US to require HTTPS for all government websites
- 09 June, 2015 08:07
The U.S. government website for HTTPS deployment
The U.S. government is mandating the use of the HTTPS security protocol on all of its public websites and web services by the end of 2016.
Deploying HTTPS will authenticate communications with government websites and encrypt the data sent back and forth, which will help protect against snooping and imposter websites.
The protocol, use of which is often signaled by a green lock icon in the address bar of a web browser, has been used for years by financial websites but has expanded significantly in recent years.
The expansion has been partly due to Edward Snowden's revelations about U.S. government spying and eavesdropping, so it's not without irony that the government itself is now deploying the technology.
The government's should will make it more difficult for third parties to intercept communications and make interacting with government sites more secure for all users.
U.S. CIO Tony Scott on Monday signed the mandate to deploy HTTPS and use HTTP Strict Transport Security (HSTS), a system that instructs a web browser to always connect to a website via HTTPS. That prevents a browser from being redirected to an insecure site.
"With this new requirement, the Federal web community seeks to drive faster internet-wide adoption of HTTPS and promote better privacy standards for the entire browsing public," his office said in a statement.
The mandatory use of HTTPS was first proposed in March when the government began accepting comments on its plans from the security community and public.
Martyn Williams covers mobile telecoms, Silicon Valley and general technology breaking news for The IDG News Service. Follow Martyn on Twitter at @martyn_williams. Martyn's e-mail address is firstname.lastname@example.org