Evolution of HTTPS Usage by Portuguese Municipalities
- 306 Downloads
This paper presents a study on the evolution of the use of HTTPS by the official websites of all (308) Portuguese municipalities. One year ago, we found a bad situation regarding HTTPS usage: only a small percentage of websites adopted HTTPS correctly. The results were communicated to the relevant entities so actions could be taken. After one year, we performed a new assessment to check for evolution. This paper presents the results of this second assessment. We found a significantly better situation, although still with plenty of room for improvement: 31 municipal websites were classified as Good (20 more), while 42 less were classified as Bad (100 in total). We concluded that two determinants that were identified as contributing to explain the results of the first study - municipal taxes and total population - do not contribute to explain the improvements observed in this assessment. We believe that we contributed to those improvements by raising awareness to the high number of municipalities not using or badly using HTTPS.
KeywordsE-government Local government HTTPS adoption
This work was partially funded by National Funds through the FCT - Foundation for Science and Technology, in the context of the project UID/CEC/00127/2019.
- 1.Nottingham, M.: Securing the Web: W3C TAG Finding 22 January 2015, W3C Technical Architecture Group (TAG) (2015)Google Scholar
- 2.Morgan, C.: IAB Statement on Internet Confidentiality, Internet Architecture Board (2014). https://www.iab.org/2014/11/14/iab-statement-on-internet-confidentiality. Accessed 27 Nov 2018
- 3.Vyas, T., Dolanjski, P.: Communicating the Dangers of Non-Secure HTTP, Mozilla Security Blog (2017). https://blog.mozilla.org/security/2017/01/20/communicating-the-dangers-of-non-secure-http. Accessed 27 Nov 2018
- 4.Schechter, E.: A secure web is here to stay, Google Security Blog (2018). https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html. Accessed 27 Nov 2018
- 5.European Commission, Europa Web Guide (2019). https://wikis.ec.europa.eu/display/WEBGUIDE/2019.08.30+|+Notes+regarding+EDPS+inspection. Accessed 12 Nov 2019
- 6.Scott, T.: Policy to Require Secure Connections across Federal Websites and Web Services. In Washighton DC: Executive Office of the President, Office of Management and Budget (2015)Google Scholar
- 7.CNS - Centro Nacional de Cibersegurança, Arquitetura de segurança das redes e sistemas de informação: Requisitos técnicos. (2019). https://www.cncs.gov.pt/content/files/SAMA2020_RASRSI_CNCS.pdf
- 8.Vumo, A.P., Spillner, J., Kopsell, S.: Analysis of Mozambican websites: how do they protect their users?. In: 2017 Information Security for South Africa (ISSA) (2017)Google Scholar
- 9.Wullink, M., Moura, G.C.M., Hesselman, C.: Automating Domain Name Ecosystem Measurements and Applications. In: 2018 Network Traffic Measurement and Analysis Conference (TMA), Tma, pp. 1–8 (2018)Google Scholar
- 10.Andersdotter, A., Jensen-Urstad, A.: Evaluating websites and their adherence to data protection principles: tools and experiences. In: IFIP International Summer School on Privacy and Identity Management, Springer, pp. 39–51 (2016)Google Scholar
- 12.Gomes, H., Zúquete, A., Dias, G. P., Marques, F.: Usage of HTTPS by Municipal Web Sites in Portugal. In: New Knowledge in Information Systems and Technologies. WorldCIST 2019 2019. Advances in Intelligent Systems and Computing, vol. 931, Springer, Cham, pp. 155–164 (2019)Google Scholar