Context

• Recently, the New York Times published an article extensively detailing how Pegasus spyware developed by Israel-based NSO Group, has been used as a tool to firm up Israel’s interests across the globe.

Key Details

• The investigative article said that Israel got countries that had historically been against it on the Palestine issue to switch sides by offering this powerful spyware that can be deployed not only against drug traffickers and terrorists, but also against opposition activists and prying journalists.
• The tool is cited as one of the reasons why the Abraham accords between Israel and its neighbouring Arab countries fell into place and won the blessing of Saudi Arabia.

What do we know about Pegasus Spyware?

• The Pegasus spyware can not only mop up information stored on phones such as photos and contacts, but also activate a phone’s cameras and microphones to turn it into a spying device without the owner’s knowledge.
• The earliest avatars of Pegasus used spear phishing to enter phones, utilising a message designed to entice the target to click on a malicious link.
• However, it evolved into “zero-click” attacks with the phones being infected without any action from the target individual.
• In 2019, WhatsApp released a statement saying that Pegasus could enter phones via calls made on the platform, even if they were not attended.
• Pegasus used several such “exploits”, or weaknesses, to enter Android and Apple phones; and many of these exploits were reportedly “zero day”, which means even the device manufacturers were unaware of these weaknesses.
• Pegasus can also be delivered over the air from a nearby wireless transmitter, or manually inserted if the target phone is physically available.
• Once inside the phone, Pegasus seeks “root privileges”, a high level of control over the phone that enables the spyware to establish communications with its controllers through an anonymised network of internet addresses and servers. It can then start transmitting any data stored on the phone to its command-and-control centres.

What is known about the use of Pegasus in India?

• Reports that appeared in July 2021 from the Pegasus Project, that in India, at least 40 journalists, Cabinet Ministers, and holders of constitutional positions were possibly subjected to surveillance using Pegasus.

  

• Since Pegasus is graded as a cyberweapon and can be sold only to authorised government entities as per Israeli law, most reports have suggested that the governments in these countries are the clients.

What has been the fallout?

• The Indian government has so far neither confirmed nor denied that it has deployed Pegasus for any operation.
• In the wake of the Pegasus Project revelations, several petitions were filed with the Supreme Court alleging that the Government has indulged in mass surveillance in an attempt to muzzle free speech and to chill dissent.
• In response to the petitions, the Supreme Court asked the Centre to file a detailed affidavit regarding the use of Pegasus.
• However, the Centre refused to comply, arguing that such a public affidavit would compromise national security.
• Following this, the Supreme Court on October 27, 2021 appointed an expert panel monitored by retired Supreme Court judge Justice R.V. Raveendran to probe and file a report on the spying allegations. 

What do Indian laws outline?

• Section 5(2) of The Indian Telegraph Act, 1885, states that the Government can intercept a “message or class of messages” when it is “in the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign states or public order or for preventing incitement to the commission of an offence”.
  • The operational process and procedures for it appear in Rule 419A of the Indian Telegraph Rules, 1951.
• Rule 419A was added to the Telegraph Rules in 2007 after the verdict in the People’s Union for Civil Liberties (PUCL) vs Union of India case in 1996, in which the Supreme Court said telephonic conversations are covered by the right to privacy, which can be breached only if there are established procedures.
  • Under Rule 419A, surveillance needs the sanction of the Home Secretary at the Central or State level, but in “unavoidable circumstance” can be cleared by a Joint Secretary or officers above, if they have the Home Secretary’s authorisation.
• In the K.S. Puttaswamy vs Union of India verdict of 2017, the Supreme Court further reiterated the need for oversight of surveillance, stating that it should be legally valid and serve a legitimate aim of the Government.
  • The court also said the means adopted should be proportional to the need for surveillance, and there should be procedures to check any abuse of surveillance.
  • The second legislation enabling surveillance is Section 69 of the Information Technology Act, 2000, which deals with electronic surveillance. It facilitates Government “interception or monitoring or decryption of any information through any computer resource” if it is in the interest of the “sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States or public order” or for preventing or investigating any cognizable offence.
  • The procedure for electronic surveillance as authorised by Section 69 is detailed in the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

Way Forward

• The use of Pegasus is illegal as it constitutes unauthorised access under Section 66 of the Information Technology Act. Section 66 prescribes punishment to anyone who gains unauthorised access and “downloads, copies or extracts any data”, or “introduces or causes to be introduced any computer contaminant or computer virus,” as laid down in Section 43.

Source: TH

Visit Abhiyan PEDIA (One of the Most Followed / Recommended) for UPSC Revisions: Click Here

IAS Abhiyan is now on Telegram: Click on the Below link to Join our Channels to stay Updated 

IAS Abhiyan Official: Click Here to Join

For UPSC Mains Value Edition (Facts, Quotes, Best Practices, Case Studies): Click Here to Join