From December 16, The Wire started serving its website’s contents over HTTPS, a protocol on the web that makes information transmitted between different objects on a network more secure. HTTPS colloquially stands for ‘HTTP Secure’, HTTP being the protocol that dictates how a browser communicates with a server to send and receive information about a website it is loading. With HTTP alone, the information is exposed to able interceptors when moving between the browser and the server. With HTTPS, this information is encrypted using the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol, rendering it incorrigible to everyone except its intended recipients.
An HTTPS connection effectively states that the website and the server it is communicating with have both been authenticated using a digital certificate. With it in place, an eavesdropper can’t see what articles individual readers are searching for or accessing on the site – nor can a network inject scripts on the site to display ads (the way it happened with Airtel 3G, an Israeli company and a Bangalorean blogger in June 2015). Moreover, as Edward Snowden revealed in 2013, third-party agencies like the American NSA can’t probe The Wire‘s traffic for insights without letting us know first.
This note from the Electronic Frontier Foundation discusses a variety of other threats that an HTTPS connection protects users from. And as a news site, it is also pertinent that Google search and Google News both prefer to display results that are served over HTTPS connections.
Overall, the shift signals to our readers that accessing The Wire is safe – wherever they choose to do that from. To be sure, an eavesdropper can still access the connection’s metadata (the amount of time you spend reading a page on The Wire, the size of the pages being loaded, etc.), but this information is not as sensitive as the particulars of what you’re consuming.
It is important for us at The Wire to ensure that the contents of our site are not tampered or interfered with. This achieves two things: first, our readers are promised data integrity and security; second, our journalists are assured that the stories they produce will reach their readers in the form they were intended irrespective of how controversial their contents are. This two-way protection ultimately safeguards what a UN Special Rapporteur has called a fundamental human right: the right to encryption.
Moving to HTTPS also lets us do our job as journalists with that much more peace of mind. In the first dozen or so days of December, it had emerged that the email accounts of Barkha Dutt and Ravish Kumar, both NDTV journalists, as well as of Congress vice-president Rahul Gandhi and the absconding businessman Vijay Mallya had been breached by hackers. It was unclear if the same agents had gained unauthorised entry into all these accounts – but just the fact that they chose to target journalists is cause for concern. So while The Wire‘s email servers are hosted by Google, it is only fair that at a time like this, we get serious about the security of our site as well.
Going HTTPS is one step in that direction.