The MRA, in a statement signed by its programme officer in charge of cyber-security, Ms Esther Adeniyi, noted that free email services such as Gmail, Yahoo Mail, Hotmail, and Outlook.com, among others, lack the robust security features necessary to protect sensitive government information and their use by government officials opens the possibility of data breaches, cyber-attacks and unauthorized access to sensitive information, which could have serious repercussions for national security and public trust.
Ms Adeniyi recalled that on February 17, 2022, the Federal Executive Council (FEC) approved the National Policy on the Nigerian Government Second-Level Domains, which the then Minister of Communications and Digital Economy, Prof. Isa Pantami, said was aimed at safeguarding official communications using government top-level domains. Following FEC approval of the policy, the minister directed government officials to migrate from using generic domains in their websites and emails to the “second level under the government top-level domain”, warning that the use of private emails for official communications by government officials would no longer be tolerated.
She also recounted that at the formal unveiling of the policy on February 2, 2023, then President Muhammadu Buhari similarly directed all government officials to use relevant government domains for official purposes.
Ms Adeniyi noted that despite the adoption of the policy and various directives dating back to the Olusegun Obasanjo Presidency as well as the recent instructions given by President Buhari and Prof. Pantami, hundreds of government officials at Federal, State and Local Government levels have continued to use free email services to conduct official business with impunity.
She said: “In an age where cyber threats are increasingly sophisticated, and the need to ensure data security have become more critical than ever, it is imperative that government officials avoid using free email services for official business as the challenges associated with the practice, ranging from security vulnerabilities and lack of data control to professionalism concerns and non-compliance with laws and regulations are too significant to ignore.”
According to her, “the government should invest in secure, government-operated email systems that offer the necessary protections and ensure that all official communications are conducted in a manner that upholds the integrity, security and professionalism of government operations while also better protecting sensitive information, maintaining public trust, and ensuring that the government meets its obligations to the people.”
Identifying specific challenges and risks associated with the use of free email services for official government communication, Ms Adeniyi noted that such email platforms are frequently targeted by hackers, putting sensitive government information at risk of being intercepted, leaked, or stolen as the platforms often do not offer the level of encryption required to secure sensitive data.
Besides, she argued, when using free email services, government officials unwittingly transmit and store sensitive data on servers located outside Nigeria, subjecting it to foreign jurisdictions and increasing the risk of unauthorized access by foreign entities.
Ms Adeniyi stressed that the use of unofficial email addresses, especially free services provided by foreign companies, for government communication undermines the professionalism and credibility of government operations and makes it easier for malicious actors to impersonate officials and engage in fraud or phishing attacks.
She contended that although Government communications are ordinarily subject to specific legal and regulatory requirements, including the need for proper record-keeping and data protection, free email services frequently do not comply with these requirements, which could lead to potential legal liabilities and challenges in maintaining transparency and accountability.
In particular, Ms Adeniyi said, the use of non-official email platforms for official communication subverts the implementation of the Freedom of Information (FOI) Act, 2011 as it complicates the process of record-keeping and makes it difficult to ensure that information is properly archived and retrievable while also hindering the effective tracking, archiving and auditing of government communications, which are essential for ensuring transparency and holding officials accountable.
Besides, she added, when officials who use their personal, free email services to conduct official business leave government service, such official communication will no longer be available or accessible to the ministries, departments and agencies that they served in and on whose behalf they undertook the communication, thereby creating a “black hole” in government records and making the application of the FOI Act to such records impossible.
In addition, Ms Adeniyi said, “Free email services are typically operated by foreign companies, which means that the data is stored in servers located outside Nigeria. When government officials use free email services for their official communications, the data transmitted and stored on these platforms is beyond the control of the government and outside the jurisdiction of our courts.”
She called on the government to take immediate steps to enforce compliance with its policy on the issue and ensure that all government ministries, departments and agencies as well as officials transition to “secure, government-operated email systems where the government can better protect sensitive information, and maintain public trust.”