Indian Defence Review

Edward Snowden

Edward Snowden, in his courageous, principled expose, has brought out how USA’s National Security Agency (NSA) has been spying on most nations in the world. This spying is clearly to establish or strengthen USA’s political, economic and military global clout. India is the fifth-most spied-upon nation, even more than China and Russia. Considering that India is USA’s strategic partner, spying on India is breach of faith. Iran tops the list (14 billion pieces of intelligence); then come Pakistan (13.5 billion), Jordan (12.7 billion), Egypt (7.6 billion), and India (6.3 billion).¹ It is piquant that India, USA’s strategic partner, is in the “club” of Iran, Pakistan, Jordan and Egypt, where USA perceives “threat” to its global hegemony. USA has other strategic partners and doubtless they too are being spied upon, and many national leaders, notably of Turkey, Germany and Russia, have raised serious objections. But India is USA’s junior and subservient strategic partner due to the long-term, built-in subservience of India’s political and bureaucratic architects of the strategic alliance.

There has been no official Indian protest and there is unlikely to be even a squeak on this sovereignty issue. However, people’s voices have been raised, especially from within USA, against USA’s presidentially-sanctioned, global electronic spying and surveillance. These voices are directed simultaneously at demanding recognition and protection of individual privacy rights, calling for accountability and transparency of U.S presidential and Congress decisions, and attempting to influence USA to pardon whistleblower Edward Snowden who is still in hiding.

Snowden’s expose on the heels of the commencement of the trial of that other courageous and righteous prisoner-of-conscience whistleblower Bradley Manning, is a grievous blow to the pride of NSA and the U.S establishment. Thus these whistleblowers are “traitors” who need to be punished severely because they have weakened USA against its “enemies”, self-created and self-imagined. Added to the list of “traitors” are the courageous people in The Guardian and Washington Post, like Laura Poitras and Glenn Greenwald, who actually brought Snowden’s leaked information to public glare. It is now clearer than ever before that USA’s official enemy is not this country or that, not Al Qaeda or Taliban, not this religion or that, but the spread of peace and real democracy, and the demands for human and civic rights, all of which threaten the pre-eminence of the military-industrial complex MNCs which run USA from behind a teflon curtain.

Like all colonial powers of the past, this pre-eminence is based heavily on political, economic and military intelligence. In modern times it calls for surveillance and access to data and information from within and outside USA. Thus, U.S intelligence agencies would be particularly interested to access databases of various kinds, and real-time data as it is being created by land, ocean, aerial and space surveillance devices. With the kind of super-computing capability, global intelligence experience, and unparalleled military power and reach that USA possesses, this collated intelligence can be used for hegemonic aims. These are stated in the Project for a New American Century (PNAC) created in 1997 by a group of conservative American politicians, academics and policy brokers. PNAC aims to “shape a new century favourable to American principles and interests” and “make the case and rally support for American global leadership”².

Thus it is the business of every country to protect its databases from hackers, sleuths, mercenary spies and intelligence agents, who try to obtain intelligence by one or more of several fair or foul means.

System and data security

The damage that can be wreaked by deliberate corruption or destruction of programs or data, or lifting of data without the knowledge of the rightful owner of the data, by illegal access into the operating system is enormous. For example, if the computer system of Indian Railways is tampered with, goods and passenger trains across the country can be brought to a halt, causing huge economic loss, with heightened accident risk. Or if, like NSA’s Stuxnet program destroyed Iran’s nuclear enrichment centrifuges, our nuclear power plants’ systems are broken into, it can result in a nuclear disaster. Government of India (GoI) has listed“the civil aviation sector (ATC), railway passenger reservation system and communication network, port management, companies and organizations in power, oil and natural gas sectors, banking and finance and telecom sectors” as critical, apart from certain “strategic government departments such as space (ISRO), External Affairs Ministry (passport database), the Home Ministry’s police and intelligence networks,…. the Prime Minister’s Office (PMO), the NSCS and the Cabinet Secretariat”.³.

Security of government data and data concerning its citizens is vital for any government. Government and private intelligence agencies (the services of the latter purchasable by the highest bidder) are engaged in acquiring or “mining” information from their own country and from other countries which are competitors in the political, economic or military senses. It is standard security practice, for instance, that computers which are connected to the internet are not connected with the LAN, so that there is no access to the system through the internet. Other security measures are physical security to ensure that data is not tampered with or copied by individuals who work within the system or obtain physical access to the system. However, for systems which are necessarily connected to the internet for their functioning (e.g., internet banking), it is a mere combination of motivation – money, display of capability, ideology, etc – and time-on-the-job, for an experienced hacker to crack firewall codes and find passwords to gain access to programs and data. This has been demonstrated by hackers, detected and punished or not, who have broken into systems as varied as banks, strategic, military, scientific, technical or industrial databases around the world. Another method is to plant viruses or clandestinely embed special-purpose hardware and software into commercially supplied hardware devices and software systems to transmit data that passes through the system. Routinely, firewalls to prevent unauthorized access into systems, regular change of passwords at all levels within the system, and restricting physical access to system terminals are time-tested methods for system and data security.

Click to buy

Rudderless national security ? 

It is known that GoI intelligence or infotech agencies have not indigenously created, tested and certified a firewall for system and database security. The GoI firewalls in use are purchased commercially from international infotech vendors. It is no big deal for an employee of an infotech corporation which has designed GoI’s firewalls, to part with key information for personal gain, to any person or intelligence agency who wants to break into GoI systems without even being observed.

India’s apex security body, the National Security Council (NSC), admits that India’s cyber security strength is “grossly inadequate to handle cyber security activities in a meaningful and effective manner”. Therefore, “Now, India is also setting up its own ‘cyber security architecture’ that will comprise the National Cyber Coordination Centre (NCCC), … the Cyber Operation Centre, … and National Critical Information Infrastructure Protection Centre (NCIIPC) …”.³. This pathetic admission, clearly after exposure of NSA’s spying success with India as a preferred target, indicates institutional failure of India’s intelligence organizations, and worse, failure of NSC itself to comprehend strategic imperatives. If this is considered an unduly harsh statement, consider that in 15 years of its existence, NSC, headed by none less than the Prime Minister of India, has not brought out a national security strategic document. NSC’s post-Snowden awakening to India’s gross inadequacy in cyber security appears to be a knee-jerk reaction rather than part of a strategic plan.

Corporations in intelligence and surveillance

One of India’s premier science institutions, The Indian Institute of Science (IISc), Bangalore, signed an agreement with Huawei Technologies Corporation, to set up a telecom laboratory. The data that Huawei would have access to, would not only be that of IISc research but also of its projects financed by GoI, and access through internet and other means to the GoI agencies with which IISc has data exchange and correspondence. Since Huawei has close links with the Chinese government, the Indian intelligence community expressed disapproval of this transaction, obviously because data security was a concern.

However, according to the Unique ID Authority of India website (UIDAI is the creator of India’s grandiose national information infrastructure “Aadhaar”), several U.S firms have been awarded contracts to provide goods and services to implement the Aadhaar project. For example, Ernst & Young was contracted for setting up UIDAI’s Central ID Data Repository (CIDR), and L-1 Identity Solutions Inc., a U.S-based intelligence and surveillance corporation, for technical support and biometric capture devices. Also, Accenture Services Pvt Ltd which works with U.S Homeland Security, was contracted for implementation of biometric solution. Thus, U.S firms with known links to U.S intelligence are in a position where they can directly or indirectly, by contract or clandestinely, access India’s national database owned and operated by UIDAI.