Federal agency watchdogs must implement Web encryption as soon as possible to protect information submitted by whistleblowers, privacy advocates wrote to a White House official this week.
The American Civil Liberties Union (ACLU) urged U.S. Chief Information Officer Tony Scott to hasten efforts to convert federal websites to the more secure HTTPS system. Internet hotlines maintained by inspectors general must be upgraded immediately, the group wrote.
{mosads}“At least twenty-nine inspectors general surveyed by the ACLU do not currently use HTTPS to protect sensitive information submitted through their online ‘hotlines,’” including the Departments of Justice and Homeland Security, the letter stated.
“That these sites do not use HTTPS to protect the submission of sensitive information (and likely never have used it) raises serious questions regarding the technical competence of the respective inspectors general and their ability to adequately protect sensitive information from cyber threats.”
Encrypting data online bars users from intercepting it. HTTPS websites are standard for commercial enterprises online, and are increasingly the norm for major companies’ Web pages.
Scott is heading up an effort to convert federal websites to HTTPS. The White House upgraded its system earlier this year, joining a handful of other federal agencies and projects that use encryption.
The ACLU noted that the State Department’s “Rewards for Justice” program, which allows people to submit information about terrorists, is also not encrypted. The group urged State and other agencies that collect sensitive information to use a trusted whistleblowing platform such as Secure Drop.