March 18, 2010 | By Peter Eckersley

FTC to Internet Companies: Start Using SSL

HTTPS is the backbone of web security. The protocol, which is also commonly known as the Secure Sockets Layer (SSL), is what guarantees we can use the web to transmit sensitive information — financial, medical, or other — with relative confidence that it won't be intercepted or stolen. EFF has been arguing for years that best practices demand that all sensitive data be sent exclusively over SSL.

Unfortunately, most major providers of web-based email and other sensitive web-based services do not even give their users the option of using SSL, let alone turn it on by default. As a result, countless terabytes of sensitive data are transmitted over the Internet insecurely every day, greatly contributing to online fraud, data-theft and surveillance by authoritarian regimes.

Now, the Federal Trade Commission has officially put these companies on-notice. In a speech before an FTC roundtable yesterday, outgoing FTC Commissioner Pamela Jones Harbour called on Web services services like Yahoo!, Facebook and Hotmail to start using HTTPS/SSL encryption.

Google has recently shown leadership in this space, by enabling HTTPS for Gmail, as well as making it the default behavior so that even users who don't understand security will be protected. It's time for other services (including Google Search!) to catch up with Gmail.

As Commissioner Harbour put it:

These vulnerabilities are easily preventable. Security needs to be a default in the cloud.

We couldn't agree with her more.


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

EFF will speak at Black Hat Briefings on both government surveillance and export controls. https://eff.org/r.nilc #BHUSA

Jul 6 @ 7:14pm

Massive leak of Hacking Team docs exposes the firm selling spyware to authoritarian governments: https://eff.org/r.f6bu

Jul 6 @ 4:40pm

Newest leak of TPP's IP chapter reveals how countries are converging on anti-user copyright takedown rules: https://eff.org/r.jedp

Jul 6 @ 3:40pm
JavaScript license information