The government has asked all central and state departments and ministries to stop using private email services for official communication and instead use indigenous services provided by NIC, to prevent "misuse" or "leakage" of classified data.
A recent circular, accessed by news agency Press Trust of India, issued to all government bodies by the CERT-In under the Union Ministry of Communication and Information Technology has stated that homegrown and India-based email communication systems should be preferred for official work as the servers of private email service providers are based out of India and is prone to "misuse" or "leakage" of classified and proprietary data.
"It has been observed that a number of officials in the ministries/departments in the central and state governments are using the private mail services particularly hosted and operated from outside India for official communications. Such official communications are government and also the public records. It is to mention that data pertaining to such emails and web services is stored by these service providers outside Indian and is fully under their control.
"At the time of any security breach incident or data loss it becomes very difficult to obtain data from those service providers apart from the possibility of leakage of information as they are controlled by the service providers outside the country," the circular-cum-advisory
The agency, while issuing the circular, has invoked Section 4 of the Public Records Act, 1993 (Prohibition against taking public records out of India) and some recent concerns raised by the Delhi high court to buttress its point.
Keeping in view both the things in mind, the circular said, "All the ministries, departments of central and state governments should either use email services provided by National Informatics Centre (NIC) or they should use their own email and web services being fully controlled by them and hosted in India for official communication. CERT-In security guidelines/advisories as issues time to time should be followed."
The CERT-In is the nodal agency to combat hacking, phishing and to fortify security-related defences of the Indian Internet domain.
The circular said that security risks, in the Indian online communications context, have "increased while accessing information over the Internet through email or web as some of the adversaries have launched targeted attacks to steal or damage the information for different purposes and interests".
Some of the popular private email services used in the country, even by government officials and departments, are those offered by Google, Yahoo, Hotmail and others and security concerns have been raised about these off late.