Civilsdaily

Cyber Security – CERTs, Policy, etc

SC tests phones for Pegasus Spyware

| Security Issues | Mains Paper 3: Cyber Security

The Supreme Court has said its technical committee had so far received and tested 29 mobile devices suspected to be infected by Pegasus malware.

Why in news?

  • It was alleged that the government used the Israel-based spyware to snoop on journalists, parliamentarians, prominent citizens and even court staff.

What is Pegasus?

  • Pegasus is a spyware developed by NSO Group, an Israeli surveillance firm that helps spies hack into phones.
  • In 2019, when WhatsApp sued the firm in a U.S. court, the matter came to light.
  • In July 2021, Amnesty International, along with 13 media outlets across the globe released a report on how the spyware was used to snoop hundreds of individuals, including Indians.
  • While the NSO claims its spyware is sold only to governments, none of the nations have come forward to accept the claims.

Threats created by Pegasus

  • What makes Pegasus really dangerous is that it spares no aspect of a person’s identity.
  • It makes older techniques of spying seem relatively harmless.
  • It can intercept every call and SMS, read every email and monitor each messaging app.
  • Pegasus can also control the phone’s camera and microphone and has access to the device’s location data.
  • The app advertises that it can carry out “file retrieval”, which means it could access any document that a target might have stored on their phone.

Dysfunctions created

  • Privacy breach: The very existence of a surveillance system, whether under a provision of law or without it, impacts the right to privacy under Article 21 and the exercise of free speech under Article 19.
  • Curbing Dissent: It reflects a disturbing trend with regard to the use of hacking software against dissidents and adversaries. In 2019 also, Pegasus software was used to hack into HR & Dalit activists.
  • Individual safety: In the absence of privacy, the safety of journalists, especially those whose work criticizes the government, and the personal safety of their sources is jeopardised.
  • Self-Censorship: Consistent fear over espionage may grapple individuals. This may impact their ability to express, receive and discuss such ideas.
  • State-sponsored mass surveillance: The spyware coupled with AI can manipulate digital content in users’ smartphones. This in turn can polarize their opinion by the distant controllers.
  • National security: The potential misuse or proliferation has the same, if not more, ramifications as advanced nuclear technology falling into the wrong hands.

Snooping in India:  A Legality check

For Pegasus-like spyware to be used lawfully, the government would have to invoke both the IT Act and the Telegraph Act. Communication surveillance in India takes place primarily under two laws:

  1. Telegraph Act, 1885: It deals with interception of calls.
  2. Information Technology Act, 2000: It was enacted to deal with surveillance of all electronic communication, following the Supreme Court’s intervention in 1996.

Cyber security safeguards in India

  • National Cyber Security Policy: The policy was developed in 2013 to build secure and resilient cyberspace for India’s citizens and businesses.
  • Indian Computer Emergency Response Team (CERT-In): The CERT-In is responsible for incident responses including analysis, forecasts, and alerts on cybersecurity issues and breaches.
  • Indian Cyber Crime Coordination Centre (I4C): The Central Government has rolled out a scheme for the establishment of the I4C to handle issues related to cybercrime in the country in a comprehensive and coordinated manner.
  • Budapest Convention: There also exists Budapest Convention on Cybercrime. However, India is not a signatory to this convention.

Issues over government involvement

  • It is worth asking why the government would need to hack phones and install spyware when existing laws already offer impunity for surveillance.
  • In the absence of parliamentary or judicial oversight, electronic surveillance gives the executive the power to influence both the subject of surveillance and all classes of individuals, resulting in a chilling effect on free speech.

Way forward

  • The security of a device becomes one of the fundamental bedrock of maintaining user trust as society becomes more and more digitized.
  • Constituting an independent high-level inquiry with credible members and experts that can restore confidence and conduct its proceedings transparently.
  • The need for judicial oversight over surveillance systems in general, and judicial investigation into the Pegasus hacking, in particular, is very essential.

Conclusion

  • We must recognize that national security starts with securing the smartphones of every single Indian by embracing technologies such as encryption rather than deploying spyware.
  • This is a core part of our fundamental right to privacy.
  • This intrusion by spyware is not merely an infringement of the rights of the citizens of the country but also a worrying development for India’s national security apparatus.

 

UPSC 2023 countdown has begun! Get your personal guidance plan now! (Click here)

Get an IAS/IPS ranker as your 1: 1 personal mentor for UPSC 2024

Attend Now

Join the Community

Join us across Social Media platforms.