You’ve probably heard about the longest Government Shutdown in US History: The one we’re in right now. This shutdown has been affecting many lives across the nation, with many federal workers having to go to work without pay. (Why don’t they just go on strike? Here’s why: It is illegal for a US government employee to go on strike. If they do, they could be fired after the shutdown is over.)
But that’s not all. SSL (Secure Socket Layer) Certificates all across the internet are expiring because of the shutdown. Many government websites have been added to something called the HSTS preload list, which is meant to ensure the security of government websites. This list requires websites to provide an HTTPS (SSL supplemented) connection every time someone attempts to access the site. Normally this would be a great feature, but without SSL, government websites are essentially broken as they are not permitted to load.
Why are the certificates expiring?
SSL certificates issued for US government websites have very short expiration periods. This is to prevent someone from getting access to them and impersonating a government website. (Which could lead to nuclear war.) Employees working in the government would renew these certificates before they expire. However, due to the government shutdown, the government is neglecting to renew these certificates. As “thesslstore.com” puts it:
“The count is now over 130, clearly certificate management is not an ‘essential function’ of government.”
Here’s why you should care
Unless you’re someone who never browses the web Even if you are someone who never browses the web, you might still feel the effects of this.
The effects of modern technology surround us in each and every moment in our lives. Especially for critical websites such as government sites, even people who are seemingly unsurrounded by any technology can feel the ripple effects.
The lack of SSL means that data transmission from the client to the server (from you to the website) is not encrypted. This is a huge security risk for government websites. Let’s say that you are applying for government benefits online, and the website requires your social security number. Without the encryption of SSL, a hacker can easily listen in on that social security number. Once a hacker gets hold of your information, say goodbye to your privacy and hello to the world of identity theft.
Experts from many
I reckon it is safe to visit the sites without SSL if you really need to, but you should not act upon any information. Without a certificate to verify their identities, who knows? Some of the websites in question may already be compromised.
We can only hope that this shutdown ends soon and federal workers start getting paid. In the end, nothing good will come out of this shutdown, and we will only suffer. The effects of this shutdown will be felt for many years to come.