Traffic to government domains often crosses national borders

Traffic to government domains often crosses national borders

Briefly

"Internet traffic to government domains often flows across borders, relies on a worryingly small number of network connections, or does not require encryption, according to new research. PhD student Rashna Kumar reached the conclusions above after mapping paths for traffic to government websites in 58 countries, research conducted under an Internet Society Pulse Research Fellowship. Kumar found that plenty of data destined for government websites or services crosses borders, or uses offshore internet exchange points (IXPs)."

"In conversation with The Register, Kumar suggested that less-developed countries are more likely to route traffic to government domains through offshore infrastructure, and not to use HTTPS to secure that traffic. "Albania sends 86 percent of its government-bound paths through foreign networks and 15 percent through foreign IXPs, yet only one-third of its government domains use HTTPS," she observed. Some of that data is therefore vulnerable to man-in-the-middle attacks that could pluck plaintext from data flows."

"Kazakhstan, by contrast, keeps all government traffic within its borders, uses local internet exchange points and boasts 71.5 percent HTTPS adoption. However, it also relies on a single telco - JSC Kazakhtelecom - to carry 70 percent of traffic, a dependency that creates risks because a failure or attack on the telco would be more likely to disrupt services. "Bangladesh, Pakistan, and Turkey display similar patterns, often rooted in the legacy of state-owned telecom monopolies," Kumar wrote."