If you are trying to reach Kapil Sibal, India’s Minister for Communications and Information Technology, the government’s official directory advises that you e-mail him on a Yahoo address. Sushil Kumar Shinde, Minister for Science and Technology, prefers Gmail. So do the Ministers of State for Health and Family Welfare, and for Science and Technology. The Minister of State for Chemicals and Fertilizers, meanwhile, favours Hotmail.
When an Indian civil servant hands over a business card embossed with the gold seal of state, odds are it will list a free Web-based e-mail address – not one from the official National Informatics Centre that is meant to provide e-mail service to all employees of the vast central government.
“I’d put it at 99 per cent of employees doing this,” said Vijay Mukhi, a pioneer of the Indian information technology industry. The government gives out business e-mail addresses to only a fraction of its employees, he added. “And if they give you something that ends in ‘dot-gov’ or ‘dot-in’ you can be guaranteed that it won’t work.”
India enjoys a reputation as an information-technology powerhouse, and its rapidly growing industry is worth $100-billion. But anyone who works here – and slogs through a government bureaucracy still mired in paper or tries to navigate torpid government websites – knows that, with few exceptions, the private high-tech sector exists in efficient isolation. This nuclear power leaves its Internet security to the likes of Yahoo.
Earlier this month, the Delhi High Court castigated the Delhi Police for the condition of the force’s website, which the court said is “completely useless,” “obsolete and does not serve any purpose.”
The city of Delhi also announced this month that 272 members of its newly elected government will be given laptops – and also a budget to pay the equivalent of $90 a month to hire “computer help” – that is, someone who actually knows how to operate a computer, since so few of the politicians do. Indeed, while tens of thousands of low-level bureaucrats are employed as “computer operators” in the central and state governments of India, the bulk of work is still done on paper, in files held together with string. When a particularly fat file needs a hole in the corner to add more string, bureaucrats use small, ice-pick-like tools kept on hand for the purpose.
Indians brace for interaction with government, knowing what awaits at the passport office, and no one blinks when a senior government spokesman gives out a Hotmail address. But the technological limitations of government are more than an irritant. They also have serious implications for national security, according to Mr. Mukhi, who sits on several government advisory bodies concerned with technology and cybersecurity, and many others in the field.
In the past two weeks a half-dozen major government websites, including those of the Supreme Court and that of the governing Indian National Congress, were hacked and defaced by the international hacker collective Anonymous to protest against Internet censorship measures being considered by government.
When employees use their personal accounts for government business, they make India vulnerable. “Departments transacting in international relations are storing that information on a server in another country,” said Sahir Hidayatullah, an Internet security expert with the Mumbai-based firm Siegecraft.
In addition, the government has no control over what level of security and protection – if any – those employees have on their account. They are easy prey for hackers practising techniques such as “spear phishing,” or launching a series of attacks on the personal address that could expose internal government communications.
“The moment that Indian government information is going to be made available on e-mail IDs hosted on servers in the U.S., there could be a potential question or compromise on the inherent security, sovereignty, integrity and defence of India,” said Pawan Duggal, a Supreme Court advocate with a specialty in information technology cases.
He warned that the consequences could be dire – on the scale of the cyberattack on Estonia in 2007, attributed to Russian hackers with nationalist motivations, which effectively shut down the country and its economy for a week. But with the many urgent spending and political priorities in India, cybersecurity and in particular the e-mail risk “is not on the radar,” said Mr. Duggal, and likely won’t be, until there’s an Estonia-scale calamity.
In 2011, the last year for which data have been made available, only 300,000 of more than three million government employees had been assigned official addresses. Almost all of those were for a system that can be accessed only through a computer – even though the vast majority of Indians access the Web through smartphones. The 2011 census found that 20 per cent of urban households, and just 5 per cent of rural ones, own a computer; of the 9 per cent of households in India with computers, only 3.1 per cent have an Internet connection.
Government officials using a personal e-mail address and contacted by The Globe and Mail were almost uniformly unwilling to discuss the subject. B. K. Gairola, head of the NIC, would not answer questions on the subject, although the interview request was made to his professional ‘.nic’ address (and perhaps he uses Gmail).
The one low-level bureaucrat who spoke with The Globe on condition of anonymity complained first that his government e-mail address has almost no storage, second that the system is down four out of five times he tries to use it, and third that he has been transferred between government ministries three times already in his career, with a new e-mail address each time. “So much of my information is in this e-mail, how can I simply lose it all and start again with nothing in a new post?” he asked plaintively.