Advertisement

Usage of HTTPS by Municipal Websites in Portugal

  • Hélder GomesEmail author
  • André Zúquete
  • Gonçalo Paiva Dias
  • Fábio Marques
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 931)

Abstract

This paper presents a study on the adoption of HTTPS in the official websites of all (308) Portuguese municipalities. Automated and, whenever needed, manual analysis were used to investigate its entry pages. Specifically, the pages were checked for the existence of an HTTPS site; the correctness of the certificates and their certification chain; coherence between contents of the HTTP and HTTPS sites; redirection between HTTP and HTTPS, HTTP resources fetched through HTTPS, and exploitation of HSTS. A final classification of municipalities was produced and possible determinants for the results were investigated. The general conclusion is that there is still much to be done in order to assure that citizens can communicate securely with all the Portuguese municipalities. Indeed, only 3.6% of the municipalities were considered good in this regard, while 46.1% do not guarantee the minimum conditions. These results seem to be associated with the dimension of the municipalities, although it was also identified the need for additional explanatory factors.

Keywords

E-government Local government HTTPS adoption 

Notes

Acknowledgments

This work was partially funded by National Funds through the FCT - Foundation for Science and Technology, in the context of the project UID/CEC/00127/2019.

References

  1. 1.
    European Commission: ePrivacy: consultations show confidentiality of communications and the challenge of new technologies are key questions (2016). https://ec.europa.eu/digital-single-market/en/news/eprivacy-consultations-show-confidentiality-communications-and-challenge-new-technologies-are. Accessed 27 Nov 2018
  2. 2.
    Gupta, C.: The market’s law of privacy: case studies in privacy and security adoption. IEEE Secur. Priv. 15(3), 78–83 (2017)CrossRefGoogle Scholar
  3. 3.
    W3C Technical Architecture Group (TAG): Securing the Web. W3C (2015). http://www.w3.org/2001/tag/doc/web-https-2015-01-22. Accessed 27 Nov 2018
  4. 4.
    Morgan, C.: IAB Statement on Internet Confidentiality. IAB (2014). https://www.iab.org/2014/11/14/iab-statement-on-internet-confidentiality. Accessed 27 Nov 2018
  5. 5.
    Vyas, T., Dolanjski, P.: Communicating the Dangers of Non-Secure HTTP. Mozilla Security Blog (2017). https://blog.mozilla.org/security/2017/01/20/communicating-the-dangers-of-non-secure-http. Accessed 27 Nov 2018
  6. 6.
    Schechter, E.: A secure web is here to stay. Google Security Blog (2018). https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html. Accessed 27 Nov 2018
  7. 7.
    Ouvrier, G., Laterman, M., Arlitt, M., Carlsson, N.: Characterizing the HTTPS trust landscape: a passive view from the edge. IEEE Commun. Mag. 55(7), 36–42 (2017)CrossRefGoogle Scholar
  8. 8.
    European Commission: Proposal for a Regulation on Privacy and Electronic Communications (2017)Google Scholar
  9. 9.
    The European Parliament and the Council of the European Union: General Data Protection Regulation. Official Journal of the European Union (2016)Google Scholar
  10. 10.
    Felt, A.P., Barnes, R., King, A., Palmer, C., Bentzel, C., Tabriz, P.: Measuring HTTPS adoption on the web. In: 26th Usenix Security Symposium, pp. 1323–1338 (2017)Google Scholar
  11. 11.
    Chan, C., Fontugne, R., Cho, K., Goto, S.: Monitoring TLS adoption using backbone and edge traffic. In: IEEE INFOCOM 2018, pp. 208–213 (2018)Google Scholar
  12. 12.
    Vumo, A.P., Spillner, J., Köpsell, S.: Analysis of Mozambican websites: how do they protect their users? In: Information Security for South Africa (ISSA), pp. 90–97 (2017)Google Scholar
  13. 13.
    Wullink, M., Moura, G.C.M., Hesselman, C.: Automating domain name ecosystem measurements and applications. In: 2018 Network Traffic Measurement and Analysis Conference (TMA), pp. 1–8. IEEE (2018)Google Scholar
  14. 14.
    Andersdotter, A., Jensen-Urstad, A.: Evaluating websites and their adherence to data protection principles: tools and experiences. In: IFIP International Summer School on Privacy and Identity Management, pp. 39–51. Springer (2016)Google Scholar
  15. 15.
    Buchanan, W.J., Woodward, A., Helme, S.: Cryptography across industry sectors. J. Cyber Secur. Technol. 1(3–4), 145–162 (2017)CrossRefGoogle Scholar
  16. 16.
    Englehardt, S., Narayanan, A.: Online tracking: a 1-million-site measurement and analysis. In: Proceedings of ACM CCS 2016 (2016)Google Scholar
  17. 17.
    Dias, G.P., Costa, M.: Significant socio-economic factors for local e-government development in Portugal. Electron. Gov. Int. J. 10(3–4), 284–309 (2013)Google Scholar
  18. 18.
    Pina, V., Torres, L., Royo, S.: E-government evolution in EU local governments: a comparative perspective. Online Inf. Rev. 28(4), 1137–1168 (2009)CrossRefGoogle Scholar
  19. 19.
    Chen, Y.: Citizen-centric e-government services: understanding integrated citizen service information systems. Soc. Sci. Comput. Rev. 28(4), 427–442 (2010)CrossRefGoogle Scholar
  20. 20.
    Dias, G.P., Gomes, H.: Evolution of local e-government maturity in Portugal. In: 9th Iberian Conference on Information Systems and Technologies (CISTI), pp. 1–5 (2014)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Hélder Gomes
    • 1
    • 3
    Email author
  • André Zúquete
    • 2
    • 3
  • Gonçalo Paiva Dias
    • 1
    • 4
  • Fábio Marques
    • 1
    • 3
  1. 1.ESTGAUniversidade de AveiroÁguedaPortugal
  2. 2.DETIUniversidade de AveiroAveiroPortugal
  3. 3.IEETAUniversidade de AveiroAveiroPortugal
  4. 4.GOVCOPPUniversidade de AveiroAveiroPortugal

Personalised recommendations