92 Percent of Most Popular Federal Government Websites Fail to Meet Basic Standards for Security, Speed, Mobile Friendliness, or Accessibility, New ITIF Study Finds

WASHINGTON—Every day, the public relies on federal websites to access information and services from the U.S. government, yet 92 percent of its most popular sites fail to meet basic standards for security, speed, mobile friendliness, or accessibility, according to a first-of-its-kind study released today by the Information Technology and Innovation Foundation (ITIF).

“Despite years of progress in digital government, a striking number of federal websites do not even meet many of the U.S. government’s own requirements, let alone private-sector best practices,” said Alan McQuinn, ITIF research analyst and the report’s lead author. “Considering that many constituents rely on federal websites to interact with government, it is incumbent upon the new administration, supported by Congress, to make websites more convenient, accessible, and secure.”

McQuinn and co-author Daniel Castro analyzed 297 of the most popular federal websites—all U.S. government websites in the top 1 million websites globally—assessing them on four criteria: security, speed, mobile friendliness, and accessibility. In addition to scoring the sites in each of these areas, the authors ranked them using a composite score to give an overall view of how well the most popular government websites adhere to federal requirements and industry best practices.

Overall:

The five highest-performing websites are:

1. healthdata.gov
2. healthfinder.gov
3. consumerfinance.gov
4. whitehouse.gov (Trump administration)
5. usembassy.gov

(The Obama administration’s version of whitehouse.gov is ranked 55.)

The five worst-performing websites among those studied are:

293. usphs.gov
294. fmc.gov
295. osti.gov
296. trade.gov
297. ipcc-wg2.gov

Overall, 92 percent of the 297 websites that the authors reviewed failed in at least one category.

Security:

• 33 percent of the reviewed websites failed the test for Secure Sockets Layer (SSL) certificates, which underpin most Hypertext Transfer Protocol Secure (HTTPS) connections—a common standard for encrypted Internet communications that all executive-branch websites are required to use.
• Of surveyed websites, 14 percent lacked SSL certificates (and therefore did not have HTTPS), and an additional 19 percent had SSL, but failed the test due to poor implementation.
• Websites that failed the test for SSL certificates include the Department of Defense (defense.gov), the International Trade Administration (trade.gov), and the United States Courts (uscourts.gov).
• 10 percent of federal websites failed to enable Domain Name System Security (DNSSEC)—a set of protocols that add security to domain name system lookup and exchange processes. Executive-branch domains are also required to enable DNSSEC.
• Websites that failed the DNSSEC test include the House of Representatives (house.gov), the Speaker of the House of Representatives (speaker.gov), and the U.S. Forest Service (fs.fed.us).
• Overall, 61 percent of websites passed both the SSL and DNSSEC tests.

Speed:

• While 22 percent of websites failed the speed test for desktops, 64 percent failed the speed test for mobile devices.
• Websites that failed both mobile and desktop speed tests include the General Services Administration (gsa.gov), the Federal Trade Commission’s IdentityTheft.gov, and the National Cancer Institute (cancer.gov).

Mobile Friendliness:

• 41 percent of the reviewed websites were not mobile-friendly.
• Websites that failed the mobile-friendliness test include the National Weather Service (weather.gov), the Treasury Department (treasury.gov), and the International Trade Administration (trade.gov).

Accessibility:

• 42 percent of the reviewed websites failed the accessibility test for users with disabilities.
• Websites that failed the accessibility test include the International Trade Administration (trade.gov) and the Internal Revenue Service (irs.gov).

The report proposes several policy recommendations to help the federal government build fast, convenient, secure, and accessible websites, starting with a series of website modernization “sprints” to fix known problems with the most popular government websites. From there, McQuinn and Castro suggest the White House mandate that federal agencies establish page-load speed requirements for their websites and monitor and share detailed website analytics. They also urge the Office of Management and Budget to launch a website consolidation initiative to build on past efforts to eliminate duplicative or unnecessary websites. Together with Congress, the White House should establish a capital fund for federal agencies to upgrade their IT. Finally, Congress should encourage nonexecutive agencies and other branches of government to adopt federal government website standards and best practices, too.

“Federal websites still have a long way to go to comply with the requirements that past administrations have set for them and to match the performance of best-in-class, private-sector websites,” said McQuinn. “These efforts will only come to fruition when federal CIOs identify problems with their domains and create plans to address them, tracking improvement in a transparent and accountable way. Only by taking stock of the gaps in federal website compliance can the White House push federal agencies to make their websites great again.”

Read summary.

Read report.