Raise Data Management Capacity, But Not at Cost of National Security: EAS Sarma

New Delhi: Reacting to the National Information Security Policy and Guidelines issued by the Home Ministry, former top bureaucrat-turned social activist E A S Sarma has written to the Secretary, Home Affairs, expressed deep concern over the country’s national security over the likely involvement of foreign IT companies, keeping in mind the “investment rush” in the case of “Data Centres”. 

In an open letter to Govind Mohan, Home Secretary, on October 16, Sarma, who is a former secretary to the Union government, said while “India needs to strengthen and augment its Data Centre capacity, a prudent approach would be to achieve that objective, not by indiscriminately involving foreign IT companies, but by assiduously building up indigenous capabilities with the help of our CPSEs. While domestic private IT companies also need to be involved, it should be a part of the overall framework of a long-term policy, overseen and guided entirely by the Centre in consultation with the States, within a unified legal framework and a highly coordinated regulatory environment that subserves national security and the overall public interest.”

Sarma called for wider consultation on such a serious matter with the Department of Communications, as well as regulatory bodies like the Reserve Bank of India, Central Public Sector Enterprises, like the National Informatics Centre as well as state governments.

Read the full letter below:

To

Shri Govind Mohan

Union Home Secretary

Dear Shri Govind Mohan,

The National Information Security Policy and Guidelines issued by your Ministry (https://barnala.punjabpolice.gov.in/wp-content/uploads/2022/03/06-National-Information-Security Policy-and-Guidelines-v5.0.pdf) clearly state, “securing sensitive information is important for the strategic security and defense of a country. Economic stability of the country depends on uninterrupted operations of banking and finance; critical infrastructure such as power generation and distribution, transport systems of rail, road, air and sea; which in turn are critically dependent on ICT. It is important for national security and continued prosperity of people“. 

It is important for your Ministry to review how the nation is progressing in the above stated direction and whether the decisions taken by the Centre and the States have been in consonance with those guidelines.

One important lesson that the nation has drawn from the recently executed Operation Sindoor is that India’s effectiveness in the defence sector owes a great deal to DRDO-initiated indigenous weaponry, electronics and communications, ably supported by several CPSEs which have risen to the occasion and the indigenous capabilities provided by domestic private entities. ISRO’s navigational satellites supported NAVIC to substitute for the US-based GPS. 

Despite this, we continue to depend heavily on foreign-made mobile devices which have a wide reach cutting across all sectors, foreign chip technologies that enter every sphere of life, and social media platforms and communication channels controlled by foreign agencies. While all out efforts are being made by the government to build indigenous capabilities in such sectors, a few imprudent decisions which have been taken over the recent years run counter to national security and cause a serious concern.

For example, the Department of Technology (DOT) sometime ago rushed into providing a red carpet welcome to Elon Musk’s StarLink to enable the company to monopolise India’s satellite spectrum space, unmindful of the fact  that StarLink operates closely with the US defence services and has already registered its presence over the skies of several of our neighbours, including Pakistan, Bangladesh, Bhutan and Sri Lanka, literally casting its umbrella of surveillance over the sub-continent. I am not sure whether DOT has imposed rigorous security conditions on the company, especially on its surveillance over the strategic assets of the country (https://countercurrents.org/2025/06/starlink-is-likely-to-pose-a-serious-security-risk-preferably-defer-its-operations-in-india-institute-an-independent-judicial-enquiry/)

More recently, in their “race” to promote investments, Chief Ministers of several States have been vying with each other to spread the red carpet for private investors, offering them mind boggling incentives. In such a mindless rush, they have become a ready prey to companies located in countries whose policies have been more than unfriendly to students aspiring to go abroad for higher studies, Indians seeking employment overseas and, in general, all Indians immigrants. 

One such sector in which one witnesses the “investment rush” these days is in the case of “Data Centres”. 

No doubt,  India accounts for nearly 20% of global data generation but has only about 3% of the world’s data centre capacity, highlighting the magnitude of the gap (http://www.orfonline.org/expert-speak/building-sovereign-data-centre-infrastructure-in-india).

India’s effort should be to fill that gap, not by succumbing to pressure exerted by overseas IT companies, but by strengthening our own CPSEs like the National Informatics Centre (NIC). It is unfortunate that, ignoring the Home Ministry’s security guidelines, the States are rushing into inviting foreign IT companies to set up their electricity-intensive, water guzzling, externally controlled Data Centres, literally placing at their command almost 85% of our data, some of it having strategic importance having long-term strategic implications for national security.

For example, Andhra Pradesh has recently announced to the rest of the country that the heaven-born Google company would be setting up their Data Centre at Visakhapatnam. At the last minute, Google, knowing well the way the authorities in India govern, has announced collaborating with none other than the Adani Group, for reasons best known to them. Of course, when the people of Indianapolis vehemently opposed Google setting up a similar plant (https://futurism.com/future-society/residents-shut-down-google-data-center), Google looked around, found ready takers in Andhra Pradesh and decided to shift the plant to Visakhapatnam, overwhelmed by the slew of unimaginable sops that no other country would offer. 

Google is well aware that India has a maze of overlapping, and to some extent, fragmented framework of laws that govern information management, leaving many regulatory loopholes, a void in policy caused  by inordinate delays in the finalisation of the so-called “National Data Center Policy”, gaping cyber security gaps etc., which unfortunately many overseas investors would be comfortable with, as in such a fragile environment, regulation cannot be enforced easily.

It is not as though IT companies like Google would, on their own, ensure data safety, as evident from news reports (https://www.wsj.com/articles/google-exposed-user-data-feared-repercussions-of-disclosing-to-public-1539017194 & https://www.theguardian.com/news/2018/dec/20/googles-earth-how-the-tech-giant-is-helping-the-state-spy-on-us)that indicate not only large-scale data leakages but also reluctance on their part to admit security breaches and disclose them to the public. Some of those IT companies based abroad are known to work in close association with the defence and security agencies of those countries, an aspect about which your Ministry should feel concerned.

As rightly stated in an official press release(https://www.pib.gov.in/PressReleasePage.aspx?PRID=2082144),  “one of the central pillars of India’s digital infrastructure is the expansion and development of data centres. These centres are crucial for supporting the increasing demand for cloud computing, data storage, and AI/ML applications. India’s data centre industry is poised for substantial growth, with expectations for a significant increase in IT load capacity, which is approximately at 1000 MW currently. The National Informatics Centre (NIC) has established state-of-the-art National Data Centres (NDC) in cities like Delhi, Pune, Bhubaneswar, and Hyderabad, providing robust cloud services to government ministries, state governments, and public sector undertakings (PSUs). These data centres also offer essential disaster recovery and hosting services, ensuring continuity in government operations“. 

While India needs to strengthen and augment its Data Centre capacity, a prudent approach would be to achieve that objective, not by indiscriminately involving foreign IT companies, but by assiduously building up indigenous capabilities with the help of our CPSEs. While domestic private IT companies also need to be involved, it should be a part of the overall framework of a long-term policy, overseen and guided entirely by the Centre in consultation with the States, within a unified legal framework and a highly coordinated regulatory environment that subserves national security and the overall public interest.

I hope your Ministry, before it is too late, gets into tangible action in consultation with DOT, regulatory institutions like the RBI, CPSEs like the NIC and the States.

Regards,

Yours sincerely,

E A S Sarma

Former Secretary to the Government of India

Visakhapatnam

Courtesy: Countercurrents.org