Google Chrome, the most widely used Internet browser, has officially started warning users that unencrypted Web pages are “not secure.” Among those “not secure,” as of Aug. 9: The front pages of the official government websites for 14 states and four of the nation’s 10 most populous cities. Encryption — most easily represented with an “HTTPS” rather than “HTTP” in front of a site’s Web address — is the practice of encoding data traveling between a website and its visitor so that any third parties who are able to peek into the data don’t know what’s happening. With encryption, users can reasonably expect that their connection is private. Without it, bad actors can do things like steal information and change a Web page’s content without the user realizing it. It has become more or less the standard for the Internet. According to Google, 93 percent of Web traffic on Chrome takes place on encrypted pages. The tech giant started labeling non-HTTPS pages as “not secure” to push laggards toward encryption.
“Historically, that’s when you would encrypt websites … when there was sensitive information like payment card data,” said Andrew Hanks, Montana’s chief information security officer. “Back a decade ago, it was expensive to encrypt, to get the certificates to work. Now that’s not the case and encryption is the standard.”
Google’s tactic appears to be working. The number of government websites without encryption on the front page has actually been dropping somewhat quickly. Since the last time Government Technology checked in on this subject in March, 15 states — Arkansas, Connecticut, Indiana, Kansas, Kentucky, Maine, Michigan, Montana, New Jersey, New York, Oregon, Rhode Island, South Carolina, Washington and Wisconsin — have all encrypted their front pages. Two of the 10 biggest cities — New York City and San Antonio — have done the same.