Move Aims to Prod Developers to Adopt Technology That Protects Against Hackers
Google Inc. wants to reward websites that are more secure.
The world’s most popular search engine said it is now giving bonus points in its ranking algorithm to Web pages that are encrypted. Google hopes the move will prod website developers to adopt technology that protects against hackers breaking into their websites and stealing users’ information.
“We hope to see more websites using HTTPS in the future,” Google said in a blog post, referring to the protocol for securing communications over digital networks.
The move is the latest, and among the most significant, steps Google has taken to make the Web more secure, efforts it has accelerated in the wake of disclosures about Internet snooping by the National Security Agency.
“This is a huge deal,” said Christopher Soghoian, a principal technologist for the American Civil Liberties Union. “This is the ultimate carrot for websites” to use encryption.
Encrypting data transmitted over the Internet adds a barrier between Web users and anyone who wants to snoop on or steal their data. That can help protect users even when they connect through unsecured Wi-Fi networks in airports and coffee shops, for example.
“If you were sending a letter with your credit-card information and Social Security number, would you send it in a secure envelope or a clear envelope?” asks Kevin Mahaffey, chief technology officer and co-founder of mobile-security company Lookout Inc. With encryption, users are, in effect, putting their data in a more secure envelope to better protect it in transit.
The desire among websites to rank highly in Google search results means Google can use its search algorithm to encourage and discourage practices among Web developers. Sites that load slowly are penalized in search rankings, for instance, while those with higher quality content get a boost. In all, Google uses more than 200 “signals” in its search rankings, most of which it doesn’t discuss publicly.
“This is a lot like consumer reports saying that the overall rating of a car is higher because it has airbags,” says Lookout’s Mr. Mahaffey.
Google said it had begun favoring encrypted sites over the past few months. Up to now, it has been a “lightweight” signal, affecting less than 1% of global searches. But it plans to boost the weighting over time.
The Wall Street Journal reported in April that inside Google, executives were discussing taking encryption into account in Web rankings.
Historically, website operators have shied away from encryption because of concerns about cost and slowing response times. Messrs. Mahaffey and Soghoian said the cost of encryption has declined, while its use by Google and Facebook Inc. suggest it doesn’t have to slow a website.
To protect its own users, Google encrypts user searches as well as email sent via its Gmail service. It has also raced to encrypt data flowing among its data centers world-wide, an effort that it accelerated following reports that the NSA had spied on that traffic. In June, Google also published a new report disclosing data about email providers that don’t encrypt emails.