A Conversation With ITIF About the State of Federal Government Websites

A Conversation With ITIF About the State of Federal Government Websites

hi everyone welcome to DigitalGov’s
conversation with ITIF about the state of federal websites. I’m Andrea
Sigritz and I’ll be moderating the chat today along with Jeremy Zilar who
will be taking your questions from the chat box. Today we’re going to have a
conversation with Daniel Castro and Alan McQuinn from ITIF, which is the
Information Technology and Innovation Foundation — a think-tank in D.C. whose
mission is to formulate evaluate and promote policy solutions that accelerate
innovation and technology and policy. earlier this year i TAF published a
report that looked at the speed security accessibility and mobile friendliness of
federal websites the report showed that many agencies including digital gov
still have a ways to go in these areas a bit of housekeeping before we get
started we are recording this event so that you can watch it or share it at a
later time also don’t forget to type in your questions as we’re going along and
Jeremy will share them with Alan and Daniel so Alan and Daniel welcome thank
you for being here it’s been yeah go ahead thank you for having us it’s been
a few months since the report was released what have you seen as a
response from federal agencies this response has been pretty good Daniel you
want to take that one sure yeah so we’ve had a really positive response we put
out this report earlier this year and we heard from a lot of federal agencies
with questions about you know very specifically why did we score when we
scored and how can we fix it and we worked with a number of agencies to give
them full information about the testing tools we use we tried to document this
all familiar methodology but we also shared the specific data we collected
and even helped a few of them work through and troubleshoot some of the
issues that they saw our goal with this report wasn’t really to kind of shame
anyone with certain practices but really to point out where
the we’re the best best practices are occurring where there are problems and
then help drive awareness to you know senior management within these
government agencies so that you know the the folks on the ground are actually
working on these issues got the support they needed to actually see these issues
resolves great can you talk a little bit about the methodology you used
absolutely I have a quick presentation that I can go through can everyone see
this yes got it awesome all right so our report was called
benchmarking US government websites and what we did was first we identify which
websites to survey so we used this tool that’s online called the Alexis search
rankings which is designed to rank the popularity of websites and we determined
which federal websites from the top million domains ranked globally which
ended up being around 300 we then determined which metrics we wanted to
use based on publicly available tools so we found the four metrics were speed
mobile friendliness accessibility and security we then chose seven publicly
available tools to measure each of these metrics so that people could go back and
continuous continue to use the tools that we discovered to test the websites
for themselves and finally in order to figure out when a website either passed
or failed a specific test we assessed the federal requirements around that
area such as insecurity as well as the results from the top 20 non-government
websites and we and we chose a good benchmark by which a website but that’s
the test so I’m going to go through each of the four measure it’s really quickly
we’ll discuss what we found and look at the distribution of each so the first
measure we looked at was speed and for this test we used Google’s PageSpeed
insights tool which is available free online and which measures Network
independent aspects of page performance so aspects within the page itself with
it within its code the tool also offers advice to users how to better optimize
the websites for speed and it looks at both desktop page load speed as well as
mobile page reload speed this is the distribution we found for desktop load
speed we found that 78% which is the overwhelming majority which is very nice
of websites passed this test however for mobile speed we found that
only 36% of websites passed the test you can see the distribution there with a
lot of popular websites towards the right failing the test this way I just
interject briefly on on these graphs I mean really what you ideally want to see
is you want to see you know we know that there’s gonna be some distribution in
government what you want to see is that all the popular sites are doing really
well and you know maybe some of the less popular sites that they’re just not
getting much traffic those are the ones that you have problems on but what we
found is that even the popular sites are really the sites that have these types
of problems exactly thanks Daniel
the second factor that we looked at was mobile friendliness and for this test we
used a tool that was on Google’s test my site tool that looked at good mobile
friendliness and it analyzes a variety of different web site elements about how
to optimize that web site for a mobile device and we found that 59% of web
sites were mobile-friendly and again you see the distribution of less popular web
sites and popular web sites having roughly the same alrighty the next test
we looked at was accessibility and to measure accessibility the report used a
checkers web accessibility checker it’s an online tool that analyzes URLs to
identify specific accessibility issues based on this international standard
called the WCAG the web content accessibility guidelines the tool looks
at several different types of issues based on likeliness but but we looked at
only the issues that were identified as a certainty and again we found that 58
percent of websites were accessible and there’s the distribution finally we
looked at security and for security we broke the test into
two aspects hypertext protocols more of the HTTP and domain security DNS SEC
HTTPS is the way that websites connect to make sure that the connections to the
website are secure and for that we took looked at the tool a tool that checks
secure socket layer or SSL certificates which underpin most HTTP connections
this tool we used was called the Qualls SSL labs test which inspects public web
servers based on four criteria the SSL certificate the protocol support the key
strength and the cipher strength and we found that overall about two-thirds of
the websites passed this test and of those that failed nineteen percent
didn’t didn’t implement the SSL properly and 14 percent lacked HTTPS entirely
which didn’t means they did not follow federal standards for HTTPS only and you
can see them on the graph there the blue dots at the very bottom finally the
second half of security we looked at was DNS SEC which is the DNS SEC is the
security for the domain itself we used Verizon LANs
DNS SEC debugger a web tool that inspects whether the website enables DNS
second all and we found that about 10 percent more 30 websites failed this
test we got a lot of feedback on the DNS x score which was originally a hundred
or zero based on whether the website enabled or did not enable DNS SEC and so
we wanted to do an update for DNS SEC and did do an update a few months back
or we looked at exactly why these 30 sets of these 30 sites failed the DNS
SEC score initially so when we went back and we looked again we found that four
websites had updated their website to fix it and enable DNS SEC we found that
three of the websites had been misconfigured they did not put
designation signer records or D s records and they’re doing
so it basically the website just wasn’t configured right to enable DNS SEC and
we found one one website had a persistent error where its public keys
and signatures did not validate each other so while DNS SEC was enabled on
that website it was an interesting site issue and finally we found that 21% of
websites still lacked DNS SEC Daniel did you have anything you wanted to add to
that just clarifying the last one it was 25 sites not 21% lacked it and then we
also so this was looking at all federal websites we did take separately another
look also at legislative websites because we wanted to see you know one
you know what is Congress doing we’re you know Congress often complains when
things don’t go wrong but you know are they actually fixing their own systems
and of course what’s unique about Congress is that they’re actually not
bound by some of the same rules that the federal executive agencies are even
though these are the best practices so we did take a look at those
congressional sites and we have that that kind of write-up on our website we
did find that in most areas things were comparable there were certain areas
where Congress was doing worse but again it just kind of showed there were
opportunities across the board for improvement it’s interesting it’s always
interesting to see how we stack up against the other branches so thanks for
that detail you know for people who may be a little less familiar with the
report would you mind just talking a little bit about what prompted your
research sure so you know I think when there’s there’s a few technology trends
that we look at in this space one is the fact that increasingly you know
government services are online and customers or consumers expecting them to
be online so we wanted to see okay if that’s the case you know how well are
these websites performing you know are they actually up to the standards that
the government sets for itself or that it’s kind of the industry best practice
to you have to look at some specific trends within technology
so the fact that for example that you know most people are using a mobile
device to access government services and we want that assess questions okay so we
have a lot of government services online but are they actually fast are they
responsive are they something that the consumers can use and then of course are
they are they trust ball in the sense that you know everyone’s been taught you
know look in the top corner and see if there’s a little padlock there to see if
the connection secure you know are we actually securing these connections and
then you know looking at some of that back in security in terms of the DNS SEC
and saying you know our consumers will you be able to trust our citizens going
to be able to trust that they’re actually getting to a trusted government
site and there hasn’t been some man-in-the-middle attack that’s
compromised this connection so you know we want to look at those kind of main
issues I think are very important to citizens I think a lot of government
agencies are talking about as important to their ability to deliver air quality
service and then start assessing you know how did agencies come in and
heather this again how did this compare in terms of the popular sites versus the
unpopular sites I think one of the kind of most interesting initiatives across
the federal government in recent years has been the data center consolidation
initiative where we recognize there are all these data slaves out there there
was no real catalog and the federal government say okay we’re gonna we
should be more efficient than how we do this I think the question that we kind
of came out with federal websites and this regardless can we do federal
websites more efficient you know do we need to have better a better
standardized approach to addressing these things problems that all the
agencies are experiencing do we need to talk about solutions for small projects
or maybe they don’t deserve their own website or they don’t need their own
content yeah they have unique content but they don’t sell you need a unique
platform can we figure out an effective way to deliver that as a service or
through a shared platform or something like that and so I think this this
report helped kind of illustrate you know where government’s doing well as
well as where there are problems so that we can kind of readjust and recalibrate
some of the digital government strategy so then we can be more effective in
these pursuits great thank you
I just wanna pause for a moment um Jeremy were there any questions anyone’s
typed in yes actually hey McGee wanted to know a little bit
more about the accessibility the tool that you used to check accessibility sure Helen you want to cover that one yes so we use the a checker which looked
at and let me pull up the exact detail for you we looked at a checker which was
the web accessibility checker it was an online tool that looked at exactly three
types of issues on a website looked at known problems which were problems that
could be identified in the website’s code or the text itself it looked at
likely problems problems that would be could be identified by a human and then
it looked at was likely problems and potential problems problems that the
checker itself couldn’t specifically identify but may indicate that there is
something wrong and so what we looked at and what we did is we looked at these
known problems ones that the the checker could actually identify and to avoid
unfairly penalizing websites we we looked at these known problems and then
we try to round the scores up so that there weren’t any websites that it what
we found was there was a huge just for diversity in some website so some could
have 300 errors and some could have two and we didn’t want to unfairly punished
the two errors over the one that had a ton of websites so we tried to weigh
that in how we calculated this out and did you have any specific questions
about the checker well if if there are specific questions
I’m sure they’ll come through in in the chatbox very soon I’m gonna want to jump
over to a different question from Phil in the chat box he s Phil asks
which levels federal agency websites are being scanned these top-level pages only
all page levels like how does he make that determination
that’s a great question yes so we were using in this report the Alexa traffic
ranking so we were looking at we look at the top million most popular sites
globally and then we tried to find all the federal government websites pulled
out about 300 from that list and when we did the site test we were using the main
landing page so you know whatever that you know index a PHP or whatever the
default page would be for most of these tests now some of the tests like you
know the DNS SEC test or you know SSL test will be testing the certificate
that was that was tied to the domain anyway but for sites like for tests like
the accessibility test you know mobile page speed test oh that was on the main
home page which we chose because we kind of assumed that would be the one that
you know would be the front page that most users were going to and also you
know at times on some of the older sites this maybe gave them a little bit of a
disadvantage if you have a site for example that used a lot of tabs on the
homepage they would have a much larger amount of content maybe it was not
loading dynamically like some of the newer sites but this said also kind of
reflect the you know the fact that the site maybe hadn’t been you know kept up
to date so it it didn’t really skew the results I think too much in that regard great thank you thanks for those
questions as well keep them keep them coming I had a question in free all four
agencies you know looking at these four areas which would be the most important
to focus on are there ones that are easier to implement or there areas that
are harder to implement sure I mean I think there’s a few things here I mean
first of all a lot of federal a lot of what we tested were testing you know
men selling requirements and so wherever there is a specific government
requirement I think agency should be moving quickly to address those and
that’s things like you know using the NSTIC and some of these security tests
one thing I’ll mention of course that it should be obvious but we were only
testing things from from the user side so on security of course there’s there’s
a lot of very important security testing that an agency can do that we’re not
going to be doing on the outside especially looking at you know making
sure the content management system or any plugins are up-to-date and not
running vulnerable code that the server secured the strong passwords are being
used so there’s a there’s a lot of work on the security side of the agencies can
do that are going to be reflected any kind of a site test but I think you know
on the consumer experience side and the accessibility side usability side I mean
that’s where you know it’s just really incumbent on agencies to you know be
able to identify you know what good looks like and what bad looks like and
you’ll be able to recognize when there’s a need for improvement in this area you
know I’ve been you know a fair amount of work with people in the disability
community and that’s always been an area of frustration when you know there are
certain standards and agencies are trying to follow those standards but
they’re not really getting the spirit of the standard you know they’re not really
you know working with users with disabilities and recognizing okay you
know if I’m using this kind of you know flash embedded grab for example somebody
with a screen readers not gonna be able to understand this and think in any
value out of it and being able to really understand things from the user’s
perspective and of course that doesn’t also mean for just you know people with
disabilities as well you know people are gonna be using a mobile device and
thinking through okay you know is this presentation on the mobile device
actually useful is it giving the user what they need an efficient way and try
to make sure they don’t just score well but actually perform well and user
satisfaction test great thank you um are there you know
other ways that agencies can get involved is this research is ongoing or
there are there next steps for you all well one you know announcement that we
have today actually is that we’re in the process of doing this test again so
we’re trying to update the report we’ve already done a lot of data collection so
you don’t need a scramble today to try and fix anything because we’ve probably
already tested your site if it’s then it’s in the top we changed the
methodology a little bit to reflect some of the feedback we’ve gotten we’ve used
a different list to source the most popular sites we’ve had to change some
of the tools simply because some of the tools are no longer publicly available
anymore we wanted to make sure anything we’re testing it’s something somebody in
a federal agency could give themselves we didn’t want to try and unfairly have
access to certain tools or it would suggest that certain tool was the right
way deployed we want to make sure that all the tools were out there and you
know going through this process you know we are seeing some some progress but
we’re also seeing you know that this is an area that’s going to need continued
focus that you know some agencies have fixed certain things but maybe they’ve
axle in in other areas as we mentioned you know we’re doing this test only on
the primary landing page we would love to see agencies you know take this
methodology expand it themselves and of course then test not just the main pages
but you know a lot of their pages and identify other problems that they might
find on these sites you know whether it’s basically a sub-site embedded
within their main domain that we’re not testing but that actually has different
problems and you see them running a different content management system so
you know our goal is basically to lay out a framework from what agencies can
do and many are already doing and help provide a national picture of what’s
happening so the agencies can take that information internally and assess across
their own digital properties what they can do to improve they gonna be sharing that list with us
so we can see how you’re getting to the agencies well we could that the the list
we’re using this time is instead of Alexa we’re using the Majestic million
i’m is freely available it’s just majestic calm and that’s and you can
filter by federal government sites we might be doing some testing at the state
local sites as well and if we do then we’ll do a comparison to of how that
compares to the federal government the many difference of course with the
federal government is you have a kind of comprehensive set of requirements that
doesn’t exist in almost any other all right that’s practices but the the
harder part is of course then executing on these best practices and implementing
them and so that’s I think where a lot of the focus will be in the coming years
I’m sorry froze right for me at the very end if you wouldn’t mind just repeating
what you were saying sure I was just saying that you know one of the findings
we had from this report is that the federal government’s did an excellent
job of identifying best practices and standards but the biggest challenge is
then implementing them and so you know it’s really laid out for itself what it
needs to be doing and the question is okay now that we have this kind of
benchmark of what should be happening in the federal agencies how do we make sure
we’re executing on it one recommendation we had in that report is that we get
more transparency and how websites are performing so you know there’s been some
efforts to create a analytics tell us a gov and you know we’re asking okay can
we start expanding that to make sure that we’re really benchmarking
performance of federal websites across the board and equipping agencies with
the tools they need so that they can you know actually tell are they are they
meeting these standards I’m glad we were able to hear you say that about agencies
are generally good Jeremy were there any other questions so far no more questions
in the chat box just yet but I did I had a question as you after you published
your report could you talk a little bit about the maybe some of the challenges
or the pain points that you heard from people in addressing some of these needs
sure I mean there’s a few things one you know on the security side for example
some agencies were you know walked into a specific service contract or something
and they wanted to make a change and they really need to wait to wait until
that existing contract expired on you know
similarly with certain websites they might have an older content management
system and you know scaling it especially to address things like mobile
friendliness there were some things they could do on their own but they were
really seeing you know the way to make a big change was
upgrade to the next the next version of the content management system for
example I know you know a lot of federal agencies that are using older versions
of Drupal you know that can have necessarily a good mobile you know
responsive design and some of the older versions I think Duplin have it between
6 & 7 and they do have it so you had those types of problems where you were
on a certain technology lifecycle but then the low end upgrade and that was
really again kind of one another finding we had this report and I think an
important takeaway is that when federal agencies are creating websites they’re
not always thinking about the full lifecycle there they’re thinking about
okay can we get the site up they’re not really setting an expiration date for
these sites and that’s one of our recommendations in this report is that
you know any any website really should have an an authorization date
this is how long I should operate you know three years five years and it might
be renewed but that should be a very conscious decision of federal agencies
to renew that site for another period of time rather than some of these kind of
zombie sites that are basically out there that’s not clear who’s in charge
of them it’s not clear who’s maintaining them if the informations accurate or if
anyone even knows they’re there I think some agencies might again be perfectly
happy taking down these sites they’re just not even aware they’re still
hosting them you know whoever is in charge of that has left and they haven’t
free staffed so kind of the problem of the zombie website is something we we
really identified here and are hoping that can be resolved in the long term
because as I said we only look at the most popular sites so one of the
questions we had was okay you know is this representative of all the federal
agencies or is this more the tip of the iceberg and underneath the surface
you’re seeing a lot more of these smaller sites where there’s significant
problems speaking of smaller sites though I’m
kind of Korea and you may have said this and I missed it but in your next version
of the report are you gonna be scanning a larger number of sites and I asked
that because I kind of I would wonder if you do scan a lot of the smaller sites
if you’re if you see things if you see a better
presentation of things that are a little bit more agile things that have been
able to spin up faster this maybe they have better practices or maybe there’s
things that are less popular but actually far more compliant because they
are easier to change yeah so the the new list that we’re using is bigger than
them the list we used before it’s still supposed to be a million most popular
sites we had inadvertently left off with you in our first round so we’re going to
include all of those and then you know some of the rankings they just change
over time yet which sites are more popular a lot of sites with the new
administration have been decommissioned and new sites so we’ll also account for
some of those changes but we’re not going to test necessarily the ones that
aren’t the popular sites what is interesting and what we can’t say about
that when we did the test on the congressional sites because the
congressional because the legislative branch is so much smaller we were able
to I think identified pretty much the full universe of sites there we went
through the the budget documents the appropriation documents for the
legislative branch to basically identify every single Commission you know you
know every you know everything except the actual representative and Senators
sites we don’t wanna get into the politics of testing that and you know
looking at that we looked at a lot of very small sites there and the
difference is usually not whether the site is kind of small and large or
popular or unpopular it’s really the age of the site you know newer sites you
know generally they’re doing it right it’s the older sites that have been up
there for a long time that haven’t really been updated those are the ones
that are kind of falling by the wayside and having only met the criteria or the
sites that are important and there hasn’t really been any attempt to fix it
so I mean one of the most popular but poor coring sites was IRS gov on federal
agencies and I think we had speaker on you know on Congress you know two sites
that are obviously important a lot of people use it for information but just
hasn’t gotten the resources behind it to redevelop it looking at the site you can
tell it’s running an older platform and those are where you have those types of
problem journeys just looking at the time I want
to be mindful of our time with everyone um you know are there any parting words
you’d like to share with agencies sure you know just again we’re always looking
for feedback on our methodology as well as our recommendations as I said we’re
we be doing this these tests right now we’re hoping to release a new report
probably late this year but in the interim you know we welcome feedback on
the existing report we welcome feedback on on the tools additional things we
should be looking at additional considerations that we should be putting
forward in our recommendations the goal with this report is really to launch a
conversation so we’re open door policy open phones open emails up in Twitter
we’d love to hear from you to let us know how we can help kind of advance the
goals that we all share having a better more responsive more efficient
electronic government awesome well thank you for joining our conversation today
and thanks everybody for tuning in I’m just a reminder this was recorded and
will be sending out surveys so feel free to let us know what you thought about
this event in any future topics you’d like to see on a future digital gov
event so thanks again Alan and Daniel and everyone have a great day thank you
thanks Val yes thank you thank you

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *