Google May 21 began adding SSL (Secure Sockets Layer) encryption for its search engine, a direct response to the company's accidental collection of users' personal information in countries all over the world. When users search from the URL https://www.google.com, the SSL creates an encrypted connection between the user's browser and Google to better shield users' search terms and search results pages from being intercepted by a third party, including an errant drive-by from Street View cars roving their neighborhood to capture pictures for Google Maps.
Google May 21 began
adding SSL (Secure Sockets
Layer) encryption for its search engine, a direct response to the company's
accidental collection of users' personal information in countries all over the
world.
The search engine May 16
admitted that its Street View cars that patrol city streets to
record images had unknowingly collected users' payload data from unsecured WiFi
networks. This included e-mail, passwords and browsing information.
This resulted in the collection of more than 600 gigabytes of users' data
over the last three years. This invasion of privacy is not being countenanced
by the
European Union or individual countries where Street View collected
citizens' data,
including the United States, Germany, Italy, Spain, France and the
Czech Republic.
Google promised to offer SSL encryption,
a sturdy security protocol used by banking and e-commerce sites, for users who
want to protect information shuttled between their computers and Internet
services. SSL offers a "significant
privacy advantage over systems that only encrypt log-in pages and credit card
information," noted Google Software Engineer Evan Roseman.
When users search from the URL https://www.google.com, the SSL
creates an encrypted connection between the user's browser and Google to better
shield users' search terms and search results pages from being intercepted by a
third party, including an errant drive-by from Street View cars roving their
neighborhood to capture pictures for Google Maps.
The service features this
modified logo to show users that they are searching using SSL.
Roseman
noted that SSL for Google
search is rolling out to beta because it only covers the core search engine.
Indeed, a quick query on the Google SSL
search domain displayed none of the usual topic tabs at the top, such as Google
Maps, Image Search and shopping, which don't support SSL.
Should users click on any of the Web results for unsupported services linked to
Google Images, they will likely be taken out of SSL
mode, Roseman said.
Moreover, he said there might be a lag time for search results because SSL
connections require additional time to set up the encryption between the
browser and the remote Web server.
Google has long offered SSL for Gmail,
Google Docs and other services, but most users aren't Web- or security-savvy
enough to know about them or why they might want to elect to turn them on to
better protect their data.
Privacy advocates have been calling for Google to SSL-enable
its search for years; the WiFi privacy gaffe accelerated Google's plans to
offer SSL for search.
SSL for search may be a small
consideration for countries affected by Google's WiFi debacle, known in the
media by privacy watchdogs as WiSpy. But it's not a long enough olive branch
that will silence the complaints.
Governments overseas are
hammering Google hard for this misstep, which will lend muscle
to arguments that Google should be regulated. U.S.
regulators have yet to formally complain, but it's quite possible the FTC or
Justice Department may scrutinize the issue.
This isn't the first time Google has turned to SSL
as a default security setting as a reaction to a security and privacy breach.
The company
turned on HTTPS as the primary setting for Gmail one day after
revealing that the Gmail accounts of users had been accessed in
a Chinese cyber-attack.
Email
Print
