Abstract
This paper presents a study on the adoption of HTTPS in the official websites of all (308) Portuguese municipalities. Automated and, whenever needed, manual analysis were used to investigate its entry pages. Specifically, the pages were checked for the existence of an HTTPS site; the correctness of the certificates and their certification chain; coherence between contents of the HTTP and HTTPS sites; redirection between HTTP and HTTPS, HTTP resources fetched through HTTPS, and exploitation of HSTS. A final classification of municipalities was produced and possible determinants for the results were investigated. The general conclusion is that there is still much to be done in order to assure that citizens can communicate securely with all the Portuguese municipalities. Indeed, only 3.6% of the municipalities were considered good in this regard, while 46.1% do not guarantee the minimum conditions. These results seem to be associated with the dimension of the municipalities, although it was also identified the need for additional explanatory factors.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
European Commission: ePrivacy: consultations show confidentiality of communications and the challenge of new technologies are key questions (2016). https://ec.europa.eu/digital-single-market/en/news/eprivacy-consultations-show-confidentiality-communications-and-challenge-new-technologies-are. Accessed 27 Nov 2018
Gupta, C.: The market’s law of privacy: case studies in privacy and security adoption. IEEE Secur. Priv. 15(3), 78–83 (2017)
W3C Technical Architecture Group (TAG): Securing the Web. W3C (2015). http://www.w3.org/2001/tag/doc/web-https-2015-01-22. Accessed 27 Nov 2018
Morgan, C.: IAB Statement on Internet Confidentiality. IAB (2014). https://www.iab.org/2014/11/14/iab-statement-on-internet-confidentiality. Accessed 27 Nov 2018
Vyas, T., Dolanjski, P.: Communicating the Dangers of Non-Secure HTTP. Mozilla Security Blog (2017). https://blog.mozilla.org/security/2017/01/20/communicating-the-dangers-of-non-secure-http. Accessed 27 Nov 2018
Schechter, E.: A secure web is here to stay. Google Security Blog (2018). https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html. Accessed 27 Nov 2018
Ouvrier, G., Laterman, M., Arlitt, M., Carlsson, N.: Characterizing the HTTPS trust landscape: a passive view from the edge. IEEE Commun. Mag. 55(7), 36–42 (2017)
European Commission: Proposal for a Regulation on Privacy and Electronic Communications (2017)
The European Parliament and the Council of the European Union: General Data Protection Regulation. Official Journal of the European Union (2016)
Felt, A.P., Barnes, R., King, A., Palmer, C., Bentzel, C., Tabriz, P.: Measuring HTTPS adoption on the web. In: 26th Usenix Security Symposium, pp. 1323–1338 (2017)
Chan, C., Fontugne, R., Cho, K., Goto, S.: Monitoring TLS adoption using backbone and edge traffic. In: IEEE INFOCOM 2018, pp. 208–213 (2018)
Vumo, A.P., Spillner, J., Köpsell, S.: Analysis of Mozambican websites: how do they protect their users? In: Information Security for South Africa (ISSA), pp. 90–97 (2017)
Wullink, M., Moura, G.C.M., Hesselman, C.: Automating domain name ecosystem measurements and applications. In: 2018 Network Traffic Measurement and Analysis Conference (TMA), pp. 1–8. IEEE (2018)
Andersdotter, A., Jensen-Urstad, A.: Evaluating websites and their adherence to data protection principles: tools and experiences. In: IFIP International Summer School on Privacy and Identity Management, pp. 39–51. Springer (2016)
Buchanan, W.J., Woodward, A., Helme, S.: Cryptography across industry sectors. J. Cyber Secur. Technol. 1(3–4), 145–162 (2017)
Englehardt, S., Narayanan, A.: Online tracking: a 1-million-site measurement and analysis. In: Proceedings of ACM CCS 2016 (2016)
Dias, G.P., Costa, M.: Significant socio-economic factors for local e-government development in Portugal. Electron. Gov. Int. J. 10(3–4), 284–309 (2013)
Pina, V., Torres, L., Royo, S.: E-government evolution in EU local governments: a comparative perspective. Online Inf. Rev. 28(4), 1137–1168 (2009)
Chen, Y.: Citizen-centric e-government services: understanding integrated citizen service information systems. Soc. Sci. Comput. Rev. 28(4), 427–442 (2010)
Dias, G.P., Gomes, H.: Evolution of local e-government maturity in Portugal. In: 9th Iberian Conference on Information Systems and Technologies (CISTI), pp. 1–5 (2014)
Acknowledgments
This work was partially funded by National Funds through the FCT - Foundation for Science and Technology, in the context of the project UID/CEC/00127/2019.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Gomes, H., Zúquete, A., Dias, G.P., Marques, F. (2019). Usage of HTTPS by Municipal Websites in Portugal. In: Rocha, Á., Adeli, H., Reis, L., Costanzo, S. (eds) New Knowledge in Information Systems and Technologies. WorldCIST'19 2019. Advances in Intelligent Systems and Computing, vol 931. Springer, Cham. https://doi.org/10.1007/978-3-030-16184-2_16
Download citation
DOI: https://doi.org/10.1007/978-3-030-16184-2_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-16183-5
Online ISBN: 978-3-030-16184-2
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)