Editorial

Another surveillance furore that emphasises the need for privacy regulation

| Updated on October 31, 2019 Published on October 31, 2019

WhatsApp has allegedly divulged data on those critical of the government. The absence of legal provision against digital snooping is starting to hurt

The Centre should come clean on the alarming disclosures made by WhatsApp that several journalists and civil rights activists in the country were under surveillance through spyware developed by an Israeli tech company called NSO Group. While the US-based messaging company has not provided any details of who authorised the surveillance, NSO claims it sells its spyware strictly to government clients only. The spyware, called Pegasus, gives unauthorised access to the users’ private data — including passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps such as WhatsApp. The list of people who may have been under the secret surveillance programme include lawyers linked to Bhima Koregaon case and activists who campaign for the rights of Dalits and Adivasis. Did the Israel company sell the spyware to Indian agencies to keep a tab on civil rights groups, or was this done at the behest of some foreign entity? If it was done by Indian authorities, then what due process was followed to authorise the surveillance?

The scandal comes at a time when the Centre has been asking WhatsApp to decrypt messages in order to trace individuals who spread rumours that instigate criminal activities such as lynching. WhatsApp has refused to comply, stating that it does not have the ability to decrypt messages and that it respects individual privacy. The spyware in effect nullifies WhatsApp’s objections. Surveillance of communication by government agencies is not new. Earlier, intelligence agencies would use phone tapping provisions to hear into conversations of certain individuals. In 2013, a mass surveillance programme called the Central Monitoring System was launched. This allowed security agencies and even income tax officials the ability to tap directly into e-mails and phone calls.

The moot issue is whether the surveillance is being directed at activists and journalists who may not be aligned with the current political dispensation. While WhatsApp has filed a complaint against NSO Group, this scandal has once again highlighted the vulnerability of Indian citizens in the absence of adequate data protection and privacy laws. The proposed Personal Data Protection Bill remains only on paper even after multiple rounds of discussions over the last 18 months. Consumers of Internet services are increasingly being subjected to surveillance by the state and data mining by private entities. The massive data breach at Facebook in 2018 not only opened a can of worms on the potential misuse of social media platforms for influencing a nation’s political destiny, but also sent out a warning on the perils lurking in the digital world. Facebook was asked to pay a record-breaking $5-billion fine in the US. But Indian users impacted by the data breach are yet to get justice. Indian policymakers have been slow to put in place laws that protect users from not just from private entities that mine data without consent but also against state actors who misuse surveillance powers.

Published on October 31, 2019
This article is closed for comments.
Please Email the Editor