Pegasus Data Hacking: Should a government desire, it is very much possible to circumvent the law and invade the privacy of the citizens at will.
George Orwell must be smiling in his grave. What he wrote in 1949 in his fictional work ‘Nineteen Eighty-Four: A Novel’ for a totalitarian super-state, has come true for several governments of 2021 that, at least on the face of it, pretend democracy.
The Wire of India, the Guardian of the UK, and the Washington Post of the US reported that, according to the ‘Pegasus Project investigation’ by a consortium of media organisations, Amnesty International, and Forbidden Stories—a Paris-based journalism non-profit—the phone numbers of some 1,000 journalists, activists, ministers and military officers from across the world etc were found to figure on a nearly 50,000—number—long list of that were possibly secretly monitored.
The countries include Mexico, Qatar, UAE, India, Pakistan, Azerbaijan, Kazakhstan, France and Hungary. A ‘military-grade spyware’ called Pegasus licensed by NSO Group, an Israeli company, is alleged to have been used.
NSO has denied the findings claiming that it sells its technologies to law enforcement and intelligence agencies only to track terrorists and criminals including drug-traffickers, paedophilia rings, etc.
The truth of the matter will be known only after a detailed, impartial and high-level cyber investigation, if at all it ever takes place. Thus, for the time being, we can only worry about the implications of such abuse of technology.
The Indian government has, quite expectedly, denied any ‘unauthorised surveillance’. It might be true, but that exactly is the point. This sort of cyber surveillance or ‘off-the-air’ interception of calls does not exactly fall within the purview of the protocols for interception of communications under the law and the rules.
Telephone tapping by certain agencies of the State is done under the authority of Section 5(2) of the Indian Telegraph Act of 1885 and Section 419 (A) of The Indian Telegraph (Amendment) Rules, 2007.
In the People’s Union of Civil Liberties vs. Union of India (UOI) and Anr. (1997) case, the Apex Court had ruled that right to privacy would certainly include telephone conversation in the privacy of one’s home or office. Telephone-tapping would, thus, infract Article 21 of the Constitution of India unless it is permitted under the procedure established by law.
The Court ruled that occurrence of public emergency or ‘the interest of public safety’ was essential condition for telephone tapping even though there may be satisfaction that it was necessary or expedient to do so in the interest of the sovereignty and integrity of India.
In the Nine-Judge Constitution Bench judgment in the case of Justice K.S.Puttaswamy (Retd) vs. Union of India and Ors. (2017), right to privacy was recognised as an inherent fundamental right. It was also held that any infringement of the right to privacy by State authorities will have to meet the following four tests based on the “Principle of proportionality and legitimacy”:
The action must be sanctioned by law;
The proposed action must be necessary in a democratic society for a legitimate aim;
The extent of such interference must be proportionate to the need for such interference;
There must be procedural guarantees against abuse of such interference.
Viewed in the light of this and assuming that the spyware was perhaps planted on their phones, it is difficult to understand on what grounds journalists could have been ‘determined’ to pose such a risk to national security or public safety that it warranted snooping on their conversations?
Since these questions are difficult to answer, the simplest way out is to go into a complete denial mode.
The rules prescribe a procedure for authorising interception. The authorisation must come from the home secretary in the state or the centre, as the case could be. There is also a provision for review by a higher level committee. Following this procedure means that the agency that requests interception has to make out a prima facie case warranting interception and the home secretary has to agree with it on merit.
From a purely professional perspective, it is rather difficult to make out a case that the ‘target’ is involved in such activities having a bearing on occurrence of public emergency or in ‘the interest of public safety’ that cannot be met unless his communications are intercepted.
Hence, unscrupulous officers try to circumvent it. In the case of the tapping of the phone of Amar Singh (2005), they had simply forged the authorisation letter. The Supreme Court slammed the government for not cancelling the licence of Reliance Infocommfor illegally tapping the telephone of Amar Singh on the basis of forged orders.
In the case of tapping in Karnataka (2019), they had inserted the numbers of 30 public figures—including a seer Nirmalananda Swami from the Vokkaliga community, at least one Lok Sabha candidate, several opposition and ruling party leaders, their relatives and public servants including bureaucrats and IPS officers—in the requests for authorisations for some red sand smugglers. CBI is investigating the case.
In the case of tapping of the phones of MLAs in Rajasthan, they took a plea that they had intercepted phones of two persons after due authorisation in connection with arms smuggling. They added that during the interception, conspiracy to depose the Gehlot government was exposed. They could, of course, never explain as to what eventually came out in the investigation of the arms smuggling case and if not, were they encroaching upon the privacy of citizens on mere rumours?
Such instances indicate that phone tapping has been used often for political purposes.
Use of the Pegasus spyware, strictly speaking, does not follow the traditional procedure of tapping. All they have to do is to buy the software and infiltrate it into the phones of the targets using links, sms, missed calls etc. After that, it works by itself. In other words, they are not obliged to approach the communication service provider with any authorisation.
A similar situation is presented when one intercepts calls off-the-air—once again without needing the service provider. Equipment for this is commercially available from several companies like Stratign—they have interception solutions for interceptions of all sorts of communications including GSM. CDMA, Thraya, Iridium, etc.
Readers may recall that in 2012, it was widely reported in the media that certain officers of the Indian army had secretly set up an intelligence unit called TSD (Technical Support Division) for interception and other covert operations. It was also suspected to have bought the off-the-air interception equipment.
Since one would be intercepting communications from the air and not through the communication service provider, there is no way the law can be invoked for them.
It should be clear that should a government desire, it is very much possible to circumvent the law and invade the privacy of the citizens at will. Technology enables one to do that. It is deeply disturbing but, unfortunately, there is little which can be done. In the end, it all boils down to the commitment of the government to the ideals of democracy. Citizens have no option but to live with this ugly reality.
(Dr. N.C. Asthana, a retired IPS officer, has been DGP Kerala and a long-time ADG CRPF and BSF. He tweets @NcAsthana. This is an opinion piece. The views expressed above are the author’s own. The Quint neither endorses nor is responsible for them.)