IT specialists like Marshall Breeding and privacy advocates like Alison Macrina of the Library Freedom Project are urging libraries and vendors to encrypt their websites and online automation and discovery systems to better protect patron privacy. Encrypting websites and networked communications requires the installation of Transport Layer Security (TLS) / Secure Sockets Layer (SSL) identity certificates and then use of the HTTPS protocol by default.
Let’s Encrypt, a new initiative, will make enabling HTTPS on library websites much easier by providing server certificates and the software required to make websites secure at no charge. Let’s Encrypt is an initiative founded by Mozilla and the Electronic Frontier Foundation, and operated by the Internet Security Research Group (ISRG). It is sponsored by Mozilla, the Electronic Frontier Foundation, Akamai, Cisco, IdenTrust, and Automattic. Let’s Encrypt is scheduled to go live in the near future; full information about the initiative can be found on their website.
Another tool available to libraries whose websites and online catalogs already support HTTPS is HTTPS Everywhere, a browser extension developed by the Electronic Frontier Foundation that encrypts online communications with websites by making them default to secure HTTPS protocols. The HTTPS Everywhere site offers guidance on using the tool to enhance the privacy and security of web communications.