Privacy rights proponents and legal experts demanded for parliamentary-level reforms on surveillance laws and expressed concern that the standing committee on the subject is yet to release reports of previous investigations. Meanwhile, the Shashi Tharoor-led parliamentary standing committee for Information Technology has called representatives of the Ministries of Electronics and Information Technology, Home Affairs and the Department of Telecommunications on July 28 to discuss ‘citizen’s data security and privacy’ following the Pegasus spyware .

The Pegasus spyware first came into limelight in 2019, when the committee held a meeting to discuss a similar snooping case using the spyware to track the phones of the accused in the Bhima Koregaon case regarding the violence that broke out during an annual event in 2018.

Also read: Pegasus scam: Political parties, Editors Guild of India condemn snoop move

Internet freedom bodies like Software Freedom Law Center (SFLC.in) and the Internet Freedom Foundation (IFF) are currently reviewing the information available to suggest recommendations to the parliamentary standing committee.

“When you say a government or an agency is getting the data, there are people involved and we don’t know who or which department would be handling it and whether it would be misused. It is not only telephone conversations, it’s an entire device being hacked,” Prasanth Sugathan, Legal director, SFLC.in told BusinessLine , referring to the current allegations.

‘Need detailed report’

In 2019, according to him, SFLC had written recommendations to the standing committee based on the media reports first mentioning Pegasus spyware..

“Unless the committee comes out with a detailed report, we won’t know anything,” Sugathan said. Srinivas Kodali, independent researcher and privacy rights activist told BusinessLine , “There is a demand from various parties to create a joint-parliamentary probe. Other bodies like Editor’s Guild have been asking for a judiciary probe. The issue is they (the Standing Committee for IT) are not publishing anything or informing the public about the findings. It has been two years post the instance and this can’t continue.”

“If there is a joint parliamentary probe, it should go beyond Pegasus. They should look at broader surveillance and privacy issues. The parliamentary committee for IT has hardly released any report starting from the Net neutrality issue, Cambridge Analytica to Aarogya Setu,” Kodali added.

‘Surveillance reform’

IFF wrote a blog post on July 18 asking for “urgent surveillance reform to protect citizens against the use of such invasive technologies.” The post added, “Over the next few weeks, we at IFF will attempt to reach out to any victims of illegal surveillance in India and we will make every attempt to ensure that they can access the legal system to seek redress. We will also examine avenues for further engagement with all branches of government - legislative, executive and judicial- to advance our ongoing work on surveillance reform.”

Avimukt Dar, partner, IndusLaw told BusinessLine , “The questions in the Pegasus case include who initiated the alleged surveillance and whether the safeguards under the IT Act, 2000, section 69 and its rules were followed. It would also be interesting to see whether Pegasus carried out surveillance on behalf of a non-state entity and whether they have retained the data overseas. The State has to demonstrate that the surveillance was justified and necessary. Review needs to be done on who ordered the surveillance. The other question is, what was the duration of the surveillance.”

‘Device hacking’

Meanwhile, cyber security experts too are concerned understanding that Pegasus spyware was directly introduced into these devices without needing a link or the regular modes of hacking. “While there are practices like ensuring you are familiar with the person sending the link and verifying that the message along with the link is coming from the person you believe has sent it, in no way these guarantee full protection as has been seen in case of Pegasus using ‘network injections’ and use of zero days vulnerability,” Kapil Gupta, Co-founder, Volon Cyber Security.

“The targets who have been subjected to state action won’t get remedy easily, as in India there is this immunity to public servants that they are working in good faith,” Dar claimed.

comment COMMENT NOW