US Senator Demands All Websites be Encrypted

A New York senator has called for major US Internet sites to offer all of their web pages in secure mode. Charles Schumer says the move would help protect against theft of data through public WiFi networks.

The request involves the hypertext transfer protocol, which is the technical system used for transferring data between a website and a user, and vice versa. The protocol is available in two forms: standard (in which page addresses begin with http://) and secure (in which page addresses begin with https://).

Secure Browser Sessions Encrypted, Denoted by Padlock

In a secure connection, which is represented in most browsers using a padlock symbol, the data is encrypted and thus cannot be read by anyone other than the user's machine and the website. One of the most basic safety rules of the web is to never type financial details into a page that is not encrypted (and does not contain a padlock).

Normally, the standard http is sufficient for most ordinary web use as it's not possible (or at least rather difficult) for third parties to access the data: either it goes straight through a wired connection or is transferred from a user's computer to their router via a wireless connection that has its own encryption.

Internet Cafes Notorious Lucrative for Hackers

The problem comes with wireless networks offered as a service in public places such as coffee shops. As these are designed for multiple users, they often either have a password that's easy to get hold of, or have no password protection at all.

Data sent to and from standard http pages over such a network is considerably easier to access. Indeed, Senator Schumer points out, there are now freely available programs that automate the process of finding and accessing such data -- literally plucking it out of the air -- so that even people with limited technical knowledge can do it.

Social Networks Hacks Lead to Identity Theft

Schumer is targeting those sites which don't involve the exchange of financial information but still have a great deal in sensitive data. These include social networks where, if a hacker was able to gain access to an account, they would find enough personal information to make identity theft rather easy. (Source: pcworld.com)

Some sites, such as Facebook, offer an option to have all data sent via https://, at the expense of some features. But Schumer wants all US sites to have this as the default setting, noting that the unprotected http was "a welcome mat for would-be hackers" and that a full-scale switch to https:// was the easiest way to shut down what he calls a "one-stop shop for identity theft." (Source: reuters.com)