19 Dot-Gov Domains to Use HTTPS Encryption By Default -- But Not WhiteHouse.gov
HTTPS ensure sensitive data aren’t encoded in plain text format and makes it more difficult for interlopers to redirect visitors to a different site.
A handful of public-facing government websites are hardcoding a security protocol that would make it more difficult for outsiders to intercept a visitor’s connection, the General Services Administration’s roving tech team 18F announced in a blog post Monday.
When visitors type “aids.gov” into Chrome, Firefox and Safari, for instance, the browsers should redirect them to the HTTPS version of the site, which uses a more secure connection. These changes are slated to take effect sometime in 2015, according to 18F.
Hypertext transfer protocol secure, or HTTPS, is designed to ensure sensitive data such as passwords aren’t encoded in plain text format and makes it more difficult for interlopers to redirect visitors to a different site.
Nineteen government teams are preparing to hardcode certain dot-gov domains as HTTPS-only, according to 18F. These include the Inspector General for the United States Postal Services’ sensitive complaint forms, the Federal Trade Commission’s Do Not Call Registry, and NotAlone.gov, an online source for information related to sexual assault. The District of Columbia’s online repository of laws and resolutions is also among them.
Notably missing from the list is the White House’s main Web portal, WhiteHouse.gov.
“We’ve publicly asked them” to make the change to HTTPS-only, 18F member Eric Mill said in an interview, though he added that White House officials have so far “given a positive indication” they are considering it. The Office of Management and Budget did not respond to a request for comment.
The 19 groups GSA cited in its blog post aren’t the only dot-gov domains to use the protocol, but they are among the first to hardcode it into browsers, Mill said.
NEXT STORY: How Congress can make cyber reforms real