Prime Edition


V. Balachandran is a former Special Secretary, Cabinet Secretariat.

NATGRID will prove to be a security nightmare

his column is about NATGRID (National Intelligence Grid), which is supposed to improve our counter-terrorist capability. But first let me tell you a story. Three years after my retirement, my friend introduced me to a Mumbai bulk garment exporter who had a problem. Once a leading figure in this trade, his business had collapsed by 1990. His problem started soon after making a confidential declaration under the 1997 Voluntary Disclosure Scheme. He started receiving extortion threats from the "underworld", quoting the exact figures he had revealed to the income-tax authorities. I then referred him to the Mumbai police commissioner.

This incident is relevant while examining the "NATGRID" data transfer system originally unveiled by Home Minister P. Chidambaram in December 2009 and operational now. Ten "user" Central agencies will be able to electronically access 21 sensitive databases, now held in several areas like banks, credit card, internet, cell phones, immigration, motor vehicle departments, railways, National Crime Records Bureau, SEBI and Income Tax Department. Along with the Crime and Criminal Tracking Network System (CCTNS), which will integrate the Central and state crime data, NATGRID will give a suspect's "360 degree" profile. The Home Minister told a TV channel (12 June) that incidents like 26/11 or Headley's repeated visits to India could be prevented or detected by this system. He also discounted the possibility of NATGRID violating any privacy, since it will not "store" the data, but only facilitate transfer. Data will continue to be "owned" by the 21 databases. This data vehicle will have the highest security firewalls and its own management hierarchy. Hence, the fears of the Ministry of Home Affairs becoming a Leviathan are also unfounded.

I am not sure that NATGRID will prevent incidents like 26/11, because the state police or different defence departments are not mentioned among the 10 "user agencies". As a member of the state government appointed 26/11 enquiry committee, which, however, was not allowed to examine the Central agencies, it is my impression that intelligence pointers already available with some Central agencies were not communicated to the state government or the Navy and Coast Guard. How will NATGRID help if the agencies are not willing to share current intelligence? As for Headley's repeated visits, why did the Intelligence Bureau, which controls the computerised Bureau of Immigration, need NATGRID to tell them this information which was already with them?

Home Minister Chidambaram also said that the goof-up with the "most wanted list" communicated to Pakistan could have been avoided with NATGRID, which would have electronically accessed Maharashtra police's crime data and updated the CBI list. Here he presumes that a state's crime data is always updated. This is not so. On 16 May, Mumbai media said that the Mumbai city police website had not been updated since December 2010. This is unfortunately the case even with several NIC-run websites belonging to the Central Government.

I am not saying that we should not have systemic improvements in our data transfer capability. But I fear that several security factors may derail this new system. Personal computers adorning many Central or state government offices are operated by lower level staff and not by the concerned officers. This applies even to intelligence agencies.

S armed force operations were accessed by Bradley Manning of WikiLeaks fame, although he was a soldier equivalent to the "naik" of the Indian Army. He could easily penetrate the high security SIPRNET, which, like NATGRID, is a computer network connecting US Defense and State Departments. 300 soldiers had access to SIPRNET's workroom at Manning's

station where passwords were stuck on personal computers since US military passwords were "too cumbersome".

Together with poor integrity, which we see everywhere — such as the incident I mentioned earlier — this massive flow will introduce a grave risk. We now hear that the IMF and US Senate cyber systems were also attacked. What special protection can NATGRID get in Indian conditions? I refuse to believe that our experts are better than say US cyber experts who could not prevent these leaks.

As for designating the Deputy National Security Adviser for auditing the misuse of NATGRID, I only hope that he will be more alert. If our National Security Council Secretariat was really alert they would have detected a cyber spy ring operating in their own office much earlier than 2006, when it was detected.

iTv Network : newsX India News Media Academy aaj Samaaj  
  Powered by : Star Infranet