Google Turns on Encrypted Search by Default for Users
This week, our federal online privacy law turns 25. The ACLU is hosting a blog series that will address some of the many reasons why the “Electronic Communications Privacy Act of 1986” (ECPA) is in need of an upgrade! Spread the word using #UpdateECPA, and to learn more about your dotRights, visit www.aclu.org/ecpa.
Today, Google announced that they will be making encrypted search the default for users who are logged into a Google account. This means that third parties, including both your Internet Service Provider (ISP) and the sites you ultimately visit (unless you click on an ad) will not be able to see exactly what you searched for. We’re happy to see Google expanding access to secure search. We hope that it will continue to expand protections like this to all searches and hope other search engines will also do the same.
What we search for on the Internet says a lot about us. Search engines are increasingly the first stop in our efforts to learn more about our health, sexuality, politics and religion, find help for challenges we face in our daily lives, and more. And the fewer people who can access our search records, the more secure our private lives will be. We still need to tell Congress that it’s time to modernize privacy law and give our digital information the legal protection it deserves — and we’re glad that Google and others have joined the Digital Due Process coalition to do just that.
But companies like Google are also increasingly recognizing that you expect them to build better privacy protections in their products and services too. The shift towards encrypted search by default is a good step in this direction, since it keeps the details of your searches hidden from prying eyes — either your ISP who sees your traffic back and forth with Google, or the link you finally click on from Google’s search results. (However, if you click on an advertisement on Google, that site will be able to see exactly which terms you searched for — and of course Google keeps a record itself and connects it to your account if you’re logged in.)
So for users who are signed in to their Google account, this is a significant step forward. We hope that Google will continue to expand encrypted search and make it the default for everyone, not just for logged-in users. But for now you can use encrypted search directly by visiting https://www.google.com (note the ‘s’ in ‘https’, which is what tells your browser to use encryption) or by using a browser plug-in like EFF’s HTTPS Everywhere to automatically connect to encrypted versions of sites and services where possible.