The Pegasus revelations have struck a body blow to privacy rights of citizens. In India, the government continues to be in denial over the purchase of spyware. The Supreme Court of India is hearings petitions filed by individuals who were targeted by surveillance and by organisations working on digital freedom and civil liberties. Free Speech Collective, in collaboration with Network of Women in Media, India and SabrangIndia, hosted a discussion on ‘India’s Deep State: Is Any Citizen Safe?‘, on July 26, 2021.
The Speakers were M K Venu, Founding Editor, The Wire; Mishi Choudhary, Legal Director of the Software Freedom Law Center; Mihir Desai – senior lawyer and human rights activist and Apar Gupta, Executive Director of the Internet Freedom Foundation (IFF).
Here are highlights from the discussion.
“Pegasus is an issue that concerns the integrity of the democratic institutions not just in India but around the world.”
Forbidden Stories got hold of the NSO database of 50,000 people, names and telephone numbers which NSO hasn’t denied. In a legal communication to Forbidden Stories and other media partners, NSO has owned up…it has tried to say that many of the clients are not meant for Pegasus surveillance but meant for other purposes, but they have not explained what the other purposes are. So it’s all mired in a lot of mystery.
So far, we have tested the phones of 21 journalists and 10 have been tested to be fully infected.
Obviously because of constraints of infrastructure and of not being able to convince people to give their phones, because there is a lot of fear and stigma associated with it…small businesses say they are vulnerable if their names come out, their businesses will suffer. These are dimensions of privacy which we often forget.
I find it very odd that the government is in a denial mode. The government is saying 2 things, “We are not involved, we haven’t done it,” and “we have not purchased Pegasus.”
Many editorials have pointed out to the government, “If you haven’t done it, then all the more reason to investigate.” Because it could be that Pegasus is sold to some enemy state. So for a government that prides itself on its national security plan, it becomes more urgent for them to investigate. But the government has remained silent on that.
As more and more names come out, the government is under pressure because France, Hungary and Mexico have announced enquiries. Israel itself, the originator of Pegasus has announced an enquiry.
I think it’s a global issue. It’s an issue that concerns the integrity of the democratic institutions not just in India but around the world. I’m happy this has become a world-wide issue because I have no expectation of this Indian government.
The Press Club of India passed a resolution saying that the media fraternity might see the legal constitutional options. So, we might go to court, others are planning PILs. So, I think the situation is quite dynamic and this investigation will continue.
“No judicial or parliamentary oversight over surveillance that is carried out.”
Worldwide there are at least 500 companies that operate unregularly and they sell intrusive software to oppressive regimes. There is not much of international regulation or export control compliance that happens.
The governments are responsible to issue those Export Control Compliances licenses about technologies that have dual usages- they can be used for civilian or other purposes.
These cyber attacks are coming from our own executive. Despite the denials, this is not the first time, we have seen this in 2019 as well and we have just seen evasive tactics whether it is passing the buck to WhatsApp.
Most importantly under Indian law this is somewhat legal. I won’t say that it is completely legal because there are sections under the law which we can talk about considering the extent of this kind of surveillance, there is some recourse in law because this is malicious software, without anybody’s permission installed on devices.
On one hand the government in telling us that all our life services should be online. You can’t get a Covid vaccine without an app, you cannot get ration without an Aadhar number, you cannot operate your bank account or income tax filings. In the name of Digital India, they have put everything online. Yet, India is the country with the highest internet shutdowns in the world; which means they can bring your life- economic, political and social life, will one kill-switch.
We are probably the largest or the only democracy which does not have judicial or parliamentary oversight over surveillance that is carries out.
In March of 2020, we learnt from the Parliament, the government admitting that it used artificial intelligence and facial recognition software to identify 1,100 protestors. World over, moratoriums are being now imposed; governments are deciding and companies are deciding that facial recognition software are very dangerous. India is marching full speed on without ever thinking about it.
There are 3 surveillance projects started under the UPA. That is why the political party in power doesn’t matter, the desire to control is universal. They started Central Monitoring System, NETRA and NATGRID. Under these surveillance projects, the internet traffic of every citizen is subjected to interception and surveillance by the government.
” Ultimately, the challenge to surveillance of any kind is essentially on the basis of right to privacy.”
It led to the PUCL judgement in 1996 when there were directions issued under what conditions you can tap the telephones of people.
Ultimately the challenge to surveillance of any kind is essentially on the basis of right to privacy.
In the Bhima-Koregaon case, people’s computers were hacked through malware and actual documents were planted and those planted documents were the only documents shown as evidence against the people who are in jail for 3 years.
I think we are in for really bad times and the laws which we have today like the Data Protection Bill which is a very weak bill which is pending in the Parliament and you have the Evidence Act which hasn’t moved adequately with the change in technology.
“Pegasus actually classifies as a cyber weapon”
Contrary to that Citizen Lab’s own findings are, “We have found indications of possible political themes within targeted materials in several countries.”
What are the benefits of Pegasus? These are the actual operational functionalities within the software- unlimited access to target’s mobile devices, intercept calls, bridge intelligence gaps, handle encrypted content and devices, application monitoring, pinpoint targets. These go far beyond what was conventionally understood to be tapping.
If you look at the description of the system and services…it is a very complex software which in fact requires deployment, training and hardware installation. It cannot be done without actual physical presence of contracted personnel given the amount of money and the sophistication of the software.
Pegasus has the capability of going beyond passive interception into a much more active form of malware infection. Hence, it actually classifies as a cyber weapon.
Click here to view the entire discussion.
(Video highlights and transcripts edited by Ashray Nambiar, undergraduate student in Political Science from Sciences Po, Paris, and an intern with Free Speech Collective)