A few months ago, a Brigadier was in an operations room where he opened his smartphone to photograph a fully-marked operational map. The officer, commanding a brigade, then sent it on WhatsApp to his principal staff officer at the brigade headquarters to get a similar map made. The staff officer in turn sent the picture to commanding officers of battalions, and the secret operational map was soon all but public.
It was this incident — and a host of similar incidents of security breaches over WhatsApp — which triggered last month’s order from Army Headquarters to all officers to desist from indiscriminate use of any social media platform.
The order said “no Indian Army personnel shall be part of any large group(s) on internet based messenger/chat/email services. One to one messaging is however permitted in a closed knit group, wherein the members/subscribers are whose credentials can be ascertained, may be allowed”.
A serving military officer told The Indian Express: “We have always had clear existing orders on the subject of use of social media platforms by Army personnel. But technological changes and study of evolving usage patterns necessitates updation of orders and new directions. That is why this new order was issued for maintaining the security of classified information — that was the only purpose.”
The order, issued by the military operations directorate, stated the rationale: “Rampant use of personal IT devices, specially smartphone and other messaging service including WhatsApp, for exchange of official information has been identified as primary source of pilferage of information.”
According to the officer, the fact that WhatsApp has end-to-end encryption has lulled many Army officers into a false sense of security while using the Facebook-owned social media platform. He said it had become common for some Army officers to use WhatsApp to send classified information, documents and presentations, which is a clear violation of the Official Secrets Act and jeopardises operational security.
But even if the data is encrypted and safe during transmission, the officer said, the same cannot be said about the mobile handset or the device which may be compromised. There have been cases of handsets with spying software and apps which may have provided highly sensitive and valuable information to adversaries, he said.
“It is a dynamic situation, made even more challenging by spyware, new stalking software and technological developments which are very hard for an average officer to grasp. We will have to constantly guard against it, and respond in real time,” the officer said.
But he agreed that even this order is not a perfect solution as the challenge goes beyond WhatsApp and “needs creation of a new culture where security of information becomes paramount and deeply ingrained”.