Though most online users are likely unaware, a quiet revolution in encryption has taken place online. According to a study out of Carnegie Mellon University has found that over half of online services have enabled HTTPS encryption on their sites, a far safer and more secure connection type than the standard HTTP most people are used to seeing.
But that increased safety doesn’t come for free: In the, study entitled “The Cost of The ‘S’ In HTTPS,” researchers found this mostly silent method of making communications between users and websites more secure also comes with increased load times, increased battery and power usage, and the disabling of “Value Added Services” such as caching data and allowing for such proxy filters as parental controls and virus scans.
While seemingly an issue for engineers more so than for the average user, these associated costs brought by the sudden wave of HTTPS means even light Internet users will pay the price for their own privacy. Internet speeds are not getting faster—they might even be getting slower in the U.S.—and battery life remains mostly stagnant amongst the most popular smartphones. While encryption is vastly important in securing our online lives, the Carnegie Mellon study raises the question of whether our technology, mostly built without encryption in mind, can keep up with this trend.
HTTPS works largely the same as your regular HTTP connection, but with an added layer of encryption so only the end user (that’s you) and the site itself can see the communications. Your email inbox, for example, likely already uses HTTPS, as does your bank or any payment forms on retail websites.
Traditionally, websites that don’t need such sensitive information as your credit card number haven’t set up their sites for HTTPS. If you go to https://www.dailydot.com, for example, you’ll still be able to read and view the links but in a stripped-down, mostly plain text design lacking the modern web design of the regular HTTP site.
According to the CMU study, however, well over 50 percent of the top 500 sites on the Internet are now enabled for HTTPS connections, meaning you can visit most of the sites you see in a day without issue over a more secure connection. The study cites the default usage of HTTPS by Facebook (which switched over in 2013) and YouTube (which did the same last January) as the largest causes of growth, as well as an increased awareness and concern over privacy issues amongst the general public.
However, it could be creating slower Internet speeds as time time-saving measures like caching data are unavailable through an HTTPS connection. 90 percent of the sites CMU tested suffered increased load times under HTTPS encryption, with 20 percent of sites suffering a 50 percent increase in their respective load times.
While that might not sound like much for a typical website, it’s important to note how poorly U.S. ISPs perform already. According to research firm Ookla, the US ranks 28th in the world for home download speeds. For mobile speeds, we rank 31st. This despite having the second largest population of active Internet users of all countries (falling between densely populated China and India).
If such poor infrastructure were combined with the increased usage of encryption, we could see the U.S. fall even further behind other countries in our download speeds. This is not just an issue for the technorati to shake their hands about: Our technology being actively surpassed by most other Western nations means we act at a distinct disadvantage in an world economy that thrives on speed and efficiency.
A more personal negative effect of HTTPS is the increased data and power usage. Because HTTPS prevents sites from compressing data before they send it to your device, you’re forced to download larger packages each time you visit that site. As the CMU study reports, most Internet users won’t see a data increase of more than a few megabytes a day, but heavy users (and who isn’t these days?) could see an increase of over 300 MB per month.
For most home users, that might seem like an irrelevant point. But in much the same way unlimited data plans are disappearing from the mobile market, reports within ISPs like Comcast state they, too, are looking into data caps for home users. When each Netflix movie you watch could be pulling from a limited monthly amount, 300 MB lost to encryption could mean a lot.
These are not backbreaking prices to pay for online security, but what they do show is the fix on American consumers might already be in. We may have to choose between utilizing the meager innovation within our monopolistic ISPs or securing ourselves against the dangers to which an online life can expose us. Security is a larger issue in the public debate now than it has ever been, and it’s a considerable fear these costs might be enough to ward people away.
This is not to say encryption is a bad move altogether. In fact, it does far more than prevent criminal hackers from obtaining data about your online habits: It actively helps to protect you from the invasions of privacy being committed by our own government, be it the NSA or your local police. While HTTPS is not a lock without a key, it’s the first step in safeguarding citizens from having their online traffic snooped on by anyone from identity thieves to government spies.
Whether consumers find that concern large enough to cost them on seemingly matters as seemingly trivial as download speed and data usage remains, however, out of there hands. The biggest news from the CMU report is the widespread adoption of HTTPS without most consumers noticing anything at all. The Electronic Frontier Foundation imagines an entirely encrypted Internet, offering an add-on for Chrome and Firefox which switches to HTTPS by default on every site capable.
Which means consumers, to paraphrase Ben Franklin’s famous quote, cannot decide between the security of our online connections and the liberty to live our online existence without technological limitations. The adoption of HTTPS and the costs associated with it is a game far outside the consumer’s realm of control, even though it is us who will pay the price no matter who wins.