Pegasus Spyware- A threat to privacy and cyber security

Reading time : 6 minutes

Table of Contents

  1. Introduction
  2. What is Pegasus spyware?
  3. Recent controversy of Pegasus in India
  4. Indian legal provisions for Surveillance
  5. Some eminent case laws
  6. A Major concern for privacy
  7. Conclusion

Introduction

The Pre-Budget session was marked by the protest of the Member of opposition parties and the opposition parties outside the Indian Parliament. A New York times article published on 28th of January brought shocking revelations about the Indian Government’s use of the Pegasus spyware. This made all the opposition parties align together and protest against the government. This article defines and describes all about the Pegasus spyware controversy from recent to past, How it works and from what it is comprised of all the past- instances of it. The most used term Spy-Tech Zero-Click technology which is used in many cyber frauds and it is a most discussed thing nowadays. It’s technique of hacking the phone by just giving a Whatsapp missed call made it one of the most dangerous cyber weopon. Legal provisons such as The Telegraph act,1885 and IT Act, 2000 are some of the laws that deals with the cybercrimes. In this research article, the author will discuss about the Pegasus spyware, legal provisions related with cybercrimes and eminent case laws related with it and How Pegasus is a major concern for the democracy as well as the individual. 

What is Pegasus spyware?

Pegasus is a spyware programme created by NSO Group, an Israeli firm that specializes in so-called “cyber weapons.” It originally made headlines in 2016, when an Arab activist became suspicious after receiving a threatening message. Pegasus was thought to be targeting iPhone users. Apple published an updated version of iOS, a few days after it was discovered, apparently patching the security flaw that Pegasus was exploiting to hack phones.

Pegasus, however, was discovered to be similarily capable of infecting Android Phones a year later by security researchers. More information and security fixes trickled in. After that, in 2019, Facebook sued NSO Group for investing Pegasus. Pegasus was being pursued by Facebook security experts across their networks, and they discovered that the malware was causing problems. The security researchers at facebook were chasing Pegasus across their systems, and they found that the software was used to infect several journalists and activists in India. This Pegasus spyware is not a new concern for privacy and cyber security from 2019 to 2021 the spyware has been called “the most sophisticated” phone hacking tool ever and because it has been used so frequently that we are still hearing stoies about its victim. It is worth noting that NSO Group has confirmed the existence of Pegasus. However, the Israeli company has also said that it sells the tools only to governments and that it is not responsible for its misuse.

How does Pegasus spyware work?

Pegasus takes advantage of Android and iOS flaws that have yet to be disclosed. This means that even if a phone has the most recent security patch installed, it could be infected. A previous version of the malware, which was released in 2016, targeted devices using a tactic known as “spear-fishing,” which involved sending text messages or emails to the target that contained a dangerous link. It was predicated on the target clicking the link—a requirement that was removed in later versions. Pegasus could penetrate a device with a missed WhatsApp call in 2019 and even wipe the record of the missed call, making it hard for the user to realize they were being tracked. Pegasus used a weakness in WhatsApp’s code to infect over 1,400 Android phones and iPhones, including those of government officials, journalists, and human rights activists, according to WhatsApp in May of that year. It quickly fixed the problem. Pegasus also takes use of flaws in iMessage, providing it backdoor access. 

What can Pegasus do?

Pegasus can intercept and steal almost any information on a phone after it is installed, including SMS-es, emails, contacts, call history, calendars, emails, and browsing histories. It can record calls and other conversations using your phone’s microphone, can record your video with the help of camera, and follow you using your GPS.

What does Pegasus comprises of?

Pegasus connects to the attacker’s Command and Control (C&C) servers after installation to receive and execute instructions and transmit back the target’s personal information. Passwords, contact lists, text messages, and live phone calls are all examples of this type of information (even those via end-to-end-encrypted messaging apps). The attacker can control the phone’s camera and microphone, and use the GPS function to track a target. Pegasus only transmits scheduled updates to a C&C server to avoid consuming a lot of bandwidth and alerting a target. The spyware can elude forensic investigation and anti-virus programme detection. When and if necessary, the attacker can also uninstall and deactivate the spyware.

Past Instances of Pegasus Spyware

Pegasus was first discovered on the Smartphone of human rights activist cum promoter Ahmed Mansoor in 2016 by researchers from the Canadian cyber security organisation The Citizen Lab. In September 2018, Pegasus is being used in 45 nations, according to a research published by Citizen Lab. India was featured in the list, as was the case with the most recent revelations. In October 2019, WhatsApp revealed that Pegasus operators were spying on journalists and human rights activists in India. In July 2021,Various nations utilised the software to spy on government officials, opposition politicians, journalists, activists, and others, according to the Pegasus Project, an international investigative journalism endeavour. Between 2017 and 2019, the Indian government allegedly utilised it to eavesdrop on about 300 people, according to the report. According to a report released in 2020, government officials used Pegasus to infiltrate the phones of Al Jazeera and Al Araby workers.

Spy-Tech and Zero-Click

NSO began developing Pegasus as a surveillance option for intelligence agencies and law enforcement organisations. The story they created was that it would be used by government agencies to combat terrorism, drug trafficking, and other crimes. But its first known state client, Mexico, went above and beyond the script, arming itself with cyber-espionage capabilities to combat drug trafficking. Between 2016 and 2017, Mexican agents targeted more than 15,000 phone numbers, according to Forbidden Stories. Those who were close to then-candidate Andres Manuel Lopez Obrador, now President of Mexico, as well as journalists, dissidents, their coworkers, and family members, were among them.

This propelled NSO Group to the forefront of the spy-tech sector, displacing heavyweights like European firms Hacking Team and Fin Fisher.

Pegasus has been using attack vectors like malicious URLs in e-mails and SMS till then. When the link was clicked, the malware was installed, allowing the hacker complete control of the device without the target’s awareness. It then advanced to zero-click infections. End-user intervention is not required for such viruses, which are utilised in WhatsApp and iMessage hacks. A missed call on WhatsApp’s voice call feature inserted a malicious code onto the smartphone. With iMessage, a brief message preview sufficed.

Recent Controversy of Pegasus in India

A New York times article published on 28th of January brought shocking revelations about the Indian Government’s use of the Pegasus spyware. The article exposed the sale of Pegasus to the Indian Government in 2017 as a part of a $2 Billion arms deal in order to carry out targeted surveillance on citizens, claiming that the high-level visits by Prime-Minister Narendra Modi and Former Israel Prime minister Benjamin Netanyahu and even an U.N. vote on a Palestinian organisation was part of a larger backroom deal. The revelations that come from that article of NYT provided fresh ammunition to the opposition parties to corner the government on the issue. NYT’s reporters named several countries including India, UAE, Hungary, Poland and Mexico on the list of those who had purchased the spying software, and said that they had not just strengthened ties with the Netanyahu government, but had shifted on support to Palestine and muted opposition to Israel at the United Nations. In June 2019, India voted in support of Israel at the U.N’s Economic and Social Council to deny observer status to a Palestinian human rights organization. According to the report of the wire over 300 Indian phone numbers were found on the list of project Pegasus which includes ministers, members of oppositions, journalists, judicial members etc. Name of few potential targets from India were; Rahul Gandhi along with his 5 close associates, Prashant Kishore, Abhishek Banerjee nephew of Mamta Banerjee, Prahlad singh Patel (Current minister of state for jal Shakti), Praveen Togadia, Former CJI Ranjan Gogoi and many others except them phone number of 40 journalists were also mentioned in the list. The opposition parties attacked the government, accusing it of ‘misleading’ parliament and the Supreme court. The Congress party said the alleged use of spyware on opposition leaders, Supreme Court judges, Journalists and activists was an “act of treason”. The investigation over whether the Modi Government bought the Pegasus spyware, and used it to hack the phones of a number of citizens not wanted in any criminal cases and carryout illegal surveillance on them is  with the Supreme Court, which appointed a special Committee headed by Justice (Retd) RT Raveendran on October 27, and scheduled another hearing “after eight weeks”, which  has not been listed at present. Due to the article published in NYT, Mallikarjun Kharge, leader of opposition in Rajya Sabha, said, “Parliament was deceived by the Modi government. It is clear that the supreme court was also duped by the Modi government. It is also clear that the people of India were lied to by the Modi government and its ministers.” The clash of against ideas paved the way for forming an anti-government and strengthen the opposition more as it was from farmer laws or the lakhimpuri accident against the minister’s son and forming a more stable anti-government alliance. In a tweet from its official account Trinamool Congress called the Pegasus Report proof of “State sponsored Surveilance” that “blantantly abused the rights of Indians.” The Pegasus controversy catalysed the chaos and agitation against the government and made a stronger argument for the opposition to protest and question the government in its role. This agitation against the government would harm them in their upcoming elections in five states including Uttar Pradesh which is the most significant state in Upcoming lok sabha elections in 2024.

Indian legal provisions for Surveillance

The law of observation in India is beginning when it concerns progressed reconnaissance innovations like Pegasus. In any case, the current legitimate system gives a few shields to the elemental right to protection, permitting proportionate criticism as it were in national, not in private, intrigued. This piece contends that the national security vindication is infructuous within the Pegasus outrage. The government ought to follow to worldwide majority rule standards administering observation innovation.

The laws authorizing interception and monitoring of communications are:

  1. Section 5 (2) of the Indian Telegraph Act, 1885
  2. Section 69 of the IT Act, 2000
  3. IT Rules
  4. Section 5(2) of the Indian Telegraph act, 1885: This act deals with the interception of phone calls. Section 5(2) of this act provides the provision that mentions certain situations under which the central & state government can conduct the surveillance i.e., in case of ‘Public Emergency’or in the interest of ‘Public Safety’. But there are certain grounds available for such surveillance which can be also considered as the reasonable restriction;
  5. When there is threat to the sovereignty and integrity of the India
  6. For the Security of the state
  7. For the friendly relationship with foreign states
  8. If there is a threat on law and orders or in the interest of public order
  9. For immediate incitement of the commission of an offence.

On these grounds and conditions the Indian government is allowed to caught portable phones. In spite of the fact that the act has moreover given certain shields arrangements with regard to securing the basic rights to free discourse for each writer.

  • Section 69 of the IT Act, 2000: This act bargains with the observation of all sorts of electronic communication. Sec 69 of the act gives the arrangements within the favour of Indian government with regard to any electronic observation within the nation. It states almost the interferences, checking of computerized data for the reason of examination of an offense. These arrangements don’t say any grounds related to open security or crisis. Section 69 of the IT Act, 2000 enables competent specialists, with reasons for capture attempts recorded, to put an capture attempts gadget, given, “it is fundamental or practical so to do within the interface of the sway and astuteness of India, the security of the State, neighbourly relations with outside states or open arrange or for anticipating prompting to the commission of an offence”. In any case, Section 69 does not approve any office to introduce spyware to hack a versatile gadget for this. In reality, Section 66, perused with Section 43 of the IT Act, 2000, criminalises the hacking of a gadget.
  • IT Rules: The government re-examined the IT Rules in December 2018 on the affection of moving forward straightforwardness and responsibility and handling wrongdoing and fear based oppression. Through a Statutory Arrange, the government assigned 10 central offices as “security and insights agencies” and approved them to captured, screen and decode “any data produced, transmitted, gotten or put away in any computer”. The State draw rules to choose how a particular arrangement within the essential statute will be worked. These rules ended up the appointed enactment made by the State. The government utilized this inborn control to change the IT Rules, 2009; downsized the shields for individual’s protection; made all-encompassing definitions approving the utilize of hacking apparatuses like Pegasus and gave cover reconnaissance powers to organizations that are not indeed capable for national security, e.g., the Delhi Police and the Directorate of Income Insights. These offices presently collect information without administrative or legal oversight beneath the powers conferred in Segment 69 (1) of the IT Act, 2000, perused with Run the show 4 of the IT Rules, 2009.

The government changed the reason and objective of the law within the statute book and the setting in which it is actualized and presently utilizing these changed rules as a lawful reinforcement for reconnaissance of citizens through hacking devices like Pegasus.

 Some Eminent Case laws

The Indian Courts Interpreted the above mentioned laws several times. We would study some case laws related to the legal provisions mentioned earlier. These are some cases as follows:

  1. People’s Union for Civil liberty vs Union of India: In this case the arrangements of Telegraph Act, 1885 were challenged, and the Supreme Court had expressed the significance of the proper to individual’s personal security. It was held in this case that government observation can undermine the security of an person . This case advance announced the proper to protection as a principal right. Further, within the year 2007 the Run the show 491 had been included within the Telegraph Rules which states that any order related to the interferences of any portable phone ought to come from the Domestic Secretary conjointly specify the foundation of a audit committee to audit an arrange issued by the domestic secretary.
  2. K.S Puttaswamy vs Union of India: On August 23rd 2017, the Supreme Court unanimously recognised privacy as a fundamental right guaranteed by the Constitution:

In 2012, Justice K S Puttaswamy, a retired judge of the High Court, filed a writ petition in the Supreme Court challenging the constitutional validity of the Aadhaar scheme introduced by the UPA Government. On August 11th 2015, a Bench comprising of three judges to decide the matter of fundamental right to privacy. This matter was first placed before a Five Judge Bench headed by then CJI Khehar. Subsequently, the matter was referred to a nine Judge Bench on July 19th 2017 and concluded on August 2nd 2017. In a historic decision delivered on August 24th 2017, the bench unanimously recognised a fundamental right to privacy of every individual guaranteed by the Constitution, within the Article 21 in particular and part 3 on the whole. Since the 2017 judgement, the fundamental right to privacy has been cited as precedent in various landmark judgements.

A  Major Concern for Privacy

After knowing all about the Pegasus spyware, How it is comprised, What is the legal basis of it and the controversies from past to the most latest one now we will know how it affects individuals privacy and the grounds on which the restrictions of government should be laid. Before knowing about How does Pegasus threats to the Privacy of the person knowing the term privacy becomes more eminent.

So, According to Constitutional law, Privacy means the right to make certain fundamental decisions concerning deeply personal matters free from government coercion, intimidation or regulation. In simple terms there are certain things that the Individual needs to keep it confidential and that nobody can force them to knew about that. The Indian Law  gives certain provisions related to the fundamental right to privacy from the eminent case of K.S Puttaswamy vs. Union of India where it was stated in this case the breach of individual’s privacy can only be done on the following grounds; First the state must be sanctioned by law, there should be test of necessity & proportionality, there must be some legitimate state aim for such actions and there should be a procedural gurantees against the abuse of such power. It was this case which mentioned where clearly the right to privacy is integral to the right to life conferred under article 21.

Pegasus spyware is a big threat to a certain individual as it can record data, spy the person’s confidential and the personal matters without the acknowledging the person with whom the data is going to be spyed upon. It is direct attack towards the democracy also as the opposition leader are also being spyed upon, the fourth pillar of democracy Media also gets affected from this as the journalists, Human rights activists and many more are also affected by it. The Government can also not directly conduct surveillance as there are reasonable restrictions to it also.  It also Violates Article 19 of the Indian Constitution which Gives freedom of speech and expression. If a person’s privacy is breached it is a direct attack towards the Individual’s Human rights and the rights conferred to him under various Indian laws. 

There are lot of vague and ambiguous perspective on How to Curb the Menance from Pegasus. These are some smalls tips which can be useful to prevent the device from the spyware such as:

  1. Reboot Daily
  2. Disable iMessage
  3. Disable Facetime
  4. Don’t ever click on links received in messages.
  5. Keep the mobile device up to date; install the latest iOS patches as soon as they are out.
  6. Browse the Internet with an Alternate browser such as Firefox Focus instead of Safari or Chrome.
  7. Always use a VPN that masks your traffic.

Conclusion

Pegasus is a spyware programme created by NSO Group, an Israeli firm that specializes in so-called “cyber weapons.” It came in the limelight when the one of the most popular American based daily newspaper New York Times published an article where it revealed that Indian Government purchased the Pegasus spyware to spy upon the Leaders of Opposition, Journalists, writers, Human rights activists etc. It created a lot of ruckus and chaos all over the country against the government during the Budget session. After discussing about all the important legal provisions of The Telegraph Act, 1885 and The IT Act,2000 and some important case related to fundamental right to privacy such as K.S Puttaswamy vs Union of India,2012 which stated that individual’s privacy can’t be breached at any cost Though there are certain reasonable restrictions which are necessary for the state to do so. One of the most important thing is the Right to Privacy which is violated by this spyware and how this harms an individuals rights and what certain measures that need to be taken up to prevent it and till how much it can affect any individual’s privacy as well as democracy also.

REFERENCES

Author: Aditya Pandey, NMIMS, Hyderabad

Editor: Kanishka VaishSenior Editor, LexLife India

Pegasus Spyware: A Menace to Democracy

Reading time : 6 minutes

What is a Spyware?

‘Spyware is software with malicious behaviour that aims to gather information about a person or organization and send it to another entity in a way that harms the user. For example, by violating their privacy or endangering their device’s security’.[1]

These Spywares could also be used for Commercial purposes like monitoring the screens for advertisement, either way this leaves the people with a potential threat of data breach and misuse of personal information.

The Pegasus Spyware

A Spyware is designed as such that it enters into the computer or mobile of the person and without the consent of the person transmits the data to third party without any knowledge of the person whose device is being infected with it.

The PEGASUS Spyware has been developed by an NSO group which is an Israeli company has built the most influential spyware and the objective of this spyware is to get through the device of the person that has to be bugged and give out private information about the person on whose device the spyware has been infected which in short turns the device into a surveillance or a monitoring device which the third party can blatantly use to violate the Fundamental Right of life and personal liberty enshrined in Art 21 of the Indian Constitution. However, the parent organization of the Pegasus spyware claims that they built this for the governments around the world to help them spy on terrorist activities and criminals, which has not been the case with the claims of the media Consortium around the globe.

‘Pegasus Spyware was first identified around 4-5 years ago when a human rights activist from the United Arab Emirates received a text message that was actually a phishing setup. He sent these messages to the security agency and it was found out that if he (the user) had opened those links – his phone would have been infected with the malware, named Pegasus.’[2]

How does the Pegasus Spyware work?

The Spyware can bug the device through a text message or that directs the device to a website installing the spyware without the knowledge of the user some claims have even been made that there is no user interaction required and just a simple delivery of the text message is sufficient enough to infect the device for the iOS users which claims itself to be the most protected device it is the I-text which can bring the catastrophe.

Once the Spyware has been installed, which is quiet easy in this case the third party can access the texts, mails, call logs, photos and much more from the device. In fact, the access of the device is given as such that the camera and microphone can also be operated by the third party.

‘NSO Group sells the software to governments only. A single licence, which can be used to infect several smartphones, can cost up to Rs 70 lakh. According to a 2016 price list, NSO Group charged its customers $650,000 to infiltrate 10 devices, plus an installation fee of $500,000.’[3]

Laws in India Regarding Tapping and Surveillance

The rules governing the surveillance laws can be divided under two heads namely the telegraph Act, which particularly deals with the surveillance over tapping of calls and the Information technology Act, 2002 that deals with the interception of data.

Telegraph Act

‘Section 5, of the Telegraph act deals with the wire-tapping laws, that means in case of an emergency any authorized public official has been given the authority to intercept phone calls only in the interest of the public safety. However, such interception has to satisfy the certain grounds of sovereignty and integrity of India; the security of the State; public order; friendly relations with foreign states and preventing incitement to an offence.’[4]

The broad connotations could led to the potential misuse of the loopholes of the Section 5 of the Act so the Supreme Court in the case of People’s Union for Civil Liberties V. Union of India[5] brought up the 419A of the Telegraph Rules 2007 which gave the secretary to the government of India of Home Affairs to pass orders relating to the wire-tapping which gives authority only to a limited and high ranked officials of the government and the misuse of the same would be answerable by the official.

Section 69 of the IT Act, 2002

‘Where the Central Government or a State Government or any of its officers specially authorised by the Central Government or the State Government, as the case may be, in this behalf may, if satisfied that it is necessary or expedient to do in the interest of the sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence, it may, subject to the provisions of sub-section (2), for reasons to be recorded in writing, by order, direct any agency of the appropriate Government to intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any information generated, transmitted, received or stored in any computer resource.’[6]

The IT Act, 2000 is different from the Telegraph Act as in case of the latter only when there is an emergency can there be the wire-tapping of and on the contrary, when any investigation needs to be done by the government of India, Section 69 could come into force.

The K.S. Puttaswamy V. Union of India Case of Right to Privacy

The K.S. Puttaswamy judgment, ruled that privacy could only be breached under the following three heads:

The restriction must be by lawful in nature;

It must be necessary and proportionate;

It must be in the state interest (national security & sovereignty).

The judgement held that the issue of Privacy could arise from the State held Entities as well as the Non-state held.

The court stated that Right to Privacy is an inherent and integral part of Part III of the Constitution that guarantees fundamental rights to its citizens. The conflict in this area mainly arises between an individual’s right to privacy and the aim of the government to implement its policies. Thus, a balance needs to be maintained between the two.

The area of Pegasus is slightly different from mere surveillance and wire-tapping because the spyware hacks the phone and Section 43 of the Information Technology Act, 2000 prohibits the same without the consent of the user of the phone and the punishment for the same is given under Section 66 of the Information Technology Act, 2000 with imprisonment for a term which my extend to 3 years and fine which may extend to an amount of Rs. 5 lakhs.

What the Government has to say about the allegations?

The government has out rightly denied any such claims as fictitious, concocted and baseless and tells that these are false and misleading; also, India’s Minister of Electronics & IT also claims that including the Parliament, there has been no unauthorised interception by Government agencies. Furthermore, Government agencies have well-established guidelines for interception of any kind of data from a third party, which includes authorization and supervision from high ranked officials in central as well as in the state governments, for reasons in national interest.

In the recent past, similar claims were made regarding the use of Pegasus on WhatsApp by the Indian government. Those reports were also lacking factuality and all the parties, including WhatsApp in the Apex Court, categorically denied them.

The Indian government further claims that every case of interception, monitoring, and decryption of any kind of data is approved by the competent authority i.e. the Union Home Secretary. These powers are also available to the competent authority in the state governments as per IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

Opposition’s claims

‘Opposition parties demanded an independent inquiry and accountability from the government over the use of Pegasus software to spy on ministers, legislators, and journalists and other various known people.

Political parties such as the Congress, TMC, NCP, Left parties, RJD, and Shiv Sena all demanded an investigation.

The Congress called the Centre’s actions “treasonous,” and the Home Minister was called to give an account for the whole incident on the spying matter, which included the spying and hacking of journalists’, judges’, and politicians’ phones. They further demand the resignation of the Home Minister,” the Congress tweeted, “We cannot emphasize enough how important it is to uphold our democratic and constitutional ideals and principles for the protection and security of all of our residents. An International Ransomware Meant Solely for Government agencies has hacked into the phones of our citizens. Accountability is required.”

“The Modi government is hacking into its own journalists, opposition leaders, and constitutional authorities using foreign military grade spyware. It is basically fighting for the destruction of our democracy and constitution,” the CPI (M) stated.’[7]

Issues regarding Government’s spying

‘In 2012 in Himachal Pradesh, the new government raided police agencies and recovered over a lakh phone conversation of over a thousand people, mainly political members, and many senior police officials, including the Director General of Police (DGP), who is legally responsible for conducting phone taps in the State.

In 2013, India’s current Home Minister Amit Shah was embroiled in a controversy dubbed “Snoop gate”, with phone recordings alleged to be of him speaking to the head of an anti-terrorism unit to conduct covert surveillance without any legal basis (as there was no order signed by the State’s Home Secretary which is a legal necessity for a phone tap).’[8]

Such examples of unlawful surveillance, which are done for personal gains ae unethical and destroying the very essence of democracy but on the contrary is also the need for this age as most of the things happen over an electronic device in this technological age.

Recommendations regarding Surveillance

In 2010, then Vice-President called for a legislative basis for India’s agencies and the creation of a standing committee of Parliament on intelligence to ensure that they remain accountable and respectful of civil liberties.

The Cabinet Secretary in a note on surveillance in 2011 held that the Central Board of Direct Taxes having interception powers was a continuing violation of a 1975 Supreme Court judgment on the Telegraph Act.

In 2013, the Ministry of Defence-funded think-tank published a report, which recommended that the intelligence agencies in India must be provided a legal framework for their existence and functioning; their functioning must be under Parliamentary oversight and scrutiny.

In 2018, the Srikrishna Committee on data protection noted that post the K.S. Puttaswamy judgment, most of India’s intelligence agencies are “potentially unconstitutional”. This is because they are not constituted under a statute passed by Parliament — the National Investigation Agency being an exception.’[9]

How to stay protected from the Spyware?

 As per the current scenario, there is no particular solution for the zero-click attack where the device is hacked even without the owner’s knowledge. However, there are certain tips that can potentially minimize the risk of the devise getting hacked and giving out information to third party without any consent.

  • The device has to be updated with relevant patches and upgrades. A standardised version of an OS creates a base for hackers to target, it is still the defence.
  • Avoiding public and free Wi-Fi services especially while accessing sensitive and private information. The use of a VPN is a good hack when there is a need to use such networks.
  • Opening links from only known and trusted contacts and sources when using the device. Pegasus is deployed to iOS devices through an iMessage link. The same advice applies to links sent via email or other messaging applications.
  • Although it may sound obvious, limit physical access to the device while ensuring only trusted people operate your device. One can do this by enabling pin, finger or face locking on the device.
  • Encrypt the device data and enable remote-wipe features where available. If your device is lost or stolen, you will have some reassurance your data can remain safe.

Conclusion

The controversy on the Pegasus spyware hacking in the devices of the various high-class journalists’, judges’, and politicians is of a very grave nature and needs proper and timely investigation. In a digital age where technology is taking over the world the word ‘Privacy’ comes into play and as stated above in the Case of K.S. Puttaswamy V. Union of India popularly known as the Aadhar case it was held that Right to privacy is a Fundamental right guaranteed by the Indian Constitution and taking away the right should have serious consequences, just because the political party ruling the center has certain powers does not mean that they have the privilege to do as they want. According to the laws of the India, hacking is illegal and if the government is doing so then the Judiciary needs to interfere which is currently happening and proper detailed investigation is being carried on.

On the contrary, the government is denying any such claims of hacking. The software of installing and using Pegasus is a costly affair and the laws relating to surveillance in the country needs proper authentication by top officials of the centre as well as the state which means that if such a thing is happening then officials at top level must be aware and only with their consent is this spying possible and if the Apex court through its findings come to a conclusion that hacking and spying was being done then the government has to pay a very hefty penalty for that.

The Israeli NSO group that made the spyware made it for easement of the governments to catch cyber criminals and stop the cases of terrorism and it has to be limited to that use only. With the advancing digital era the use of software like Pegasus will be much more common in the coming times and certain strict rules and regulations regarding the same, not only does rule and regulation help in bettering a situation but the proper adherence to the rules laid down would be very essential otherwise there will be a lot of exploitation over the world by powerful and rich people that has to be checked upon. The unchecked use of such spywares could lead to the threat to democracy where people will not have free will, which is the very essence of democracy.


[1] Spyware available at: https://en.wikipedia.org/wiki/Spyware (last modified on 20th July 2021)

[2] History on Pegasus available at: https://www.geeksforgeeks.org/what-is-pegasus-spyware-and-how-it-works/ (last modified on 02 August2021)

[3]Editorial, ‘ETech Explainer: what is Pegasus spyware and how it works’, The Economic Times, 21st July 2021

[4] Indian Telegraph Act, 1885, S.5

[5] People’s Union for Civil Liberties v Union of India AIR 1997 SC 568

[6] The Information Technology Act, 2000 (Act 21 of 2000), s. 69

[7] Tanya Napolean, The Pegasus controversy: it’s Implications in India, 04 August 2021

[8] Pegasus Spyware issue in India, available at: https://www.legacyias.com/pegasus-spyware-issue-in-india-explained/ last modified on (July 20th 2021)

[9] Pegasus Spyware issue in India, available at: https://www.legacyias.com/pegasus-spyware-issue-in-india-explained/ last modified on (July 20th 2021)

Author: S Ashwin Nair, SINHGAD LAW COLLEGE, PUNE

Editor: Kanishka VaishSenior Editor, LexLife India.