June 26, 2011

When spies connect the dots

  • Bin Laden is dead, Pakistan is going after terrorists, howsoever reluctantly, there hasn’t been a major terrorist attack in India since 26/11, and India is talking peace with its perfidious neighbour. Is terrorism dead, or has it at least lost its deadly sting?
    When spies connect the dots

    No, says Raghu Raman, an ex-Army captain. In fact, we must reconcile ourselves to an intensification of terrorist activity over the next several years. There is a simple reason for this, he says: Resources are decreasing, contenders are increasing; and, between the contenders, there are strong ones and there are weak ones. It is natural that the weak will use terror as an instrument against the strong. “Terrorism and terrorists aren’t going away any time soon.”

    Raman’s is an important voice. He is the CEO of NatGrid, Home minister P. Chidambaram’s project to ensure better information-sharing between intelligence agencies in the fight against terrorism. It’s a project “to assure terrorists and their associates that they can no longer get away, that they can be certain they will be caught”. That, Raman says, would be a big deterrent.

    So, what exactly is NatGrid?

    Pakistan-sponsored anti-India terrorism started around 1989. Since then, thousands of Indian civilians and security forces have died in terrorist attacks. The November 2008 Mumbai attacks were only the most recent and biggest of them all. Yet, through these years, all that India has done is to deploy ever more conventional army troops in J&K to fight an unconventional enemy. This did not change even through the 1990s and 2000s when the terrorists marched ahead in using sophisticated methods and technologies such as satellite phones, mobile phones, email and Internet chat rooms to reconnoiter prize targets (think the Parliament building, the Akshardham temple, the Taj and Oberoi hotels in Mumbai), meticulously plan ever bigger attacks, draw funding electronically from around the world and carry out their dastardly acts. They did leave trails, but there was no one looking, at least not at the whole trail. India and Indian intelligence agencies continued to view terrorism as a hail of bullets or bombs going off somewhere. Needless to say, Indian Intelligence became a saga of failure, once too often.

    It was not because the Intelligence agencies and spooks are dumb. Far from it. In several cases, one agency or the other — between RAW, IB, Military Intelligence, police intelligence organisations — had clues about an impending attack. Sometimes, they had a name, sometimes they knew someone was coming by a particular route. But there it got stuck. By their very nature, Intelligence alerts, especially when much of it is human intelligence, is almost always incomplete and not actionable.

    To make matters worse, Intelligence agencies are not the best of friends with each other, they seldom share information willingly and with alacrity. Even when they do, the formal, manual method of alerting, raising queries and getting answers through the Dak, collating information, connecting the dots, understanding what terrorists are planning, and moving in to prevent them almost guarantees ‘Intelligence failure’.

    “Real-time Intelligence sharing is impossible. It’s all post-facto. The system often has all the information it needs, but the right person/agency cannot get it at the right time”, Raman says.

    The 26/11 Mumbai attacks exposed this reality starkly. India’s external intelligence agency, the Research and Analysis Wing (RAW), had intercepted satellite phone calls at sea days before the ten terrorists landed in Mumbai; airline databases had data that David Headley, the man who conducted reconnaissance of the 26/11 targets, had come into India and gone to Pakistan from here several times; calls had been traced to Pakistan-based men and entities. Yet, no one Intelligence agency had all this information. None could connect the dots because the dots were in disparate databases in different agencies that did not readily share information.

    NatGrid, as Raghu Raman has conceived it, is a technology tool or platform that acts as an information exchange between Intelligence agencies. Its sole purpose is anti-terrorism, and it seeks to achieve it by automating the exchange of information between Intelligence agencies. “NatGrid provides the framework to allow authorised user agencies to get contextual information from data sources which already provide information to law enforcement agencies any way”, Raman says. “There is nothing new happening here. A manual process is being automated”.

    The “authorised agencies” include the Intelligence Bureau, CBI, the National Intelligence Agency, the Financial Intelligence Unit (FIU), the Directorate of Revenue Intelligence and others. The 21 “data sources” include the databases of banks, telcos, ISPs, immigration control, driving licence departments, the railways, National Crime Records Bureau, SEBI, and data on PAN cards and DIN (director identification number), besides those of the user agencies themselves.

    When NatGrid begins to function, some 18 months from now, Intelligence agencies and their spooks can query it about suspects, their bank accounts, their travel histories, their call, email and SMS details, etc. NatGrid will route the query to the agency and database that is most likely to have the answer, and the questioner will get back his reply in near real-time.

    India’s NatGrid, of course, is not the only such tool. Post-9/11 in the US, several countries have put in place programmes that go far beyond merely automating existing Intelligence-sharing processes. The US National Security Agency, for instance, started a controversial domestic spying programme that tracks and stores details of every American resident’s every call, email, SMS, etc. Britain is putting in place an Interception Modernisation Programme, akin to the NSA programme. NatGrid, in comparison, is merely a ‘starter pack’.

    Still, it has raised concerns that it could lead to invasion of privacy, misuse of information about citizens, data breaches and the like. Scary epithets have been used to describe NatGrid: ‘Big Brother’, ‘Nanny State’, ‘Surveillance State”, and the like.

    To be sure, as this correspondent found out, much of the concern has risen because NatGrid is a much-misunderstood concept. Activists ranging against it commonly seem to think that NatGrid “is an agency similar to the US National Security Agency, which can gather information from various agencies, conducts its own electronic spying programmes, collates large amounts of information on every citizen and analyses it all”. That “once the NatGrid becomes functional, some spook in government will know what I am doing at any moment. Intelligence agencies will know each time I swipe my credit card, they will know each time I am flying, all my personal and financial information will all be available in one place, and who knows what a rogue spook can do with it!”

    While some of that may be outlandish and alarmist, given that NatGrid, in its current configuration, is a tool, not an organization, and does not collect, collate, store or anal-yse any information, concerns may still be valid in a country where “chewing gum” can be found stuck in 16 places in the office of its Finance minister. “Chewing gum” with ears are a hazard.

    Says Rahul Matthan, a partner at Bengaluru-based law firm Trilegal Services who has been engaged with the evolution of a privacy law, “Right now, I have got an artificial protection against all my information being available in one place because of the slow inter-agency process. When NatGrid connects all of those agencies and databases, however, that protection goes away. If NatGrid or its users violate my privacy, where do I go (for redressal)?”

    Raman, however, says these concerns are unfounded, that NatGrid will actually make Intelligence agencies more accountable.

    “Firstly, already today, police can get any information they want from, say, a telecom service provider or a bank for any reason. With NatGrid, every query has to be terror-related; second, every query is logged and an audit committee will look into the log analysis of queries periodically. So, if there’s a sub-inspector showing too much interest in someone, the audit committee will want to know what the SI is after. There’s no way anyone is going to get away with misusing NatGrid against citizens, unless everyone involved from top to bottom is in cahoots to do so. What are the chances of that happening?”
    Still, there may be reasons to worry. For one, NatGrid is not a Parliament-legislated entity, but one that will exist on the basis of a government notification. Its currently limited mandate can be expanded at any time by merely another government notification, without going through the deliberative process of Parliament.

    Two, in countries such as the US and UK, there are strong privacy laws that give citizens recourse if government agencies misuse personal information, but no such privacy law exists in India. Matthan suggests, “Privacy provisions must be built into the NatGrid mandate. Else, there must be a generic privacy legislation with NatGrid under it, (which means) its user agencies, such as RAW and IB, must be brought under such a law.”

    Big Brother? May be not. Open to misuse? As any tool would be.

    * * *
    Agencies that will have access to Natgrid
    1. Directorate of Revenue Intelligence
    2. Intelligence Bureau
    3. Research and Analysis Wing
    4. Directorate General of Central Excise Intelligence
    5. Central Bureau of Investigation
    6. Financial Intelligence Unit
    7. Central Board of Direct Taxes
    8. Central Board of Excise & Customs
    9. Narcotics Control Bureau
    10. Enforcement Directorate

    Natgrid explained