How NIA cracked the Bodhgaya terror attack by monitoring computers and data at rest
New Delhi, Dec 22: Amidst the raging debate post the Home Ministry order which authorised 10 agencies to monitor, intercept and decrypt data from any computer, one must recall the investigations that took place in connection with the Bodhgaya blasts case.
The National Investigation Agency had take over the case and at the start it was a dead end. The NIA then sought permission from the Home Secretary to monitor the online communication of certain suspects. The conversations were intercepted from internet gateways in real time.
An NIA official tells OneIndia that this monitoring was crucial to the investigation. We got a great deal of information as we were able to track the details in real time. These crucial communication intercepts helped us nab the suspects.
Officials say that monitoring computers is nothing new, especially in terror related cases. However they also add that the process is not as easy as it may sound. There is a process involved and this new order has only streamlined the same.
An Intelligence Bureau official said that it is not easy to monitor computer data as is the case in phone conversations. Take for instance monitoring a conversation on WhatsApp, which has end to end encryption.
In several cases, the agencies have had a difficult time in tracking conversations on chat applications that have end to end encryption. Once the conversation is tracked, then the de-coding technology is applied. By the time the 265 bit encryption is broken, it could take a couple of weeks. At times such information becomes useless, the officer also explained.
What is the order:
The order of the Ministry for Home Affairs authorising 10 agencies to monitor, intercept and decrypt data from any computer in the country has created a furore.
The 10 agencies mentioned in the order are the Intelligence Bureau, Narcotics Control Bureau, Enforcement Directorate, Central Board of Direct Taxes, Directorate of Revenue Intelligence, Central Bureau of Investigation, National Investigation Agency, Cabinet Secretariat (RAW), Directorate of Signal Intelligence (For service areas of Jammu and Kashmir, North-East and Assam only) and Commissioner of Police, Delhi.
The home ministry has authorised the agencies to intercept information under 69 (1) of the Information Technology Act, 2000 which says the central government can direct any agency after it is satisfied that it is necessary or expedient to do so in the "interest of the sovereignty or integrity of India, defence of India, security of the state, friendly relations with foreign states or public order or for preventing incitement to the commission of any cognisable offence relating to above or for investigation of any offence".
Data at rest:
It is for the first time that the powers of scanning data at rest have been given to the agencies. Earlier it was only the data in motion which could be intercepted, an officer with the IB said.
As a result of this order the agencies mentioned in the Home Ministry order can scan data revived, stored and generated. Further the powers of seizure too have been given. Prior to this order the Intelligence Bureau did not have the powers of seizure. However with this order, the IB is well within its right to carry out a seizure.
This has been a long standing demand from the agencies. Most of the crimes be it economic, terror etc are committed on the cyber space these days. Hence it becomes all the more important to have such an order in place, the officer said.
Take for example, chat groups on the social media, which propagate about groups such as the Islamic State. The agencies from across the country have written to social media providers and the requests have been pending for several years and in some case over 10. There was no legal backing under which the data on the social media could be sought. This was a major hinderance and in several case especially those relating to terrorism, the probes had come to a standstill.
While under the Telegraph Act there were provisions for the agencies to tap the phones, there no such thing under the Information Technology Act. An IB officer however explained that there are safeguards in this as well. Before we can tap into the data, there will be two levels of checks, the officer said.
Just as in the case of phone tapping, the officials would have to seek permission from the Union Home Secretary. This would then be reviewed by the Cabinet Secretary. Any such order would be passed only if there is a justifiable explanation and provided that it comes under the ambit of national security.