- This woman told two students to ‘speak English’ and people are not having it Friday 9:53 PM
- Iconic 1968 drag documentary ‘The Queen’ finally released on Netflix Friday 9:29 PM
- This TikTok account for Chancellor Palpatine is hilarious Friday 8:43 PM
- Did the Space Force logo rip off Star Trek? Friday 6:24 PM
- Disabled people with service dogs say Uber, Lyft drivers are denying them rides Friday 3:25 PM
- TikTok teen famous for greasy hair ends her 8-year reign Friday 2:48 PM
- Police handcuff brown man at subway station for carrying a toy gun Friday 1:20 PM
- Fake clip of Sanders quoting infamous ‘hot chip’ tweet is duping people online Friday 1:16 PM
- The Mars Volta’s Cedric Bixler-Zavala alleges Scientologists behind dog’s death Friday 12:46 PM
- Eminem responds to critics: ‘This album was not made for the squeamish’ Friday 12:42 PM
- ‘The poet, the poem’ meme takes iconic lines and turns them into art Friday 12:40 PM
- People are making dark memes about the coronavirus Friday 12:27 PM
- Trump camp’s ‘head on a pike’ impeachment threat hit with memes Friday 11:34 AM
- What is the #FreeBritney movement, and why is Cher tweeting about it? Friday 10:52 AM
- This YouTuber claims the Saudi government plotted to kidnap him on U.S. soil Friday 10:30 AM
White House urges all federal websites to adopt HTTPS
It’s a good first step, at least.
U.S. government websites may soon get a lot more secure.
In an effort to close security gaps that have resulted in multiple security breaches of government servers, the Obama administration on Tuesday introduced a proposal to require all publicly accessible federal websites to use the HTTPS encryption standard.
“The majority of federal websites use HTTP as the as primary protocol to communicate over the public Internet,” reads the proposal on the website of the U.S. Chief Information Officer. “Unencrypted HTTP connections create a privacy vulnerability and expose potentially sensitive information about users of unencrypted Federal websites and services.”
The White House Office of Management and Budget, which released the proposal, acknowledged that switching to HTTPS would not be free, but said that “the tangible benefits to the American public outweigh the cost to the taxpayer.”
Websites subject to the proposal would include those run by outside contractors on behalf of the government. The CIO’s proposal would cover all websites that “present government information or provide services to the public or a specific user group and support the performance of an agency’s mission,” according to the proposal.
The proposal would exclude employee-only government intranets, although it encouraged those portals to adopt HTTPS as well.
The office of the CIO encouraged agencies that signed onto the proposal to prioritize their most sensitive services in deploying HTTPS.
“Web services that involve an exchange of personally identifiable information (PII), where the content is unambiguously sensitive in nature, or where the content receives a high-level of traffic, should receive priority,” the CIO said.
The Obama administration has set up a GitHub page where anyone can offer feedback on the HTTPS proposal. Comments can also be emailed to the CIO at the address provided on the GitHub page. The feedback deadline is March 31.
Photo via Matt H. Wade/Wikimedia (CC BY 2.0) | Remix by Max Fleishman
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.