PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Feds Must Encrypt Government Websites by Dec. 2016

Stephanie Mlot
 & Stephanie Mlot Contributor

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

The White House now requires all publicly accessible federal websites and services to use a secure HTTPS connection.

Government agencies have until Dec. 31, 2016 to comply with the new HTTPS-Only Standard directive.

Unencrypted HTTP connections "create a vulnerability and expose potentially sensitive information about users," U.S. Chief Information Officer Tony Scott said in this week's announcement. That includes data like browser identity, website content, search terms, and other user-submitted details.

"To address these concerns, many commercial organizations have already adopted HTTPS-only policies to protect visitors to their websites and services," Scott continued. "[Monday's] action will deliver that same protection to users of federal websites and services."

The move comes after the ACLU in April alerted Scott to "dozens" of inspectors general (including those at the Departments of Justice and Homeland Security) who did not use HTTPS for online whistleblower complaints, including disclosures of waste, fraud, or abuse.

That includes the Departments of Agriculture and Treasury, the Consumer Product Safety Commission, the Corporation for Public Broadcasting, the U.S. International Trade Commission, the National Archives, and the Smithsonian. Not to mention the State Department's "Rewards for Justice" online terrorism tip line.

The danger lies in the transmission of information. When someone visits one of these official sites to file a report, their tip could be intercepted, putting not only the whistleblower's identity at risk, but also the confidentiality of their intelligence.

The White House's new memorandum, however, aims to patch those loopholes—albeit over an 18-month period.

The government's technical assistance and best practices are available online. The public can keep an eye on the conversion process via the Pulse dashboard.

"It is critical that federal websites maintain the highest privacy standards for the users of its online services," Scott said this week. "With this new action, we are driving faster Internet-wide adoption of HTTPS and promoting better privacy standards for the entire browsing public."

According to Politico, the Office of Personnel Management database breached by hackers was not encrypted, despite the fact that it housed sensitive information like Social Security numbers.

About Our Expert

Stephanie Mlot

Stephanie Mlot

Contributor

My Experience

  • B.A. in Journalism & Public Relations with minor in Communications Media from Indiana University of Pennsylvania (IUP)
  • Reporter at The Frederick News-Post (2008-2012)
  • Reporter for PCMag and Geek.com (RIP) (2012-present)

My Areas of Expertise

  • Science & Space
  • Video Streaming Services
  • Social Media
  • Cars & Auto
  • Education

The Tech I Use

  • iPhone 12 Pro
  • MacBook Air (hooked up to a 23-inch Dell monitor)
  • Google Chrome
  • Google Drive
  • Soundcore Life P3 earbuds
  • Various Amazon Echo devices

Read the latest from Stephanie Mlot

Read full bio