Data Security and Trustworthiness in Online Public Services: An Assessment of Portuguese Institutions

Abstract

Providing public services through the internet is an effective approach towards an encompassing number of citizens being covered by them and for cost reduction. However, the fast development of this area has fostered discussion and legislation regarding information security and trustworthiness. In addition to security mechanisms for data processed and stored internally, service providers must ensure that data exchanged between their servers and citizens are not intercepted or modified when traversing heterogeneous and uncontrolled networks. Moreover, such institutions should provide means enabling the citizen to verify the authenticity of the services offered. In this way, the present work provides a comprehensive overview regarding the security posture of Portuguese public institutions in their online services. It consists of non-invasive robustness evaluation of the deployed solutions for end-to-end data encryption and the correct use of digital certificates. As a result, we provide some recommendations aiming to enhance the current panorama in the majority of the 111 online services considered in this study.