"As the operator of one of the world's most popular websites, you provide a valuable service to Internet users across America. With the privilege of serving millions of U.S. citizens, however, comes the responsibility to protect them while they are on your site."
So begins a letter sent from Senator Charles Schumer (D-NY) to many popular websites calling for them to follow Facebook's lead for security and embrace HTTPS. Schumer issued a statement asking popular sites like Amazon, Twitter, Yahoo and others to implement the more secure HTTPS protocol to prevent identity theft and help users surf the Web safely from public hotspots like the corner Starbucks.
Facebook is not generally seen as a paragon of Web security, but its recent change to allow users to connect to the site using the more secure HTTPS protocol is a step in the right direction. Facebook still has some hurdles to clear--like the fact that some features and functionality--like Facebook Chat--will not work over the HTTPS connection, and the fact that Facebook still defaults to HTTP. Users must manually enable the option to surf more securely using HTTPS. But, the users who do enable HTTPS at least have an option of using the social network more securely.
A press release from Schumer's office quotes the senator, "The number of people who use Wi-Fi to access the Internet in coffee shops, bookstores and beyond is growing by leaps and bounds, but these users are unaware that they are easy prey for hackers and identity thieves. It is scary how easy it is."
The senator is dead on. Many public hotspots offer no protection at all, and are completely open to the general public. Some--particularly many hotels--at least require a username and password to try to limit access to legitimate guests, but learning the shared credentials is generally trivial, and the traffic is still exposed to the other systems sharing that network.
Schumer explains, "Free Wi-Fi networks provide hackers, identity thieves and spammers alike with a smorgasbord of opportunities to steal private user information like passwords, usernames, and credit card information. The quickest and easiest way to shut down this one-stop shop for identity theft is for major websites to switch to secure HTTPS web addresses instead of the less secure HTTP protocol, which has become a welcome mat for would be hackers."
Senator Schumer's letter to the leading sites of the Web ends with this plea: "You have already proven yourself to be a leader in the field of Internet businesses; I hope you will take this opportunity to step up and become a leader in the field of consumer protection as well."