Asiana Times Pegasus Spyware and India Surveillance Framework

It has been a year, but no significant steps have been taken to improve India’s surveillance framework to defend against attacks such as the Pegasus spyware attack we suffered. last year.

Background-

Pegasus spyware was used to spy on many prominent Indians last year. These people included judges, ministers, journalists, NGO workers, etc.

WhatsApp revealed a security flaw caused by malware in India and other countries even in 2019.

The New York Times reported in its January 31, 2022 issue that “India brought in Pegasus in 2017 as part of a $2 billion defense effort.”

Indian Computer Emergency Response Team, which provides information on cybersecurity dangers, is silent on the subject as a whole.

The special committee appointed by the Supreme Court has not been able to make a decision so far. At the end of July, the trial will be pleaded.

What is spyware?

Spyware is malicious software that seeks to collect data about a person or business and communicate it to a third party in a way that is detrimental to the user.

About Pegasus spyware and its functions:

  • The Israeli company NSO Group has created and owns a license for the spyware known as Pegasus. iOS and Android smartphones can be compromised and turned into spying tools using this technique.
  • No-click attacks are a type of attack that requires no user action. By simply making a missed WhatsApp call, spyware can compromise a smartphone.
  • Call logs will be edited so that the user is not aware of what happened.
  • The spyware installs a module that tracks call records, reads messages, emails, calendars, internet histories and gathers location data to relay information to the attacker as soon as he accesses the internet. ‘device.
  • In addition, it can be installed manually on a device or via a wireless transceiver.
  • It self-destructs and erases all traces if it fails to connect to its command and control server for more than 60 days.
  • It will self-destruct if it determines that the wrong device or wrong SIM card was used to install it.
  • Amnesty International reported that Android and iOS devices were compromised despite the release of security patches.
  • Users should ensure that all apps are installed directly through official stores and that their devices’ software is up-to-date in order to stay safe. Never click on dubious links in emails or text messages.

Surveillance in India-

Although surveillance is illegal under Indian law, it is legal when carried out by competent authorities when proper legal procedures are followed. The relevant laws governing communications surveillance in India under the current technological legal framework are:

  1. The Indian Telegraph Act, 1885;

The government derives its right of interception from Section 5 of the Indian Telegraph Act, which states: “Power for the government to take possession of licensed telegraphs and to order the interception of messages”. Section 5(2) of the Act grants the central or state government authority over the transmission, interception and retention of any communication if the following criteria are met:

  • If it is necessary to protect the sovereignty and integrity of India,
  • state security,
  • positive relations with other countries,
  • public order and
  • Finally, to avoid provoking someone to commit a crime

2. Information Technology Act 2000:

It broadened the horizons of surveillance compared to the previous Telegraph Act.

According to Section 69 of the Indian Technology Act, “Power to issue instructions for the interception, monitoring or decryption of any information through any computer resource”. This provision grants the central government or the state government the power “to intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any information generated, transmitted, received or stored in any computer resource”. Provided, if such information is required:

  • In the interests of the sovereignty and integrity of India
  • Defense of India,
  • state security,
  • maintain friendly relations with other nations, or
  • To maintain public order or
  • For investigation purposes
  • To prevent incitement to commit any recognizable offense relating to the foregoing.

Problems with the above laws:

  • They focus on specific offences. However, the laws are subject to ambiguous interpretations and abuses.
  • Phrases like “public emergency” and “in the interest of public safety” are open.
  • The same limitations imposed on freedom of expression under Article 19(2) of the constitution apply here (case KS Puttaswamy v. Union of India, 2017)
  • The CS pointed out that wiretapping is a serious violation of a person’s privacy.
  • Even during the investigation phase, the law on data processing grants a power of surveillance.

Go forward :

  • Introduce new surveillance laws based on moral principles and respect for privacy.
  • Parliamentary responsibility for security agencies should be defined in a new law.
  • Or their conduct in surveillance.
  • It is important to clearly define public surveillance and security.
  • The use of social media applications for surveillance should be included in the legal definition of surveillance.

Comments are closed.