CIC denies disclosure of Email IDs of Govt. officials on likelihood of serious security threat [Read Order]

In a recent ruling, Full Bench of the Central Information Commission has ruled that email ids of all Government officials cannot be provided, as it could cause a serious security threat.

The Bench, comprising Information Commissioners Mr. Basant Seth, Mr. Yashovardhan Azad and Mr. Sridhar Acharyulu, observed, “It is a matter of common knowledge that information as sought by the appellant is already available in the public domain at the click of button on separate websites of the respective Ministries and/or Departments. Citizens Charter already provided adequate information about eh officials responsible for public dealing in various Government Departments/Ministries. Providing the list of all email ids in a CD format could pose a security threat as well as the risk of disruption of essential public service by making the information susceptible to misuse/abuse.”

The Applicant, Mr. Maniram Sharma had sought email addresses of Government/Public Authorities/ organizations maintained by NIC with up to date amendments. He had contended that email ids of Government and Public sector organizations are freely available on their individual websites and in fact it is Government policy to encourage the use of e-mail correspondence to avoid unnecessary paper work.

He had further submitted that in case the CPIO felt that there was any sensitive information, the same may be severed as per Section 10 of the RTI Act but the disclosable information cannot be denied to him. He had even acceded to deletion of sensitive information, i.e. information relating to security organizations as listed in Section 24 of RTI Act.

He pointed out that large number of mails sent by him to the domain address as available on the website of public authorities bounce back and hence, it is in public interest to display up-to-date information on the NIC website.

In response to the respondent’s persistent averment that the information sought is “neither generated nor held by the NIC”, Mr. Sharma argued that this was in contradiction to its submission that “as a matter of policy NIC does not share the email repository with anyone”.

Mr. Sharma also referred to the precedent set by the Government of Uttarakhand which published a 36 page list on its official website disclosing 1500 email addresses of prominent Government functionaries. He averred that rural development and overall development of the nation will get a boost by adhering to the Citizen’s Charter and disclosing the information. He had contended that mere apprehension cannot form basis of denial of information

On the other hand, one of the grounds for denial of information by the CPIO was that the release of all e-mail addresses can be a security threat and can choke the Government network and block access to NIC servers. He further reasoned that the information related to third parties including sensitive organizations and they did not have the resources to carry out the exercise as outlines under Section 11 of the Act for seeking individual consent on the disclosure of information.

The Bench demanded to look into the scale and enormity of the likely damage that could be caused by such disclosure. However, NIC submitted that instances of such attacks cannot be divulged for public consumption and hence, NIC was not allowed to share the information. It submitted that while threats are handled on an everyday basis, NIC is apprehensive, clueless and uncertain about the kind of measures needed to handle the imminent danger to national security.

The Commission then sought the views of cyber expert Mr. U. Rama Mohan, Additional SP, CID, Cyber Crimes, Hyderabad, in order to gain better perspective on the issue of security threat. Mr. U. Rama Mohan had opined that providing all email ids was to be discouraged for threat of spamming. He referred to the recent act of defacing 22 websites by criminals, maintained by NIC indicated the vulnerability and possibility of unauthorized access despite quality security measures.

Agreeing with the viewpoint, the Bench observed that NIC’s apprehension could not be completely overlooked, “because availability and access to such wide array of information leaves scope for misuse and abuse of the same at the hands of any person.”

Apart from random mischief mongers or technical geeks or harmless but curious persons who may disrupt the entire cyber network by irresponsible handling of the information viz. the list of email ids; the country actually runs a far greater risk of exposing itself to inimical, hostile nations, waiting to harm national security and interest by triggering a cyber attack or even worse, hacking into the systems and obtaining valuable confidential information of national importance,” it added.

The Commission further appreciated the ongoing project undertaken by the Government to centralize all communications by creating a communication hub on a single platform. It was referring to the Government of India Web Directory, which is a one-point source to access all Indian Government Websites at all levels and from all sectors. “Believing that directory is being developed under the vigilant and watchful Government set up, we require the aspects of national security and larger public interest and public reach shall be adequately addressed,” it observed.

Read the order here.