Nearly three-quarters of Irish politicians’ websites could be easily hacked

6 Mar 2019

Leinster House, Dublin. Image: EQRoy/Shutterstock

In terms of basic cybersecurity, Irish politicians may be worse than their Brexit-bungling UK counterparts.

A whopping 73.4pc of Irish politicians’ websites lack basic HTTPS encryption, meaning visitors’ connections to these websites are not secure, and the sites could be easily hacked or breached.

Hypertext Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to.

‘About half of politicians’ websites include some sort of form input where users can register accounts, log in, sign up for newsletters or send a message’
– JAMES AGATE

The failure to apply basic encryption carries an even darker portent when you consider that people who interact with politicians often do so confidentially for safety and privacy reasons.

Tech research platform Comparitech assessed the personal websites of more than 7,500 politicians in 37 countries across the globe. Of those websites, 60.75pc did not use valid SSL (secure sockets layer) certificates, meaning visitors’ connections to those sites are not private or secure.

Keep on leaking in the free world

Politicians in developing countries are more likely to have personal websites without HTTPS (74.98pc) versus those in developed countries (64.46pc).

The study found that in the US, 26.2pc of politicians’ websites were not secure, compared to 30.6pc of politicians’ sites in the UK, 31.9pc in Germany, 37.4pc in Australia and 41.3pc in Denmark.

However, the numbers soared to 73.4pc in Ireland when Comparitech studied 193 politicians who connected with voters via 94 websites. Out of the 94 websites, 69 did not have HTTPS encryption to protect information they gathered or people they interacted with.

Why HTTPS matters

HTTPS encrypts data in transit so that unauthorised third parties cannot intercept and decipher it. Valid SSL certificates also authenticate websites, helping to ensure voters that they’re on the politician’s genuine site and not a fraudulent one.

As Comparitech points out, “Obtaining an SSL certificate and implementing HTTPS is not difficult nor expensive, so politicians have little excuse for not properly securing their sites.”

With almost three-quarters of politicians in Ireland with poor basic website security, they are worse than their Brexit-bungling UK counterparts, of whom less than a third have HTTPS in place on their websites.

“There are 190 UK politicians who have insecure websites versus 69 from their Irish counterparts, so the percentage figure doesn’t tell the whole story, which is why we included the raw data as well,” Comparitech’s James Agate explained to Siliconrepublic.com.

I pointed out that much of the nature of a politician’s work is highly sensitive and confidential. As such, are they opening up citizens to having their privacy or safety compromised?

“Privacy yes. Safety, possibly. About half of politicians’ websites include some sort of form input where users can register accounts, log in, sign up for newsletters or send a message. These forms often request the user enter personal information, such as name or email address. None of these interactions can be properly protected without HTTPS,” Agate warned.

Updated, 3.09pm, 6 March 2019: This article was updated to clarify that 69 is the number of Irish politicians’ websites without HTTPS, not with.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com