Disclaimer: Copyright infringement not intended.

Context

• The Supreme Court said its technical committee had so far received and tested 29 mobile devices suspected to be infected by Pegasus malware.

 

What is Pegasus?

• Pegasus is the name of a spywaredeveloped by Israeli firm NSO.
  • A spyware is any malicious software designed to enter your computer device, gather your data, and forward it to a third-party without your consent.
• It can be introduced surreptitiously into mobile devices and can suck up all data and meta-data on the infected device as well as monitor conversations, chats and browsing.
• Pegasus, is perhaps the most powerful spyware ever created.
• It is designed to infiltrate smartphones — Android and iOS — and turn them into surveillance devices.
• The Israeli company, however, markets it as a tool to track criminals and terrorists — for targeted spying and not mass surveillance.

 

Who can buy Pegasus?

• NSO claims it will only sell the software to verified government agencies, with a contractual clause that the spyware can only be used in cases of suspected crime or terrorist activity.
• In practice, the clause is unenforceable -- any buyer can then use it as they please.
• However, it is possible for NSO to verify potential buyers and check whether they are official agencies, though it refuses to release its client list.
• NSO claims it has 60 clients in 40 countries.
• NSO also says the spyware is mainly used by law enforcement and intelligence agencies as well as the military

 

What can Pegasus do?

• Once installed, the spyware takes a wide range of permissions, allowing it to monitor location, e-mails, grab contact lists, take screenshots, grab media, grab instant messages and SMS, access browser history, take control of the phone’s mike and cameras, etcetera.
• Pegasus can also be deleted remotely. It is very hard to detect and once it is deleted, leaves few traces.
• It can also be used to plant messages/mails, etcetera, which is why there are theories it may have been used to plant fake evidence to implicate activists in the Bhima Koregaon case.

 

Who has been targeted?

• The NSO has stated that Pegasus is not a tool for mass surveillance.
• The stated aim of Pegasus is to fight crime and terrorism, the database also has the numbers of over 200 journalists worldwide, including 40 from Indian media houses.

 

What do Indian laws outline?

• Section 5(2) of The Indian Telegraph Act, 1885, states that the government can intercept a “message or class of messages” when it is “in the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign states or public order or for preventing incitement to the commission of an offence”.
• The Rule 419A of the Indian Telegraph Rules, 1951 was added to the Telegraph Rules in 2007 after the verdict in the People’s Union for Civil Liberties (PUCL) vs Union of India case in 1996, in which the Supreme Court said telephonic conversations are covered by the right to privacy, which can be breached only if there are established procedures.
• Under Rule 419A, surveillance needs the sanction of the Home Secretary at the Central or State level, but in “unavoidable circumstance” can be cleared by a Joint Secretary or officers above, if they have the Home Secretary’s authorization. 
• In the  Puttaswamy vs. Union of India verdict of 2017, the Supreme Court further reiterated the need for oversight of surveillance, stating that it should be legally valid and serve a legitimate aim of the government. 
• The court also said the means adopted should be proportional to the need for surveillance, and there should be procedures to check any abuse of surveillance.
• The second legislation enabling surveillance is Section 69 of the Information Technology Act, 2000, which deals with electronic surveillance. 
• It facilitates government “interception or monitoring or decryption of any information through any computer resource” if it is in the interest of the “sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States or public order” or for preventing or investigating any cognizable offence.

 

Are India’s laws on surveillance a threat to privacy?

• The procedure for electronic surveillance as authorized by Section 69 isdetailed in the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009. 
• These rules are very broad and allow even the redirection of traffic to false websites or the planting of any device to acquire any information.
• Use of Pegasus is illegal as it constitutes unauthorized access under Section 66 of the Information Technology Act.
  • Section 66prescribes punishment to anyone who gains unauthorized access to computers and “downloads, copies or extracts any data”, or “introduces or causes to be introduced any computer contaminant or computer virus,” as laid down in Section 43.

 

Pros and cons of public surveillance

Pros

• Increase Public Safety: Just like surveillance on our private property improves our home security, public surveillance increases public safety.
• Reduce Crime Rate: It can keep an eye out for crimes as well as act as a deterrent.
• Captures "precrime" data
• Helps Catch Criminals
• It helps authorities to track criminals down.
• Encourages good behavior
• Provide Evidence & Gather Clues
• Acts as reassurance
• Convenience

Cons

• Easily Abused: Unfortunately, this technology can be easily abused. For example, information collected can potentially be used as a form of blackmail. Another example is voyeurism and stalking. To combat these issues, strict regulations on public surveillance must be put into place.
• Reduces personal privacy
• Reduces personal freedom
• Freezes free speech
• Creates a "Big Brother" society
• Creates a "nanny state"
• Brings into disrepute the role of government
• Blurs moral and legal boundaries
• Undermines the rule of law
• Increases societal "paranoia"
• Narrows choices through creation of algorithmic "echo chambers"
• Increases supply side manipulation
• Information asymmetry (supply side high, demand side low)
• Doubts about Effectiveness
• Expensive: High maintenance and costs of these systems is not justified by their limited results

Way Forward

• There is an urgent need to enact the Personal Data Protection law toprotect citizen’s right to privacy.
• There is a need to address the existing loopholes in the legal framework thatallow surveillance and affect privacy. For example: the IT act.

 

https://epaper.thehindu.com/Home/ShareArticle?OrgId=G949R99AR.1&imageview=0