March 18, 2010 | By Peter Eckersley

FTC to Internet Companies: Start Using SSL

HTTPS is the backbone of web security. The protocol, which is also commonly known as the Secure Sockets Layer (SSL), is what guarantees we can use the web to transmit sensitive information — financial, medical, or other — with relative confidence that it won't be intercepted or stolen. EFF has been arguing for years that best practices demand that all sensitive data be sent exclusively over SSL.

Unfortunately, most major providers of web-based email and other sensitive web-based services do not even give their users the option of using SSL, let alone turn it on by default. As a result, countless terabytes of sensitive data are transmitted over the Internet insecurely every day, greatly contributing to online fraud, data-theft and surveillance by authoritarian regimes.

Now, the Federal Trade Commission has officially put these companies on-notice. In a speech before an FTC roundtable yesterday, outgoing FTC Commissioner Pamela Jones Harbour called on Web services services like Yahoo!, Facebook and Hotmail to start using HTTPS/SSL encryption.

Google has recently shown leadership in this space, by enabling HTTPS for Gmail, as well as making it the default behavior so that even users who don't understand security will be protected. It's time for other services (including Google Search!) to catch up with Gmail.

As Commissioner Harbour put it:

These vulnerabilities are easily preventable. Security needs to be a default in the cloud.

We couldn't agree with her more.


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

It's International Day Against DRM! EFF calls for an end to unfair laws that lock down your stuff. https://eff.org/r.hkz5 #DayAgainstDRM

May 6 @ 10:20am

As EU politicians debate proposals to limit the free use of hyperlinks, digital rights groups stand up and say no: https://eff.org/r.68mc

May 6 @ 10:03am

EFF and 50 other groups strongly oppose @McConnellPress plan to continue Section 215 mass spying through 2020. https://eff.org/r.vz3x

May 6 @ 9:53am
JavaScript license information