RE: Preparing to Publish HTTPS Finding from Domenic Denicola on 2014-12-31 (www-tag@w3.org from December 2014)

From: Domenic Denicola <d@domenic.me>
Date: Wed, 31 Dec 2014 02:48:02 +0000
To: "Eric J. Bowman" <eric@bisonsystems.net>, Daniel Appelquist <appelquist@gmail.com>
CC: TAG List <www-tag@w3.org>, Ian Jacobs <ij@w3.org>
Message-ID: <CY1PR0501MB1369442B004C7A7EC450DF68DF5F0@CY1PR0501MB1369.namprd05.prod.outlook.>

Deploying HTTPS has no liability implications anymore than deploying HTTP does.
________________________________
From: Eric J. Bowman<mailto:eric@bisonsystems.net>
Sent: ‎2014-‎12-‎30 21:40
To: Daniel Appelquist<mailto:appelquist@gmail.com>
Cc: TAG List<mailto:www-tag@w3.org>; Ian Jacobs<mailto:ij@w3.org>
Subject: Re: Preparing to Publish HTTPS Finding

Would it hurt to discuss liability? Website owners can't be held liable
for content visitors contribute to their sites, why make them liable
for the privacy of content visitors access on their sites? Isn't serving
HTTPS taking responsibility for visitor privacy, thus incurring
liability if that privacy is violated by a third party?

(Assuming I mean implementing ubiquitous HTTPS for privacy, vs. just
using HTTPS to collect data my TOS assures users won't be used. The
latter is privacy I'm willing to guarantee. The former, isn't.)

While that may be fine for large content providers (YouTube, banks) with
legal departments, the equation is different for small businesses
serving "brochure" content that doesn't need encryption. Does providing
that encryption come with a liability cost, elevating the potential
expense of hosting brochure sites to that of hosting bank sites?

If so, is it an interim effect which diminishes with HTTPS adoption?
Will HTTPS achieve enough ubiquity to mitigate this potential liability?
Or, would this potential liability drive content providers to the likes
of Facebook, at the expense of independent Web Developers?

-Eric

Received on Wednesday, 31 December 2014 02:48:33 UTC