Imagine living in a luxurious mansion, with a Jacuzzi, a nice view and a good ambience. Has dream come true, right? Now here is the catch: there is a multi-camera setup covering every inch of the house, recording every movement of yours and telecasting it to the whole world to see. Moreover, unlike reality TV shows your movements are not scripted, you are unaware of being watched and also won’t be making a penny out of getting your right to privacy infringed. Doesn’t sound so classy now, does it?
Privacy has forever been an issue of major concern. Initially, it was about the neighbours snooping around in each other’s lives, then recording women in trial rooms of cloth shops and now in the age of social media privacy is just like unicorns. Only heard but never seen! The movie 71⁄2 Phere[1] talked about privacy long before it caught its rage and then a few years later came the major Facebook – Cambridge Analytica Data Scandal, where the data of Facebook users was collected unknowingly predominantly to be used for political advertising.
A nine-judge bench unanimously recognised privacy to be a Fundamental Right in 2017, in the case of Justice K.S. Puttaswamy v. Union of India[2]. But did this recognition also ensure that no details of our lives will be shared without our consent? I think it failed in doing so.
The start of this year brought with it a number of rules and guidelines in the tech world. From the update in WhatsApp’s privacy policy to the new Information Technology Rules by the Indian Government to the latest news of Pegasus spyware and the controversy of the involvement of Indian agencies in this spyware, the tech field of India was on its toes for most of the year.
WhatsApp Controversy
WhatsApp, which is a very popular and widely used free messaging platform in India, brought out an update in its privacy policy, early this year. According to this policy, the users would no longer be able to stop the app from sharing the data of its users such as messaging with businesses with its parent company, Facebook. This policy assured the users that no data related to personal chats, call logs or contacts would be shared. If the users did not want their data to be shared they had to delete the app altogether. This may seem extreme but is a legitimate business decision. The privacy updates are designed to make business interactions easier and also customise the advertisements on Facebook. This is what Google, Aarogya Setu, IRCTC etc. have been doing. This is how they earn money.
This update earned a lot of backlash from both the government and the users of WhatsApp. Ministry of Electronics and IT made a charge that the app discriminated between its Indian and European users. However, it failed to realise that the citizens of Europe are protected by strong data laws that go by the name General Data Protection Regulation GDPR. Where is India’s equivalent of these laws? Furthermore, why is only one app being singled out for data collection when many other apps are doing the same thing? Why WhatsApp gets to bear the brunt even after it comes clean with its policy? The government needs to answer these questions before targeting one social media platform.
In order to protect its citizens, the Ministry of Electronics and Information Technology (MeitY), came up with new Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules in February of this year. Many social media giants were not interested in complying with these rules and unfortunately, this non – compliance can further worsen their relationship with the Government. The rule which was of particular concern was that messaging apps such as Telegram and WhatsApp need to trace messages flagged as problematic or as a threat to national security to their originators. This is not possible, particularly for WhatsApp, considering its end–to–end encryption protocol. Interestingly, WhatsApp uses the same end–to–end encryption protocol as Signal, the app which got its major boost after the updated privacy policy of WhatsApp was introduced.
This led to another standoff between the Government of India and WhatsApp, where a claim was made by the app that the Government was trying to violate the privacy of its citizens even after the app has assured its users that their data will be safe.
Pegasus: Mythical Creature to Real Time Spyware
Before Pegasus became spyware, it was a character of Greek mythology; a winged divine horse usually depicted as white. But now we have come a long way from ancient Greek society. Now instead of Pegasus being a horse and offspring of Olympian God Poseidon is now spyware, the brainchild of an Israeli company NSO.
This spyware was identified by WhatsApp in 2019. A bug in the call function of the app was used to install malicious code into the phone of the user. This code was later used to collect the personal information of the user and send it to its controller. It was strong enough to also turn on the camera and record the target by turning the handheld phone into a real-time surveillance device. Apps with end–to–end encryption is not safe too as the spyware traces the messages and their originator before they are encrypted.
Earlier, this spyware was activated by clicking on a link sent via SMS, however gradually the users started becoming more concerned about these suspicious links and that is when zero–click transmissions were discovered. Due to these, Pegasus can get installed just by a miss call on the phone of the user through WhatsApp and later delete the call log. It is also programmed to self–destruct if it does not find anything important to the controller.
As soon as it came to be known that this spyware was developed by NSO group of Israel, which shows itself to be a company that creates technology that helps government agencies prevent and investigate terrorism and crime to save thousands of lives around the globe, WhatsApp and it’s parent company Facebook sued it in a court in the U.S.
At least 1000 Indian phone numbers were targeted by this spyware. The cohort of people targeted in India is mainly journalists, politicians, Opposition party leaders and human rights activists. All these have led to a belief that some government agency has its hand in bringing Pegasus to India. The target list also doesn’t indicate that the surveillance was necessary for national security or public safety concerns. It could only mean that there are some other mala fide intentions brewing in the mind of the controller, such as collecting obscene and indecent data from the target’s phone and using it for various underhand dealings. It is safe to assume that no information regarding Pakistan or Chinese intrusion or attack can be found on the phone of a lawyer who is also a supporter of human rights or on the device of a woman who complained of sexual harassment by a former Chief Justice of India.
On the contrary, this only shows that private craving, ulterior motives, and voyeurism are the only motivators of the perpetrators. This information can also be used for something more than making pornography. It can be used to compromise institutions of society such as the judiciary or Election Commission, and sabotage Opposition Campaigns.
The infamous Bhima Koregaon violence of 2018 noticed a number of arrests of activists. All those arrested were alleged to have links with Maoists for inciting riots. Recently expired Father Stan Swamy was an 83-year-old Jesuit priest who worked for the welfare of tribal groups in Jharkhand for more than 30 years. NIA claimed that he also had links with the Maoist group and played a prominent role in inciting the violence of Bhima Koregaon.
This incident shows that the electronic devices of the accused were breached by unknown entities to plant evidence that the prosecution is now using against them.
Instead of coming out clean with the modus operandi to curb this spyware, the Government of India has laid back and claimed that it has no information regarding this surveillance software. Another disingenuous claim was made by the Government and the Ministry of Electronics and Information Technology that illegal surveillance is not possible in this country. This pleads of ignorance by our elected representatives while the private life of citizens is up for grabs for all mala fide intentions in a democracy is unsettling.
Conclusion
There is an urgent need for an investigation of the truth behind these revelations by some transparent and competent authority. The Government instead of being lethargic needs to take command of this situation and clear all the controversies about its involvement with privacy infringement and the scandals of data breaches.
Moreover, better and stronger laws need to be made according to the needs of Indian citizens for data protection. In conclusion, Gary Kovacs rightly said “Privacy is not an option, and it should not be the price we accept for just getting on the internet.”
[1] 71⁄2 Phere: released in 2005: A marriage in a family is covered for a reality TV show without them knowing about it. This backfires as oblivious to the camera the family behaves like itself and many skeletons start to come out of the closet and the privacy of the family is invaded.
[2] Case Number: WP (C) 494/2012