NATGRID: intrusion into privacy

By Iftikhar Gilani  

Union Cabinet’s approval of the National Intelligence Grid (NATGRID), a dream project of Home Minister P Chidambaram has once again raised questions about the citizens’ right to privacy. The proposal for the system believed to be an effective anti-terror mechanism, originally conceptualised in December 2009 after the 26/11 attack in Mumbai, was pending with the Cabinet Committee on Security (CCS) since February. Most of the western countries, from where this project has been copied, have strict privacy laws that India lacks so far. It is now a matter of great concern whether in the absence of a strong privacy law, the project may end up providing a lethal arm to a “mad man”.At one stage, the NATGRID appeared to be dying without even starting, as many recruited for it started quitting and even its chief executive officer Captain Raghu Raman (47), indicated putting in his papers as he found the project not materialising.

Chidambaram had personally picked Raghu Raman in December 2009 from Mahindra and Mahindra, where he headed the group providing corporate risk mitigation services to head the new agency with a hefty pay-packet of Rs 1.50 lakhs on an 18-month contract which was to come to an end last month. Raghu Raman had quit the Indian Army in 1998 and jumped into the private sector to provide security to commercial data on computer networks.

Only last month he was given a 3-month extension and asked to wait for the government’s final decision. He was quite upset as the bureaucrats who had blocked the rank of “secretary” to him kept needling him for drawing a fat salary that was almost double theirs and doing hardly any work.

Raghu Raman has been, however, the most busy man conceptualising the working of the agency from scratch and facing stumbling blocks and bureaucratic objections at every stage. Once he was totally exasperated when the Finance Ministry shot down his proposal to have the complete data of savings bank account holders of all banks on the ground that it would breach privacy of their customers that the banks are supposed to provide.

Chidambaram came to his rescue after he pointed out that it would be impossible to trace the money trail of terrorists if the bank accounts are not accessible to NATGRID. A decision was ultimately taken that the NATGRID or the district magistrate can snoop on the bank accounts with the prior permission of the Reserve Bank of India (RBI).

NATGRID will be linking up all data bases, be they a bank account, credit card transactions, an insurance policy, land or house or a telephone connection, a vehicle registration, driving licence or a passport, phone calls, rail and travel reservations within two years to provide ready information to the security and intelligence agencies at the press of a button.

Private telecom operators will be required to link up their databases with NATGRID as they have the biggest available verified data of customers that come in handy for the agencies working on any terrorist activity.

The Home Ministry acknowledged the sensitivity and secrecy of the data to be assembled by the grid in its presentation to the CCS, pointing out a special anti-leakage mechanism designed by Raghu Raman. Also, access to the data will be given only to selected 11 authorised agencies.

These agencies include the Intelligence Bureau, external intelligence agency Research and Analysis Wing (RAW), Military Intelligence, Revenue Intelligence, National Intelligence Agency, National Security Council, Enforcement Directorate and Central Bureau of Investigation. Personnel from these agencies will be working in NATGRID liaison with parent organisations and help them use the data on the grid.

The presentation given for securing administrative and financial sanction envisages a total workforce of 290, including 98 outside consultants identified by the CEO, to be tasked with linking various databases in four phases in the next two years.

Raghu Raman’s plan is not to put the entire raw data on NATGRID but have only abstracted and approved information that will allow the agencies to quickly reach the exact information available in the raw databank through a nationwide grid.

The new system is being created basically to help the government agencies combat terrorism and deal will internal security threats by generating “actionable” intelligence through search and retrieval from the databases. The grid will have a command centre that will work as an anti-terror hotline and will have a trans-national connect to networks with data available in other countries that is useful to keep a tab on suspects.

In the first phase, NATGRID will be linking up only the databases that are available with the Centre and the crime records available with the police. Only in the second phase, the NATGRID will cross-link different pieces of information and flag “tripwires” that indicate some unlawful or terrorist activity is in progress or likely to take place.

In this phase and onwards, NATGRID will recommend improvements of the databases and development of unconventional but highly valuable data sources like visitor records of jails and sales of materials like certain fertilisers that can be raw material for improvised explosives. Though the whole project is conceived to be implemented in four phases, the grid will start providing relevant information even while integration under these phases is in progress.

Critics say that NATGRID, would largely duplicate Hyderabad-based National Technical Research Organisation (NTRO) working under NSA. It was set up to augment the technical intelligence capabilities of the country, with a huge budget, manpower and technical resources. NTRO was set up for cyber security, crypto systems, strategic hardware and software development, strategic monitoring, data gathering and processing and aviation and remote sensing.

However, the issue of privacy is set to generate much heat in the coming days. Though, Home Ministry document acknowledges sensitivity and secrecy of the data available on the grid by stressing that it will be available only to selected 11 government agencies and a special mechanism will prevent any leakage, there is hardly any guarantee that it would not be accessed or disclosed to unauthorized persons.

Before the NATGRID begins its operation, legal protection should be guaranteed to citizens’ privacy. Last year, Ministry of Personnel and Grievances in association with Ministry of Law had circulated an approach paper to balance the country’s security interests and privacy concerns. But, nothing was heard, thereafter.

There is need to define privacy for this purpose. The confidential personal information disclosed by any individual to government or non-government entity should not be disclosed to third parties without his consent and sufficient safeguards be adopted in processing and storing such information. (FW-Tehelka)