Jammu and Kashmir Bans WhatsApp, Gmail for Sensitive Official Communication to Prevent Data Breaches

Srinagar: The Jammu and Kashmir government has banned the use of third-party tools like WhatsApp and Gmail for transmitting sensitive official documents, citing risks of data breaches and leaks.

Security Concerns Over Third-Party Platforms

These platforms are not specifically designed to handle classified or sensitive information, and their security protocols may not meet the stringent standards required for official communications, an order passed by the General Administration Department on Saturday stated.

"It has come to the attention of the administration that there is an increasing trend among officers and officials to use third-party tools such as WhatsApp, Gmail, and other similar platforms for transmitting sensitive, secret, and confidential information. This practice poses significant risks to the integrity and security of the information being communicated," the order read.

Potential Risks of Unauthorized Communication Tools

It said using third-party communication tools can lead to several potential issues including unauthorized access, data breaches, and leaks of confidential information. "Consequently, the use of such tools could result in severe security breaches that jeopardize the integrity of governmental operations," the order reads.

Guidelines for Official Communication

The GAD issued guidelines for officials to follow while handling official communication.

"Classified information falls under the following four categories namely, Top Secret, Secret, Confidential, and Restricted. A 'Top Secret' and 'Secret' document shall not be shared over the Internet. According to NISPG, the 'Top Secret' and 'Secret' information shall be shared only in a closed network with leased line connectivity where a SAG-grade encryption mechanism is deployed.

However, 'Confidential' and 'Restricted' information can be shared on the Internet through networks that have deployed commercial AES 256-bit encryption," it added.

Recommendations for Secure Communication Tools

The directive said the use of government email facilities or government instant messaging platforms (such as CDAC's Samvad, NIC's Sandesh, etc.) is strongly recommended for the communication of 'Confidential' and 'Restricted' information.

"Care should be taken during the classification of information; information that deserves a 'Top Secret/Secret' classification shall not be downgraded to Confidential/ Restricted for the purpose of sharing," it added.

Enhanced Security for the e-Office System

In the context of the e-Office system, departments have been directed to deploy proper firewalls and whitelist IP addresses. "The e-Office server should be accessed through a Virtual Private Network (VPN) for enhanced security. Departments may ensure that only authorized employees/personnel are allowed to access the e-Office system.

"However, Top secret/Secret information shall be shared over the e-Office system only with leased line closed network and SAG grade encryption mechanism," it said.

Restrictions on Video Conferencing and Work-from-Home Protocols

It said there was a blanket ban on sharing any top secret or secret information through video conferencing. The officials working from home have been directed to use security-hardened electronic devices (such as laptops, desktops) connected to office servers via a VPN and firewall setup.

'Top Secret' and 'Secret' information should not be shared while working from home, it said.

Prohibition of Digital Assistant Devices in Classified Settings

The order said digital assistant devices such as Amazon's Echo, Apple's HomePod, Google Home, etc. should be kept out of the office during discussions on classified issues.

"Digital assistants (such as Alexa, Siri) should be turned off during official meetings in the office used by employees. Smartphones should be deposited outside the meeting room when discussing classified information," the order said.

Strict Adherence to Guidelines

In light of the risks, all officers and officials were directed to adhere strictly to the guidelines to ensure the security and confidentiality of official communications.

"Non-compliance with these directives may result in disciplinary action as deemed appropriate by the administration," the order read.