A year ago, if your site wasn’t using a web security protocol called HTTPS, the only folks likely to complain were tech-savvy consumer activists. Today, you might be likely to get a letter of concern from a U.S. senator. In fact, Sen. Charles Schumer (D-New York) has formally asked Twitter, Amazon (NSDQ: AMZN), and Yahoo (NSDQ: YHOO), to start employ HTTPS as the default option on their sites. The senator’s attention appears to have been focused by Firesheep, a hacking program released in October that demonstrated how easy it is to grab users’ private data from the public WiFi networks commonly found at coffee shops and bookstores.
“It is scary how easy it is,” stated Schumer, noting that public WiFi networks were likely to be a happy hunting ground for spammers, hackers, and identity thieves.
Schumer’s request comes just a few weeks after Facebook announced it will give users the option of using HTTPS throughout the site. A lawyer with the Federal Trade Commission called on websites to beef up site security with HTTPS last year, but it’s the release of Firesheep appears to have put some real urgency into calls for greater security.
Some web publishers use HTTPS security on sensitive parts of their sites, such as login pages or checkout pages where users might type in credit card information, but security researchers say it’s safest to just use HTTPS, which is also called Secure Socket Layer or SSL, throughout the site. CNET, which first reported on Schumer’s letter, notes that Amazon already uses HTTPS on login and checkout pages.