In a recent turn of events, the Supreme Court of India pulled up the Chhattisgarh government over its alleged tapping of an IPS officer’s phone.
The SC said there was “no privacy left for anybody”, while taking cognizance of the alleged intercepting of the phones of senior IPS officer Mukesh Gupta and his family. It also sought to know who had ordered the alleged surveillance on the officer.
“What is the need to do like this? No privacy is left for anybody. What is happening in this country,” the bench comprising Justices Arun Mishra and Indira Banerjee asked while the hearing.
Seeking a detailed affidavit explaining as to who ordered the tapping of phones and the reasons for it, the bench also raised some important questions, “Can privacy of somebody be violated like this? Who ordered this? File a detailed affidavit”.
But, does the questions only stop at this?
Last week, in a similar turn of events, a major spy operation was unearthed where an organization based in Israel released a list of people it has been spying on via WhatsApp.
The revelation came when the US based WhatsApp sued the NSO Group, a surveillance firm, for allegedly hacking the messaging platform to spy on about 1,400 users across at least 20 countries, including India, Bahrain, Mexico and UAE. This was carried out with the help of a software named Pegasus. The list of targeted users include activists, journalists, and senior government officials, among others. WhatsApp alleged that the NSO Group exploited a vulnerability in its video-calling feature to conduct the cyber attacks. WhatsApp, however, later confirmed they had fixed the problematic feature already.
Pegasus is known as one of the most sophisticated spyware in the world. The spyware can hack both iOS and Android devices by targeting vulnerabilities in the operating systems. It is capable of running in the background without the targeted user ever knowing about the hack. Once the spyware is installed on a device, it accesses critical and private data of users such as contacts, messages, passwords, and even live voice calls. The spyware can also remotely switch on the affected device’s camera and microphone.
Many groups which have been affected by this have been calling the intrusion by the spyware as not merely an infringement of the rights of the citizens but also a worrying development for any country’s national security.
The modern communications devices gather incredible amounts of personal data, and have sophisticated sensors. The convenience that these devices provide to us has added tremendous value to our lives but we have invited them in to our most intimate spaces of work and family. Hence, the security of a device becomes one of the fundamental bedrocks of maintaining user trust as society becomes more and more digitised.
The Pegasus spyware incident has completely shocked many citizens of the country wondering about practical ways to secure their devices. And raising important questions on the issue of privacy. They are asking whether their microphones and cameras were switched on without their knowledge. And whether their most private and intimate moments were captured.
The Government of India have not been able to give a satisfactory reply on this. In their statement issued late Friday, WhatsApp said it had in May “quickly resolved a security issue and notified Indian and international government authorities.”
But the GOI argued that while WhatsApp had informed CERT-In, or the Indian Computer Emergency Response Team, in May that the app had been hacked globally and that they had fixed the issue, they failed to tell the fact that Indian citizens had been affected by it.
What has gotten people more worried is the question, who was behind the selection of targetted users in this?
This has to do with the specific nature of the foreign vendor, the NSO Group. As per the NSO Group’s website, “NSO products are used exclusively by government intelligence and law enforcement agencies to fight crime and terror.” Further, it is regulated under an Israeli law that requires an export permit granted by the Isreali Defence Export Control Agency (DECA) that permits such sale only to foreign governments.
Therefore, logically, such sale of spyware is only permitted to a government agency approved by the Israeli government. Hence, if the Government of India did not procure such spyware, then who did to spy on Indian citizens?
But the government is in denial mode, it seems.
This issue, thus, highlights the vulnerability of common citizens in the country. There is an urgent need to take up this issue seriously by constituting an independent high-level inquiry with credible members and experts that can restore confidence and conduct its proceedings transparently.
How can national security be secured unless the citizens are not secured in their own country?
The form and methods of crimes are changing. In the digital world, one can be attacked from any place in the world and the fact that we still don’t have a system to safeguard ourselves is really worrying.
Experts argue for a clarity on the laws surrounding such surveillance by the state and also unknown entities. This could be the first step towards preventing further incidences like this.
But what we, on our individual level, can do is make sure we stay updated with all the changes. Internet is a vast field, transforming daily as the technology improves. This requires a vigilant overtake of our personal data on it. Like in the case of social media accounts, often, when we post anything online, we don’t know exactly who it may reach. We have a nebulous understanding at best of what it actually means when a post is “public” or “private”,thus we need to become aware of the usage of such features and make sure we know who we have selected as our audiences.
