Internet traffic to government domains often flows across borders, relies on a worryingly small number of network connections, or does not require encryption, according to new research.
PhD student Rashna Kumar reached the conclusions above after mapping paths for traffic to government websites in 58 countries, research conducted under an Internet Society Pulse Research Fellowship.
Kumar found that plenty of data destined for government websites or services crosses borders, or uses offshore internet exchange points (IXPs). 23 to 43 percent of paths to government services in countries such as Malaysia, Norway, South Africa, and Thailand routed through exchange points in third-country jurisdictions. Data destined for New Zealand government sites, she told The Register, often visits Australia on the way.
In conversation with The Register, Kumar suggested that less-developed countries are more likely to route traffic to government domains through offshore infrastructure, and not to use HTTPS to secure that traffic.
“Albania sends 86 percent of its government-bound paths through foreign networks and 15 percent through foreign IXPs, yet only one-third of its government domains use HTTPS,” she observed.
Some of that data is therefore vulnerable to man-in-the-middle attacks that could pluck plaintext from data flows.
Kazakhstan, by contrast, keeps all government traffic within its borders, uses local internet exchange points and boasts 71.5 percent HTTPS adoption. However, it also relies on a single telco – JSC Kazakhtelecom – to carry 70 percent of traffic, a dependency that creates risks because a failure or attack on the telco would be more likely to disrupt services.
“Bangladesh, Pakistan, and Turkey display similar patterns, often rooted in the legacy of state-owned telecom monopolies,” Kumar wrote. In the United Arab Emirates, more than three-quarters of paths go through a single network, Etisalat. She thinks some offshore data flows – like the frequent routing of Moroccan traffic through Spain and France, suggest the possibility of “interesting colonial ties.”
- Internet exchange points are ignored, vulnerable, and absent from infrastructure protection plans
- Asia reaches 50 percent IPv6 capability and leads the world in user numbers
- Regional Internet Registries work to prevent one of their own going rogue
- Huawei handed 2,596,148,429,267,413,
814,265,248,164,610,048 IPv6 addresses
Kumar’s research found Canada, Sweden, Switzerland, the UK, and the USA “distribute their government-bound traffic across multiple operators and exchange points, creating greater resilience against technical failures and geopolitical shocks.”
Kumar told The Register Africa is hard to measure, because internet measurement tools like RIPE ATLAS don’t have many probes on the continent.
If you’d like to know how your government performs, the Internet Society article summarizing Kumar’s research includes interactive maps that detail data for 58 nations.
Kumar submitted the research for peer review, but at the time of writing only a summary is available to the public. ®