24 February 2015

Secrecy and information theft

R. K. RAGHAVAN
February 24, 2015

Though the new government at the Centre has done a lot to block unauthorised access to government offices, the recent incident of the loss of data from a key Ministry shows that loopholes are still being exploited and much ground needs to be covered in terms of enhancing security

Government offices the world over are notoriously porous. Even those which boast of a high standard of physical security sometimes do not have a matching ability to protect their information systems. WikiLeaks is a striking example of how even one of the most technologically advanced nations like the United States can be found wanting in this area.

The appalling state of India’s public offices is a case in point. The buildings that house them take the cake for permitting shockingly liberal access to vandals and marauders. The disgusting state of hygiene in most of them in itself bears testimony to their porous nature and neglect, both of which certainly promote an ambience that is least conducive to a security culture.Porous and unsecured

While Central government offices are a shade better than those in the States in terms of visitor control, there is no scope for being smug. This is despite the fact that the new government at the Centre has done a lot to block unauthorised men, including lobbyists, from visiting government offices. In a much less complicated universe, in the early 1950s, Rajaji, as Chief Minister of the Madras State, successfully kept out ruling party men from the sacred confines of Fort St. George. This has possibly not had the desired result as reports of leakage of valuable information from a key Ministry in the nation’s capital show.

All you need to secure entry into many government offices in our country is a reasonably attractive-looking identity card, which may not necessarily be genuine or whose validity has expired. Few questions are asked after one gains entry. There are no sequestered areas which are out of bounds. Greasing the palms of security staff to secure unauthorised entry is also not an unknown practice. Here again where there is deployment of Central Industrial Security Force (CISF) guards, things are in fairly reasonable shape. Elsewhere, the security staff are ill-trained and clueless and therefore abysmally inadequate.

Shastri Bhavan which houses many important Ministries — including Petroleum and Human Resource Development — is the most prominent among the many administrative buildings in the capital which usually resembles a kumbh mela on most working days. Those found on its campus constitute a spectrum, which includes influence and information peddlers and hangers-on, watching the hustle and bustle of the place. Those who are there on genuine business form only a minority. The heist of documents from the Union Petroleum and Natural Gas Ministry should be viewed against this backdrop.Corporate angle

We do not have an idea of what the stolen papers at Shastri Bhavan constituted. Speculation is that they are on commercial data, apart from overall policy indicators. The report that a few papers with national security implications were also stolen has no corroboration as yet. What is feared as having been compromised is what is ready meat for corporate interests, especially in the pre-Budget weeks. The temptation to pre-empt government decisions, and overtake competitors is too much to resist in an ambience of sordid venality. This is true of any firm which is low on ethics and largely profit-oriented. This is why we should not be overly surprised about ‘Shastrigate’. The phenomenon will keep repeating itself at periodic intervals. The public focus should be on what the government does to identify the loopholes to reduce the frequency of such successful raids on government information storehouses.

Early reports point to no great technology having been employed by the network that was behind the conspiracy to breach Shastri Bhavan. The alleged disabling of CCTVs in the building was at best vandalism. A few at the bottom of government hierarchy — who go by the generic name ‘peons’ — had possibly been bought over and the keys to the doors leading into the offices secured for a price and duplicated to gain entry. It was as simple as that if press reports are true. This would mean that important documents had either been carelessly left behind on tables or stored in cupboards with flimsy locks. If the Delhi Crime Branch investigation ultimately confirmed this, the staff concerned (possibly the section officer/under-secretary or above) are culpable, irrespective of whether they connived with each other in the crime or not. They need to be disciplined if only for an obvious lack of care in protecting valuable documents.Security classification

There is nothing known to us till now which suggests that this was either a sophisticated operation or an intricate form of cyber crime. Media reports refer to the stand taken in official circles that this was conventional theft after taking advantage of the vulnerability (read greed) of the lowest functionaries. There is also the claim that no great damage was done because most sensitive information was stored in computer systems, and whenever hard copies of crucial papers were required, the bare minimum was printed for circulation on a need-to-know basis — as it should be in a modern-day office. If this stand is ultimately upheld by the investigation, and the theft is proved as one confined to physical documents — there is some extenuation that will go in favour of the higher officials.

Fundamentally, there is a need for a hard look at existing systems. There is also a case for extending the high standards which have successfully protected information stored both in the Prime Minister’s Office and the Cabinet Secretariat, and possibly at the headquarters of all three defence forces.

What the investigation will have to address next is whether the leaked information was actually sensitive and classified. Without establishing this, it may not be possible to successfully press charges other than that of theft and trespass against the conspirators. We have a funny situation where many government organisations mark almost every other document as either secret or top secret. Very often the decision to classify a document is taken at the level of under-secretary/section officer in a mechanical fashion and without any application of mind. The approval of the joint secretary, subsequently, is said to be routine.

Security classification is a double-edged weapon. It no doubt vests sanctity to a record/note in circulation which it would not otherwise gain. At the same time it brings about a ludicrous situation in which everything that a department possesses is converted into a treasure that has to be protected every working day, without the means required for doing so. When those who are accused in the Shastri Bhavan case are eventually charge sheeted and taken to court, some of them could take advantage of a loose classification protocol, and are liable to be discharged, if, at the minimum, the prosecution is unable to prove either a role in the break-in or direct benefit from what was contained in the documents.Investigation and justice

A lot of scrutiny and application of mind will be needed for successful application of the Official Secrets Act (OSA). Incidentally, the OSA is of 1923 vintage and a complicated piece of legislation. There is one strong school of thought which says that the OSA has no reason to remain on our statute books after the Right to Information Act of 2005. An indictment of the accused under the OSA, after thorough investigation, requires the scrutiny of the Ministry of Home Affairs (MHA) and its approval, after which a complaint can be filed in the competent court.

A favourable outcome thereafter for the investigator is usually dicey. Interestingly, a person in charge of and responsible for the conduct of business of a company is not liable to punishment under the OS Act “if he proves that the offence was committed without his knowledge or that he exercised all due diligence to prevent the commission of such offence” — Section 15 (1). A company under the scanner has already distanced itself from one of its executives who has been arrested. These are the factors that make a swift delivery of justice to the aggrieved party, viz., the state, a near impossibility.

The Modi government deserves to be complimented for its proactive decision to have the suspects under surveillance and later nabbing them. If it had lost some time in bringing them to book, it is explained by the fact that delicate operations such as these have to be well thought out and executed at an appropriate moment. There cannot be any kind of heavy footedness in the matter.

There is the final question that should nag most of us. Should the investigation continue to be in the hands of the Delhi Police, or should it be transferred to the Central Bureau of Investigation (CBI)? In this, one cannot assume a categorical stand here. A lot will depend on the kind of evidence that is ferreted out in the next few weeks. If there is a nationwide conspiracy that emerges, or if investigation extends beyond our borders, there is a case for the CBI stepping in. Otherwise, the Delhi Police are competent enough to proceed on their own steam and carry out the inquiries to their logical conclusion. To see a ghost in the MHA’s alleged reluctance to call in the CBI will be unfair to both the Central government and the Delhi Police.

(R.K. Raghavan is a former CBI Director.)

No comments: