Last month The Cambodia Daily announced it was going HTTPS. In a guest post for OJB Joshua Wilwohl explains why they decided to go secure, and how they did it. (Disclosure: Joshua is a student of mine on the MA in Online Journalism by distance learning at Birmingham City University).
During the past year, The Cambodia Daily has witnessed an increase in government interest in monitoring the Internet.
This week, the newspaper revealed a government plan to inspect the network equipment, billing and data files of mobile phone operators and internet service providers.
Government officials argued this was to help with investigations into crime committed over Voice Over Internet Protocol, or VoIP.
But computer crime experts said the Government’s planned tactics could also be used to monitor people’s phone calls and Internet data. As one expert said:
“It’s a delicate balance in the national security arena between the telcos to be secure from adversary attacks and for them to be vulnerable to attacks—even by their own government.”
The revelations followed the introduction of a Cyber War Team in October to monitor and diffuse information from “websites, Facebook, Twitter, Google-plus, blogs, YouTube and other media outlets.”
Before the war team, the leak of a draft cybercrime law in April revealed the Government’s plan to punish people who publish content online that slanders or undermines the Government’s integrity.
The draft law states:
“Establishing contents that deemed to hinder the sovereignty and integrity of the Kingdom of Cambodia is a punishable offense.”
Making the site more secure
Following the leak, I started to think about how to make The Cambodia Daily’s website more secure.
I checked with our host about increased security for the server and talked with the publisher’s office about a switch from HTTP to HTTPS, or Hypertext Transfer Protocol Secure.
HTTPS helps prevent attacks and protect against prying eyes by encrypting information, but it is not infallible: Heartbleed showed us smart hackers can find a way to compromise the layer of security, or SSL (Secure Sockets Layer) certificate, which confirms the identity of a website.
I began research into switching and found, at the time, Google News did not filter HTTPS websites, and Google itself gave no additional ranking to sites with HTTPS.
We stopped the process.
Security as SEO
I started more research, read blogs, talked with our host and convinced the publisher’s office that a switch was doable—and easy.
I argued that in a post-Snowden world, more websites are becoming secure. And while news websites are slow to make the switch, The Cambodia Daily needs to stay ahead when it comes to digital media, technology and readers’ privacy.
The yearly cost averaged less than $200, including staff time.
They were convinced.
48 hours to go secure
The actual process was not too difficult (it took about 48 hours), working with our host to obtain an SSL certificate and secure an IP address.
The last few hours when we rolled out HTTPS were a bit grueling as it was the first time for everyone involved going through this process on a WordPress platform.
At 6:08 p.m. ICT December 2, HTTPS was live and we announced the change the following morning to make sure all was OK from the technical side.
The reaction from readers appears positive, and there has been little effect on our traffic—even from older browsers.