For many organizations, dealing with HTTPS traffic is something of a double edge sword. Recent moves to encryption challenge the status quo in terms of organizational oversight. Finding a balance between competing interests will be critical to moving forward, but while present technology limitations hamper those efforts, technological advancements can enhance them.
Moving Toward Encryption
On October 2nd, of 2014, Google made the move to default strong SSL encryption in all of their products. While at the time, several of the major players like Facebook and Twitter were already pushing HTTPS traffic, this move from Google signaled the end was in sight for the unencrypted internet. Even Wikipedia, one of the last major holdouts of unencrypted traffic moved to SSL encryption on June 12th, 2015.
The impetus behind the change seems to be based largely on security concerns, where protecting user privacy is paramount. The object of the security concerns, however, seems to be somewhat muddled. While protection from hackers seems to be a widespread area of concern, the oft less stated concern is political freedom; there seems to be as much a concern in the age of information that people are protected from their governments as they are from would-be spies. Even non-governmental organizations can come under scrutiny for placing too many or undue restrictions on user’s online behavior.