Cybersecurity is often neglected in India, including in the political realm. The issue came into focus earlier this week after the website of the ruling Bharatiya Janata Party (BJP) was reportedly hacked and defaced.
Now, a study has shown that all political parties across India have security problems on their hands.
Around 84% of Indian politicians’ websites do not use HTTPS, which is an encrypted, secure alternative to the common communication protocol HTTP, a security review by the consumer tech reviewing firm Comparitech found.
Security experts across the world agree that HTTPS encryption is important for protecting a user’s connection to a website, preventing the traffic from being intercepted or deciphered.
This is especially important when webpages have fields for users to fill in sensitive personal information such as financial details for donations—as political sites often do.
“…implementing HTTPS is not difficult nor expensive so politicians have little excuse for not properly securing their sites,” Comparitech said. “Furthermore, HTTPS shows the users that they are on the genuine politician’s site and not a fake or duplicate phishing site.”
Comparitech analysed more than 7,500 politicians’ websites in 37 countries across the world, including those of 217 major personalities in India. (The review considered 887 Indian politicians, of which around one in four had their own websites.)
The global figure for politicians’ websites using HTTPS was around three in five—still a poor showing, but substantially better than India’s.
Politicians from certain parties were more likely to use HTTPS than others. The Maharashtra-based Shiv Sena, for instance, performed the worst, with 89% of its politicians not using HTTPS. The ruling BJP performed slightly worse than the national average—with almost 85% of its politicians not using it. Meanwhile, the country’s largest opposition party, the Indian National Congress, performed the best, with 74% of its politicians not using it.
Chinks in such websites may prove increasingly risky as the country heads for a general election in the next couple of months.
Comparitech’s review studied the personal and campaign sites of politicians—not government or official party webpages. But around two months ago, an Indian computer programmer conducted a similar analysis of government websites, also revealing a poor rate of HTTPS usage. Of the 11,710 live government websites he tested, 4,753 used valid HTTPS encryption—a rate of just around 40%.
“Indian government websites don’t follow many standards,” Srinivas Kodali, a cybersecurity researcher, told Quartz. “It’s a consistent problem across government websites and can only be fixed through capacity building within the National Informatics Centre (NIC),” India’s premier state technology organisation, under the IT ministry.
Read Quartz’s coverage of the 2019 Indian general election here.