March 18, 2010 | By Peter Eckersley

FTC to Internet Companies: Start Using SSL

HTTPS is the backbone of web security. The protocol, which is also commonly known as the Secure Sockets Layer (SSL), is what guarantees we can use the web to transmit sensitive information — financial, medical, or other — with relative confidence that it won't be intercepted or stolen. EFF has been arguing for years that best practices demand that all sensitive data be sent exclusively over SSL.

Unfortunately, most major providers of web-based email and other sensitive web-based services do not even give their users the option of using SSL, let alone turn it on by default. As a result, countless terabytes of sensitive data are transmitted over the Internet insecurely every day, greatly contributing to online fraud, data-theft and surveillance by authoritarian regimes.

Now, the Federal Trade Commission has officially put these companies on-notice. In a speech before an FTC roundtable yesterday, outgoing FTC Commissioner Pamela Jones Harbour called on Web services services like Yahoo!, Facebook and Hotmail to start using HTTPS/SSL encryption.

Google has recently shown leadership in this space, by enabling HTTPS for Gmail, as well as making it the default behavior so that even users who don't understand security will be protected. It's time for other services (including Google Search!) to catch up with Gmail.

As Commissioner Harbour put it:

These vulnerabilities are easily preventable. Security needs to be a default in the cloud.

We couldn't agree with her more.


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Depende de los legisladores el rechazo al #TPP https://www.eff.org/es/deepli...

Feb 5 @ 8:04pm

Laura Poitras and her EFF lawyers stand with previously classified surveillance docs now on display at the Whitney

Feb 5 @ 11:55am

Activists say Twitter is 'leaving them in the dark' over state-sponsored attack claims: http://www.theguardian.com/te...

Feb 5 @ 10:46am
JavaScript license information