It's time for NSA Ajit Doval to break his silence on the 'non-issue' of Pegasus

It is not just the Prime Minister but the National Security Advisor (NSA) Ajit Doval, who has been unusually quiet on the Pegasus Project’s revelations. The current NSA, who enjoys a cabinet rank and turned 76 in January this year, is not accountable to the Indian Parliament and like his boss, he does not answer questions in unscripted press conferences. Also, unlike his predecessors his views on critical national security issues are not really known.

Would his four predecessors have kept quiet on the threats posed by cyber security? The first two National Security Advisors, Brajesh Mishra and J.N. Dixit, have passed away. Both were career diplomats and belonged to the Indian Foreign Service. The next NSA between 2005 and 2010, M.K. Narayanan, was an IPS officer who became the Governor of West Bengal. Mr Doval’s immediate predecessor Shivshankar Menon was also an IFS officer; and both Mr Narayanan and Mr Menon have been writing books and giving lectures.

Not that Mr Doval is entirely invisible and never heard. His now famous Biryani eating on a deserted Srinagar street under curfew in 2019 and the photograph of him surrounded by policemen in a riot-torn neighbourhood of Delhi in 2020 remain landmarks. But he has been conspicuous by his silence on the Chinese aggression, Pakistan sponsored terrorism, the threats emanating from the Taliban (with whom India is said to have established contact) or the cyber threats posed not just to India but all countries.

Not only will the NSA be the most knowledgeable person to talk about Pegasus, he is almost certainly the person who forged Indo-Israel relations. He had visited Israel in 2013 in an exchange programme almost 10 years after his retirement. One of the first appointees by the Modi Government as National Security Advisor, he again visited Israel in 2016 to pave the way for PM Modi’s visit the next year. It was the National Security Council under him, which suddenly saw its annual budget soar for ‘research on cyber security’. It was also the NSC secretariat that went on an overdrive, hiring consultants, sponsoring hush-hush cyber capabilities and expanding its staff and the scope of its work.

But under his charge, by all available accounts, India has become more unsafe. Cases of sedition and under UAPA have jumped. Pakistan sponsored terrorism shows no sign of abatement. India has ceded land to China in eastern Ladakh. There is no sign of the ‘historic’ Naga accord and for the first-time police of two Indian states, Assam and Mizoram, have fired on each other.

The NSA clearly has a lot to answer. But on most security related issues including disclosures made by the Pegasus Project, it is BJP spokesperson Sambit Patra who is holding forth. Like his boss, Mr Doval loves talking; and he can be a delightful speaker, judging by all available accounts. And he does speak on security even when he addresses devotees in Rishikesh on spiritualism. But when indeed will he break his silence?

The NSA visited Israel in March 2017 and called on Israel’s then NSA Jacob Nagel and Prime Minister Benjamin Netanyahu. As is now known the Pegasus spyware is sold only to Governments and only after concurrence by the Israeli Defence Ministry. It is suspected that it was during this visit that the Indian Government sealed the deal for Pegasus.

This suspicion is strengthened by insiders claiming that Dr Gulshan Rai, the National Cyber Security Coordinator, also visited Israel in May 2017. In fact, even the Israeli Prime Minister, while addressing a cyber tech conference at Tel Aviv University in June 2017, confided that cyber security was one of the key areas on the table during impending discussions with the visiting Indian Prime Minister.

Even as preparations were going on for PM Modi’s visit to Israel, the budget of the National Security Council Secretariat headed by the Indian NSA was increased 10 times in the Budget Estimate for 2017-18. It included Rs 300 Crore on Cyber Security, Research and Development (CSRD)

Prime Minister Netanyahu paid a return visit to India in January 2018. This coincided with another sharp jump in the budget of the NSCS. For the year 2018-19, the Capital Expenditure budget was shown at over Rs 700 Crore. Revenue Expenditure too showed an increase. What is remarkable is that before this suddenly ‘productive’ period, the budget for the NSCS hovered between Rs 25 to Rs 40 Crore. Its job was primarily coordination between agencies and monitoring at the highest level. When and how did the NSCS become an operational wing? Did it play a role in political surveillance?

This ‘speculation’ is supported by the jump in the number of employees at the NSCS. Before Prime Minister Modi’s visit to Israel, the secretariat apparently had 202 employees working, though the sanctioned strength was 299. In 2021, the sanctioned strength is said to be 562. Insiders with knowledge of the working of the NSCS say that the actual number of employees is still far less than the sanctioned strength. What was then the need to increase the sanctioned strength?

A possible explanation offered is that under the rules the Government can hire consultants against sanctioned posts on temporary and contractual basis. So, while the actual number of employees may not be alarming, the NSCS, armed with the enhanced budget availability and the sanctioned strength, could hire and fire consultants at will.

Two questions that remain unanswered are whether the National Security Council hired foreign consultants, and if so, how many and when. The pattern has led to conspiracy theories and it has been suggested that the spyware was used to rig the Lok Sabha general election in 2019. This conforms to the period when hundreds of Indian activists, journalists and political leaders were targeted by the spyware, as revealed by the Pegasus Project. Consultants hired before the general election and fired after the election got over is one indicator that may offer some clue. But the information is not available in the public domain.

Eyebrows have also been raised at the jump in the strength of Under Secretary level employees at the NSCS. While the sanctioned strength of this category was just 20 till 2018, it has gone up to more than one hundred, it is said. What are they deployed to do and with what outcome?

It was around 2018 when the Ministry of Statistics and Department of Administrative Reforms were asked to vacate Sardar Patel Bhawan in New Delhi for the NSCS which now occupies two floors in the building. But the other two departments are yet to vacate their floors, which has raised speculation about the consultants and additional employees hired by the NSCS working from other, unknown places.

That the Pegasus spyware could have been used more for political purposes is borne out by the widespread scepticism in security agencies. Veterans in Intelligence agencies wonder what the spyware can possibly add to what they have already gathered on journalists and Maoist sympathisers? Their movements, contacts, finances and connections are already known. “It is doubtful if Pegasus can give us much more useful information about, say, an editor than what we already know about him,” says an insider.

Real time information of location or snooping on conversations or, for that matter, stealing messages and photographs from devices can help in blackmailing targets, he explains. As American forensic labs have claimed, and the Pegasus Project has now confirmed, the spyware can inject malware in devices and plant malicious content. “This is not intelligence gathering…the lines are being blurred and the scope of surveillance is being extended to grey areas,” he adds.

The disclosure that the spyware was used in the murder of Washington Post columnist Jamal Khashoggi by Saudi Arabia or in the abduction of Sheikha Latifa by the Indian Coast Guard, seem to confirm the apprehension. A 2019 report in the media had confirmed that the government was working on two classified projects: (1) Establishing cyber labs and operations rooms in every police range in the country, and (2) Formation of a centre for excellence in cyber monitoring, analysis and operations at the national level.

But the Indian Parliament does not seem to have much clue to what is happening and why. The Government is not even ready to confirm or deny whether intelligence gathered by using spyware bought from foreign countries are stored in servers in India or abroad.

A Joint Parliamentary Committee could summon officials, including possibly the NSA, and ask them questions. But again, the Government is in no mood to allow any investigation, leave alone by a JPC. National security clearly requires the nation to be kept in the dark. Mr Doval’s deep personal interest in cyber espionage is not quite a secret. But while he has spoken about it frequently enough, sceptics wonder what he has been able to achieve. Those who have followed him closely point out how he had helped rehabilitate an accused in a spy ring case.

One of the accused, who worked in the NSCS, was arrested by Delhi Police and got bail in 2010. He had been accused of spying and passing on information to the then Third Secretary in the US Embassy in New Delhi, a lady who now works as a guide in Washington but whose social media handles identify her as a former CIA employee.

The spy ring case is still pending but is said to have been stalled. This particular accused, now a cyber security expert with a firm based in Noida, worked with Essel Group that promoted Zee TV and wrote in the journal of VIF (Vivekananda International Foundation founded by Mr Doval) in 2013 on the cost of hacking Electronic Voting Machines (EVMs).

Too many questions haunt the growing snooping scandal even as the Government brazens it out