A glance at the National Intelligence Grid (NATGRID)

INTRODUCTION

NATGRID (National Intelligence Grid) is an integrated intelligence system that connects the databases of core intelligence agencies in one place. It allows law enforcement agencies to access real-time information from the data stored.^[1] The Mumbai bomb blasts in 2008 turned out to be the biggest failure of Indian Intelligence. The terrorists were able to enter into the city of Mumbai through sea route without any obstruction and there were a series of terrorist attacks done by them at different places. An American terrorist, David Headley, had conspired into these attacks and had made many visits to India for two years before the attack, choosing the places where the attacks were to take place. It was after this incident that it was felt to have a stronger data collection and surveillance method for National Security. P. Chidambaram, in the year 2009, came up with the concept of NATGRID to collect data from major intelligence agencies so that a collective data can be stored at one place to offer a more efficient and time-saving method of surveillance or tracking terrorist. ^[2] The Cabinet Committee in 2011 cleared it but the execution of the same has not taken place yet. The Home Ministry of the present Government intends to bring NATGRID in operation by December 2020.

This intelligence grid aims to collect the data from ten major intelligence agencies and collate a database of its own. These major intelligence agencies include the Research and Analysis Wing (RAW), Intelligence Bureau (IB), Central Bureau of Investigation (CBI), Financial Intelligence Unit (FIU), Narcotics Control Bureau (NCB), etc., will be collating their information with the NATGRID.[3] It aims to collect information from public and private enterprises as well. Data stored with agencies like the Income Tax Department, insurance companies, banks, credit card transactions, and addresses, phone numbers, etc. are to be shared with NATGRID. Recently, an MoU was signed between the National Crime Records Bureau (NCRB) and National Intelligence Grid (NATGRID), which will provide NATGRID access to Crime and Criminal Tracking Network and Systems (CCTNS).[4] CCTNS is a database that holds information of FIRs being filed in police stations all around the country. This recent development has raised many issues in light of the amount of information being stored and diverted to a single platform.

IMPORTANCE

It was after the 2008 Mumbai blasts that a need for a systematic and more robust system to track terrorists was felt. The intelligence departments faced a lot of criticism and to accelerate the process of surveillance and tracking, the need to have a single platform containing data regarding various aspects of individuals such as phone numbers, income transactions, etc. were felt important. Such records have been regarded as a very crucial part to have immediate information on any suspected person. This is an important aspect from the National Security point of view. Countries like the USA & Europe also have such models where such data is collected in the purview of security of the nation. The platform like NATGRID is important because it provides for a comprehensive, time-saving, and tech-friendly way to store information. It not only saves a lot of time but also creates an easier and structured method to follow up on leads. It also provides for legitimate proof and exact information which lowers down the rate of innocent people being questioned and tortured up to a large margin. Since this data is available to major intelligence agencies, any interlinking pattern between the suspects of different agencies can further ease the motive of any suspicious person and thus strengthening the security system. Time and again there have been loopholes in intelligence security, and with technology taking power over everything- creating cyber war as the fifth domain for war- it is crucial to strengthen the cybersecurity system and data storing system as well.

NATGRID aims to connect to social media accounts too. Social media accounts provide for a wide range of information such as personal details, travel details, present location, etc. This is aimed to keep track of online radicalization and online terror-related information which revolves around the social media groups. There have been ‘n’ numbers of cases where young people have been manipulated through social media accounts to work for a terrorist organization.[5] Having data stored in such accounts and keeping a track of the user’s actions can prevent such incidents.

Furthermore, NATGRAD will also ensure that any search narrows down to the minimum number of suspects which will be done within seconds. This type of facility becomes very necessary concerning the high technology and high intelligence being used by terrorist groups and organizations. It aims to strengthen the national security of the country and minimize the damage from any foreign attacks.                      

CRITICISM     

1. Privacy Issues

The biggest issue with NATGRID is the privacy issue. The collection of all kinds of data from every individual and using that data to keep track of every act is being contented as a breach of privacy. The notion of privacy has diminished from a common man’s perspective. The wide use of social media sites, which collects a lot of information, is ignored by maximum users. It was during recent years that the issue emerged as a growing need to be discussed and in 2017, the case of Justice K.S. Puttaswamy v. Union of India^[6] held the right to privacy as the fundamental right. With NATGRID, concerns have emerged again over transparency issues and the privacy of individuals. The single cyber act of India, Information Technology Act, 2000, and the rules made thereunder and statutes have provisions related to surveillance such as the Telegraph Act, uses various contexts such as ‘national security’, ‘public order’ and ‘interest of the nation’ to put surveillance on individuals and justifying interfering in privacy.[7] National Security is crucial, but it does need to be in existence with transparency and a proper framework of rules and regulations. There have been vague interpretations about the use of these words and thus with no clarity in-laws, it is difficult to administer the privacy issues as well. There is a Data protection bill in course, however, the bill itself has been a controversial topic as well due to certain vague terms being used and the power of the Government to control information in it.

The 1996 judgment in the matter of People’s Union for Civil liberties v. Union of India^[8]stated certain guidelines in the matter of surveillance by the Government and telephone tapping was considered as infringing the fundamental right to privacy.^[9] However, such safeguards were overturned by the Parliament by amending the Information Technology Act in 2008. Thus, privacy concerns still loom over the NATGRID project and it is very crucial to determine the lines along which such issues are to be dealt with. The interference of Government in the data of individuals and its use is as much a threat as the data breach by a foreign country or extremist organization. Furthermore, intelligence agencies are exempted from the purview of the Right to Information Act and so is NATGRID, thus, data protection measures are very necessary so that it does not suffer from function creep.               

 2.  The leak of information to other agencies 

Another major issue is the leak of collected information to other agencies. On one hand, it has been aimed that certain collected data will help all the agencies to refer to any interlinking issues. However, concerns have been raised by the agencies that it will compromise the working of Intelligence and any specific leak of information can do more harm than good. There have been concerns over the encroaching of jurisdictions of agencies as well.  A certain type of information or data can be compromised or misused by other agencies which put in the whole motive of intelligence in jeopardy. The data stored in NATGRID is collected from different Government, Quasi-Government and private sectors and though the data is being shared only to the 11 Government National Intelligence agencies, without any involvement of private entities, it is crucial to examine the overlap of information between these departments. However, the information being given to these 11 agencies is for the first phase. In later stages, NATGRID aims to be sharing data with other organizations as well which has not been specified by the Government.        

3. Misused  

This has been a very grave concern since the beginning of the aspect of NATGRID came into the picture. The same concerns have been there with the Aadhar card system as well. Storing crucial information of individuals in one place can be misused at any point in time. In the era of cyberwar, it can result in major data breach compromising many political, economic, and social aspects of a country. The recent Pegasus case is a good reminder of how a cyber-attack and a data breach can jeopardize the internal environment of a nation. Even with the UID number, which started as a voluntary method and later became compulsory, the same issues were raised. The collection of personal information of an individual can be misused at any given point in time conflicting with the right to privacy of the individual. The principles of federalism and transparency are very important in any aspect of democracy; however, if personal data of individuals are being stored at one place with not enough precautions and safety measures, it can lead to a huge data breach incident. Moreover, such information available to the agencies can be misused in many ways. Detention can be made in a non-explanatory and arbitrary manner as intelligence agencies are not subject to parliamentary oversight.[10] This could lead to serious injuries to those who do not have proper records or poorer parts of the population. Such information can be misused by the Government in the rule as well for propaganda or it can be used by extremists to rage violence in the country. Thus, the degree of misuse of such information is a larger stake. These major lapses the lack of statutory authorization for the new surveillance projects, the failure to comply with existing legal safeguards, and continuing revelations of unauthorized surveillance undermine the government’s position on its surveillance activities.^[11]         

THE WAY FORWARD

1. The NATGRID project is ready to be operationalized by 31^st December 2020. The legal framework is being set up and with the physical infrastructure already in place, the project is supposed to go live by end of this year.        
2. There is an urgent need to strengthen the cyber laws and data protection laws in the country. There is no use of having some policies made and being implemented without proper regulation and framework.
3. A proper Cyber Act should be put in place, highlighting the new methods being used.
4. National Security and data protection are emerging as the new future of the economy. With technology advancing, every aspect of society from financial services to social services is being dependent upon these areas of technology and thus it is crucial to examine and differentiate between someone’s private. Personal information and public information.
5. Transparency is the most important factor which has been missing from the Personal Data Protection (PDP) Bill of 2019 and is also missing from NATGRID. The PDP Bill fails to determine the extent of personal and non-personal data. The definitions provided are vague and can be misused in the name of sovereignty. The same issue is with NATGRID as well. There has been vagueness in respect to the mode of storage of such information and the privacy issues still circulate the project. Thus, laws in place should be amended and new laws should be made by considering the same.
6. The most important aspect is to analyze the interference of Government and matter of privacy.
7. Any vague terms being used should be accounted for and a transparent structure should be made which balances the need for national security and does not an open ground for infringement of the fundamental right.
8. National Security is an important aspect, however, the overlapping with fundamental rights and the misuse of the same aspect should be addressed and regulated.
9. It is also crucial that strong technological aspects and structure are kept in mind while bringing such policy on the desk and in case of a breach; the liability part also needs to be discussed.
10. Although the right to privacy and Article 19 are discussed many a time in the court regarding their scope and reach, with the new technological approaches that are being followed and methods being deployed, it is time that the restrictions in Article 19 and the meaning of word ‘national security’ and ‘public order’ are revisited.

This article can be cited as:

Vishruti Chauhan, A glance at the National Intelligence Grid (NATGRID), Metacept – InfoTech and IPR, accessible at https://metacept.com/a-glance-at-the-national-intelligence-grid-natgrid/ .

References

^[1]PTI, National Intelligence Grid to be ready by early 2020, Sept. 22, 2019, https://www.thehindu.com/news/national/national-intelligence-grid-to-be-ready-by-early-2020/article29480961.ece

^[2] Insights IAS, July 13, 2020, https://www.insightsonindia.com/2020/07/13/natgrid-3/

^[3] Id.

^[4] Vijaita Singh, NATGRID to have access to database that links around 14,000 police Stations, July 13, 2020, https://www.thehindu.com/news/national/natgrid-to-have-access-to-database-that-links-around-14000-police-stations/article32058643.ece. 

^[5] Radhavinod Raju, Preventing Terror Attacks- Role of Human and Technical Intelligence in India, (2011), http://www.jstor.com/stable/resrep09167.

^[6] Justice K.S. Puttaswamy v. Union of India, (2017) 10 SCC 1.

^[7] Ayesha Khan, National Intelligence Grid- Violation of Individual’s Right to Privacy or imperative to uphold National Security, (2012) PL November 55.  

^[8] People’s Union for Civil liberties v. Union of India, (1997) 1 SCC 301. 

^[9] Chaitanya Ramachandran, PUCL v. Union of India Revisited- Why India’s Surveillance law must be Redesigned for the Digital Age, (2014) 7 NUJS L Rev 105.

^[10] Supra Note 7.                                                                            

^[11] Amba Uttara Kak & Swati Malik, Privacy and the National Identification Authority of India Bill- Leaving Much to the Imagination, (2010) 3 NUJS L Rev 485.  

---