Recently opposition has alleged NDA government of spying phones of many opposition leaders and called BJP as- Bhartiya Jasoos Party. According to Congress party’s allegation, 300 snooped numbers belong to Indians, including some famous people like- Rahul Gandhi, Prashant Kishor, Abhishek Banerji, some close friends of Rahul Gandhi, various famous journalists, anti-CAA protestors and some of the ministers of central government were in the list.
IT minister Ashwini Vaishnav gave clarification in Lok Sabha that –“Nothing illegal or invalid has been done, there are already procedures for this system, allegation of spying is just an attempt to malign the image of government”.
Senior advocate Kapil Sibal, appearing for senior journalists N Ram and Shashi Kumar who have filed one of the petitions in this issue, has asked the government to file an affidavit stating whether the government has used the Pegasus malware or not. Solicitor General of India Tushar Mehta has argued that “these are just attempts to make the matter sensational, there would be an issue of national security, this matter is highly technical and expertise is needed to examine the issue, so government will set up a committee on this issue”
What is Pegasus and why it is so important?
A not-for-profit organization ‘Forbidden Stories’ gained access to leaked document of NSO which had list of 50,000 people. Forbidden stories tied up with cyber wing of Amnesty International, the phones of listed people were checked and Pegasus malware was detected.
Pegasus is actually a highly sophisticated military grade spyware, developed by Israeli cyber arms’ firm NSO group. It infects devices and spies on victim by transferring data to a master server in an unauthorized manner.
The company claims to sell it to "vetted foreign governments" worldwide. It is in use since 2018. It targets both iOS and android phones. Its initial version was related to spear fishing by social engineering and then click bait was the procedure. It means a link comes into your phone and once you click on it; the malware enters your phone.
But its latest version is even more deadly, it works on zero click installation. It means it will come into your phone without giving you any clue. It provides remote control to attacker and also complete command and control to attacker. It has stealth feature, it covers and vanishes its trails and tracks, and you cannot know if it is or was present in your phone. It is not for mass surveillance but for targeted surveillance only. Company has made it to spy terrorists but now it is being used by various governments too.Its attack vectors are SMS links, text messages, whatsapp messages, unknown vulnerability, email links. It takes control over SMS, emails, WhatsApp chats, photos and videos also.
It can also activate microphone, camera, GPS, calendar etc. It can plant document to falsify evidences. Your keystrokes, passwords can be accessed by the attacker. To avoid extensive bandwidth consumption that might alert the target, it sends only schedule updates (i.e. files will be transferred from your phone at specific time slots) to C&C i.e. Command and control server. It has been designed to evade forensic analysis and avoid detection by antivirus software and can be deactivated and removed by attacker after the task is done.
From postal letters to telephones to now smart phones, they all come under interception by Intel agencies. Limited and target surveillance with checks and balances are essential for state security but wide sweeping, mass surveillance not only violates fundamental rights but also is abuse of power and comes under tyranny.
In the constitution of India, lawful interception of communication is allowed by the two tools. First one is the Indian Telegraph act 1885, that allows intersection of calls and second one is, Information Technology Act 2000 that allows for interception of electronic communication.
Under section 5 of Indian Telegraph act 1885, central and state governments can intercept calls only in certain situations. It should constitute a public emergency or in the interest of public safety on the grounds of sovereignty and integrity of India, security of state, friendly relations with foreign states, public order, incitement to the commission of an offence.
Section 69 of Information Technology Act 2000, has broader provision for interception, monitoring and decryption of digital information 'for the investigation of an offence'.
If unrestricted or unchecked surveillance is there, it violates article 19, article 21, right to free speech, right to free press and also the right to privacy.
In K. S. Puttaswamy case 2017, Supreme Court established a fourfold test for the state to breach individual's right to privacy-
First one is that the state action must be sanctioned by law i.e. by IT Act, Telegraph Act etc. Second one is the test of necessity and proportionality; it means state should not spy someone unnecessarily. Third one says that, there must be a legitimate state aim for action. And fourth one is for procedural guarantee against abuse of power.
We have so many Intel and security agencies like - NIA, NCB, IB, RAW, NTRO, DIA, CBI, CBDT and also state police, they all work in an opaque manner, there is no independent accountability given to them. Also IB, RAW were set up through an executive order of government of the day, so they are under central government only.
SC says that if there is a widespread threat to free speech and expression, then journalists, political leaders and activists, they would be paused towards submission.
In USA, CIA is answerable to Senate and also House of representatives; also there is a Senate intelligence committee for supervision. In UK also, more or less similar system of supervision is present.
So we need something like this in India too. Espionage and surveillance are the integral part of state craft and to identify and access national security threat is important to secure a nation. But it must not be misused by anyone.