Third party email services like Gmail, Yahoo! banned in government offices in India
Use NIC email servers for government communication says the new ‘E-mail Policy of Government of India’
Given the risk of data breaches in third party email services like Gmail, Yahoo!, Microsoft Live etc., the long awaited move from the Government of India was notified on 18th February, thus equitably banning use of all such emails by users in government departments.
Issuing two notifications called ‘E-mail Policy of Government of India’ and ‘Policy on use of Information Technology resources of Government of India,’ the Indian government effectively put a ban on use of private e-mail networks like Gmail and Yahoo.
The new policies state that only email servers provided by the government owned National Informatics Center or NIC, as it is popularly called, can be used for official and semi official communications within and outside the government departments.
“The e-mail services provided by other service providers shall not be used for any official communication,” the notification says. These notified policies will cover all central government employees, employees of those state governments/UTs, various departments of the governments as well as autonomous bodies.
We had already reported in the month of September, 2014 that the Gmail and Yahoo banning plans were afoot in the corridors of power at Delhi. The immediate cause for the governments actions were the 5 million Gmail username and password leak that happened in September.
Another more pressing reasons were the intermittent leaks coming out from the Snowden’s master leak files which gave an impression that all government data was monitored by NSA and GCHQ at some point of time.
The notified policies stipulate measures to ensure secure and proper access to and usage of government’s IT resources and “prevent their misuse” by users (officials).
“Misuse of these resources can result in unwanted risk and liabilities for the government,” the policy says. The measures hence stipulated are: “NIC may block content which, in the opinion of the organization concerned, is inappropriate, or may adversely affect the productivity of the users.”
With the use of NIC servers, the government can and will be monitoring online activities of bureaucrats, top officials of PSUs and other employees and will allow it to block content which it feels, adversely affects GOI in terms of productivity or policy matters. The new notifications allow the government to delete e-mails or internet history on computers of government employees after intimating the user.
The notifications lay down the standard operating procedure (SOP) for online presence of a government employee. NIC may monitor online activities on the government network, subject to SOPs as the organization may lay down, and the power with NIC to “access, review, copy or delete” any kind of electronic communication such as files, e-mails and internet history, for “security-related reasons” under due intimation to the user.
The policy has also stipulated the terms of access to social media sites from government networks, saying users will always use “high security settings” on such sites, not post “offensive, threatening, defamatory, bullying, racist, hateful, harassing, obscene or sexist” material on Twitter or Facebook and not make any comment or post any such material that would “cause damage to the organization’s reputation.”
The policy has specified that besides NIC, there would not be any other e-mail service under Government of India and says auto save of password or its sharing in the government e-mail service is not permitted.
“All organizations, except those exempted under clause 14 of this policy, should migrate their e-mail services to the centralized deployment of the NIC for security reasons and uniform policy enforcement,” the notification says.
An exception has been made for organizations dealing with national security who have their independent mail servers.
“They can continue to operate the same provided the email servers are hosted in India. However, in interest of uniform policy enforcement and security, it is recommended that these organizations should consider migrating to the core service of NIC,” the notified policy says.