J&K bans WhatsApp, Gmail for official work over security risk

The Jammu and Kashmir government has banned the use of third-party tools like WhatsApp, Gmail for transmitting “sensitive, secret, and confidential information,” stating that “practice poses significant risks to the integrity and security of the information being communicated.”

An order issued by the J-K’s General Administration Department recently stated that it has come to the attention of the administration “that there is an increasing trend among officers and officials to use third-party tools such as WhatsApp, Gmail and other similar platforms for transmitting sensitive, secret, and confidential information.”

Stating that using third-party communication tools can lead to several potential issues including unauthorised access, data breaches and leaks of confidential information, the order said “these platforms are not specifically designed to handle classified or sensitive information, and their security protocols may not meet the stringent standards required for official communications.”

“Consequently, the use of such tools could result in severe security breaches that jeopardize the integrity of governmental operations,” it said.

Issuing guidelines for handling official communications, particularly those of a sensitive, secret, or confidential nature, the authorities stated, “Confidential and restricted information can be shared on internet through networks that have deployed commercial AES 256-bit encryption and the use of government email (NIC email) facility or government instant messaging platforms is strongly recommended for the communication of confidential and restricted information.”

“With regard to e-Office system, the Departments must deploy proper firewalls and white-list of IP addresses,” the orders notes. “The e-Office server should be accessed through a Virtual Private Network (VPN) for enhanced security,” it added.

It also said that for video conferencing (VC) for official purposes, only government VC solutions offered by CDAC, CDOT and NIC may be used.

The authorities have said officials “working from home should use security-hardened electronic devices (such as laptops, desktops, etc.) connected to office servers via a VPN and Firewall setup.”

“It is important to note that secret information should not be shared in a work-from-home environment,” the order said.

Stating that digital assistant devices such as Amazon’s Echo, Apple’s HomePod, Google Home, etc., should be kept out of the office during discussions on classified issues, it said further that digital assistants (Alexa, Siri, etc.) should be turned off during official meetings in the office. “Smartphones should be deposited outside the meeting room when discussing classified information,” the order added.

The order also said, “In light of the potential risks outlined above, all officers and officials are directed to adhere strictly to these guidelines to ensure the security and confidentiality of official communications.”

“Non-compliance with these directives may result in disciplinary action as deemed appropriate by the administration,” it said.