Police question details of India code theft

Police officials investigating the alleged theft of source code at Jolly Technologies' Mumbai development centre are questioning...

Police officials investigating the alleged theft of source code at Jolly Technologies' Mumbai development centre are questioning aspects of the security incursion reported by the company.

Jolly lacked a security policy at its Mumbai centre, according to investigators examining the alleged theft of company code by a development centre employee.

"We have done a preliminary inquiry, and took the help of technical experts, but prima facie nothing during this inquiry indicated that the employee had transferred any file or document from her office computer to any other location," said Anami Roy, Mumbai's commissioner of police.

Roy added that Sandeep Jolly, president of Jolly, refused to give police a formal complaint, and did not co-operate with the police's investigation.

"We got a letter from an employee of the company, but that was a sketchy kind of a report, and cannot be treated as a complaint," Roy said.

Without a formal complaint from Sandeep Jolly or evidence of a theft, the Mumbai police cannot proceed with investigations, according to Roy.  "Our own inquiry does not disclose the commission of a cognisable crime," Roy added.

The police are not willing to register the case, according to Sandeep Jolly.

"We have learned that the police will not file a first information report until they are heavily bribed, as they know that there has been a huge loss to the company," Jolly said.

Jolly Technologies is a division of Jolly, which sells labelling and card software. It issued a press release earlier this month, reporting that an employee at its three-month old research and development centre in Mumbai stole portions of source code and confidential design documents related to one of its key products.

On 19 July, the employee in Mumbai uploaded and emailed files containing the source code and other confidential company data to her Yahoo e-mail account, according to Jolly.

One hurdle to any investigation of the case is that Jolly Technologies'  Mumbai facility fell short on security, according to investigators.

"It does not have a security policy, it has no log of the computer and network activity at the centre, and passwords are known to all and sundry," said Vijay Mukhi, a technical consultant to the Mumbai police on this investigation.
"We asked Jolly Technologies for the log, and they were unable to provide it to us," Mukhi added. "As the company has no log, I have no proof that there was a source code theft, and if so who did it."

However, Jolly said the company does have the log, adding that although  passwords were shared for getting into the PC to access a common data server, the password used by the employee to access her e-mail account was not available to others.

Jolly Technologies filed a writ petition on 19 August before the Bombay High Court in Mumbai asking the court to direct the Mumbai police to register the offence and start investigations. This occurred a month after the employee allegedly stole the code and left the company without notice. 

"As an association we are quite satisfied with the investigation by the police," said Sunil Mehta, vice-president of the National Association of Software and Service Companies in Delhi.

To give another twist to the story, about an hour after Jolly went to the Mumbai police, the employee accused of the theft filed a complaint with the police alleging that she had been harassed at work, and mentioned advances such as invitations to dinner and the movies, according to Roy.

"There was no explicit reference to sexual harassment, but to what you would perhaps call 'soft advances' by Sandeep Jolly," he added.

The police fabricated the information, claimed Jolly. The employee filed the complaint  two days after he went to the police, Jolly claimed, and that it lacked a reference to sexual harassment, but stated that Jolly falsely accused her of stealing, thereby causing her mental stress.

"There is more than meets the eye, and we are investigating all angles," Roy said.

John Ribeiro writes for IDG News Service

Read more on IT legislation and regulation