The National Intelligence Grid, better known as NATGRID, is an integrated IT solution which would allow user agencies to access data gathered from various databases such as credit and debit cards, tax, telecom, immigration, airlines and railway tickets, passports, driving licenses among others. It is being developed as a measure to help security agencies such as the Central Bureau of Investigation (CBI), Research & Analysis Wing (RAW) etc. in tackling crime and terror threats in the country.
Security is a state subject and the police forces are controlled by the state governments, thereby giving the states the exclusive power to legislate with respect to the police system and exercise full administrative control over the police. Post the 26/11 terror attacks in Mumbai, a need was felt for facilitating higher coordination between the intelligence and law-enforcement agencies. NATGRID aims to mitigate a vital deficiency — lack of real time information, which was considered to be one of the major hurdles in detecting US terror suspect David Headley's movement across the country during his multiple visits between 2006 and 2009.
NATGRID was conceptualized by then Home Minister P. Chidambaram in 2009, in a bid to revamp India’s internal security structure and create a centralized database which can be accessed easily by intelligence agencies at the national level. NATGRID was set up as an attached Office of the Ministry of Home Affairs with effect from December 1, 2010. Further, Cabinet Committee on Security (CCS) has “in-principle” approved the Detailed Project Report (DPR) of NATGRID on June 6, 2011. Planning Commission also accorded its ‘In Principle’ approval to the project on July 8, 2011, as a ‘Central Plan Scheme’ under MHA from 2011-12.
The year-wise break-up of expenditure in setting up NATGRID, which was disclosed in Parliament on March 1, 2016 is as under:
|Year||Expenditure (Rs. in crores)|
|2015-16 (Upto 31.01.2016)||49.50 (Provisional)|
According to reports, it has a total budget of 3,400 crore INR.
However, the proposed solution has been on hold since then and has not been launched in the ten years since. On November 19, 2019, in response to a parliamentary question the Minister of State for Home Affairs G. Kishan Reddy stated that the project has developed application software for Proof of Technology (POT) and NATGRID is planned to go live on December 31, 2020.
What is NATGRID?
The NATGRID is conceived to be a framework which will leverage Information Technology to connect approved User Agencies (security/law enforcement) with designated Data providers (Airlines, Banks, SEBI, Railway, Telecom etc.) with a view to enhance the country’s counter- terrorism capability. The platform envisages approved operating procedures and oversight mechanisms to facilitate access between users and providers to enable them to analyze and disseminate information/intelligence for synergizing efforts to counter terrorism related activity.
The proposed user agencies of the NATGRID are:
- Intelligence Bureau (IB),
- Research & Analysis Wing (R&AW),
- Central Bureau of Investigation (CBI),
- Directorate of Revenue Intelligence (DRI),
- Enforcement Directorate (ED),
- Financial Intelligence Unit (FIU),
- Central Board of Direct Taxes (CBDT),
- Central Board of Excise and Customs (CBEC),
- Directorate General of Central Excise and Intelligence (DGCEI) and
- Narcotics Control Bureau (NCB).
No state agency is included in the proposed user agencies for NATGRID.
In the first phase, these 10 user agencies and 21 service providers will be connected. Later, about 1,950 additional organisations will be linked in the subsequent phases. These service or data providers will provide access to data related to immigration entry and exit, banking and financial transactions, telecommunications including mobile numbers, vehicle numbers, passport details and, in later phases, train and air ticketing details.
It has been reported that NATGRID will also have access to the Income Tax Department's PAN records and individual taxpayers' data. “According to an order issued by the Central Board of Direct Taxes, the department will share 'bulk information', starting from the Permanent Account Number (PAN) to the taxpayer's name and all the individual data that it captures like father's name, gender, date of birth, photograph and signature or thumb impression. The department will also share with the National Intelligence Grid (NATGRID) all information available in the department's database regarding residential and office addresses and phone and mobile numbers of all the taxpayers.”
Reports have also suggested that the government could link social media accounts of individuals with NATGRID as well. However, this move has faced severe resistance from the intelligence agencies, whose officials fear that linking the social media accounts to sensitive government data could expose the system to “trojan attacks.”
NATGRID will utilise Big Data and Analytics to study huge amounts of data generated from 21 data sources of various intelligence and enforcement agencies to analyse events in order to get a better picture as well as to trail suspects.
NATGRID is currently headed by IAS officer Ashish Gupta. There are around 70 personnel, drawn from both the government and private sectors, in NATGRID. The main office complex for NATGRID is being constructed in New Delhi with a data recovery centre in Bengaluru.
What could go wrong?
On March 13, 2012, the then Minister of State for Home Affairs Jitendra Singh in response to a parliamentary question acknowledged that the government is cognizant of the privacy concerns surrounding NATGRID. He further stated that, “NATGRID’s security framework has been designed to protect secrecy and privacy of information within the NATGRID system. The extant legal regime regarding privacy ipso-facto applies to NATGRID.”
The Right to Information Act, 2000 which aims to bring transparency and accountability to government authorities contains a provision which exempts intelligence agencies from its purview under S.24(2) of the Act. NATGRID is exempted from the RTI Act, 2005 vide Gazette of India Notification No. GSR 442 (E) dated 09.06.2011 issued by DOP&T.
In addition to being exempt from the RTI Act, NATGRID is also being developed and deployed in the absence of a data protection law in India. Since NATGRID aims to collate data from various sources to create profiles of people to track for criminal activity, it is necessary that data protection measures be put in place to ensure that NATGRID does not violate its mandate by suffering from function creep. “Function creep” occurs when information is used for a purpose that is not the original specified purpose. In the absence of data protection measures and by being exempt from disclosures under the RTI Act, NATGRID presents the very obvious danger of becoming a tool for state-sponsored mass surveillance.
The prevailing legal regime regarding privacy can thus be reduced to the decision of the Hon’ble Supreme Court in Justice K.S. Puttaswamy vs Union of India (2017 10 SCC 1) which states that any justifiable intrusion by the State into people’s right to privacy, which is protected under Article 21 of the Constitution, must conform to certain thresholds which include legality, necessity, proportionality and procedural safeguards.
The threshold of legality requires that the intrusion must take place a defined regime of law i.e. there must be an anchoring legislation, with a clear set of provisions. However, in response to a parliamentary question on December 17, 2013, the then Minister of State for Home Affairs R.P.N. Singh stated that the Government does not plan to issue any executive order to give a legal framework to NATGRID.
The threshold of procedural safeguards requires that there is an appropriate independent institutional mechanism, with in-built procedural safeguards aligned with standards of procedure established by law which are just, fair and reasonable to prevent abuse. In response to a parliamentary question on March 1, 2016 the then Minister of State for Home Affairs Haribhai Parthibhai Chaudhary stated that “An Audit Committee headed by Deputy National Security Advisor has been constituted to audit the manner in which the data is accessed and sought to be used.” It is our view that such a measure is not sufficient to satisfactorily respond to the privacy concerns which may arise.
Who will ‘watch the watchmen’?
This look into NATGRID is the first in IFF’s new series called Watch the Watchmen. Through this series we aim to look into and analyse the looming surveillance technology threats in India.