Kahn also noted that there would be a performance hit for the end user as well. “I believe encryption should only be used on sites when you are passing sensitive information,” he said. “Why ask site owners to incur extra costs, use more resources, and slow down the Internet when there is no benefit?”
While small sites can transition to HTTPS or SSL relatively easily, larger sites (and advertisers) would require more reconfiguration. This would be costly, and if appropriate redirects weren’t put into place, publishers could suffer a search result stumble, at least in the short run, as Google went about the business of reranking new HTTPS URLs.
It’s also unclear whether encrypting sites would further hinder a publisher’s ability to see keyword referrals from Google Search; such referral data is often the only way that third parties can leverage Google search queries in a display advertising context. Google has already begun to encrypt paid search keyword referral data, and as a result, advertisers can’t see the terms people use to get to their sites via paid clicks on AdWords ads. (Google implemented the same kind of encryption on organic search in 2011.)
AdWords product management director Paul Feng said in an April 9th blog post that consumer privacy motivated Google’s encryption of search. Feng added that advertisers can still find insights. “Advertisers will continue to have access to useful data to optimize and improve their campaigns and landing pages. For example, you can access detailed information in the AdWords search terms report and the Google Webmaster Tools Search Queries report.”
In other words, the more Google encrypts itself, and the more it encourages – or forces – others to encrypt their sites, the more work site owners will have to do. As Feng put it, “We understand that some partners may need to make changes to their systems and operations, but we think that this is the right path forward for the security of our users searching on Google.com.”
At the SMX West conference, Cutts advocated for encryption in part because once a site is hacked, “We don’t have the time to maybe hold your hand and walk you through and show you exactly where it happened.” Google’s focus on encryption is partly a response to last year’s revelations that the NSA was taking advantage of infrastructure vulnerabilities. And encryption has been an especially hot topic in the wake of the sweeping Heartbleed vulnerability discovered in the popular Open SSL encryption scheme.