NEWS

Most Dutch government websites do not use secure encrypted connections


Only 19% of 2,000 Dutch government websites uses the HTTPS protocol for handling requests between a browser and the website that it is connected to. HTTPS makes it more difficult for third parties to track users.

httphttpsResearch by Open State Foundation shows that only 1 in 5 government websites can use an encrypted connection, with only 5 percent that forces encrypted web traffic. Open State Foundation looked at all 3889 Dutch government domains, excluding redirects, leaving 2,093 government websites. Of these, 413 government websites can use an encrypted HTTPS connection and only 120 (5%) government websites force the usage of HTTPS. Only 119 government websites use HSTS, a security feature that lets a web site tell browsers that it should only be communicated with using HTTPS, instead of using HTTP.

The importance of HTTPS
HTTPS (HTTP over SSL or HTTP Secure) is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sublayer under regular HTTP application layering. HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the server.

Open State Foundation could not find an explanation why one government domain does and the other does not use HTTPS. The websites of the General Intelligence and Security Service (aivd.nl), the National Coordinator for Security and Counterterrorism (nctv.nl) and the National Cyber Security Centre (ncsc.nl) always use the HTTPS protocol, but the websites of the Dutch Tax Service (belastingdienst.nl), the Dutch Review Committee on the Intelligence and Security Services (ctivd.nl) and the Radiocommunications Agency Netherlands (agentschaptelecom.nl) do not encrypt all web traffic.

The low number of government websites that uses HTTPS is remarkable precisely because the National Cyber Security Center advices that all websites that handle sensitive data use HTTPS. Citizens expect anything they read on a government site to be official, and they expect any information they submit to that website to be sent safely and only to the government. They also expect government websites to be secure, trustworthy, and reliable.

Unconference on a secure, open and free internet
On Friday, April 17th, 2015 organizes OpenEstate Foundation together with the Ministry of Foreign Affairs an unconference, GCCS-Unplugged where the challenge is being addressed an open, free and secure web in an innovative way.

Data
Download the full list of the 3889 government domains and HTTPS test (zip file / csv 196 KB) here.