Last week, the Wikimedia Foundation announced that it was moving to encrypting access to all Wikipedia sites via HTTPS. This was really big news, and a long time coming. Wikipedia had been trying to move in this direction for years with fairly slow progress — in part because some in the Wikimedia community had an irrational dislike of HTTPS. Thankfully, the Wikimedia Foundation pushed forward anyway, recognizing that the privacy of what you’re browsing can be quite important.
And yet, I don’t think that was the most significant website shift to HTTPS-by-default in the last week. Instead, that honor has to go to… [drumroll please]… FBI.gov. No, seriously. This may surprise you. After all, this is the very same FBI that just a couple of weeks ago had its assistant director Michael Steinbach tell Congress that companies needed to “prevent encryption above all else.” Really. And it’s the same FBI whose director has been deliberately scaremongering about the evils of encryption. The same director who insisted the world’s foremost cybersecurity experts didn’t understand when they told him that his plan to backdoor encryption was bonkers. The very same FBI who used to recommend mobile encryption to keep your data safe, but quietly deleted that page (the FBI claims it was moved to another site, but…).
But that very same FBI that has spent the past few months disparaging encryption at every opportunity apparently went over to Cloudflare and had the company help it get HTTPS set up. No joke. The FBI.gov site now automatically pushes you to an encrypted connection. Because, no matter what the FBI says, encryption is good. And the FBI’s techies know that.
Remember how, just last week, the US CIO announced that all federal governments would be moving to HTTPS. Well, thankfully, the CIO’s office is also tracking how well it’s doing. Just yesterday, here’s what it said about FBI.gov: And, here’s what it says now: (If you’re interested, you can see the pull request at Github that has the change as well).
Either way, kudos to the FBI for letting us encrypt our connections. Now, please don’t get in the way of us encrypting our data as well.