Officials in the government using private emails without even understanding the consequences has become a common practice.
A few years back former Information Technology Minister had sent out an email using his gmail account which had led to a major hue and cry being raised. The latest on the list of private email users is Hillary Clinton.
A report suggests that Hillary used a personal email account to conduct government business as secretary of state. Hillary did not have a government email address during her four-year tenure at the state department. Her aides took no actions to have her personal emails preserved on department servers at the time, as required by the Federal Records Act.
Has India acted on officials using private mail at work place?
The recent busting of the corporate espionage case was a wake up call for the government. If files were being leaked with such ease, there is no reason to believe that mails could not have been hacked into.
A communication from the government stated, "they (government officials) shall refrain from using private email servers from government network. E-mail service authorised by the government and implemented by the IA (Implementing Agency under this policy is NIC) shall only be used for all official correspondence.
There is also a bar on officials from using forward option in e-mails to non-government e-mail services."
India has been a victim of snooping by the US
India's primary concern about its officials' mails being snooped was from the United States of America. Most of these private emails have their servers based in the US which makes it easier for them to access.
The snooping was conducted by the National Security Agency of the US under the garb that they were checking terror related activities. Data and statistics would suggest otherwise.
The NSA on a daily average collected 4.45 lakh e-mails addressed from Yahoo, 82,857 from Facebook, 33,697 from Gmail and 105,068 from Hotmail. There were almost 1 billion incidents of snooping on Indian mails and hardly a million were related to terrorism.
- India gets cracking on private mails in government offices
- 5 million government employees will compulsorily use government official id
- Government policy on email does not permit downloading and forwarding
- Not just Kapil Sibal, even Hillary Clinton used private mail in office
- Snooping by the USA, corporate espionage forced India to strengthen email policy
Mails on National Informatics Centre
The government employees are all provided an id created by the National Informatics centre. The mail id @gov.in is meant to cater to at least 5 million users in the government and these would include the politicians as well.
It had become extremely important for all government employees to communicate only using the official government id since the chances of someone snooping into these mails is virtually impossible. The servers of these mails are made in India and the government has absolute control over it.
Hence the question of some corporate or a foreign agency seeking access to these mails do not arise. The formulation of the email police was slow and many in the government had not started using the services completely.
Several employees continued to use their private mail ids even at work thus making data shared on the emails extremely vulnerable.
How the @gov.in mail works
According to the NIC, "mails are accepted and sent in NICNET from a single entry point i.e. via the SMTP gateways. Over 8 lakh mails are transacted in a day. Once a mail is accepted in the network, based on its address, it is routed to the recipient server.
Messaging services constitute one of the primary applications deployed across the network. They represent the front end of the Network. Hence, Messaging services in NICNET need to integrate the application solution, the underlying network, proactive management and maintenance in a single source solution.
The Messaging solution of NICNET is scalable, easily customizable, provisioned for increasing needs while assuring optimum performance, security and reliability. Recently, NIC has rationalized the myriad of e-mail addresses offered by NICNET.
The growth of the network services had been going on at an explosive rate and a time had come for streamlining of the e-mail services by adopting a single virtual e-mail server for the whole nation and achieving address resolution in such an environment.
Hence, it was decided to give the entire email addressing space in NICNET as "[at]nic[dot]in". Each network connected to the Internet has a Domain Name associated with it, to ensure email and other traffic getting directed to the right recipient.
In the case of NICNET, this domain is called "nic.in". All email to the home user is directed to "home.user[at]nic[dot]in" which will result in the mail being stored on the NIC mail server, ready to be collected by the home user email client.
The email policy of the government of India
The government of India does have a very specific email policy. The policy puts out some stringent rules while using emails at government offices and also by employees outside.
The objective of the policy was to ensure secure access and usage of Government of India e-mail services by its users.
It is recommended for users working in sensitive offices to use VPN/OTP for secure authentication as deemed appropriate by the competent authority.
It is recommended that GoI officials on long deputation/stationed abroad and handling sensitive information should use (VPN)/ (OTP) for accessing GoI e- mail services as deemed appropriate by the competent authority.
Use of Digital Signature Certificate (DSC) and encryption shall be mandatory for sending e-mails deemed as classified and sensitive, in accordance with the relevant policies of Ministry of Home Affairs.
Users shall not download e-mails from their official e-mail account, configured on the GoI mail server, by configuring POP or IMAP on any other e-mail service provider. This implies that users should not provide their GoI e-mail account details (id and password) to their accounts on private e-mail service providers.
Any e-mail addressed to a user, whose account has been deactivated /deleted, shall not be redirected to another e- mail address. Such e-mails may contain contents that belong to the Government and hence no e-mails shall be redirected.
The USA policy
The case of Hillay Clinton only goes on to show that even the USA is vulnerable to its leaders and officials using a personal email id. It is mandatory to send emails using the official mail provided by the US government.
It is alleged that Hillary could have violated federal requirements that officials' correspondence be retained as part of the agency's record. Hillary
did not have a government email address during her four-year tenure at the state department.
Her aides took no actions to have her personal emails preserved on department servers at the time, as required by the Federal Records Act.
Hillary's office in response had said that she had been sending emails to other state department officials at their government accounts, she had "every expectation they would be retained."
It may be recalled how the National Security Agency had secured the blackberry that is used by President of USA, Barack Obama. When he had taken over, he was given a Sectera Edge phone. However a blackberry was custom made for him with features that prevented from any of his communication from being hacked.
The President's blackberry has no camera and has ten number encrypted into it. These are the numbers that have been indicated by the president. The calling list has his wife, vice president, few members of his family, chief of staff, his press advisor and press secretary.