USPTO still an SSL laggard

In August of 2014 I blogged that USPTO needed to implement SSL (“https://”) on all of its public-facing web sites.  I also said that USPTO needed to implement PFS on all of its SSL-enabled web sites.  (SSL and PFS are security features that protect visitors from eavesdropping by third parties around the Internet.)  In that blog article I explained in detail why this is important.  As just one of many examples of why this is important, the way things are now at the USPTO, third parties could eavesdrop and learn what search terms you are using when you search for a patent or a trademark registration.

Ten months have passed.  It is now June of 2015 and USPTO has made no progress on this.  None.  Zip. Every USPTO web site that was vulnerable to this sort of eavesdropping in August of 2014 continues to be vulnerable today in June of 2015.

Now comes a directive from the White House saying the same thing now in June 2015 that I said in August of 2014.  The directive tells all federal agencies that “all publicly accessible Federal websites and web services” must “only provide service through a secure connection” meaning https://.  All agencies, including the USPTO, are required to get this done by December 31, 2016.

Let’s see how promptly the USPTO complies with this directive from the White House.

2 thoughts on “USPTO still an SSL laggard

  1. Pingback: Backwards progress at USPTO - Ant-like Persistence

  2. Pingback: Can't or won't use Let's Encrypt? Cheap SSL cert - Ant-like Persistence

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.