(Bloomberg) -- The website that documents regulatory activities for the federal government lost a certification necessary for operation, preventing industry, interest groups and the public from filing comments on proposed rules and forcing at least one agency to extend a deadline.
Regulations.gov -- normally a vast hive of U.S. regulatory activity and the portal for making comments in response -- lost its security certificate, according to a man who answered the site’s help line and declined to provide his full name. The website returned to service on Monday night after being out for much of the day.
The General Services Administration, the agency overseeing the website, didn’t immediately respond to a request for an explanation and details of why the website lost its certificate.
The Labor Department announced it was allowing the public two more days to file comments on a controversial proposed regulation that would govern employees who receive income from tips. The deadline had been Monday and was extended to Wednesday.
Geoff Fettus, a senior lawyer with the Natural Resources Defense Council’s nuclear program, was trying to submit comments against a plan to exempt a uranium mining operation from certain types of testing -- and the deadline was Monday, according to a statement from the environmental advocacy group.
“It’s incredibly frustrating both that the administration is pursuing this dangerous plan and that it’s been made more cumbersome to register our objection because of their bush-league ineptitude,” Fettus said in the statement.
Users attempting to visit the Regulations.gov site received warnings from their own browsers or computer networks that users shouldn’t access the site. Some systems prohibit access.
That’s because the site didn’t have what’s known generally as Secure Sockets Layer, or SSL, which provides assurance that the website is legitimate and not trying to steal personal information.
The typical reason that a website would lose its security certificate is that it lapsed and wasn’t renewed, said John Pescatore, a director at the cyber security company SANS Institute LLC.
The regulation website’s security certificate expired Sunday, according to the online SSL Checker that lets users verify certificates.
Such lapses have occurred occasionally at businesses and other government agencies, Pescatore said. It can become a significant chore to manage the certificates because the number grows rapidly with each server, he said.
“It’s not uncommon for a smaller agency to have dozens or hundreds of certificates and for a large commercial site to have thousands,” he said.
The White House’s Office of Management and Budget in 2015 mandated that all government websites use SSL or similar technology on their websites.
Under President Donald Trump, the government has sought to dramatically slow the adoption of new regulatory restrictions on business and society, which it contends creates unnecessary burdens. Shortly after taking office in 2017, Trump ordered that any new regulation must be accompanied by the easing of two separate regulations.