- How to stream Barcelona vs. Real Betis Saturday 11:31 PM
- How to stream Tottenham Hotspur vs. Newcastle Saturday 11:21 PM
- All of the ‘Avengers: Endgame’ Easter eggs discovered by fans Saturday 6:52 PM
- Every big announcement made at D23 about Disney+ Saturday 6:33 PM
- The best haunted house movies to watch online in 2019 Saturday 4:13 PM
- Andy Ngo seen laughing as Patriot Prayer members plan an attack in newly emerged video Saturday 3:59 PM
- How to stream Manchester City vs. Bournemouth Saturday 3:25 PM
- Catholic priest allegedly spent church money on Grindr hookups Saturday 3:04 PM
- Nicolás Maduro’s English Twitter account was suspended with no public explanation Saturday 2:06 PM
- Man claims ex-girlfriend killed his dog after he broke up with her Saturday 1:02 PM
- What are BitTorrent downloads and how do they work? Saturday 12:58 PM
- ICE cuts the cord on real immigrant hotline after being featured in ‘Orange Is the New Black’ (updated) Saturday 10:49 AM
- The 10 best music podcasts for artist interviews and criticism in 2019 Saturday 10:41 AM
- How a socialist Twitch streamer landed in a feud with Dan Crenshaw Saturday 10:07 AM
- How to prepare for your fantasy football draft (and season) Saturday 9:00 AM
White House urges all federal websites to adopt HTTPS
It’s a good first step, at least.
U.S. government websites may soon get a lot more secure.
In an effort to close security gaps that have resulted in multiple security breaches of government servers, the Obama administration on Tuesday introduced a proposal to require all publicly accessible federal websites to use the HTTPS encryption standard.
“The majority of federal websites use HTTP as the as primary protocol to communicate over the public Internet,” reads the proposal on the website of the U.S. Chief Information Officer. “Unencrypted HTTP connections create a privacy vulnerability and expose potentially sensitive information about users of unencrypted Federal websites and services.”
The White House Office of Management and Budget, which released the proposal, acknowledged that switching to HTTPS would not be free, but said that “the tangible benefits to the American public outweigh the cost to the taxpayer.”
Websites subject to the proposal would include those run by outside contractors on behalf of the government. The CIO’s proposal would cover all websites that “present government information or provide services to the public or a specific user group and support the performance of an agency’s mission,” according to the proposal.
The proposal would exclude employee-only government intranets, although it encouraged those portals to adopt HTTPS as well.
The office of the CIO encouraged agencies that signed onto the proposal to prioritize their most sensitive services in deploying HTTPS.
“Web services that involve an exchange of personally identifiable information (PII), where the content is unambiguously sensitive in nature, or where the content receives a high-level of traffic, should receive priority,” the CIO said.
The Obama administration has set up a GitHub page where anyone can offer feedback on the HTTPS proposal. Comments can also be emailed to the CIO at the address provided on the GitHub page. The feedback deadline is March 31.
Photo via Matt H. Wade/Wikimedia (CC BY 2.0) | Remix by Max Fleishman
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.