India’s Home Minister Amit Shah held a meeting on September 12 2019 to discuss the revival of NATGRID, an intelligence program that has been regularly delayed. India Today reports that Shah wants NATGRID to be operational by the end of the year. Here’s what we know about NATGRID from scanning multiple questions that have been asked about it in Parliament:

What is NATGRID? NATGRID is the national intelligence grid, to link multiple public and private databases together, and make this data available to intelligence agencies:

  • Its mandate: “to automate the existing manual processes for collation of intelligence information by connecting over 21 data sources like telecommunication, Banking, Airlines etc.” According to an answer in Parliament on 14th December 2016 by Minister of State for Home Affairs, Hansraj Gangaram Ahir, was created with “an intention to link data bases for collecting actionable intelligence to combat terrorism and internal security threats.” Essentially, with linkages already in place, NATGRID should be able to pull data about an individual from multiple public and private databases onto a dashboard.
  • Functionally: to “access, collate, analyse, correlate, predict and provide speedy dissemination” of information.
  • Setup: NATGRID was setup with approval from the Cabinet Committee on Security (CCS), as an attached office of the Ministry of Home Affairs on 1st December 2009. CCS approved the Detailed Project Report on 6th of June 2011. Planning Commission has also accorded its “in principle” approval to the project on 8th of July 2011, as ‘Central Plan Scheme’ under MHA from 2011-2012.

Which 21 databases? The ones we know about have been mentioned in multiple responses in Parliament:

  • Telecommunications
  • Banking
  • Airlines
  • SEBI
  • Railways

Is my bank account going to be linked to NATGRID? We don’t know. While multiple statements (including recent ones) on NATGRID do mention bank accounts, as of 2014, there was opposition to the idea: According to a response on the 1st of August 2014, the then Minister of State for Finance, Nirmala Sitharaman, in response to a question by then BJD MP Jay Panda, had told the Lok Sabha that the Reserve Bank of India had examined the issue in consultation with the Indian Banks Association (IBA), and:

“RBI and the bankers were unanimously of the opinion that it would not be possible for banks under the current legislative framework to disclose customer information. Accordingly, it was advised that in line with international practices it may not be possible for banks to allow any agency direct access to its database. Further, under the extant legislative framework it may not be possible for banks to share customer related information like (i) name and address of the customer (ii) account number of the customer with any Government agency.

Who will have access to this data? On 4th March 2015, the Minister of State for Home Affairs, Haribhai Parathibhai Chauthary identified the 10 user agencies (which can use NATGRID) in response to a question in Parliament, saying that “as per Cabinet Committee on Security (CCS) mandate, the User Agencies” of NATGRID are:

  1. Intelligence Bureau (IB),
  2. Research & Analysis Wing (R&AW),
  3. Central Bureau of Investigation (CBI),
  4. Directorate of Revenue Intelligence (DRI),
  5. Enforcement Directorate (ED),
  6. Financial Intelligence Unit (FIU),
  7. Central Board of Direct Taxes (CBDT),
  8. Central Board of Excise and Customs (CBEC),
  9. Directorate General of Central Excise and Intelligence (DGCEI) and
  10. Narcotics Control Bureau (NCB).

No State is a user agency for NATGRID

The plan was to connect these 10 user agencies to NATGRID (i.e. give them access) in the first phase, called the Horizon 1 phase, according to an answer in Parliament by the then Minister of State for Home Affairs Kiren Rijiju on 23rd July 2014.

Does it track data in realtime? India Today quotes an unnamed source who says that NATGRID will help in real-time tracking of a terror operative or suspect, including mobile number, bank balance, travel destination. However, according to a response in Parliament on 4th March 2015, by the Minister of State for Home Affairs, Haribhai Parathibhai Chauthary, NATGRID “does not have mandate to have real-time access to all citizens’ details in regard to passport, driving license, telephone records, credit card details, bank records and so on”. Things can change, though.

What are the checks and balances? Are there checks and balances? If there are checks and balances, there’s no easily available public information about them. In 2016, the Minister of State for Home Affairs, Haribhai Parathibhai Chauthary, said that an Audit Committee headed by Deputy National Security Advisor has been constituted “to audit the manner in which the data is accessed and sought to be used.”

Privacy concerns were raised in a Cabinet Committee on Security: an answer from 2010 in Parliament denies any plans to shelve NATGRID, but the question asks about this on the basis of “privacy concerns raised in the Cabinet Committee on Security”. Here’s what we know about access to information, based on a question asked in Parliament by Dr. E.M. Sudarsana Natchiappan in the Rajya Sabha in 2011, by the then Minister of Home Affairs, Jitendra Singh:

  • “All extant legal regimes regarding privacy ipso-facto applies to NATGRID,” says the response.
  • The NATGRID system has been designed covering the implementation of template driven investigation process which capture key elements like “why the information is required”, “who is asking”, “the purpose for which it will used” etc.

How does Aadhaar fit into all of this? It would have fit very neatly. When you connect multiple databases together, the problem is, how do you differentiate Ram Singh on, say, a mobile operator database, from Ram Singh on an airline database? Aadhaar would have solved this problem of de-duplication. Now that private parties have been prevented from doing eKYC, private databases might not be easy to de-duplicate. Other data points might be needed. The India Today report mentions that solve the issue of “entity resolution” through artificial intelligence.

How is NATGRID different from Aadhaar? It’s likely to be very different. Aadhaar has a centralised database (also known in technical terms as a “single point of failure”), which houses Aadhaar data. NATGRID is much much bigger: it is a mechanism to pull data from many public and private databases, and hence more data. We’re not sure if it is actually a database, and whether the government will keep copies of data they get from other databases. A response to an RTI on NATGRID, filed by Talish Ray in 2011 when she was at SFLC.in, called NATGRID a database. In other instances, answers in Parliament have mentioned that data will be “uploaded” to NATGRID.

Is NATGRID under RTI? “The NATGRID comes under the purview of ‘Intelligence and Security Organizations’ and is exempted from the RTI Act, 2005 vide Gazette of India dated 9th June, 2011, G.S.R. 442(E) issued by the DOP&T.” However, before it was exempted from RTI, Talish Ray got some responses for SFLC.in.

Operationalising NATGRID

Where is it being run out of? New Delhi and Bengaluru, is what Minister of State for Home Affairs, Hansraj Gangaram Ahir said in Parliament on 23rd of November 2016.

When will it be operational?
– By end of 2019, is what the India Today report says.
– By 30th September 2018, is what Hansraj Gangaram Ahir said in Parliament on 23rd of November 2016

NATGRID has gotten so delayed that on at least 2 occasions, MPs have asked in Parliament about whether it has been shelved or is defunct. That bad.

What caused the delay? We know very little about what caused these delays. What we know is that the infrastructure in Delhi was delayed due to land ownership dispute between Delhi Development Authority (DDA) and South Delhi Municipal Corporation (SDMC) for around one year, according to a response by Hansraj Gangaram Ahir said in Parliament on 23rd of November 2016. More than 95% of Civil construction of the Disaster Recovery Centre at Bengaluru was completed by then. The physical infrastructure at New Delhi was expected to be completed by 21st July 2018, and Bengaluru by 31st October 2017.

Is it REALLY possible to operationalise NATGRID by the year end? We doubt it. That is a project that is forever delayed, because even though, from the Home Ministry’s perspective, the idea seems great, actually making this happen is very very tricky. Think about it: 21 different databases, with their own structuring and database fields, will need to talk to each other.

How much money has been spent on NATGRID? The approvals, by the Cabinet Committee on Security for the implementation of foundation and Horizon 1 and some elements on Horizon 2 of the project, On 14th of June 2012, were Rs. 1002.97 Crore. An additional Rs 346.05 crore for physical infrastructure was approved on 28th of November 2013.

As of 31st March 2015, the total expenditure on NATGRID was Rs.98.14 Crore, as per an answer in Parliament in August that year by the Minister of State for Home Affairs, Haribhai Parathibhai Chauthary.

Year-wise breakup (based on responses in Parliament):

  • 2009-10: Rs. 0.075 crores
  • 2010-11: Rs. 10.19 crores
  • 2011-12: Rs. 18.61 crores
  • 2012-13: Rs. 9.68 crores
  • 2013-14: Rs. 29.03 crores
  • 2014-15: Rs. 30.63 crores
  • 2015-16: Rs 49.50 crores (provisional)
  • Rs 104 was allocated for 2016-17

NATGRID had been allocated funds for the year 2017-18 as follows:

BE 2017-18 (Cr)
 RE 2017-18 (Cr)
Revenue 23.97 20.77
Capital 98.30* 78.70*
Total 122.27 99.47

What other resources have been sanctioned?
– Out of 119 sanctioned government posts in 2016, 32 had been filled, according to Hansraj Gangaram Ahir’s answer in Parliament on 23rd of November 2016. There were 5 technical experts as consultants are working in NATGRID. Engagement of 22 consultants was then underway. There’s no other updated information.

Note: Almost all the information contained in this post is from responses to questions in Parliament.