In the wake of revelations about the ability of the National Security Agency (NSA) to broadly capture, index, and search the contents of unencrypted Web traffic, the Wikimedia Foundation is speeding up efforts to use secure Hypertext Transfer Protocol (HTTPS) by default for site visitors and editors for Wikipedia and other Wikimedia projects. But users will need to have accounts on the foundation's sites to get that protection.

"Recent leaks of the NSA’s XKeyscore program have prompted our community members to push for the use of HTTPS by default for the Wikimedia projects," Wikimedia Foundation Operations Director Ryan Lane said in a blog post on August 1. "Thankfully, this is already a project that was being considered for this year’s official roadmap, and it has been on our unofficial roadmap since native HTTPS was enabled."

The XKeyscore program allows the NSA to perform searches against recent Internet traffic to find different kinds of data, including the raw HTTP requests made by users. This data could encompass searches on sites, content posted to those sites, and other interactions with webpages not secured by encryption. While sites such as Google and Facebook offer connections over HTTPS as an option (Google uses it by default when users are logged in, and Facebook turned on default HTTPS just one day ago), most sites on the Internet don't use HTTPS for a variety of technical reasons—including hosting configurations, increased server-side processing requirements, and the use of third-party services that fail under HTTPS. That means that traffic to most websites can be captured by XKeyscore's packet capture system.

HTTPS isn't 100 percent secure, as demonstrated in a limited fashion this week at the Black Hat security conference. And there are some indications that the NSA can decrypt at least some encrypted traffic—in a report last year, Wired's James Bamford reported that a top official had told him that the NSA had made "an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US." But at least HTTPS can prevent casual surveillance, such as the kind made possible by XKeyscore.