Is Our Privacy at Risk?
By Shagun Mahendroo
The most contentious issue we face today is the right to privacy vs. national security. Pegasus Spyware shocked the entire nation when it was revealed that Pegasus had targeted around 300 mobile phone numbers in India, including devices belonging to journalists, politicians, businesspeople, lawyers, and other professionals. It was also claimed that Pakistani Prime Minister Imran Khan's device had been traced.
What is Pegasus Spyware, and how does it work?
Pegasus is a spyware programme created by the Israeli corporation NSO (Niv, Shalev, and Omri) in 2010. It is malicious software that can infiltrate your device, collect data, and send it to a third party without your permission. It is compatible with both Android and iOS. Pegasus, the winged horse of Greek mythology, is the name of the spyware. Without the targeted user's awareness, the Pegasus Spyware can read text, messages, and gain access to the device's microphone and camera.
Pegasus Spyware's History
Researchers from the Canadian cyber security company THE CITIZEN LAB first detected it in 2016 while the Pegasus was attempting to penetrate Jamal Khashoggi's (Saudi Arabian Journalist) iPhone. Pegasus was originally detected after Apple became aware of the spyware.
In 2016, the spyware employed a technique known as Spear Phishing, in which the hackers sent an email to the smartphone to infect it.
The Citizen Lab revealed data in September 2018 that identified 60 clients from 40 countries.
In 2019, a spyware call was made on WhatsApp, and if the person replied, the virus was downloaded onto their device.
In 2021, a new technology known as ZERO CLICK ATTACK was invented, in which the code enters the phone even if the call is not answered, making it harder to track down the hacker.
The NSO group said that the software was exclusively kept for government authorities to utilise in the fight against money laundering, terrorism, and criminal activity. Pegasus is also highly expensive; 50 smartphones cost roughly $7-8 million, making it tough for a private player to use.
In July 2021, Amnesty International and Forbidden Stories, a Paris-based non-profit journalism organisation, shared information with 16 media outlets, including The Guardian. According to publicly available statistics, roughly 50,000 phone numbers have been leaked since 2016. A total of 37 mobile phones were tested, with around 10 Indian phones showing symptoms of Pegasus Spyware.
India's Legal Situation
In the landmark case of Justice K.S. Puttaswamy (Retd.) and Anr. against Union of India and Ors., the Supreme Court held that the right to privacy is protected by Article 14, 19, and 21. Article 21 of the Indian Constitution guarantees the right to privacy. The government must pass a data protection law, according to the Supreme Court. The right to privacy is safeguarded as an integral aspect of the right to life and personal liberty under Article 21 and as part of the freedoms granted by Part III of the Constitution, according to a nine-judge panel.
The Information Technology Act of 2000, Section 69, empowers the government to undertake surveillance and monitor information without court oversight.
However, the government is not permitted to install spyware under this rule. The hacking of equipment is illegal under Section 66, which is combined with Section 43 of the IT Act 2000.
The Indian Telegraph Act of 1885 allows for the tracking of phones in reasons of national security, while part 4 of the Act deals with punishments and offences.
Breach of confidentiality and privacy is punishable under Section 72 of the Information Technology Act of 2000. Anyone who exposes an electronic record, communication information, or document without permission will be sentenced to two years in prison or a fine of up to one lakh rupees, or both.