Digital defenceGoing digital is a necessity, but privacy and security concerns must be addressed
Back in May, Prime Minister KP Sharma Oli made a bold statement—the Prime Minister’s Office (PMO) would go paperless within six months. Following on that promise, the Cabinet held its first digital meeting in July, providing ample photo-ops of ministers sitting in front of brand new MacBooks.
Now, the Oli government has made yet another move towards going digital—all official correspondence and transactions will now start to take place through official government emails. While it might come as a surprise to many that official emails were not already being used, it appears that many civil servants were using personal Gmail and Hotmail accounts to correspond with superiors and colleagues. The vast majority, however, confined to paper. Civil servants will now be using email to correspond, seek leave and transfers, and communicate official activities, all under a legal rubric provided by a Cabinet meeting on October 28.
While these are all welcome decisions in an increasingly digital world, it all feels like too little, too late. Dedicated email servers have been around for nearly 30 years in Kathmandu; one would’ve expected that the government had implemented official emails long ago. No correspondence should have been taking place over a notoriously insecure and outdated email service like Hotmail. Still, it is some measure of success that civil servants will now be able to digitally to correspond and take decisions.
Security concerns, however, are as valid as ever. Although the government claims that the security has been improved and that the National Information Technology Centre (NITC) will now be managing the new system, it remains to be seen whether security measures are robust enough to stand up to dedicated attacks. Critical agencies like the Prime Minister’s Office (PMO) need to make certain that their communication is secure at all times. The government uses wifi jammers during Cabinet meetings to prevent hacking and passwords change during every meeting, the question of whether the digital link itself is secure or not remains unanswered. One only has to visit the various ministry websites, including attempting to access e-governance services for the Kathmandu Metropolitan City, to be met with a page warning that the “connection is not private”. This means that all communication is prone to ‘man-in-the-middle’ or eavesdropping attacks since the connection does not utilise encrypted https.
Furthermore, the challenge remains that a number of civil servants are “computer-illiterate”, as one government official has put it. In this information age, digital literacy is a fundamental skill. All government employees must be trained not only on the usage of computers and the internet but also on how to make sure their work is secure and not prone to being hacked. Dangers on the internet are manifold, and ‘noobs’, to use internet parlance, can unwittingly fall victim to them very easily. So while the government’s efforts to go digital are to be welcomed, even if they are late, robust security measures must go hand-in-hand with them. Privacy and security concerns cannot be overstated, as events across the world have shown time and again.