You probably don’t even notice it anymore. Connect to a website, and you’re likely to find a small lock symbol in the upper left corner of the address bar.
Sites with the lock indicator are built and displayed with encrypted content. Today, for the first time, the average volume of encrypted internet content is greater than unencrypted content. Reaching this point is an important milestone for web security.
With the rising tide of web encryption, it’s time to look forward. What does this latest technology news portend for the future of cyber security?
What’s Locked Up
The small lock symbol indicates the website was built using the https protocol as opposed to http. With https, it’s much harder for internet service providers and government agencies to see what you’re looking at, though it does not completely hide that you’re surfing a specific site.
The https builds also can give you confidence that you’re viewing the content the site’s authors intended you to see, instead of compromised or hacked content put there by a third party.
Https or secure socket layer (SSL) protocols have been around since 1995, originally used primarily as a way for sites to process credit card transactions. SSL’s successor function, transport layer security (TLS), offers online payments as well as broader site encryption. However, TLS certificates cost money and require technical know-how that any smaller companies were not able or willing to invest.
In recent years, those costs have largely disappeared. Sites like WordPress and Squarespace offer the security functionality free of charge to users. Cloud-based companies like Amazon offer free encryption certification training programs.
While https is not a perfect solution that can keep away all bad actors, it’s still the best viable option out there.
Implications for 2017
There are a number of important implications to the new security measures. Google, for one, has started to mark any sites built with http as insecure.
Big tech companies and government agencies will continue to be at odds. Remember that it was just last year that Apple refused a court order to unlock an encrypted iPhone that the FBI wanted to investigate the San Bernardino shootings.
Law enforcement agencies would like a backdoor password that would allow for access as needed. Tech companies are generally resistant to the idea. Instead, they are making it more difficult to access personal information. Google and Android, for example, now hide devices’ Mac addresses from both over-the-air detection and from apps. For now, they are siding with users.
As tech companies and government agencies battle it out about the future obligations for cracking encrypted data, companies are already beginning to explore what’s next.
What the Future Holds
Computing power and speed continually gets stronger and faster, respectively. That means that tools such as https will eventually become more exposed to potential hacks.
That’s why companies are hard at work on the next wave of encryption technology. Google is working on post-quantum cryptography, which keep sites safe from high-power, high-speed quantum computers.
The landscape for encryption will inevitably change. But, for now, the web is a safer and more secure space than it ever has been.