The memory of the November 2008 Mumbai terror attacks — popularly known as 26/11 Mumbai attacks — continues to shape India’s internal security imagination. Over 160 lives were lost, and for three days the nation watched live television images of gunfire, explosions and courage under fire. Almost as constant as the visuals was a refrain: this was a “major intelligence failure”. Seventeen years later, that diagnosis has birthed a surveillance architecture whose scale now raises deeper constitutional questions than the failure it sought to remedy.
How “intelligence failure” became the dominant explanation
The charge of intelligence failure was not rhetorical excess. Parliamentary disclosures and the high-level inquiry committee’s report pointed to ignored or poorly handled alerts before the attack. A key conspirator, David Coleman Headley, had travelled repeatedly to India, leaving trails in visa records, hotel bookings and travel itineraries. The argument that gained traction was seductive in its simplicity: had disparate data points been aggregated and analysed in time, could the carnage have been prevented?
This framing shifted the problem from institutional capacity and accountability to technological absence — a move that would decisively influence policy choices.
The birth of a technological “crown jewel”
Out of the post-26/11 shock emerged the National Intelligence Grid (NATGRID). Conceptualised as a middleware platform, it was designed to allow specified intelligence and investigative agencies to query databases across multiple domains — identity, travel, finance, telecommunications and assets — without creating a single central database.
From the outset, unease surrounded the project. Announced publicly in December 2009, it raised an immediate constitutional question: could a surveillance system of this magnitude operate without a dedicated law or independent oversight? Cabinet-level reservations were reported, yet in 2012 NATGRID was cleared by executive decision, not parliamentary statute, with an initial allocation exceeding ₹1,000 crore.
From “vaporware” to operational reality
For years, repeated delays led many to dismiss NATGRID as more promise than practice — a symbolic response to public anger rather than a functioning system. That perception no longer holds. By late 2025, reports indicated that NATGRID was processing roughly 45,000 queries a month. Access has expanded beyond central agencies to State police units, reportedly down to the rank of Superintendent of Police.
This marks a quiet but profound shift: a platform conceived for counter-terrorism is increasingly embedded in routine policing.
The unsettling linkage with the population register
The most consequential development is the reported integration of NATGRID with the National Population Register (NPR), a repository containing details of around 1.19 billion residents. The NPR maps households, family linkages and identities, and has been politically contentious due to its perceived linkage with citizenship verification debates.
Integrating a population register with an intelligence query system crosses a critical boundary. Surveillance moves from tracking suspects and events to enabling the potential mapping of every resident. The paradigm shifts from targeted intelligence to population-scale scrutiny.
Algorithms, bias and the new nature of risk
NATGRID’s expansion is occurring in a technological environment very different from 2008. Advanced analytics and machine learning tools — including systems designed for “entity resolution”, which decide whether fragmented records refer to the same individual — now sit at the core of intelligence workflows. Combined with facial recognition and telecom KYC databases, this is no longer a passive “search bar”.
Two dangers stand out. First is algorithmic bias. Data-driven systems do not merely discover patterns; they replicate the biases embedded in historical data. In a policing environment already skewed by caste, religion or geography, analytics risk hardening prejudice while cloaking it in claims of objectivity. Second is scale. When tens of thousands of queries are processed monthly, internal logging and classification, absent independent oversight, risk becoming ritual rather than restraint.
Why more data does not mean better intelligence
Defenders of NATGRID argue that such tools are matters of life and death. Yet intelligence failures are rarely caused by lack of data alone. The 26/11 experience itself revealed deeper problems — poor training, weak coordination and institutional complacency. Technology cannot compensate for deficits in professionalism or accountability.
Moreover, NATGRID’s drift from counter-terrorism into everyday policing dilutes the very rationale used to justify its exceptional reach.
Courts, Parliament and the missing guardrails
India’s constitutional framework does not prohibit surveillance, but it demands legality, necessity and proportionality. The Supreme Court’s privacy ruling in Justice K.S. Puttaswamy vs Union of India articulated these principles clearly. Yet intelligence programmes lacking statutory basis or independent oversight remain largely unexamined by Parliament or conclusively adjudicated by courts.
Public debate, too, has thinned. Questioning security institutions is increasingly portrayed as disloyalty, even as accountability for failures — including recent terror incidents — remains muted.
What to note for Prelims?
- NATGRID: Purpose, scope, and agencies involved
- Difference between NATGRID and databases like NPR
- Key features of the Puttaswamy judgment on privacy
- Concept of “entity resolution” in data analytics
What to note for Mains?
- “Intelligence failure” versus institutional accountability
- Surveillance, privacy and absence of statutory oversight
- Risks of algorithmic bias in policing and security
- Balancing national security with constitutional freedoms
The shadow of 26/11 still looms large, but remedies born of fear risk outliving the crisis that produced them. Without parliamentary scrutiny, judicial oversight and professional reform, surveillance infrastructures like NATGRID risk becoming architectures of suspicion — normalised in the name of safety, yet corrosive to democratic accountability.
