Editorial

Pegasus erupts

| Updated on July 19, 2021

Union IT Minister Ashwini Vaishnaw speaking in the Lok Sabha, on the first day of the Monsoon Session of Parliament, in New Delhi, on Monday   -  PTI

Government should strengthen data laws while ordering a probe into snooping allegations

The monsoon session of Parliament began on Monday with a touch of the unexpected: a furore over a global scandal involving the alleged surveillance of ministers, opposition leaders, journalists, human rights activists and lawyers. This has come to light through a leaked database of thousands of telephone numbers listed by government clients of NSO, the Israeli firm that developed the spyware Pegasus. The spyware is sold by NSO only to governments who buy them ostensibly for national security purposes. Yet, as the investigation by Paris-based non-profit Forbidden Stories and Amnesty International reveals, Pegasus has been freely used to snoop on political rivals, journalists, officials and even businessmen. The list in India includes journalists, politicians (including two central ministers), activists and officials. While it is not unknown for governments to engage in surveillance, phone-tapping etc. for law-enforcement and national security, these have always been with adequate legal checks and balances. But the scale, spread and targets for Pegasus in India, as revealed by the investigation, is shocking and raises questions such as who does the surveillance, on what authority and what is the information so accessed, used for.

The NSO Group maintains that the leaked database is not a list of numbers targeted by governments using Pegasus but it “may be part of a larger list of numbers that might have been used by the NSO Group customers for other purposes”. In a statement to the Lok Sabha, IT Minister Ashwini Vaishnaw, whose phone is one of those allegedly on the list, denied any illegal surveillance. Indeed, there are legal routes to surveillance and only the government is permitted to conduct surveillance while the IT Act prohibits hacking. Rules under the IT Act state that only a competent authority, either the Union Home Secretary or the State Secretaries in charge of the Home Department, can issue an order for such surveillance. But the sophistication of ever-evolving technology and surveillance systems could be at odds with the legal safeguards. It appears that the privacy of over 300 Indian citizens has been violated in this case.

International law is evolving as well. The EU has relatively robust safeguards largely owing to the General Data Protection Regulation (GDPR). However, the US ‘Patriot’ Act is still being contested by rights groups as being violative of the Constitution. As the Pegasus Project unravels, nothing less than a government-sponsored independent inquiry, preferably monitored by an oversight authority, will do to reassure citizens on their right to privacy. The passage of the much-awaited Data Protection Bill would act as a crucial step in restoring the ordinary citizen’s confidence. It would be the first major step towards the implementation of the Supreme Court ruling (KS Puttaswamy vs Union of India, 2017), declaring privacy as a fundamental right.

Published on July 19, 2021

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

This article is closed for comments.
Please Email the Editor

You May Also Like