White House pushes for HTTPS on all US federal websites

President Barack Obama's chief information officer (CIO) has issued a memorandum which requires that all information that is readily available to the public including federal websites and web services should only provide service via a secure connection.

“The strongest privacy and integrity protection currently available for public web connections is Hypertext Transfer Protocol Secure (HTTPS)”.  The memorandum is allowing federal agencies a 31 December 2016 deadline to adopt this standard.

Unencrypted HTTP connections cause vulnerability and have potential to expose sensitive information about users of unencrypted federal websites and services.  The data may include browser identity, website content, search terms, and other information submitted by users. 

In order address these concerns, many commercial organisations have adopted HTTPS-only policies to protect visitors to their services and sites.  This action will deliver the same protection to users of federal websites and services.

By always using HTTPS, web services won't have to make judgment calls about what is “sensitive”, in turn leaving less room for error and making arrangements simpler and more consistent.