The big Whatsapp-Pegasus Expose:
After the big expose of the WhatsApp-Pegasus snooping software, there has been a row of revelations. The suspicions on the involvement of the Government in India is growing. The Quint reported on 01 November that in an exclusive interview with the former home secretary G K Pillai it has come out that he was aware of the Israeli tech firm NSO, which was operating in India. Pillai informed that it had sold spying software private firms and individuals in the country. Pillai has also confirmed that agencies of the Indian Government have bought spyware previously from different private foreign tech firms, like NSO. He said that purchasing spyware ‘is quite common’.
A few days ago Whatsapp confirmed that Pegasus, spyware made by NSO was used to have some 1,400 people globally of which two dozen were Indians. The Indians who were looked into using this malware entering their phone via the WhatsApp mobile application were activists and human rights lawyers. In conversation with The Quint, NSO told that:
“The sole purpose of NSO is to provide technology to licensed government intelligence and law enforcement agencies.”
What does the law say?
There is no clarity around whether or not the Indian Government did purchase Pegasus from the NSO to snoop on Indian citizens. As per the law of the land, surveillance can only be made when the home secretary based on the intel reports received from the intelligence agencies requisitions it. Even the state governments have the power to authorise their police for surveillance. It can be seen that over time, the number of people brought under surveillance by different states is more extensive than those ordered by the central Government, said Pillai.
GK Pillai held the office of the secretary of Ministry of Home Affairs from 2009 to 2011. He says that during his tenure, 4,000-8,000 individuals, as well as entities, were put under surveillance by the central Government. While he was the home secretary, P Chidambaram was appointed as the Union Home Minister. At this time, it was the second tenure of the UPA government in consecutive. Pillai described in detail the protocol which is mandated to be followed to conduct surveillance on someone in the country. He said,
“If any intelligence agency wants to surveil an individual or entity, they need to specify for how many days they need permission and justify the number of days for the same. After completion of the said number of days, they have to come back and tell the home secretary if they need an extension.”
Were measures to ensure privacy taken by the Government?
The big question that is being raised throughout the country by cyber law experts and human rights activists is that if the Government knew NSO and other spyware firms are operating in India, who was monitoring it. Raman Jit Chima, Cyber Law Expert, has said that in light of events that are making the news, it is essential to question the steps taken at the level of the Government to supervise the activities of these firms. With the information of the presence of these firms in India, were adequate steps taken to ensure the privacy of individuals. The question becomes significant because as revealed by an Intelligence official to the quill, in some instances, the government purchases spyware and passes it on to a third party for monitoring and providing required information to the Government.
Chima also shed light on the government restrictions on the sale of surveillance equipment, which was after there were incidents involving the former finance minister Arun Jaitley and Union Minister Nitin Gadkari. Chima further raises the question, “Has the Union home secretary ever seen it worthy of asking the states what they are doing? And if they have, then ultimately the buck stops with the central Government.”
Internal Measures of NSO:
The Israeli company- NSO has officially responded to two significant policy measures regarding the sale of spyware regarding ensuring privacy. While the NSO group’s statement on the issue did not address the India incident specifically and instead highlighted the lawsuit against it by WhatsApp owner Facebook, the response provides clarity on the company’s stance on the ongoing ‘snoop gate controversy’.
Firstly, the company has said that NSO considers it to be misused for any other use of their products if it is for any other use but for the prevention of serious crime and terrorism. NSO said that the use witnessed on Indian citizens “is contractually prohibited.” Secondly, it also said that in case any misuse is detected and the same is proved, and then the action is taken by the company.
After the leak, The Quint has been able to confirm so twenty citizens who were targeted by the Pegasus malware. The list includes people associated with the Elgar Parishad and Bhima Koregaon case, anti-caste activists and journalists reporting on defence.
WhatsApp had informed the Government about the spyware in September:
Almost four months ago in September 2019, WhatsApp informed the government agencies regarding the spyware and the associated vulnerability in the application’s service. As per a report by the Indian Express, it has in writing communicated to the Government that some 121 Indian citizen’s privacy was being compromised by the spyware After the Indian Government sought an explanation, on Friday, WhatsApp responded to the Government again and explained its lawsuit in a California court.