HTTP:// vs HTTPS://
Internet Security Is Evolving For the Better

Security Certificate:  having one versus not having One

Story by Robert M Worth Jr ©2020
March 6, 2020 - updated March 7, 2020

THE STORY
This story is about all of us. Those who use the Internet to pay bills, buy stuff, provide information as well as those who provide the Internet venues such as e-commerce sites, credit, information from your bank and other financial institutions, legal, medical facilities, government, retail entities, gaming, service organizations, non-profit, and social media platforms just to name a few.  There are different kind of organizations including many self-employed artisans whether you build, create, paint, and every type entrepreneur using the Internet.  You advertise your craft, your offerings, and you do your best to keep everyone informed.  Those of us you reach out to find you via multiple means such as newspapers, TV, Radio, the Internet, printed material either stuck on our doors, door knobs, even business cards and inserts into anything imaginable.  Most all of what we read and/or produce to catch the eye of a potential seller or buyer is regulated in some form.  How we do business whether we are the consumer or the seller, one important aspect of our profile, as businesses doing business regardless of reason, is TRUST.  When that TRUST is exploited or broken, we loose faith thus how do we gain it back and how can we learn to play by the rules?  Many methods and in this story, we'll talk and write about how it is done with Security Certificates and why they are important for everyone - buyers and sellers all over the world.

image

The story involves research, months of it from many other countries as well as within the USA. Nevertheless, there is much information that if one digs into the bowls of legal documents, newspaper articles on-line and written/printed, and listening then the writer of this story is required to provide a disclaimer of the information because this writer is not a legal expert as defined by the legal establishment. The story is about  information which is being simplified (no legalize and no hidden agendas) so that you have a chance to understand the complexities of the Internet as it is today.  The writer has decades of experience with many facets of business including degrees, self-employment, owning and operating businesses, doing stuff on the Internet for-hire by many industries both service and manufacturing, medical and financial, profit and non-profit, as well as working in many of the industries through the years.  The writer has written thousands of legal documents working with a myriad of legal professionals and has a fairly decent sense of what makes it all tick.

THE INDUSTRY
The industry of the Internet does not regulate itself primarily because what makes it work is money and money tends to create illegal activities and a rationalization of why things are done one way versus another way. Because the industry does not regulate itself uniformly nor at all, government - all governments - have or will be getting into the mix to make sure the industry IS SAFE for you and your friends to use regardless of where you live, work, play, and pray. Governments everywhere are in the process or have actually passed very tough laws including heavy fines as well as potential imprisonment for failure to protect the citizens of their countries, states, wherever any viewer has access to a website within and without their borders. 

As an example, the writer lives in Indiana.  The website(s), the writer owns, are hosted in Arizona with portions of it (some of our brands) in Switzerland, California, Canada, and other countries.  We don't have a physical presence in any of those locations such as an office though our reach is there because of the Internet.  Our email servers can be anywhere including California. We have numerous legal agreements with hundreds of organizations for various kinds of stuff that we do.  We're not huge by any means and we are in a business environment doing our best to make sure we do it right and attempting to keep up with a changing world of information including the legal stuff.

THE INTERNET ADDRESS
Some of us see an address for a website and some of us do not. The address is called an URL (Uniform Resource Locator, colloquially termed a web address, is a reference to a web resource that specifies its location on a computer network)**, much like your street address where you live or where you work. They are unique. Those of us who cannot see the URL may be pressing iconic buttons to find websites. If you cannot verify the address then you are trusting an unknown entity when you access any kind of a website, even the cloned ones as well as the fake and dangerous ones without knowing you may be in danger or having your life destroyed by potential bad characters stealing your identities. The Internet, as we know it today, can be very very dangerous without regulation. All this brings us to a refinement of Internet rule changes (much of it brought on by pressure from regulation as well as an effort by many in the Internet community to implement self-regulation to a point). It's not perfect though it is getting better through technology and regulation. The writer's story covers some of the regulation that is purported to be the toughest in the free world. The "unfree" parts of the world have their own issues thus the story will not include those areas, such as China, Russia, Syria, Viet Nam, and other non-democratic regimes.

FENCES OR NO FENCES PARALELS
Some homes have fences, decorative and otherwise, around their properties. Others are wide open. Anybody and everybody, even though it is not right, trespass the open properties - mail carriers, kids cutting across the lawns, cats and dogs getting onto the properties, and other situations occur. Those with fences can keep just about everyone including animals from intruding. The same can be similar to what a security certificate provides for a website as well as your private information which you might share with a website; such as your driver's license, credit card info, date of birth, sex, ethnic background, and other stuff.  It is done with encrypting the data in such a way that it is difficult to nearly impossible for the bad actors to break through the security.

Websites with no security certificate are wide open for hacking and stealing any information you share with them; not that dissimilar to property without fences.  Their URL begins with http:// notice there is no 's' after the 'p'. This isn't a big deal unless the website asks you for information. The rules change once a contact form is placed on their website, try to sell stuff and asking for your credit card information, drop "cookies" onto your computer for tracking what you do, and any other time when you fill in a form. The new rules are mandatory because of legislation from many states and International countries.

CONTROLLING/REGULATING BAD CHARACTERS
Because of bad characters in the world, the new rules are actually laws. Laws from the European Union (GDPR***) for anyone who is a citizen. Laws from the State of California (CCPA****) for anyone who is a resident of California. The EU laws went into effect on May 25, 2018 with a two year prior notice after it was passed into law in 2016. The California law went into effect on January 1, 2020. How do these laws affect us? Again, you can have a website without a security certificate provided YOU NEVER ask for information from your viewers for any reason whether in the code (such as cookies) and on any page within the website. This includes dropping cookies on their home/office computers as well as tracking what your viewers do on their computers. The laws apply to all of us thus, if you are a resident of Germany, for example, and you see a website selling something in the USA, then let's hope you NEVER violate the European Unions laws on privacy. Because they can, if anyone checks your website, begin legal proceedings on behalf of any of their citizens. The same with California. That's what the research is showing. However, to be sure, you should contact a lawyer who is well versed in Internet Privacy Legislation to find out if you are vulnerable to legal action either by the EU or the State of California for violating their Privacy legislation because  1) You don't have a comprehensive website Page stating how you use your viewers website experience - remember your website is available world wide and  2) You do not have a security certificate for your website because your website is only accessible via http:// .  However, many companies do have security certificates though what they do to insure you get to the website which has the Security Certificate is something they know how to do within the coding. If you do your own website and you know nothing about coding, then the chances of you making it correct could be a problem. What many companies do is make it easy for their viewers who use the iconic method or don't bother using the full address. One way is to translate (via coding) http:// to https:// (it's called redirecting your browser to the correct address much like what you do when you send in a change of address request to the USPS so you get all your mail after a move) which assumes they have the actual Certificate authorized for their website. It's done because 99% of the population who use the Internet need that kind of help for, hopefully you figured it out by now, to protect you from the bad characters. Web browsers are programmed to read those certificates and if the web browser can't find one or if what is on your website does not match what is on the security certificate, the browser will not allow you access.  Sometimes, if a bad character is attempting to trick the system, the browser can be changed to forbid you from reaching anything and you'll be notified with a substantial number of warnings as well as red flags stating you will not be connected.  You'll get several warnings to that effect.

WHO KNEW WHAT, WHEN, AND WHY
Many companies, including the mom and pop organizations and many local governmental entities, don't know about these rules as they rely on others to do their work for them. The unfortunate part of this kind of processing is the regulations from the State of California as well as the European Union will hold the owners and chief executive officers responsible for violation of their laws as well as sub-contractors you hire to do your work. Remember, if you have a website for any reason, you are required by law to make sure you are protected from any liability related to that website. This means you need to ask direct questions and make sure the person who is telling you that you are "legal" will need to prove it to you. Otherwise, you may be wide open to stiff fines and possible prison time for neglecting that responsibility.  By the way, legal representation which specializes in these situations is not cheap.  Rates generally start at $200 per hour with substantial retainers required up front.  Keep that in mind if you don't want to be bothered by all this responsibility as an owner or officer of a corporation.

WHERE DOES RESPONSIBILITY STOP (WHERE THE BUCK STOPS)
You need to know that many small companies/individuals who do websites for a fee, even for free, don't know about all of the above and really don't care to know. If you are a business owner and you have people working for you that are not trained in the legal stuff nor have any idea about it, then you need to rethink how you are doing your business. If you are someone visiting a website and it doesn't have a security certificate, you need to understand that you may loose your identity as well as your money because of the lack of security. Not that it will happen though the likelihood that it could is a higher risk. If you refuse to get a security certificate then it could become a serious liability for you if any of your customers are harmed because of your negligence. That's part of the language***** in the California law. Remember, your website is world wide and anyone from any country and state can access your website. Now, your business is changing just like it would for any other legal reason.

COST - FREE TO $$$
What do security certificates cost? Up until these last two significant laws went into effect, the certificates were expensive. However, many of the hosting businesses which provide the servers for websites didn't want to loose customers so they got together with the Certificate Authority and created a basic security certificate signed by the designated Certificate Authority for you to use for BASIC NEEDS for FREE. Like Contact and other kinds of forms. There are better certificates though roughly 95% of all websites don't have a need for the ones which cost money and provide more security for such things as a website that sells goods and collects money from credit cards. As a result, this write-up is for the 95% who do not require a paid security certificate. To get that FREE security certificate you have to ask for it. It has to have your name and/or business name and must be assigned a unique number - meaning that no one else can use it as that would be illegal the way some of the laws are written.  Notice the URL of this website, assuming you can see it?  It's one of those Free Security Certificates.

COMING UP - THE NEXT STORY
Our next article, coming soon, will be about the Pages that are required by these laws to explain how you will be using the information you ask visitors to share with you.  Or, you can look at this website (ours) via the menus and see for yourself what we have done to protect our interests as well as your interests.  Our pages are evolving as we learn more and more of the details required.  Plus, the GDPR and the CCPA are also evolving.  And we haven't even begun to investigate the Canadian legislation.  The USA legislation via the Federal government isn't as tough though our resources have indicated that Congress is in the process of rewriting that code so that all Federal websites meet the GDPR and the CCPA; it's speculated that portions if not all of it will become part of the Federal changes Congress is going to make.

RESOURCES
** https://en.wikipedia.org/wiki/URL
*** https://gdpr-info.eu/
**** https://ccpa-info.com/
***** https://ccpa-info.com/home/1798-150-civil-actions/ paragraph 1798.150 - Civil actions

Indiana Web Design Viceroy Internet Marketing is featured on WDD Web Design

Contact us TODAY!

just fill in the form!

We'd love to hear from you!

We do not capture your information for any other purpose other than to respond to your message.  So as to prevent spamming by bots and other devices, we will ask you to verify the Captcha data.

RMWJR Technology or RMWJR Photography may earn an Affiliate Commission if you purchase something through recommended links on this page.

Web Management and Design/Development plus Social Networking Platforms
(616) 303-1526
USA

Top