In a recent article, we discussed why patent researchers should use HTTPS as much as possible when using the web to do sensitive research.
Here is a list of 4 key questions to ask when evaluating your research resources for HTTPS goodness.
1. Is there an option to use HTTPS at all?
Many popular services such as Facebook, Youtube and Gmail are now moving toward using HTTPS by default, as way of protecting both the privacy of users and the security of their login credentials.
However, HTTP is still the default method for communicating with most websites. In fact, many US government sites — including, it seems, the USPTO patent database — still use HTTP rather than HTTPS as a default, although there is currently an initiative to move to HTTPS as a standard for all Federal government sites.
2. Is your username and password sent to the service provider over a encrypted connection?
This one seems like an obvious question: but it is a question you must ask. The answer is not always what it should be.
Your password and username are the most valuable pieces of information for would-be attackers. LexisNexis® TotalPatent® always sends your username and password using HTTPS, even if you choose not to encrypt the rest of your session.
3. Can you use HTTPS for your entire search session?
Your login information is not the only sensitive information you might transmit during a search session. The actual content of your searches — the keywords you use, the assignee names you search, and even the names of your work files — all of these bits of information can provide valuable competitive information.
When logging in to TotalPatent®, you have the option to encrypt the entire search session via HTTPS. Just check the box beside the option “Use a secure connection (SSL) for the entire session”. I personally believe using HTTPS whenever possible is your best practice.
If you choose not to secure the entire session, be sure that you understand the risks associated with the environment you are working within.
4. Does the HTTPS site perform well?
HTTPS does have a reputation for slowing sites down, or for creating unexpected glitches when retrieving web pages. As the Electronic Frontier Foundation notes, HTTPS sites must be set up carefully in order to correctly deliver web applications. Moreover, the additional steps of encrypting and decrypting data between web browsers and servers can further slow down communications.
Nothing is more frustrating than trying to follow the correct protocols for optimum security and privacy only to find that the “secure” version of the resource is essentially unusable because of huge lag times. And I have experienced noticeable slowdowns with the HTTPS versions of some sites. Thus far, I have not noticed any significant issues on TotalPatent® when using HTTPS to secure my entire session.
If you are testing out a service provider, be sure to compare performance under both HTTP and HTTPS using the conditions under which you would normally search. The option to use HTTPS means little if performance lags make using the option impractical.