The Central government’s refusal to give a direct reply to former telecom minister and DMK MP Dayanidhi Maran whether the Central government had used the Israeli spy software Pegasus to tap WhatsApp calls and messages leads to the inference that it is not above suspicion. RSS ideologue K N Govindacharya had sought perjury proceedings against WhatsApp for allegedly misleading the Supreme Court that users’ data was fully encrypted and nobody including WhatsApp had the key.
The issue which has arisen is that the law to prevent the state from spying on its own citizens by grossly violating their right to privacy has not sufficiently developed because the judiciary is shut out from granting approval to the state to snoop on its own citizens to prevent crime and terrorism. These files are put up before an additional secretary in the Central government or an additional secretary in the state government who alone are empowered to decide whether the target is a potential criminal or terrorist. The judges have no role to play except when a person is arrested and approaches a magistrate for bail.
This issue has gathered momentum after the Central government placed-on-record in Parliament that the government’s power to intercept phones and computer resources could only be exercised under the provisions of law, which is a banal reply. It also emphasized that such powers were subject to proper safeguards and a review mechanism. That is well-known and is again a banal reply.
Dayanidhi Maran’s query came as a reaction to the scoop by a prominent daily that mobile phones of prominent lawyers, activists and politicians like Congress leader Priyanka Gandhi Vadra and West Bengal Chief Minister Mamata Banerjee had been compromised because the Israeli spyware Pegasus was used to infect these phones. A mirror image of all the data contained in the phones such as location of the phone, messages and phone calls could be sent to the agency (whether official or unofficial) interested in snooping on the unsuspecting citizen.
But what is interesting is the spyware could be deployed only with the written approval of Israel’s defence ministry which means this is a government-to-government transaction and if it is otherwise, there is a crime committed on the government itself with its security breached. Facebook filed documents in a California court of a contract with Ghana’s National Communications Authority which states the software needs Israeli defence ministry approval and is used only by government agencies. Hence, the refusal of the Central government to confirm or deny whether it purchased the spyware Pegasus arouses suspicion.
Apart from the above, the Pegasus system needs at least four weeks of testing on local networks which again leads to the inference that official approval is needed for testing on local internet and mobile networks before it can be installed.
This leads to two frightening scenarios:
- A foreign government has procured approval of the Israeli defence ministry to spy on Indian citizens such as the activists and lawyers in the Bhima-Koregaon violence with ready and prolonged access to Indian mobile and internet networks which would imply the government got the approval of these data operators or the latter did not know the extent of how the personal security of Indian citizens was compromised.
- The Indian government is the culprit behind the snooping on Indian citizens. This appears to be a probable scenario because the software was used to snoop on lawyers, and intellectuals who were involved in the Bhima-Koregaon case which is seen as a threat to national security and integrity of the nation.
Whatever may be the case, there is a gross violation of the fundamental right to privacy of Indian citizens guaranteed under Article 21 of the Constitution and which the Supreme Court has upheld as being sacrosanct and an inalienable fundamental right of all citizens.
This is the reason why the Indian government has neither confirmed nor denied its purchase and use of Pegasus and why Union Minister for Law and Justice, Communications, Electronics and Information Technology Ravi Shankar Prasad simply said his government had a “well- established protocol” for spying on its own citizens.
In reality, intelligence agencies eavesdrop on those whom they perceive as a security threat before putting up a file for approval of an additional secretary in the home ministry, either in the centre or in the state. The data gathered buttresses this fact which will permit the senior-IAS officer to allow the snooping.
Spying on Indian citizens can only be justified when tracking potential terrorists or criminals which in the Western democracies needs a judicial order. Even more important than the question of whether it used Pegasus or not in this instance is that the government of the day - whether at the Central or state level - can use similar spyware on citizens anytime it wants to, even if it flagrantly breaches their fundamental right to privacy. This of course, would be done clandestinely by the intelligence agencies.
If the citizen whose mobile has been compromised is not a security threat, there is a gross violation of the Information Technology Act whereas section 354 D of the Indian Penal Code permits stalking to prevent crime. This is why the law on the subject has not been sufficiently developed and until the Supreme Court is seized of a matter which prompts it to lay down the law on when it is permissible for the state to stealthily stalk its own citizens, the law will continue to remain obscure.
The writer holds a Ph.D in Media law and is a journalist-cum-lawyer of the Bombay High Court.
