Study finds about half of Web traffic is encrypted

Getty Images

About 49 percent of Internet traffic is encrypted, according to a new study released Monday. 

That is a 36 percentage point jump from April 2014, when only about 13 percent of traffic was being encrypted. The results Monday confirm other studies that have seen a large uptick in encryption, with the increase predicted to continue.

ADVERTISEMENT
The study found that 24 of the top 50 sites encrypt their traffic by default, usually signaled on a users’ browser by a lock and the letters “https” ahead of the web address. The study also found 42 of the top 50 sites either encrypt by default or shift to encryption after log in. 

The study was conducted by Peter Swire, the former chief privacy counsel for President Bill ClintonBill ClintonOvernight Finance: Obama signs Puerto Rico bill | Trump steps up attacks on trade | Dodd-Frank backers cheer 'too big to fail' decision | New pressure to fill Ex-Im board Conservative group asks for probe of Lynch-Clinton meeting Trump: TPP will make NAFTA 'look like a baby' MORE and a professor at Georgia Tech’s business school.

The broader report is aimed at figuring out what kind of information Internet service providers, like Comcast and Verizon, can gain from their customers’ Web histories. 

The report was partially funded by Broadband for America, a group that represents many in the Industry and has an interest in seeing lighter regulation.   

The Federal Communications Commission is soon planning to release proposed rules to regulate Internet service providers’ privacy practices — one of the unfinished pieces of the agency’s net neutrality rules approved a year ago.

The rules will govern providers that offer Internet service, not other web companies like Google and Facebook, whose privacy practices are still governed by the Federal Trade Commission.  

Swire said his research sought to dispel myths that Internet service providers have a comprehensive and unique ability to create detailed profiles of its users. He said the increases in encryption and customers’ use of multiple Internet connections and devices has limited the reach of those companies. 

When customers access a website, an Internet service provider can usually see the granular details of the web pages when it transfers that data. However, when a customer is browsing an encrypted website, the provider can usually only see the top level domain name. 

For example, if an individual was conducting a Google search, the Internet service provider would only be able to see that the user was on Google.com, not the actual search results. 

Swire did not make any policy recommendations, but he said those top-level domains are “not a rich data source,” especially when compared to the kind of information that social media companies and search engines can glean.  

However, public interest groups that are calling for strong FCC rules say that even limited top level domains can offer intimate details about a subscriber’s health or political views. 

“A subscriber’s history of domain name lookups could also be used to more accurately predict certain attributes about a subscriber like gender, age, race, income range, and employment status,” according for the Open Technology Institute. 

“Without appropriate regulatory safeguards for broadband traffic data such as DNS queries, these inferences could be made available on the open market, without specific notice or affirmative consent from the subscribers whose lives are being examined.”