June 10 2015, @01:28PM

  by c0lo (156) on Wednesday June 10 2015, @01:28PM (#194506) Journal

  HTTPS is about message confidentiality and trust (which runs opposite to anonymity), not about privacy (which require anonymity from 3rd party observers): e.g NSA will still be able to collect metadata and track the IP+Web browsing patterns to a person and apply the wrench-attack.

  --
  https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford

  Starting Score:	1		point
  Karma-Bonus Modifier		+1
  Total Score:		2

• Re:What HTTPS has to do with privacy? Re:What HTTPS has to do with privacy? (Score: 1, Interesting) by Anonymous Coward on Wednesday June 10 2015, @01:53PM

  by Anonymous Coward on Wednesday June 10 2015, @01:53PM (#194524)

  It's not so much the NSA (or FBI, DEA, etc) but organized hacker groups that would be prevented from harvesting account names and passwords, and consumer form data. And it provides a measure of defense against DNS hacking and site spoofing - assuming that someone will notice that "whitehouse.gov" isn't showing up as https: in the URL bar.

  No single step solves all problems (nor would they necessarily want to, but that's a different topic).

  Parent

  • Re:What HTTPS has to do with privacy? (Score: 2) by c0lo on Wednesday June 10 2015, @08:46PM

    by c0lo (156) on Wednesday June 10 2015, @08:46PM (#194668) Journal

    It's not so much the NSA (or FBI, DEA, etc) but organized hacker groups that would be prevented from harvesting account names and passwords, and consumer form data.

    Al true, as also true is the fact that https is not about privacy. And I see as a dangerous move having it promoted as such, especially when the promotion comes from government and even more from a government which blessed snooping.

    --
    https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford

    Parent