In midst of the talks surrounding encryption, the US Senate implements encryption

us senate

The decision to migrate to HTTPS on the US Senate’s website comes on the heels of an Obama era announcement that was made back in 2014. As a part of this initiative, the White House has directed all federal agencies to migrate all existing websites to HTTPS by the end of this calendar year.

This move from HTTP to HTTPS shouldn’t come as a surprise considering the mounting number of data breaches and cyber-attacks, including during the 2016 US election. Enabling HTTPS using an SSL certificate encrypts any data transmitted between a visitor and the server of a website, thereby protecting the user’s privacy and the integrity of the website being visited.

The entire process of migrating the US Senate website to HTTPS has lasted for more than a year as the Senate website had a massive list of assets, domains, and subdomains. The legal boundaries didn’t help either.  Having said that, this thankless endeavor should be welcomed with open arms as it not only thwarts any attackers’ attempts to intercept and ambush sensitive information while also paving the way for the private sector to take cyber security seriously.

Someone frequently visiting the senate website wouldn’t notice any difference to the site except for the fact that the website now includes a green padlock, and the US Senate’s name written in green in the address bar of the browser. This green address bar shows that the Senate is using an EV SSL certificate that has been installed on the server(s) of its website.

Now you might be wondering what an SSL Certificate is and what they do. An SSL (Secure Sockets Layer) certificate is a technology by means of which any data being transmitted between the web browser and the web server can be encrypted into an unreadable format by means of a cryptographic key. Simply speaking, an SSL certificate has the same function as an envelope seal— keeping the information secured.

Primarily, there are mainly three types of SSL certificates: Domain Validated (DV), Organization Validated (OV) and Extended Validated (EV). The one having been installed on the senate website is an EV SSL certificate.

Let’s have a closer look at the EV SSL certificates.

EV SSL Certificate: The Best Mode of Authentication

The entities most likely to embrace EV SSL certificates are typically large organizations, business websites, government, and e-commerce websites. The reason for all these responsible organizations making use of EV SSL is because it provides the highest level of authentication. The issuance process of an EV SSL has been designed to be stringent and precise to ensure the legitimacy of the website owner and his/her business.

Having an EV SSL certificate installed on a website equips the website with a green address bar and a site seal. This green address bar works as a compelling catalyst for stimulating the trust of the visitor, thereby uplifting his/her confidence. Numerous studies around the world indicate that customers heavily prefer websites with EV compared to the non-encrypted websites.

Bearing in mind the aforementioned benefits, almost all leading e-commerce websites all over the world trust EV SSL. Independent research has proven that it both raises conversion rates and boosts trust in consumers.

The Encryption Era is Well and Truly Here

There has been a lot of talk surrounding encryption, especially after the San Bernardino attacks. In the past, the government has tried to get access to information by pushing the encryption backdoor. The issue still remains up in the air and we should expect some heated debates to take place inside Congress in the near future.

As far as the future of encryption is concerned, its acceptance and proliferation are, without a shadow of a doubt, bound to continue upwards. The browser community consisting of tech giants such as Google, Mozilla, and Microsoft has decided to start labeling non-HTTPS sites as nonsecure. We are not saying that HTTPS is a one stop solution for everything, but it is surely a right move in the right direction.

After all, as they say, ‘Change is the only constant.’

Resource to Read


Welcome to Savvy Security, a blog focused on providing practical cybersecurity advice for website owners and small businesses. Our team brings you the latest news, best practices and tips you can use to protect your business...without a multi-million dollar budget or 24/7 security teams.