Late in March, the Delhi High Court hauled up the Central Government affidavit for the lack of an adequate information technology infrastructure and gave it a deadline to finalise an email usage policy for government officials within a couple of weeks.
One may be surprised – as the Court of Acting Chief Justice Badar Durrez Ahmed and Justice Siddharth Mridul were – and wonder what would that mean, given that the country has its own nic.in. It is known as a vexed issue that has been doing the circles, virtual or otherwise, since at least a decade.
The moot point is what the Court observed while giving the Government two weeks for an email usage policy. It noted that only 4.5 lakh of nearly 50 lakh government servants have been provided official email IDs through the National Informatics Center. The Court, by asking the Centre to expedite setting up of government-owned servers to handle the huge demand, has indeed raised an apt concern and pointed to an area where the government seems to have not done adequately enough.
Further, the Court has been specific in observing the need to develop an indigenous encryption and protection software to protect sensitive government data. “There are enough brains in India to develop such software,” it said.
Following the Court order, the Department of Electronics and Information Technology of the Ministry of Communications & IT hurriedly put up the ‘Email policy’, including the Email Account Management and Best Practices for Effective E-mail Usage; the Email Services And Usage Policy; the NIC Policy on format of E-mail Address; the Password Policy; and, the Security Policy For User Service Level Agreement. All of them belonging to the draft policy can be seen on the DEITY site, pending Parliament approval.
We must understand where the problem actually lies. Last year, documents released by US whistle-blower Edward Snowden revealed the extent and aggressive nature of NSA datamining exercises targeting India. According to The Guardian, “The US National Security Agency may have accessed computers within the Indian embassy in Washington and mission at the United Nations in New York as part of a huge clandestine effort to mine electronic data held by its South Asian ally.”
Following this, the Indian Government decided to ask its employees to stop using Google’s Gmail for official communication as it has its servers in the US. The employees were asked to stick to the official email service provided by India’s NIC.
“How lackadaisical we can be about our security can be gauged from the fact that even after such a warning, the move to use this official email service didn’t gain much support. In fact, it took a PIL and the Court’s intervention for the Government to ‘show an inclination’ towards for framing of an email policy. Even then, the Court was told that (DEITY) was drafting a policy on email usage for government offices and departments and the policy was almost ready. Then DEITY Secretary J Satyanarayana revealed that the Department was in the process of taking views from other ministries on the policy and that the email policy would be operational by end of December 2013. But we can see here that it was not to be. In fact, it took the Delhi High Court’s warning the Government of ‘coercive action if they continued to delay the framing of the e-mail policy’ for the draft to get ready this month. No wonder that the Bench was critical of the lack of initiative from bureaucrats on this matter,” said Sanjeev Sinha, a lawyer with interests in cyber security.
It must be pointed out that the Court’s observation is in response to the need felt and must be understood in its entirety. According to a firstpost.com report by Nishtha Kanal, “The move will make it mandatory for government officials to use only the NIC (nic.in) platform for official communication purposes. This will ensure that critical data is sent and received on the government-controlled NIC platform.”
“Of course, data security is the key reason why the Government may be feeling compelled to take this step. Only recently it had been revealed that US intelligence had been accused of spying on the top echelon of world leaders, including the likes of German Chancellor Angela Merkel. In another report, Prime Minister Manmohan Singh’s office assured that it had nothing to worry about since Singh did not possess either a mobile phone or a personal e-mail ID,” Kanal wrote.
The Central Government has also told the Delhi High Court that it will issue advisory prohibiting government employees from accessing social networking websites such as Facebook and Twitter through officials systems and networks. It’s high time this was done. According to a document obtained by The Hindu, the NSA used its Prism datamining programme to gather information on India’s domestic politics and the country’s strategic and commercial interests, specifically categories designated as nuclear, space and politics.
The Guardian adds: “A further NSA document obtained by The Hindu suggests the agency selected the office of India’s mission at the UN in New York and the country’s Washington embassy as ‘location targets’, where records of Internet traffic, e-mails, telephone and office conversations – and even official documents stored digitally – could potentially be accessed after programmes had been clandestinely inserted into computers.”
One may argue that the snooping is part of the spy games nations play on one another and that not much should be read into such revelations posing a threat to Indo-US ties. One can also say that datamining was just routine and even an imperative in efforts to protect the society from scourges like terrorism. One may agree here. At the same time, it does not mean that India in its own interest should not do all it can to keep its secrets and confidentiality intact. It does not mean that it should not have steps and policies in place to ensure that what’s ‘for your ears and eyes only’ remains so, and only with it.
The Delhi High Court had earlier asked the Central Government to bring in an e-mail policy for government officials in consonance with the Public Records Act in order to bar transfer of data to a server outside the country. Time such concerns are acted upon immediately.