Indian Government Wakes Up to Risk of Hotmail, Gmail

Indian Government Wakes Up to Risk of Hotmail, Gmail is a Deccan Chronicle news report published on 9 December 2013, sourced from AFP. An identical version of this wire report was also carried by NDTV on the same day, reflecting the common syndication of the article across multiple Indian news outlets. The report examines India’s response to NSA surveillance revelations by outlining plans for a new government email policy, even as senior officials continued to rely on private email services such as Gmail and Hotmail.

Contents

  1. Article Details
  2. Full Text
  3. Context and Background
  4. External Link

Article Details

📰 Published in:
Deccan Chronicle
📅 Date:
9 December 2013
👤 Authors:
DC Correspondent
📄 Type:
News Report
📰 Source:
AFP
📰 Newspaper Link:
Read Online

Full Text

New Delhi: Worried by US spying revelations, India has begun drawing up a new email policy to help secure government communications, but the man responsible for drafting the rules still regularly uses Hotmail.

Like many of his peers in ministries across New Delhi, IT and Law Minister Kapil Sibal's office recently sent an email inviting journalists to the launch of his new personal website using the free email service.

Others, including senior foreign ministry officials, the information and broadcasting minister and the health ministry secretary, also use Gmail, Hotmail or Yahoo instead of their government accounts.

When asked why he continued to use his Hotmail for official use, Sibal declined to comment, but a senior bureaucrat in his ministry admitted that he personally preferred Gmail because it is "just a lot easier".

"We keep moving, get different designations, go different places and with that, our emails change. You lose contacts and important emails, which you don't need to worry about with a Gmail account," the bureaucrat told AFP.

"To be honest, the quality of our official mail isn't that great yet. It still needs some work," he added on condition of anonymity.

Security concerns

IT security expert Sunil Abraham said the use of Gmail and the like was highly risky since the American services had their servers in the US and the National Security Agency has been known to tap into their database systems.

It is unclear how many state and federal public workers actively use popular email services for office, but some of the estimates are startling.

"As much as 90 percent of government officials use private email (services) for official use... that's because their official email is not as stable or speedy," said Abraham, executive director of the Bangalore-based Centre for Internet and Society.

In September Sibal's ministry announced a new "Email Policy of the Government of India" in the wake of spying allegations about the NSA revealed by former NSA contractor Edward Snowden.

NSA's tentacles not only crept into the Indian embassy in Washington and its UN office in New York, but also accessed email and chat messenger contact lists of hundreds of millions of ordinary citizens worldwide, according to media reports.

During a single day last year, the NSA's Special Source Operations branch collected 444,743 email address books from Yahoo, 105,068 from Hotmail, 82,857 from Facebook, 33,697 from Gmail and 22,881 from unspecified other providers, The Washington Post said, according to an internal NSA presentation.

The $11 million Indian project aims to bring some five million public employees onto the government's email domain powered by the National Informatics Centre (NIC) as early as mid-December.

It is awaiting clearances and suggestions from all ministries before the proposal goes to the cabinet this month.

J. Satyanarayana, secretary of the department of electronics and IT, dismissed claims that the policy was too late and was a response to the Snowden scandal.

"The policy is not a reaction to any global spying revelations, it was already in the works. It is just a mere coincidence that both came around the same time," he said.

Fresh doubts

Some cyber security experts say bringing millions aboard a centralised server could make a hacker's job easier, with all critical government information available on a single platform.

More than 11,000 Indian websites were hacked or defaced between May and August this year, with a large number of attacks on the ".in" domain whose servers are in India, the Times of India reported last month.

"Making the use of a centralised government server is not the best way to proceed. Having everything on one platform makes it even more vulnerable to cyber attacks and hacking," said Abraham.

"It also brings about new worries of the NIC becoming the local snoop."

Some also predict that the ambitious policy would eventually fizzle out for lack of attention from ministers and bureaucrats, who work in government offices where stacks of yellowing files and papers are still a common sight.

"It's sad but most of these officials don't understand much about technology, so mastering email is something that is miles and miles away," said Vijay Mukhi, a Mumbai-based cyber security expert.

"These guys saw all the snooping news and suddenly they woke up and said 'lets make an email policy'. Enforcing this is not possible on a practical basis."

The IT ministry also plans to conduct workshops to teach employees about email security such as when to change passwords and user names and how to use email.

"Every employee should know how, what and when critical data can be vulnerable... with most work still done on paper, it is important to know the nitty-gritty of using email," Satyanarayana said.

(Source: AFP)

Back to Top ⇧

Context and Background

This article appeared six months after Edward Snowden began releasing classified NSA documents to journalists in June 2013, triggering worldwide alarm about the scope and scale of American surveillance capabilities. The revelations exposed programmes like PRISM, which compelled technology companies to provide government access to user data, and upstream collection efforts that intercepted communications directly from internet backbone infrastructure. Countries discovered their diplomatic missions had been targeted, allied leaders’ phones monitored, and millions of their citizens’ communications swept up in mass surveillance operations.

For India, the disclosures were particularly troubling. Documents revealed that the NSA had monitored the Indian embassy in Washington and the country’s permanent mission to the United Nations. The scale of collection from services like Gmail, Yahoo, and Hotmail—used extensively by Indian government officials—raised immediate questions about operational security. If American intelligence agencies were harvesting email address books and content from these platforms daily, sensitive government communications conducted through them were potentially compromised.

The Indian government’s response—a proposed Email Policy announced in September 2013—aimed to migrate five million public employees to a National Informatics Centre-managed government domain by mid-December. Yet implementation faced considerable obstacles. Officials had grown accustomed to the convenience and reliability of commercial email services, which offered better uptime, storage, search functionality, and cross-device synchronisation than government alternatives. Many viewed official email infrastructure as clunky and unreliable, preferring services they could retain across postings and career changes.

The irony noted in the article—that IT Minister Kapil Sibal, responsible for drafting email security regulations, continued using Hotmail for official communications—illustrated the gap between policy ambitions and actual practice. This disconnect reflected broader technological capacity constraints within Indian bureaucracy, where paper files remained predominant and digital literacy amongst senior officials varied considerably.

Abraham’s expert commentary highlighted a dilemma inherent in the proposed solution. Whilst migrating off American-hosted services addressed foreign surveillance risks, concentrating all government email on a single National Informatics Centre platform created new vulnerabilities. Centralisation made the system an attractive target for both external attackers and potential domestic surveillance overreach. The “local snoop” concern anticipated debates that would intensify in subsequent years about government access to communications data and the absence of adequate oversight mechanisms.

The article documented a moment when India grappled with balancing security imperatives against practical constraints and institutional inertia. The ambitious timeline—migrating millions of users within weeks—proved unrealistic. The formal Email Policy of the Government of India would eventually be notified in February 2015, over a year after this article, with implementation proceeding gradually rather than through the rapid rollout initially envisaged.

The Snowden revelations fundamentally altered global conversations about digital sovereignty, data localisation, and the responsibilities technology companies bore toward users worldwide. India’s halting response, characterised by delayed policy development and uneven enforcement, reflected challenges faced by many countries in asserting control over digital infrastructure increasingly dominated by American corporations whose cooperation with intelligence agencies had been extensively documented.

📄 This page was created on 6 January 2026. You can view its history on GitHub, preview the fileTip: Press Alt+Shift+G, or inspect the .