Jammu and Kashmir government has prohibited the use of third-party tools, including WhatsApp and Gmail, for transmission of sensitive official documents. The reasoning given behind this move was that it can lead to data breaches and leaks. An order passed by the General Administration Department stated that these platforms are not specifically designed to handle classified or sensitive information. It added that their security protocols may not meet the standards that are required for official communications.
The order read, "It has come to the attention of the administration that there is an increasing trend among officers and officials to use third-party tools such as WhatsApp, Gmail, and other similar platforms for transmitting sensitive, secret, and confidential information. This practice poses significant risks to the integrity and security of the information being communicated."
It noted that the use of third-party communication tools might lead to a number of issues including unauthorised access, data breach, and leaks of confidential information.
The order read, "Classified information falls under the following four categories namely, Top Secret, Secret, Confidential and Restricted. A 'Top Secret' and 'Secret' document shall not be shared over the Internet. According to NISPG, the 'Top Secret' and 'Secret' information shall be shared only in a closed network with leased line connectivity where a SAG-grade encryption mechanism is deployed. However, 'Confidential' and 'Restricted' information can be shared on internet through networks that have deployed commercial AES 256-bit encryption."
If Not Gmail & WhatsApp Then What?
The directive strongly recommends utilising government email services or official instant messaging platforms, such as CDAC's Samvad and NIC's Sandesh, for sharing information classified as 'Confidential' or 'Restricted.' It read, "Care should be taken during the classification of information; information that deserves a 'Top Secret/Secret' classification shall not be downgraded to Confidential/ Restricted for the purpose of sharing."
As for e-Office systems, departments have been instructed to deploy proper firewalls and white-list IP addresses. The order read, "The e-Office server should be accessed through a Virtual Private Network (VPN) for enhanced security. Departments may ensure that only authorised employees/personnel are allowed to access the e-Office system. However, Top secret/Secret information shall be shared over the e-Office system only with leased line closed network and SAG grade encryption mechanism."
Top Secret Information Should Not Be Shared From WFH Setup At All
The directive emphasised a complete prohibition on sharing any 'Top Secret' or 'Secret' information through video conferencing. Officials working remotely have been instructed to use security-hardened electronic devices, such as laptops or desktops, connected to office servers through VPNs and firewalls. It specifically stated that 'Top Secret' and 'Secret' information must not be shared while working from home. Additionally, the order advised keeping digital assistant devices, like Amazon Echo, Apple HomePod, and Google Home, out of office spaces during discussions involving classified matters.
It further read, "Digital assistants (such as Alexa, Siri) should be turned off during official meetings in the office used by employee. Smartphones should be deposited outside the meeting room when discussing classified information."
The directive also laid out a warning for non-compliance. It stated, "Non-compliance with these directives may result in disciplinary action as deemed appropriate by the administration."