• About Us
  • Advertise
  • Archives
  • Contact Us
  • Internet Speed Test
  • Smartphone Prices
Sunday, March 26, 2023
Tech Pilipinas
  • Home
  • Telecoms
  • Government
  • Fintech
  • Gadgets
  • Mobile
  • Social Media
  • E-commerce
  • Internet
  • Tutorials
  • Deals
  • More
    • Apps
    • Blogging
    • Business
    • Emerging Tech
    • Giveaways
    • News
    • Security
    • WordPress
No Result
View All Result
  • Home
  • Telecoms
  • Government
  • Fintech
  • Gadgets
  • Mobile
  • Social Media
  • E-commerce
  • Internet
  • Tutorials
  • Deals
  • More
    • Apps
    • Blogging
    • Business
    • Emerging Tech
    • Giveaways
    • News
    • Security
    • WordPress
No Result
View All Result
Tech Pilipinas
No Result
View All Result

Home » Security » Many Philippine Government Websites Are Still Not Secure

Many Philippine Government Websites Are Still Not Secure

It's already 2019, but many Philippine government agencies still have not implemented basic website security such as HTTPS encryption

Luis Reginaldo Medilo by Luis Reginaldo Medilo
February 12, 2019
in Government, Security
0
Philippine government websites
46
SHARES
Share on FacebookShare on Twitter

In light of recent cybersecurity mishaps such as the alleged DFA passport data breach, how serious is the government when it comes to protecting the privacy of Filipino citizens?

If we look at some of the websites owned and managed by the Philippine government, it seems that the online security and privacy of ordinary Filipinos are the least of their concerns. After all, many Philippine government websites still don’t have HTTPS encryption, which is the most basic feature of website security at a time when hackers and cybercriminals run rampant.

As early as 2016, Google has started warning Internet users about the risks of visiting insecure websites without TLS or SSL certificates. Insecure websites pose security and privacy risks to Internet users due to the lack of encryption when handling sensitive information such as names, birthdays and even credit card information. Without HTTPS encryption, sensitive data could be intercepted by attackers that are spying on Internet traffic.

What is HTTPS Encryption and How Does It Work?

Hypertext Transfer Protocol Secure (HTTPS) is a communication protocol encrypted using Transport Layer Security (TLS). TLS, as well as its predecessor Secure Sockets Layer (SSL), is the standard security technology for establishing an encrypted link between a browser and a web server. It ensures that the transmission of data between the browser and the server (where the website is hosted) remains safe, private and protected.

SSL
Flowchart of HTTPS encryption. Credit: Serverguy.com

Without an SSL certificate, data is transmitted as unencrypted plaintext, making it potentially accessible and readable to attackers that are snooping on network traffic. Any information that you send through the Internet are passed on from one computer to another until it reaches the destination server. Any computer in between you and the web server can see your sensitive information if it is not encrypted. With an SSL certificate in place, that information becomes unreadable to everyone except the destination server.

HTTPS is especially important over insecure networks such as public Wi-Fi access points, as anyone on the same local network can eavesdrop and intercept sensitive data not protected by HTTPS.

So how do you know if a website has HTTPS encryption? Websites with HTTPS encryption start with https:// instead of http://. On Google Chrome, a secure website is shown with a padlock icon next to the URL or web address. Clicking on that icon will show the message, “Connection is secure.” Unsecured websites will show a “Not secure” warning next to the browser address bar.

Philippine Government Websites Without HTTPS Encryption

Mind you, it’s not really imperative that your website should have HTTPS encryption. If your website does not handle user data or information, there’s really no urgent need to install an SSL certificate, although there’s a whole range of benefits in doing so, such as better search engine rankings.

We have not yet come to the point where access to your website will be blocked or limited if it doesn’t have HTTPS encryption, although based on Google’s previous pronouncements, they’re moving towards that direction.

However, if your website handles sensitive and important information, it’s absolutely necessary to have an SSL certificate installed. This protects your users’ private information from the prying eyes of hackers and ensures that transmitted data cannot be corrupted or modified.

Knowing how important this basic security feature is, we visited several Philippine government websites to determine if they have implemented HTTPS encryption. We were surprised by the results.

Out of the 46 government websites we visited, 29 websites don’t have HTTPS encryption (and are insecure), 2 have SSL certificates but are not fully secure, and only 15 have HTTPS encryption and are fully secure.

Some of the biggest offenders include the Department of Education, the Department of Public Works and Highways, the Department of Tourism, the Civil Service Commission, and ironically, the Department of Information and Communication Technology.

Deped website
Insecure website warning for the DepEd website

Here is the list of Philippine government websites that still lack HTTPS encryption:

  • Office of the President
  • Office of the Vice President
  • Senate
  • House of Representatives
  • Supreme Court
  • Sandiganbayan
  • Department of Information and Communication Technology (DICT)
  • Department of Agrarian Reform (DAR)
  • Department of Agriculture
  • Department of Education
  • Department of Environment and Natural Resources (DENR)
  • Department of National Defense
  • Department of Public Works and Highways (DPWH)
  • Department of Science and Technology (DOST)
  • Department of Tourism
  • Metropolitan Manila Development Authority (MMDA)
  • Mindanao Development Authority
  • National Commission on Muslim Filipinos
  • National Economic and Development Authority (NEDA)
  • National Security Council
  • Presidential Management Staff
  • National Telecommunications Commission (NTC)
  • Bureau of Customs
  • Philippine Atmospheric, Geophysical and Astronomical Services Administration (PAGASA)
  • Bangko Sentral ng Pilipinas
  • Civil Service Commission
  • Intellectual Property Office of the Philippines
  • Philippine National Police
  • Housing and Urban Development Coordinating Council (HUDCC)

Websites with HTTPS encryption but are not fully secure are:

  • Department of Interior and Local Government (DILG)
  • Technical Education and Skills Development Authority (TESDA)

We understand that these websites serve mostly as repositories of information for the general public, but there are instances where Internet encryption would be useful. For example, most government websites have web-based contact forms where random users can enter their personal information such as names and email addresses. Without encryption, such information could be exposed to attackers who might use them for fraud, identity theft, and other cybercrimes.

It’s not only contact forms that are vulnerable to attackers. For instance, the Civil Service Commission website has the Online Career Service Examination Result Generation System (OCSERG) and the Online Notice of School Assignment (ONSA). Both online services require users to enter their personal details such as their first names, last names, email addresses, and dates of birth.

CSC ONSA
Civil Service Commission website online service with a “Not secure” warning

The Civil Service Commission website also has an email service for the agency’s officers and employees. Without HTTPS encryption, attackers could theoretically gain access to users’ email accounts by spying on network traffic and stealing usernames and passwords.

CSC webmail
Civil Service Commission webmail service without HTTPS encryption

The Civil Service Commission website is just one example of a government website that handles and processes sensitive information without HTTPS encryption. There are also websites that load over HTTPS but are still not fully secure. This is called “mixed content” because some elements (such as CSS files and images) are fetched via HTTP. One example of a website with mixed content is the DILG website.

DILG website
Insecure website warning for the DILG website

For a website to be fully secure, it must serve all content via HTTPS. If a website has HTTPS encryption but some files are loaded via HTTP, attackers could replace those files with false, malicious codes to steal user data.

How to Implement HTTPS Encryption

The easiest way to implement HTTPS encryption on a website is to install an SSL certificate. Webmasters can get free SSL certificates from Let’s Encrypt; many web hosting providers now offer free SSL certificates that can be installed with just a few clicks. Cloudflare also offers free SSL certificates with no installation required (in fact, Tech Pilipinas uses a free SSL certificate from Cloudflare).

We hope that the relevant government agencies will take online privacy more seriously and implement HTTPS encryption on their websites to protect the information and identity of Internet users. Implementing HTTPS encryption doesn’t require a large financial outlay (some SSL certificates are free), nor does it take significant technical expertise (any web developer can install an SSL certificate).

We also call on the National Privacy Commission to ensure that Philippine government websites comply with current web security and privacy standards starting with basic HTTPS encryption. Privacy is the right of every individual, and websites that fail to live up to web security standards risk endangering the privacy of Internet users, especially at a time when data breaches, hacking incidents and cyber attacks are increasing day by day.

Don't Miss An Article!
Sign up for our free newsletter and get updated every time we publish a new article. We work very hard to bring you the latest in the Philippine and global tech scene.
We will not share your email address. We really hate spam!
Previous Post

These Are the Smartphones That Emit the Most Radiation

Next Post

Samsung Teases its Foldable Phone Ahead of February 20 Unveiling

Luis Reginaldo Medilo

Luis Reginaldo Medilo

Luis is the founder and editor of Tech Pilipinas. A former DOST scholar and electronics engineering student, he is passionate about technology and how it can change the world for the better.

You May Also Like

Government

How to Check Your LTO Plate Number Online

March 24, 2023
Government

How to Schedule a PSA Online Appointment (2023 Updated Guide)

March 16, 2023
Government

How to Track Your Philippine National ID Delivery

January 18, 2023
Government

How to Register to the LTO LTMS Portal (2023 Updated Guide)

January 5, 2023

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest Articles

How to Check Your LTO Plate Number Online

March 24, 2023

How to Schedule a PSA Online Appointment (2023 Updated Guide)

March 16, 2023

How to Contact Converge Hotline and Customer Service

March 13, 2023

How to Type U with Accent (ù, ú, û, ü) on Your Keyboard

March 10, 2023

Today’s Wordle Answer and Hints (March 22, 2023)

March 22, 2023

Recommended

How to Know Your PLDT Account Number

April 19, 2022
Arcade City

Ridesharing Startup Arcade City to Launch on April 16 Despite LTFRB Order

April 15, 2018

Complete List of Smart All Out Surf Promos

March 27, 2021

How to Transfer Money From BDO to PayMaya

July 1, 2020

How to Apply for an SSS Salary Loan Online: A Step-by-Step Guide

January 9, 2020
Facebook Twitter Instagram Youtube Pinterest

About Us

Tech Pilipinas is the Philippines’ digital lifestyle and technology magazine, helping millions of Filipinos keep up with the challenges of the fast-paced, ever-changing world of technology.

For any inquiries or business proposals, e-mail [email protected].

Get it on Google Play

Browse by Category

  • Apps
  • Blogging
  • Business
  • Computers
  • Deals
  • E-commerce
  • Emerging Tech
  • Entertainment
  • Events
  • Fintech
  • Gadgets
  • Gaming
  • Giveaways
  • Government
  • Internet
  • Interviews
  • Mobile
  • News
  • Reviews
  • Security
  • Social Media
  • Software
  • Startups
  • Telecoms
  • Tutorials
  • WordPress

Popular Tags

Android Facebook GCash Globe Huawei Lazada mobile wallet online banking online payments online shopping PayMaya PLDT Samsung Shopee Smart smartphone Social Security System SSS WiFi Xiaomi

Copyright © 2017-2023, Tech Pilipinas and Luis Reginaldo Medilo. All Rights Reserved.
No part of this site may be copied, reproduced, modified or distributed without the prior written consent of Luis Reginaldo Medilo.
Contact Us | Copyright Notice | Disclosure Policy | Disclaimer | Privacy Policy

  • Home
  • Categories
    • Apps
    • Blogging
    • Business
    • Computers
    • Deals
    • E-commerce
    • Emerging Tech
    • Gadgets
    • Gaming
    • Giveaways
    • Government
    • Internet
    • Interviews
    • News
    • Reviews
    • Security
    • Social Media
    • Software
    • Startups
    • Telecoms
    • Tutorials
    • WordPress
  • About Us
  • Archives
  • Advertise
  • Contact Us
  • Internet Speed Test
  • Smartphone Prices