We regularly post on digital privacy issues here on infoDOCKET and what follows is news about a new service that the library community needs to be know about, get involved in, and if needed, utilize. User privacy is an essential part of librarianship and we, individually and as a community, need to be as vigilant with library privacy today in the digital age as we are today with print materials. Yes, it’s a challenge but this doesn’t mean it’s not worth doing all that we can do.
A lot of Internet traffic emanating from library websites is not encrypted and it should be. Visit many library web sites, catalogs, and databases and you will NOT see https (encrypted) but rather see http (non-encrypted).
The Electronic Frontier Foundation (EFF) is helping to launch a new non-profit organization that aims to dramatically increase secure Internet browsing.
Let’s Encrypt is scheduled to offer free server certificates beginning in summer 2015.
“This project should boost everyday data protection for almost everyone who uses the Internet,” said EFF Technology Projects Director Peter Eckersley. “Right now when you use the Web, many of your communications–your user names, passwords, and browsing histories–are vulnerable to hackers and others. By making it easy, fast, and free for websites to install encryption for their users, we will all
be safer online.”
Currently, most Internet traffic is unencrypted, meaning most interactions you have with websites leave your accounts vulnerable to eavesdropping by everyone from a minimally competent hacker to the U.S. government. The HTTPS protocol–in contrast to HTTP–encrypts your connection and verifies the authenticity of sites, protecting your data and personal information. EFF has been campaigning successfully for a number of years to spread HTTPS from payment pages and banking sites to email, social networking, and other types of sites. But there are still hundreds of millions of domains that lack this protection.
The new Let’s Encrypt project aims to solve that. Let’s Encrypt is a new free certificate authority, which will begin issuing server certificates in 2015. Server certificates are the anchor for any website that wants to offer HTTPS and encrypted traffic, proving that the server you are talking to is the server you intended to talk to.
But these certificates have historically been expensive, as well as tricky to install and bothersome to update. The Let’s Encrypt authority will offer server certificates at zero cost, supported by sophisticated new security protocols. The certificates will have automatic enrollment and renewal, and there will be publicly available records of all certificate issuance and revocation.
Let’s Encrypt will be overseen by the Internet Security Research Group (ISRG), a California public benefit corporation. ISRG will work with Mozilla, Cisco Systems Inc., Akamai, EFF, and others to build the much-needed infrastructure for the project and the 2015 launch.
“The Let’s Encrypt certificate authority will dramatically increase the ability of websites around the world to implement HTTPS, increasing the security of hundreds of millions of Internet users every day,” said Eckersley.
We will be watching it closely and post updates and background moving forward. We hope you take a moment to learn about what’s planned.
Direct to Let’s Encrypt