A month ago, Google rolled out its encrypted search option, which allows users exploring through https://www.google.com to seemingly search in stealth mode.
For public library and internet cafe users, bored private sector employees, and non-American Googlers, this news was heralded with great excitement and a flurry of key presses; nobody can see what we are Googling anymore! (To be fair, I must also mention that Firefox also rolled out an extension last week called HTTPS Everywhere that encrypts data between users and sites whenever possible, but I haven’t had a chance to read more on the release.)
For many other users and network administrators, encrypted searches are a minor annoyance.
For example, our K-12 Education clients that rely on federal E-rate funding for bandwidth and internet related hardware must comply with the Children’s Internet Protection Act (CIPA). Adherence to CIPA policies requires that schools design and implement a policy that monitors the online activity of minors. Allowing students to use encrypted searches, whether through Google or elsewhere, violates CIPA and a school’s qualifications for E-rate funding. Google is aware of the issue, and recently changed the url of their encrypted search to https://encrypted.google.com. Schools looking to block access to Google’s encrypted search engine should be able to do so within their URL filters or by blocking access to the above hostname.
Earlier I said that nobody could see what you were Googling when you used the encrypted search, but that isn’t exactly true. Google still tracks and compiles that data, but webmasters and others that rely on analytics and search engine data to judge the effectiveness of their sites, products and marketing campaigns will no longer see what keywords led viewers to a specific webpage when using an encrypted search. For many of our web hosting clients, this is dismal news. Small- and medium- businesses typically depend on their website as the hub of their marketing presence. If consumers are led to a site through an encrypted search, businesses will see the same statistics as if the consumer had simply typed the address in the browser without using Google’s encrypted search.
Many businesses will also find that encrypted searches are not allowed in their company Internet access/privacy policy. We typically recommend that a privacy policy read something like this:
NO EXPECTATION OF PRIVACY- Employees are given computers and Internet access to assist them in the performance of their jobs. Employees should have no expectation of privacy in anything they create, store, send or receive using the company’s computer equipment. The computer network is the property of the Company and may be used only for Company purposes. WAIVER OF PRIVACY RIGHTS- User expressly waives any right of privacy in anything they create, store, send or receive using the company’s computer equipment or Internet access. User consents to allow company personnel access to and review of all materials created, stored, sent or received by User through any Company network or Internet connection. MONITORING OF COMPUTER AND INTERNET USAGE – The Company has the right to monitor and log any and all aspects of its Computer system including, but not limited to, monitoring Internet sites visited by Users, monitoring chat and newsgroups, monitoring file downloads, and all communications sent and received by users. Failure to monitor in specific situations is not a waiver of the Company’s right to monitor. BLOCKING SITES WITH INAPPROPRIATE CONTENT- The Company has the right to utilize software that makes it possible to identify and block access to Internet sites containing sexually explicit or other material deemed inappropriate in the workplace.
If Google’s encrypted search remains an optional tool, it will remain just a minor annoyance for IT staff. But, if Google favors the encrypted search for its sole search engine, schools, webmasters and businesses may be Googling for a new search engine.