BEWARE, YOU ARE NOW UNDER PEGASUS SURVEILLANCE

With the advancement of technology in today’s digital world, the privacy of an individual and its subsequent breach has once again become a matter of utmost concern. While it is amply clear that the right to privacy is a fundamental right and is intrinsic to Articles 19 and 21 of the Indian Constitution, the same is being violated under the garb of “security”. Instead of social media giants like Facebook or WhatsApp, this time, the problem lies with foreign-made spyware that is capable of tracking any and every action on our phones. This blog aims to discuss the said issue and offer a fresh perspective on the same matter.

What is Pegasus really? What can it do?

Developed by the NSO Group, an Israeli Software company, Pegasus is a spyware that is capable of infiltrating our phones, be it an iOS or an Android device. Once installed, the spyware will be able to access call logs, messages, contacts, media files, emails, microphone, camera, GPS, and the list goes on, without leaving a trace. As reported in the New York Times, the methods used by the spyware to gain access to its target have also evolved since 2016. The software now incorporates a zero-click feature; the system does not require any interaction with the target to extract the targeted information. Unlike its previous version where a malicious link was first sent to the target and the associated spywear would be installed on the device once the user unknowingly pressed on the link, the newer version is much more advanced, discreet, and harder to detect.

Source: https://www.bbc.com/news/technology-57910355

A brief history

The controversy began in 2016, when Ahmed Mansoor, an Arab activist, received a text consisting of a link that claimed to reveal certain “secrets” regarding torture in UAE prisons. It was the Citizen Lab and Lookout which found that the said incident had connections with the NSO group. This technique of infiltrating a device via text or an email, containing spyware (also known as spearfishing) began in 2016. This was further switched up in 2019 when the infiltration was made possible by merely making a missed call, followed by deletion of any proof of the same, leaving no trace whatsoever.

In September 2018, the Citizen Lab came out with a report of 45 countries (including India) where Pegusus was operational. The report was based on scans conducted between August 2016-18, revealing instances of human rights violations. This cast doubts on the assertion that the spyware was being used for “legitimate” cri9minal investigations instead of politically motivated agendas.

Source: https://citizenlab.ca/2018/09/hide-and-seek-tracking-nso-groups-pegasus-spyware-to-operations-in-45-countries/

The Pegasus Project

Seventeen news organizations across the globe began an investigative initiative known as The Pegasus Project to reveal the possible customers of this spyware and consequently their targets. Cut to July 2021, Forbidden Stories along with Amnesty International shared a leaked list with The Wire. A report was then published, naming several individuals who were being targeted in India. These individuals included journalists from The Hindustan Times, The Hindu, and Indian Express. Later, it was also discovered that names of some political leaders, both ruling party and opposition, businessmen, and activists were also found onin the list. This included ex-Congress President Rahul Gandhi, election strategist Prashant Kishor, Mamata Banerjee’s nephew, and even the staff ofto the ex-Chief Justice of India, Ranjan Gogoi.

Furthermore, activists like Ashok Bharti and Umar Khalid, political leaders from Assam, Industrialist Anil Ambani were some other prominent names later found onin the leaked list. As time progressed, names of world leaders, such as French President Emmanuel Macron, Pakistani Prime Minister Imran Khan, and South African President Cyril Ramaphosa also came to light.

The surfacing of this information blew in the face of the Government as accusations ranging from anti-democratic actions and blatant human rights violations were hurled, all of which were vehemently denied. The Government claimed that there was no unlawful activity or unauthorized interception performed by any government agency. As far as the NSO Group is concerned, their statement simply read that this “leaked list” was based on false assumptions and unsubstantiated theories which that were nowhere close to reality. Further, revelations in the chapter on Pegasus Project indicated the involvement of countries like Azerbaijan, Bahrain, Kazakhstan, Mexico, Saudi Arabia, and UAE as patrons of the Pegasus Project.

A fresh perspective

The NSO Group prides itself on having the best technology with an intent to assist government agencies and law-enforcement organizations in detecting and preventing terrorism and crime. Using their intelligence, violence in public settings can be prevented;, sex and drug trafficking rings can be exposed; , and rescue operations can be carried out successfully. MotivatedGuided by this intent, the NSO Group developed Pegasus, spyware that could track any and every action of a phone and have unrestricted access to its data.

While this intent may sound bona fide, it vests an unfettered power in the hands of the user, i.e., the government agency. Technically, this leads to a scenario wherein it becomes almost impossible for any system of checks and balances to exist and being, to prevent any misused. Although, the NSO Group claims that all its customers are “vetted government bodies”, no verification or corroboration has been provided by the developer owing to the preservation and protection of the client-customer privacy concern.

At this juncture, the question that needs to be asked is whether we are willing to trust our government agencies with such unfettered powers in a democratic setting where actions are driven by political motives.

Unfortunately, owing to a lack of monitoring over the usage of this spyware, we are headed towards a situation where personal and political vendettas might become the primary motivations while ignoring the original objectives of detecting and preventing crime.

On a different tangent, the claim of Pegasus being untraceable was refuted by Amnesty International’s Security Lab. whperformed an in-depth forensic analysis and published it in a report in July 2021. The report also suggested that to the NSO Group upholds the UN Guiding Principles on Business and Human Rights as promised. ThismThis report also also demonstrated the methodology used along with examples of the attacks made using the “zero-click” technique.

As it stands, a common man cannot tackle or avoid any Pegasus-originated attack. The only advice givenbeing forwarded by the experts is to keep our iOS and Android devices up to datealong with the apps updated. This is to will ensure that any vulnerability identified by Apple or Google may have been fixed in the update and hence, securing the devices.

Conclusion

History has shown manifests that the privacy of an individual has been compromised time and again but never to such an intense extent. In the age of technology, where our phones act as silos of personal and confidential information, being spied on or losing sole access to our data poses a grave threat. We have arrived at a juncture where a State responsible for safeguarding the fundamental rights of the people are being accused of infringing and violating them itself. In such an unsafe reality scenario, that lacks a stable system of checks, and balances and or a redressal mechanism, one can only hope for the best and make sure that they are not in the bad books of the government.