[ISN] Police question report of India code theft
isn at c4i.org
Wed Sep 1 13:22:47 EDT 2004
By John Ribeiro
AUGUST 31, 2004
IDG NEWS SERVICE
Police officials investigating the alleged theft of source code at
Jolly Technologies' Mumbai development center are questioning aspects
of the security incursion reported by the company (see story) .
Jolly lacked a security policy at its Mumbai center, according to
investigators examining the alleged theft of company code by a
development center employee.
"We have done a preliminary inquiry and took the help of technical
experts, but prima facie nothing during this inquiry indicated that
the employee had transferred any file or document from her office
computer to any other location," said Anami Roy, Mumbai's commissioner
of police. Roy added that Sandeep Jolly, president of Jolly, refused
to give police a formal complaint and didn't cooperate with the
"We got a letter from an employee of the company, but that was a
sketchy kind of a report and cannot be treated as a complaint," Roy
Without a formal complaint from Sandeep Jolly or evidence of a theft,
the Mumbai police can't proceed with an investigation. "Our own
inquiry does not disclose the commission of a cognizable crime," Roy
The police aren't willing to register the case, according to Sandeep
Jolly. "We have learned that the police will not file a FIR [first
information report] until they are heavily bribed, as they know that
there has been a huge loss to the company," Jolly said by e-mail.
Jolly Technologies is a division of San Carlos, Calif.-based Jolly
Inc., which sells labeling and card software. It issued a statement
earlier this month, reporting that an employee at its 3-month-old
research and development center in Mumbai stole portions of source
code and confidential design documents related to one of its key
On July 19, the employee in Mumbai uploaded and e-mailed files
containing the source code and other confidential company data to her
Yahoo e-mail account, according to Sandeep Jolly.
One hurdle to any investigation of the case is that Jolly
Technologies' Mumbai facility fell short on security, according to
investigators. "It does not have a security policy, it has no log of
the computer and network activity at the center, and passwords are
known to all and sundry," said Vijay Mukhi, a technical consultant to
the Mumbai police on this investigation.
"We asked Jolly Technologies for the log, and they were unable to
provide it to us," Mukhi added. "As the company has no log, I have no
proof that there was a source code theft, and if so who did it."
However, Jolly Technologies does have the log, according to Sandeep
Jolly. He also said that while passwords were shared for getting into
the PC to access a common data server, the password used by the
employee to access her e-mail account wasn't available to others.
Jolly Technologies filed a writ petition on Aug. 19 before the Bombay
High Court asking the court to direct the Mumbai police to register
the offense and start investigations. This occurred a month after the
employee allegedly stole the code and left the company without notice.
"As an association, we are quite satisfied with the investigation by
the police," said Sunil Mehta, vice president of the National
Association of Software and Service Companies in Delhi.
In another twist to the story, approximately an hour after Sandeep
Jolly went to the Mumbai police, the employee accused of the theft
filed a complaint with the police alleging that she had been harassed
at work and mentioned advances such as invitations to dinner and the
movies, according to Roy. "There was no explicit reference to sexual
harassment, but to what you would perhaps call 'soft advances' by
Sandeep Jolly," he added.
The police fabricated the information, according to Sandeep Jolly. The
employee filed the complaint two days after he went to the police, he
claimed, and he said it lacked a reference to sexual harassment.
Instead, the complaint stated that Jolly had falsely accused her of
stealing, causing her mental stress.
"There is more than meets the eye, and we are investigating all
angles," Roy said.
More information about the ISN