Close Menu
Thursday, November 14
India's surveillance framework
image source-livelaw.in

Pegasus Spyware and India’s surveillance framework

Ajit KansalBy Updated: Cyber Security No Comments5 Mins Read

It has been a year, yet no significant action has been taken to improve India’s surveillance framework in order to defend against attacks like the Pegasus spyware attack that we experienced last year.

Background- 

The Pegasus spyware was used to snoop on numerous prominent Indians last year. These people included judges, cabinet ministers, journalists, NGO workers, etc. 

WhatsApp revealed a security breach caused by malicious software in India and other countries even in 2019. 

The New York Times reported in its issue dated January 31, 2022 that “India brought Pegasus in 2017 as part of a $ 2 billion” defense effort. 

Indian Computer Emergency Response Team, which provides information on cybersecurity dangers, is silent on the subject as a whole. 

The Supreme Court-appointed special committee has been unable to reach a decision up until this point. By the end of July, the lawsuit will be litigated. 

What is Spyware? 

Spyware is malicious software that seeks to collect data on a person or business and communicate it to a third party in a way that is harmful to the user. 

About the Pegasus spyware and its functions: 

  • The Israeli business NSO Group created and holds a license for the spyware known as Pegasus. Both iOS and Android-powered smartphones can be compromised and made into spying tools using this technique. 
  • Zero-click attacks are a type of attack that don’t require the user to take any action. By just placing a missed WhatsApp call, the spyware can compromise a smartphone. 
  • The call logs will be changed so that the user is unaware of what transpired. 
  • The spyware installs a module that tracks call records, reads messages, emails, calendars, internet histories, and gathers location data to relay the information to the attacker as soon as it gains access to the device. 
  • Additionally, it can be manually installed on a device or through a wireless transceiver. 
  • It self-destructs and wipes up all traces if it is unable to connect to its command-and-control server for more than 60 days. 
  • It will self-destruct if it determines that the incorrect device or SIM card was used to install it. 
  • Amnesty International reported that Android and iOS devices were compromised despite security patches being released. 
  • Users must make sure that all apps are installed directly through the Official stores and that the software on their devices is up to date in order to stay safe. Never click on any questionable links in emails or texts. 

Surveillance in India- 

Although surveillance is illegal under Indian law, it is legal when carried out by the competent authorities when the proper legal procedures are followed. The relevant laws governing communication surveillance in India under the current technological legal framework are: 

  1. The Indian Telegraph Act, 1885; 

Government derives its right of interceptions from section 5 of The Indian Telegraph Act, which states, “Power for Government to take possession of licensed telegraphs and to order interception of messages”. Section 5(2) of the Act grants the central or state government authority over the transmission, interception, and retention of any communication if the following criteria are met: 

  • If doing so is necessary to protect India’s sovereignty and integrity, 
  • safety of the state, 
  • positive relations with other countries, 
  • Public order and, 
  • Lastly, to avoid provoking someone to commit a crime 

 

2. Information Technology Act, 2000: 

It has broadened the horizons of surveillance as compared to the previous Telegraph act. 

According to section 69 of the Indian Technology Act, “Power to issue directions for interception or monitoring or decryption of any information through any computer resource”. This provision vests authority in either the central or the state government “to intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any information generated, transmitted, received or stored in any computer resource”. Provided, if such information is required: 

  • In the interests of India`s sovereignty and integrity 
  • Defense of India, 
  • State`s security, 
  • To maintain friendly relations with other nations, or 
  • To maintain public order, or 
  • For investigation purposes 
  • For preventing incitement to the commission of any cognizable offence relating to above. 

Issues with above laws: 

  • They focus on specific offences. Laws are nevertheless subject to ambiguous interpretation and abuse. 
  • Phrases like “public emergency” and “in the interest of the public safety” are opened ended. 
  • The same limitations that are imposed on free speech under Article 19(2) of the constitution apply here (K.S. Puttaswamy v. Union of India case, 2017) 
  • The SC emphasized that phone tapping is a serious violation of a person’s privacy. 
  • Even during the investigative phase, the IT Act grants surveillance authority. 

Way Forward: 

  • Introduce new surveillance laws that are informed by moral principles and respect for personal privacy. 
  • Parliamentary accountability for the security agencies should be outlined in a new statute. 
  • Or their conduct on surveillance. 
  • It is important to define public surveillance and safety properly. 
  • The use of social media apps for surveillance should be included in the legal definition of surveillance. 

Related Posts:

Keep Reading

Add A Comment

News

Company

Contact us:

[email protected]

Copyright © 2024 Asiana Times. All Rights Reserved

Toshiba: A Significant $14 Billion Transformation WOMEN RESERVATION BILL BOLLYWOOD CELEBRITIES LOOK ALIKE Best Video Games Of All Time South Indian Cinema’s Meteoric Rise