The recent investigative expose by a group of media outlets, including The Washington Post, called the ‘Pegasus Project,’ has placed the Indian government on notice.
According to the investigation, Pegasus, Israeli spyware, eavesdrop on at least 300 Indian phone lines, including media persons, opposition leaders, public officials, and activists.
The recently appointed I-T Minister Ashwini Vishanaw remarked during the Monsoon session of the parliament that the allegations were released to accuse Indian democracy.
What is Pegasus?
Pegasus is arguably the most potent spyware ever built by NSO. Its goal is to penetrate Android and iOS cell phones and transform them into surveillance devices.
On the other hand, the Israeli firm promotes it as a tool for tracking criminals and terrorists — not for bulk monitoring but targeted snooping.
The software is solely sold to governments by NSO Group.
How does spyware work?
Pegasus makes use of Android and iOS flaws that are yet to be found.
It implies that even if a phone has the most recent security version installed, it might be compromised.
Pegasus could enter a device through a missed WhatsApp call and even remove the missed call record, and the user might not know about it.
Pegasus also makes use of iMessage flaws to get unauthorized access to millions of iPhones.
What can spyware do?
Emails, social media postings, call logs, and even communications sent through encrypted chat applications like WhatsApp or Signal may all be collected.
Spyware may track a user’s position and identify whether they are static or dynamic.
It may also turn on microphones and cameras without switching on any lights or giving any other indication that recording is underway.
Our data privacy at risk?
In a landmark decision on August 24, 2017, the Supreme Court of India recognized the right to privacy as a fundamental right guaranteed by the Indian Constitution (KS Puttaswamy vs. Union of India).
Citizens’ privacy has been violated even after the declaration.
Cases of WhatsApp chat breaches, Facebook data leaks, and other data leaks frequently occur in the news.
The most recent Pegasus Project is more of a supplement to the list.
People lose faith in the government because of its inefficiency in being accountable for such a high-end leak.
This issue has also brought attention to phone manufacturers and what protection mechanisms they should be considering in the event of a cyber-security attack like this.
It’s past time to start questioning Apple and Android’s security features.
They should be held equally responsible for a security compromise as we use their products.
In a country, having a solid legal framework and data protection legislation is essential.
However, in the absence of the aforementioned, people can be more effective in dealing with security risks as individuals.
By revealing data online, we are now the weak point in the cyber chain.
As a result, we must begin by removing programs whose terms and conditions we disagree with.
The political blame game over the ‘Pegasus Project’ is sure to persist, especially as the parliamentary session has only just started.
The government’s response will impact the larger question of whether or not our data will ever be secure.
The approval of the long-awaited Data Protection Bill would be a critical step in regaining the trust of ordinary citizens.