Wordpress to Implement End-to-End SSL Encryption

Wordpress to Implement End-to-End SSL Encryption
Wordpress to Implement End-to-End SSL Encryption

In the year since Edward Snowden blew the lid off of widespread government surveillance in the United States and around the world, tech companies large and small have been working to do their bit for online privacy in an effort to regain user trust. In the latest move, popular content management system (CMS) Wordpress has announced that it will be securing the connections between users and its websites by serving all *.wordpress.com subdomains over SSL only, by the end of the year.

The news comes even as Congress and the courts continue to investigate spying allegations.

Paul Sieminski, general counsel at Automattic, parent company of WordPress, said that the company has a goal to make its processes for securing user information “as transparent and protective as possible.”

“Tapping internet service providers’ undersea cables, intentionally and secretly weakening encryption products, surreptitiously collecting everything from call metadata to photos sent over the internet by US citizens — nothing was off limits,” he wrote in a blog. “Just as troubling as the revelations themselves is the fact that since last summer, little if anything has changed. Despite a lot of rhetoric, our three branches of government in the United States have not made many concrete steps toward truly protecting citizens from unchecked government surveillance.”

Last week, a federal judge ordered an emergency hearing after the Electronic Frontier Foundation (EFF) gave it evidence that the US government could still be destroying evidence of NSA spying despite a temporary restraining order (TRO) issued by the court in March.

The government argued that preserving the surveillance data gathered under Section 702 would be gravely harmful to national security programs. While the TRO remains in effect, the judge ruled that the government nevertheless did not need to preserve data collected pursuant to Section 702 until the court makes a further ruling on the issue.

"We are pleased the court is receptive to our arguments – that this is the information that court ordered the government to retain, and is an important element of our litigation," said EFF legal director Cindy Cohn, in a statement. "It's unfortunate that the court's order today allows the government to continue destroying evidence that the government itself insists we need, but we are looking forward to giving the judge all the information he needs to come to a final decision."

Meanwhile, Automattic’s Sieminski noted that individual companies should do what they can to protect internet denizens.

“In the face of intrusive surveillance, we believe that everyone in the tech community needs to stand up and do what they can, starting with their own sites and platforms,” he said. “If we’ve learned anything over the past year, it’s that encryption, when done correctly, works. If we properly encrypt our sites and devices, we can make mass surveillance much more difficult.”

He added, “We’re happy to be taking these steps and hope that the coming year brings real reform to end mass surveillance.”

What’s Hot on Infosecurity Magazine?