In the wake of increased concerns about security on the internet, Google is rumored to be considering a boost to sites that use encryption. If it happens, the change would work to increase the security of the internet. The plan is in the early stages and the search giant has yet to comment. This post will discuss the rumors and what small business owners should be doing about their site’s security.
Encrypting the data sent over the internet between private parties will make it harder for the anyone to snoop on the communication. When data is encrypted, only the parties with the encryption key can read the data. This means that if an entity (e.g. NSA) were to intercept the traffic, the data they received would be useless because they didn’t have the key. In March, Google announced they would begin encrypting all mail sent on their servers.
The fact that Matt Cutts, Google’s head of spam, mentioned the idea of adding encryption to the algorithm in the past adds credence to the report. Many of the things Cutts has mentioned in previous statements were eventually worked into updates of Google. As of now, Google has remained silent on the discussions. All that has been reported so far has come from off-the-record sources.
According to the WSJ blog written by Rolfe Winkler, “Cutts also has spoken in private conversations of Google’s interest in making the change, according to a person familiar with the matter. The person says Google’s internal discussions about encryption are still at an early stage and any change wouldn’t happen soon.”
Beyond being part of the larger discussion on the importance of internet security, Google’s move reflects the company’s desire to give the search results that people want. In the wake of all of the security-related issues, people want to make their internet search experience as secure as possible. If given the choice between a site with encryption and one without, they would almost certainly choose the secure site.
Winkler spoke to Eric Butler, a software developer who, designed an extension for the Firefox browser called Firesheep that snooped on users logging into insecure websites back in 2010. The program allowed a Firesheep user to impersonate that person at the push of a button.
“All websites should be using [encryption] everywhere with no exceptions,” Butler said in the WSJ article.
The decision could also be a marketing boon for the company. If Google were to make this change, it would be something (else) that sets that the search giant apart from it’s smaller, but tenacious rivals. Google controls more than two-thirds of the market share for searches, but Bing has been nipping at the heels of Google for some time. In the latest ComScore rankings, Bing gained usage share while Google has lost some (though it’s only a 0.1 percent change). If Google becomes the search engine that provides search results that are better encrypted, the company may be able to win over some the users on other search engines.
The recent situation the Heartbleed flaw is a double-edged sword for those promoting these changes at Google. If Google gives preference to one form of encryption over another (e.g. SSL) the use of encryption would increase, making the web more secure for everyone. However, if there is vulnerability in the encryption method, as there was in SSL for a couple of years, then Google’s decision would spread the damage caused by any such flaw. As in the environment, the best defense against a widespread infection event is diversity. Putting all of the security eggs in one basket (one format) means that every criminal is trying to punch holes in bottom, and if the bottom falls out, there will be a very huge mess.
As the WSJ post indicated, Google hasn’t made any formal decision about the change, or, for that matter, acknowledged the discussion. Any potential change wouldn’t happen for a while. In the meantime, website owners should work to add encryptions to the site if the site utilizes personal identification data in any way (e.g. usernames and passwords). As more and more people become attuned to the security of the websites they visit, having encryptions in place may be what separates one site from another.
Whether Google gives a boost to encrypted sites or not, the trend of the internet will to greater information security, not less. Business owners should make sure their sites are ahead of the curve on this, instead of waiting for their traffic to drop before they consider improvements.