The recent controversy over the use of spyware Pegasus by innominate entities to violate the privacy of some Indians has highlighted multiple risks. With multiple bodies stealing personal data with no legislative and judicial framework to safeguard and ensure the privacy of an individual, the state is under attack for rampantly invading the privacy of netzines. With everyday technological evolution and upgradation, this indeed is a reflection of the State where it has terribly faltered and failed to address the concern.
With the breaking of the news on Thursday that an Israeli spyware was used to “snoop” on some of the human rights activists and journalists, a huge amount of fury was seen dominating the media. Pegasus (Made by NSO, an Israeli firm) was used to compromise phones of multiple journalists, activists and lawyers. By using the vulnerability of WhatsApp, it allowed the Pegasus spyware software to be installed in a target’s phone with a call. The spyware can track data that is exchanged via end-to-end encrypted systems which are now being patched.
According to the report by the Indian Express, “at least two dozen academics, lawyers, Dalit activists and journalists in India have been spied upon by Pegasus.” With 10 activists confirming the risks, albeit with no evidence of it. Because they were in silence when it happened to them, they only came out when it became news. At the heart of the outrage was the assumption that the Indian government had used Pegasus to spy on certain people in this country. However, with no reports to the reference who was responsible, became the base of the assumption.
While the government has tried to shift the focus to WhatsApp by expressing concerns over the Right to Privacy and asking the app to respond by November 4, it is misleading the population at large by doing so. With the question of whether they purchased Pegasus or not, the government remained silent, which in itself is indicating a lot of things if read carefully. Who purchased it? And when? And more importantly, under what law? These are some of the pertinent questions that need to be addressed and looked at.
With the Pegasus maker claiming that it only sells the spyware to government agencies and the Canadian cybersecurity firm Citizen’s Lab had found a shadowy group called ‘Ganges’ to be using Pegasus in India, isn’t the government involved when the agency claims of selling only to the government? And what was the government doing when snooping took place? But do we know whether ‘Ganges’ was being operated by an Indian agency or not? No. Do we need to ask more questions about it? Yes. Yes. Yes.
Limiting the state intervention in privacy rights, the apex court also obligated the state to safeguard the fundamental right to privacy of individuals. Currently, a private member’s bill in the parliament also seeks to bring in judicial oversight in the surveillance process. According to me, this must be taken up and made it into law. With the existing framework of the digital laws and the technological world we are heading towards, it requires more laws and rules ensuring the privacy of the netizens of India, which are currently missing and paid less attention to.
What are you doing to safeguard our privacy and data, is a must question that one needs to be asked to the government so as to make one feel safe and secure about data while online. With an indication from the government to introduce a personal data protection bill in the winter session of the Parliament, let’s hope that it permits debate to improve the quality of legislation, which can be beneficiary with the changing technology every second. In the meantime, we need credible answers to who violated the fundamental right to privacy of the netizens with the usage of Israeli software.