Finally we can start the day with some good news from the White House. Its Office of Management and Budget just launched the "HTTPS-Only Standard" initiative, requiring the use of the HTTPS (Hypertext Transfer Protocol Secure) protocol on all publicly accessible Federal websites and web services.
In today's web browsers, the https:// protocol (as opposed to the traditional, outdated http://) offers the strongest guarantee of reliable information and secure transmission. And since these days its use is widespread across the Internet, it only makes sense that all Federal online services will soon enforce such a secure, private connection standard. For more details and user feedback, please visit here
Why is this initiative important? And what does it suggest for a citizen-government relationship suitable in our ever-changing 21st century ?
In its on-going evolution, recently such a relationship has brought to light entirely new concepts and practices, such as digital diplomacy, e-government and online civic engagement, along with regular email or even social media exchanges between citizens and public officials. We are all getting used to access government services and information with a simple click -- in the US and elsewhere.
Today most government agencies feature dynamic and responsive websites, some even including "live chat" and smart phone apps, while many platforms employ innovative open source software and hire external IT contractors to best assist the final user to quickly cut through the red tape, access and share government resources or to engage in fruitful discussions with local authorities about important issues.
In fact, we cannot risk to have some kind of electronic thieves to access our personal data while filling up an online form or to find ways to invade our privacy. Not to mention the many cases of people who had their personal identity or sensitive info about his family stolen and used in the most inappropriate situations.
Therefore, the "HTTPS-Only Standard" initiative expands useful administrative tools already in place, such as pen testing and service audits, to ensure the security of such flow of interactive online communications -- while also protecting individual privacy and personal data. More importantly, it is a clear signal to reinforce a trusted and long-lasting relationship between government and its citizens, to improve the overall digital culture level and to increase civic engagement.
In this context, a default HTTPS protocol on all publicly accessible Federal websites and web services is a truly positive step to eventually create a better society for all, as well explained in a 10-min. video and in the same government announcement:
Hypertext Transfer Protocol Secure (HTTPS) offers the strongest privacy protection available for public web connections with today's internet technology. The use of HTTPS reduces the risk of interception or modification of user interactions with government online services.
It is worth noting that online giants like Google, Facebook, Yahoo, Mozilla, and Twitter, along with advocacy groups such as Electronic Frontier Foundation (EFF), Wikimedia and the World Wide Web Consortium (W3C) are strong supporters of such implementation. For instance, Google said that website based on the HTTPS protocol will receive a more favorable position in its search results, while EFF and Tor Project developed specific software, such as "Https Everywhere" to "force" each website we land on to adopt such secure protocol. And both Chrome and Firefox are starting to alert users when a certain website is not entirely secure, due to the lack of HTTPS protocol or to configuration errors.
Those above are just a few examples of many initiatives currently underway to protect individual privacy and security online. If the US government will actually join this effort, it will be a great step forward to improve our civic life, with clear effects worldwide. This action will drastically reduce a risk of manipulation, interception, or data theft for US or other citizens using daily the many websites under the .gov domain.
This is a positive move that deserve to be supported at any level: better privacy protection and strong security are mandatory steps toward a digital society shaped around people's needs and easily-accessible public services.