New Article: EFF on “What Every Librarian Needs to Know About HTTPS”

From the Electronic Frontier Foundation:

However, simply protecting patron records is no longer enough. Library patrons frequently access catalogs and other services over the Internet. We have learned in the last two years that the NSA is unconstitutionally hoovering up and retaining massive amounts of Internet traffic. That means that before a patron even checks out a book, their search for that book in an online catalog may already have been recorded. And the NSA is not the only threat. Other patrons, using off-the-shelf tools, can intercept queries and login data merely by virtue of being on the same network as their target.
Fortunately, there is a solution, and it’s getting easier to deploy every day. HTTPS, the secure version of HTTP, encrypts all traffic between a web browser and a server. The conventional wisdom of the 1990s was that HTTPS was only necessary to protect credit card numbers and passwords. But that opinion has changed for two reasons: First, it’s become clear how frequently information is spied on for non-financial reasons, and second, improved algorithms and processing speeds have made HTTPS dramatically cheaper. For instance, Google reported only a 1% increase in CPU costs from deploying HTTPS. The other former cost of HTTPS, obtaining a certificate, has gone from very expensive to completely free over the last decade. It can be complicated to obtain and configure even a free certificate, but EFF, Mozilla, and several other organizations are working to eliminate the hassle with a new project called Let’s Encrypt, which will offer certificates that are both free and easy to set up.

Read the Complete Article
See Also: Project Muse Moving to SSL, HTTPS URLs Will Begin Appearing This May
See Also: Coming Soon: Bibliocommons Will Expand Use of SSL To Include Entire Search Process
See Also: EFF and Others Launching New, Free Certificate Authority to Help Increase Encrypted Internet Traffic (November 18, 2014)

Filed under: Associations and Organizations, Data Files, Libraries, News, Patrons and Users