The Apprehensions After The Pegasus Leak

–Kakali Das |

It wouldn’t be an exaggeration to term this as ‘the biggest story’ to have broken in the recent times. This particular story about the Pegasus leaks is acutely worrying for various reasons. The leak consists of more than 50.000 phone numbers from across the world that were likely targets for the Pegasus software. Out of these across the world, 300 phone numbers listed as potential targets are from India, including two serving cabinet members at the centre, opposition leader, and about 40 journalists.

What is Pegasus? – Pegasus, developed and sold by the NSO Group, an Israeli company, is perhaps the most powerful spyware ever created. It is designed to infiltrate smartphones, and turn them into surveillance devices. The company however, markets it as a tool to track criminals and terrorists – for targeted spying and not mass surveillance.In laymen terms, it is a spyware, ‘a malware’ basically, which once installed on your phone, can harvest most of the data including messages, emails, WhatsApp chats, contact list, photo gallery etc., and transmit it back to the operator. It can also track the location of a phone at all points of time. The NSO Group says that it only offers its spyware to “vetted governments,” and not private individuals.

So, if there are 300 Indians who are being spied on using the Pegasus software, it signifies being used by one government or the other. Now, is it our government or somebody else’s – is the question!

Before you quickly settle into the argument of ‘if you have nothing to hide, what it is to be worried about!’ let’s assume, if your own government is spying on and reading all your messages with the ability to plant evidence on your phone, apart from its violation of fundamental rights, it also puts you at significant risk, for the government may proceed against you with sedition, UAPA, and all other dangerous non-bailable offenses, without the knowledge of you who own the phone.

The functionality of Pegasus as a software has been revealed through two sources principally – the first is the analysis conducted by The Citizen Lab, a group set out of the University of Toronto, which has studied the software and the capabilities it possesses, and the second is a lawsuit filed by WhatsApp in the Circuit Court in California which has an actual copy of the Pegasus manual. What it reveals is that it’s a complete infection pattern in your smartphone and can spread across all your digital devices taking root access control, and more or less it can not only acquire all information on your smartphone like the call logs, pictures but it also has a lot of other functionalities. For instance, if there are two Pegasus phones within a proximity, they automatically start recording the conversation between the two people. Phones are being switched off of the two people as soon as they meet, out of the fear of being under surveillance. A notification is sent to the operator of Pegasus which their GPS coordinates as an alert. So, we are merely aware of the tip of the iceberg, and it requires a greater degree of disclosure which can be unveiled only through an independent and a high level inquiry.

The irony of ironies was that, when our brand new Minister of Electronics and Information Technology, Ashwini Vaishnaw was denying any sort of slipping on behalf of the government, it was his phone number also that turned out to be on the list of possible targets for this Pegasus software. Moreover, with the question of the timing of these leaks before the Monsoon session of the parliament, and Ravi Shankar Prashad saying “If over 45 countries use Pegasus, why target just India?” – the government seems to have not explicitly denied using the Pegasus software to surveil Indian citizens. The problem is – who will persuade the government to admit that it has used the spyware? The fact of the matter is – without oversight, accountability, and a surveillance law in place, if the government has used this, it affectively violates the fundamental right to privacy of our citizens. A bureaucrat proposes and enables surveillance in the system. So, if it is the bureaucracy which is apparently accountable or at fault, then who’s going to hold the bureaucracy as a whole accountable for this?

Also, the surveillance isn’t a new phenomenon in the country, or at least not primarily a ‘BJP-specific-thing.’ The Central Monitoring System (CMS) was essentially set up by the Congress government to work on NATGRID, supposedly a massive surveillance software, which create dashboards for individuals that the government is spying on. So, extracting data from public and privacy databases was, too, started in the UPA regime. Governments will arrive and leave, but the way this surveillance apparatus is being spread and implemented across the country is a matter of acute concern.

“Let’s first be very clear that it’s a hack by the government, not an interception or decryption, but a pure hack. The section 69 of the information technology act permits decryption, interception or monitoring or decryption of any information through any computer resource, but the section doesn’t mention hacking of any kind. Again, section 43 says that if any person accesses or secures the access to any computer system or computer networks, download copies or extracts the data held or stored in any removable storage medium etc., then the penalties come in under section 66,” Karuna Nundy, Advocate, Supreme Court said

“The word surveillance, I think, is wrongly used. It’s espionage, a political espionage. It’s one individual political party submarining the government of the government apparatus in order to serve itself. And I want to be loud and clear that the people populating the government mechanism that authorises and goes above the line, their actions are criminal,” Karuna Nundy, Advocate, Supreme Court said.

Based on what the news is, the Pegasus spyware costs an average of 1 crore rupees per individual of espionage, meaning “300 crore rupees” for those 300 verified Indian phone numbers in the leaked list. In a country where its citizens are paying horrible amount of money on taxes, suffering from constant price hikes and inflation, there has to be an accountability for the wastage of the hard-earned money by this insensitive government.

Besides, the Journalists in India doesn’t seem to be surprised finding their names on the list. In fact, there are a few journalists who are surprised not to find their names on the list. Barring the jokes, this is a matter of deep concern because the tracking of the journalists is perhaps more intense now than anything the profession has ever been used to. What is so baffling about this list is that there’s, actually, no pattern to how the people have been targeted. At a certain level, one can understand Saudi Arabia going after Jamal Khashoggi, or an authoritarian after a dissident, but many people on this list aren’t even dissidents. They are merely regular beach reporters covering the election commission, home ministry etc. In fact, there are names of a few journalists such as, J Gopikrishnan from The Pioneer who aren’t even anti-establishment from any angle, and obviously isn’t someone who’s at our Prime Minister’s throat all the time.

To this, an interesting case of an independent Journalist from Jharkhand, Rupesh Kumar Singh, whose three phone numbers are on the Pegasus list, is worth mentioning. He was arrested in 2019 by the CRPF and the Bihar police, and was released on bail after 6 months. Newslaundry had interviewed him post his release, where he told that there were attempts to frame him as a Naxalite because he reported on alleged fake encounters, and that during his interrogation the officials admitted to tapping his phone for one year. According to Rupesh, the officials who arrested him were planning to kill him by orchestrating an encounter. So, this is a corroboration of someone who has borne the brunt of the state going after him. And, this is scarier, when the state police have access to such technology where they can actively go after people whom they want to nail, plant evidence on or threaten while tapping their phone.

Moreover, this Pegasus news, apparently, is a setback for the profession of Journalism as a whole. In order to understand the reason behind it, we must know how Journalism in real works! If, for example, there’s a journalist who does defence coverage, he/she will visit the defence ministry every day, communicate with multifarious people over tea/coffee, make friends, and eventually get hold of the stories from them. Thereafter, the journalist will verify the concerned news from different sources, and that’s how the stories are covered, defence ministry is held accountable. And, now, post this Pegasus leak, it’s obvious for the sources to be nervous or worried wondering if the phones of the journalists are taped and spied on. As a result, the sharing of news by the sources will be ceased, and a shroud of secrecy will come down on all of these Ministries, and the stories concocting in it.