Pegasus

Why in News ?
  • A recently published report Project Pegasus claimed that Pegasus, an Israeli Spyware (military grade) developed by a company named NSO, was used to snoop on several Indian numbers.
  • Reportedly numbers of Indian politicians, journalists and activists were there on this list.
  • Apart from India, there have been reports of similar surveillance of politicians, journalists and activists from across the World.
  • The usage of this spyware was first reported in 2016 in UAE and a similar controversy was raised in India in 2019.
What is Pegasus?
  • Pegasus is a spyware developed by a private contractor for use by government agencies.
  • It is sold only to select Governments after approval by the Israeli government.
  • It infects a target’s phone and sends back data, photos, messages, audio and video recordings.
  • Pegasus’ developer NSO Group claim that the software can’t be traced back to the government using it.  
How does Pegasus work?
  • Initially it used Spear Fishing technique which required the target to take some action to download the spyware on his phone.
  • Now it reportedly uses a “zero-click” attack which allows the device to be taken over remotely by exploiting software and hardware vulnerabilities.
  • A zero-click attack means a remote cyber-attack which does not require any interaction from the target to compromise it.
  • It uses the vulnerabilities of softwares and apps installed on the phone to get installed.
  • Once installed, it steals all sorts of private data from the phone, sending a target’s data.
  • It can reportedly even turn on the cameras or microphones to create secret recordings.
  • All this is done stealthily to ensure that the target remains ignorant about the compromise.
  • It is also reported that the malware does not leave behind any trace for forensic examination and can be remotely deleted.  
Concerns:
  • NSO has stated that the spyware is exported “exclusively to government entities” and o leading to concerns about State Surveillance.
  • It has allegedly been used toillegally hack into personal lives to obtain private information outside the boundaries of the law. This is a violation of the fundamental rights of liberty, privacy, speech and expression.
  • Those who were allegedly targeted are from the Opposition party leaders, activists and journalists i.e. important stakeholders of a vibrant democracy.
  • Such incidences can create a chilling effect and dampen the spirit of democracy and stifle free speech.
  • It is also a violation of free speech in democracy.
  • It creates grave concerns regarding Cyber Security of the nation and its citizens.
Laws for Surveillance in India :
  • Communication surveillance in India are under two laws:
    • Telegraph Act, 1885: 
      • It deals with interception of calls.
      • Sec 5 (2) allows only in case of a public emergency or public safety on the grounds of sovereignty and integrity, security of state, friendly relations with neighbours, public order, incitement to the commission of an offence.
      • Based on SC guidelines several procedural safeguards have been added to protect privacy.
    • Information Technology Act, 2000: 
      • It was deal with surveillance of all electronic communication. The powers under this Act are broader than Telegraph Act.
      • Section 69 of the IT Act makes it broader interception, monitoring, and decryption of digital information for the investigation of an offense.

Puttaswamy case: The 'proportionality and legitimacy' test
  • It  is a four-fold test that needs to be fulfilled before state intervention in the right to privacy:
  • The state action must be sanctioned by law.
  • In a democratic society there must be a legitimate aim for action.
  • Action must be proportionate to the need for such interference.
  • And it must be subject to procedural guarantees against abuse of the power to interfere.

 

Conclusion:
Government must clarify about the questions raised over this issue and take necessary steps to protect the rights and freedoms of its citizens. The SC guidelines in Puttaswamy case regarding 'proportionality and legitimacy' must be fulfilled before any violation of privacy of the citizen is carried out. 
Posted by Jawwad Kazi on 10th Jul 2021