FTC enables default encryption

The Federal Trade Commission has enabled secure encrypted browsing on its entire government website. 

The commission’s chief technologist, Ashkan Soltani, said that while the FTC had used encryption for parts of the site that handle consumer data and email subscriptions, the security would now be the default for the entire site. 


“Transit encryption is an important safeguard against eavesdroppers and has been the subject of previous investigations where we alleged companies failed to live up to their security promises when collecting personal information,” he said in a blog post. “It’s an important step when websites or apps collect personal information, and is a great best practice even if they don’t.”

Some government websites use this the security layer throughout their entire site, while others do not. Soltani noted that it is a best practice, even though it is not a requirement for federal websites “at this time.”

The encryption is signified by the HTTPS text and the lock that appears in a user’s browser ahead of a Web address. 

“As a quick primer, HTTPS encryption secures your communications while in transit with websites so that only you and the website are able to view the content,” he wrote.

Privacy advocates have been urging universal adoption of the security layer on the Web. While a tradeoff in browsing speed had previously been a concern, advocates say there have been major improvements in recent years with private investment in universal encryption. 

Soltani said the encryption is one in a number of security enhancements the commission will be announcing.

The FTC hired Soltani last October. He previously worked as a security advisor and technical expert at The Washington Post, co-authoring some stories based on leaks by Edward Snowden.