Numerous Dutch government websites still use no secure HTTPS connection. Of the 1,816 investigated domains less than half ensures that the site traffic is encrypted. Open State Foundation today launched the Dutch version of the online dashboard Pulse (pulse.openstate.eu).
Of all registered Dutch government websites, including websites of the central government, municipalities, provinces and common arrangements, only 44% use an HTTPS-connection. Of the 797 government websites with HTTPS connection 108 are configured incorrectly so visitors are still at risk in 62% of all government websites.
With the dasboard Pulse users can see whether a government website supports a secure HTTPS connection and how strong the implementation is. Of the total of 1,032 websites of ministries only 470 websites have an HTTPS connection of which 66 are not configured so that the connection is still unsafe.
There are also a number of websites of Dutch embassies that are not protected with a properly functioning https connection in countries such as Afghanistan, China, Egypt and Saudi Arabia which are not protected with a properly functioning https connection.
Of all municipal sites, 55% have a properly configured HTTPS connection and of the twelve provinces only 5 have correctly implemented this. The websites of the provinces of Friesland, Limburg, Drenthe, Groningen and South Holland do not have HTTPS connection at all. Of the 348 sites of common arrangements only 75 domains have an HTTPS connection, but a third is not installed safely.
“Enforcing HTTPS is an important standard for government websites,” says Arjan El Fassed, director of digital transparency organisation Open State Foundation. “With Pulse we have a simple dashboard that shows which authorities take internet security seriously.”
“The government stresses regularly the importance of a secure and reliable digital infrastructure. It is therefore incomprehensible that our government does not do this better,” said Rejo Zenger, policy adviser at civil rights movement Bits of Freedom. “It’s a very simple procedure which the government can give a good example and to support the development and application of encryption.”
Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. It means all communications between your browser and the website are encrypted.Until now government policy is that https is recommended for Dutch government websites, the underlying protocol TLS is however required.