Blog

INTRODUCTION:

The global impact of the Pegasus spyware scandal has elicited astonishment, prompting inquiries into the integrity of democratic systems, the preservation of personal privacy, and the unfettered expression of journalism and speech. Operating without user consent, the formidable Pegasus malware possesses the capability to breach an individual’s mobile device, pilfering their data and conversations. This spyware originates from the NSO Group, an Israeli cyber company that also vends it to international governments and law enforcement entities. Among the nations where Pegasus spyware purportedly saw employment is India. Around July 2021, an estimated 300 Indians, encompassing journalists, activists, politicians, and governmental figures, found themselves potentially susceptible to the malware. This occurrence has sparked widespread outrage and prompted appeals for heightened privacy safeguards within India.

RIGHT TO PRIVACY IN INDIA:

The fundamental right to privacy is one of the fundamental rights protected by the Indian Constitution. The Supreme Court of India upheld privacy as a fundamental constitutional right in the Puttaswamy v. Union of India case, a significant decision that came down in 2017. The right to privacy is implicitly protected by Article 21 of the Constitution, which also guarantees the right to life and personal liberty, according to the court’s interpretation. The court also acknowledged that the right to privacy is not unqualified and may be limited in certain circumstances, particularly those involving public safety and national security.

Despite the Supreme Court’s recognition of privacy as a fundamental right, the Indian government has come under fire for what many believe to be a lack of diligent protection of this right. The Aadhaar data leak, the WhatsApp surveillance debate, and the ongoing Pegasus spyware controversy are just a few examples of how the government has been accused of violating people’s right to privacy on numerous occasions.

PEGASUS & PRIVACY:

Once spyware has gained access to a device, it immediately starts the process of stealing images, videos, and other digital content and sending it to the offender. It even goes as far as secretly turning on the device’s microphone and camera, recording calls, and tracking the target’s location. By doing this, the attacker is able to listen in on confidential and private conversations and send the information back to the user. Even a missed call on WhatsApp could start a chain of events that leads to the device’s compromise. This serves to emphasise how false and improbable the claims made about end-to-end encryption and security are.

NSO Group claims that it only licences its spyware to authorised governmental clients in the name of fighting transnational crime and terrorism. When the business signed its initial contract with Mexico in 2011, under Felipe Calderon’s presidency, this tactic was first used. Pegasus, the company’s flagship product, was given to the Mexican government to track down drug cartels. Joaqun Guzmán, also known as El Chapo, a prominent member of the Sinaloa Cartel, was apprehended in 2016 thanks in large part to Pegasus. His phone was accessible thanks to the malware, which made it easier to follow his whereabouts.

It is undoubtedly a noble endeavour to use this malware to track down criminals and terrorists. The Pegasus spyware developed by the NSO, according to reports from 17 media outlets, was allegedly used improperly in attempts to hack the phones of politicians, heads of state, attorneys, activists, and journalists in a number of nations, including India, the United Arab Emirates, Saudi Arabia, Mexico, Morocco, and Hungary. Pegasus has been abused in the past, as evidenced by its alleged involvement in the hacking of journalist Jamal Khashoggi’s and Amazon CEO Jeff Bezos’ phones in 2018—an incident that was reportedly connected to the Saudi crown prince.

In later years, it was discovered that numerous Indian lawyers and activists had been the target of a Pegasus attack conducted via WhatsApp. In 2018, a study by the Citizen Lab identified 45 countries where Pegasus had been used. According to the Pegasus Project, 300 Indian phone lines, including those of prominent journalists and opposition figures like Rahul Gandhi, were subject to Pegasus monitoring. 22 of these phones underwent forensic examinations by Amnesty International, which were then examined by the Citizen Lab at the University of Toronto. Ten of these were definitely identified as Pegasus targets, while the other eight were still up for debate. The database contains information on more than 40 journalists, three prominent opposition leaders, a constitutional authority, two current and former ministers in the Narendra Modi administration, current and former chiefs and officers of security organisations, as well as hundreds of business leaders, according to The Wire.

DATA PROTECTION BILL:

The Personal Data Protection Bill, 2019 (PDP Bill) was introduced in the Lok Sabha by the Minister of Electronics and Information Technology in December 2019. The PDP Bill’s main goals were to protect people’s privacy with regard to their personal data and to set up the Data Protection Authority of India to handle these issues. The scope of the legislation includes regulating a number of activities involving the handling, gathering, use, disclosure, storage, and transfer of personal data. It regulates how personal data is handled when it is obtained, shared, or processed in any other way within Indian territory, regardless of whether it is done by the Indian government, Indian citizens, or businesses that have been formed in accordance with Indian law.

If the data processing is associated with commercial activities carried out in India or involves providing goods or services to people in India, the bill also applies to non-Indian data processors. The legislation does not, however, apply to anonymized data, which entails the transformation of personal data into an unidentifiable format as long as it satisfies the regulatory authority’s requirements for irreversibility.

CONCLUSION:

India is a democratic country where the people are at the centre of everything. The public’s fundamental rights are violated when events like the Pegasus spying occur. As a result of violating personal rights, surveillance in and of itself violates Articles 14 and 19 of the Constitution. Such intrusion has a chilling effect on society, causing people to self-censor their communications out of fear that they might be being watched. Citizens are subjected to psychological restraints as a result of this surveillance, but it also invades their right to intellectual privacy and reduces their willingness to express controversial ideas due to possible repercussions.

The Personal Data Protection (PDP) Bill’s development has been influenced by the geopolitical environment and the nation’s constitutional principles. After the right to privacy was formally acknowledged as a fundamental constitutional right, this legislation was created in response. It has two objectives: protecting personal data and promoting the development of the data-driven economy. The PDP Bill does, however, have some notable flaws, including the government’s exclusive control over data and the possibility of government exploitation. The need to guarantee that each person has the power to control their personal data and the ability to lead their own lives, including the right to control their online presence, becomes imperative.