The United State’s newly appointed CIO – ex VMware Inc. man Tony Scott – has launched a new initiative aimed at making HTTPS the standard protocol for all .gov websites.

HTTPS stands for Hypertext Transfer Protocol Secure, and offers what’s believed to be the strongest possible privacy protection for public Internet connections, says a draft proposal issued by the White House’s Office of Management and Budget.

“The majority of Federal websites use HTTP as the primary protocol to communicate over the public internet,” the proposal notes. The office argues that’s a potential concern, because HTTP can “create a privacy vulnerability and expose potentially sensitive information about users of unencrypted Federal websites and services.”

“The use of HTTPS reduces the risk of interception or modification of user interactions with government online services,” it added.

HTTPS does more than just verify the identity of websites and services people try to connect to. It goes further and encrypts information sent between the website or service and users, as an additional layer of protection against hackers and cybercriminals.

Several .gov website have already switched to the HTTPS protocol, including the main White House portal. Earlier this month, the Federal Trade Commission enabled HTTPS on its website, while the Federal Register, a site that posts daily government news, has been HTTPS-enabled since 2011. But there are many government administered websites that are yet to make the switch, and that puts U.S. netizens at risk.

The White House’s proposal would see all newly developed websites be forced to adopt HTTPS at launch, while existing sites and services would be expected to initiate a phased roll-out of encryption. Sites and services that receive the most traffic, or those that deal in “sensitive” content or where personal information is exchanged would be given the highest priority. The proposal also asks that a new security mechanism, HTTP Strict Transport Security (HSTS), is enabled. HSTS is a protocol that ensures browsers always use a secure connection to the server in order to reduce insecure redirects and protect netizens from attacks that attempt to downgrade connections to plain HTTP.

“All browsing activity should be considered private and sensitive,” the proposal states. “An HTTPS-Only standard will eliminate inconsistent, subjective decision-making regarding which content or browsing activity is sensitive in nature, and create a stronger privacy standard government-wide.”

The government admits that such a move would come at a big cost to government departments, but says the benefits outweigh the cost to the taxpayer because “even a small number of unofficial or malicious websites claiming to be Federal services, or a small amount of eavesdropping on communication with official US government sites could result in substantial losses to citizens.”

The government hasn’t given any time frame on when it expects the move to HTTPS to happen, but says it is asking for feedback on the idea.

Image credit: tpsdave via Pixabay.com