WhatsApp, Gmail banned from use for transmission of official documents in J&K

Officials barred from using third-party apps; protocols aim to prevent data breaches and unauthorized access

SRINAGAR: The Jammu and Kashmir Government has instructed all its officers and officials to cease using third-party platforms like WhatsApp and Gmail for transmitting sensitive or classified information. The directive outlines stringent security protocols to protect confidential communication, with violators facing potential disciplinary action. A circular in this regard has been issued by General Administration Department.
It has come to the attention of the administration that there is an increasing trend among officers and officials to use third-party tools such as WhatsApp, Gmail, and other similar platforms for transmitting sensitive, secret, and confidential information. This practice poses significant risks to the integrity and security of the information being communicated, the circular reads.
As per the circular using third-party communication tools can lead to several potential issues, including unauthorized access, data breaches, and leaks of confidential information. These platforms are not specifically designed to handle classified or sensitive information, and their security protocols may not meet the stringent standards required for official communications. Consequently, the use of such tools could result in severe security breaches that jeopardize the integrity of governmental operations.
To emphasize the importance of exercising discretion and adhering to established protocols for handling official communications, particularly those of a sensitive, secret, or confidential nature, the following guidelines are issued for the officers/officials of Union Territory of Jammu and Kashmir
Classified information falls under the following four categories: TOP SECRET, SECRET, CONFIDENTIAL, and RESTRICTED. The TOP SECRET and SECRET documents shall not be shared over the internet. According to NISPG, the TOP SECRET and SECRET information shall be shared only in a closed network with leased line connectivity where SAG-grade encryption mechanism is deployed. However, CONFIDENTIAL and RESTRICTED information can be shared on internet networks that have deployed commercial AES 256-bit encryption.
The use of government email (NIC email) facility or government instant messaging platforms (such as CDAC's Samvad, NIC's Sandesh, etc.) is strongly recommended for the communication of CONFIDENTIAL and RESTRICTED information. Care should be taken during the classification of information; information that deserves a TOP SECRET/SECRET classification shall not be downgraded to CONFIDENTIAL/RESTRICTED for the purpose of sharing.
In the context of the e-Office system, the Departments must deploy proper firewalls and a white-list of IP addresses. The e-Office server should be accessed through a Virtual Private Network (VPN) for enhanced security. Departments must ensure that only authorized employees/personnel are allowed access to the e-Office system. However, TOP SECRET/SECRET information shall be shared over the e-Office system only with leased-line closed networks and SAG-grade encryption mechanisms.
Regarding Video Conferencing (VC) for official purposes, only Government VC solutions offered by CDAC, CDOT, and NIC may be used. Meeting ID and passwords should only be shared with authorized participants. For enhanced security, the "Waiting Room" facility and prior registration of the participants may be utilized. Even then, TOP SECRET/SECRET information shall not be shared during the VC meetings.
Officials working from home should use security-hardened electronic devices (such as laptops, desktops, etc.) connected to office servers via a VPN and firewall setup. It is important to note that TOP SECRET and SECRET information should not be shared in a "work-from-home" environment.
Digital Assistant Devices such as Amazon's Echo, Apple's HomePod, Google Home, etc., should be kept out of the office during discussions on classified issues. Furthermore, Digital Assistants (such as Alexa, Siri, etc.) should be turned off during official meetings in the office used by employees. Smartphones should be deposited outside the meeting room when discussing classified information.
In light of the potential risks outlined above, all officers and officials are directed to adhere strictly to these guidelines to ensure the security and confidentiality of official communications. Non-compliance with these directives may result in disciplinary action as deemed appropriate by the administration.