W3C home > Mailing lists > Public > www-tag@w3.org > December 2014

Re: Preparing to Publish HTTPS Finding

From: Eric J. Bowman <eric@bisonsystems.net>
Date: Tue, 30 Dec 2014 19:37:51 -0700
To: Daniel Appelquist <appelquist@gmail.com>
Cc: TAG List <www-tag@w3.org>, Ian Jacobs <ij@w3.org>
Message-Id: <20141230193751.8af649732aad04327cb487cf@bisonsystems.net>
Would it hurt to discuss liability? Website owners can't be held liable
for content visitors contribute to their sites, why make them liable
for the privacy of content visitors access on their sites? Isn't serving
HTTPS taking responsibility for visitor privacy, thus incurring
liability if that privacy is violated by a third party?

(Assuming I mean implementing ubiquitous HTTPS for privacy, vs. just
using HTTPS to collect data my TOS assures users won't be used. The
latter is privacy I'm willing to guarantee. The former, isn't.)

While that may be fine for large content providers (YouTube, banks) with
legal departments, the equation is different for small businesses
serving "brochure" content that doesn't need encryption. Does providing
that encryption come with a liability cost, elevating the potential
expense of hosting brochure sites to that of hosting bank sites?

If so, is it an interim effect which diminishes with HTTPS adoption?
Will HTTPS achieve enough ubiquity to mitigate this potential liability?
Or, would this potential liability drive content providers to the likes
of Facebook, at the expense of independent Web Developers?

-Eric
Received on Wednesday, 31 December 2014 02:38:13 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:33:27 UTC