Report About India ‘Spying’ on Journalists, Politicians Sparks Concern Over Illegal Surveillance
A global investigation project shows privacy of thousands of people globally — journalists, politicians, business people, NGO activists, Supreme Court judges — may have been compromised using illegal surveillance through the spyware Pegasus.
Manufactured by the Israel-based NSO Group, Pegasus is a mass surveillance software. The spyware works by transforming phones (both iPhones and Android devices), a symbol of privacy for most people, into a surveillance tool that extracts messages, photos, and locations, activating the microphone to record people in real-time. The report leaks the numbers of people Pegasus spyware may have been used on. Within India, the mobile phone numbers of 300 people, with more than 40 journalists, are on the list.
The new report by the organization Forbidden Stories reveals the extent of the data leak, with at least 10 countries across the world named for purchasing the Pegasus spyware. India figures in this damning list too — alongside Hungary, Kazakhastan, Bahrain, Mexico, Rwanda, Saudi Arabia, among others. The leak contains more than 50,000 numbers in total that NSO’s “clients” have identified as “people of interest” since 2016.
“Without forensics on their devices, we cannot know whether governments successfully targeted these people. But the presence of their names on this list indicates the lengths to which governments may go to spy on critics, rivals, and opponents,” the report noted. India’s unnamed and unsigned response to the report said it did not carry out any “unauthorized surveillance.”
The story of Pegasus goes back to 2019, when another report showed that the spyware was being used for illegal surveillance on Indian journalists and human rights activists using WhatsApp. That time, the former Home Secretary told The Quint: “I am aware that Govt agencies have bought spyware in the past from private foreign tech firms like NSO.”
Three things from the current investigation stood out. One, journalists, politicians (inside and outside the ruling Bharatiya Janata Party), activists, even a sitting judge were being surveilled. Two, someone within the government was responsible for this, as the NSO only has governments and their law enforcement agencies as their clients. Three, while one of the most staggering evidence of state overreach and surveillance, the report doesn’t surprise many of us.
Related on The Swaddle:
The last element is particularly concerning — it speaks to a normalization of the culture of surveillance. Of course, surveillance is necessary for legitimate state purposes, such as national security and law enforcement. The idea of surveillance goes hand in hand with that of safety, wherein enforcement agencies legally penetrate the phones of “legitimate criminal or terror group targets.” But the problem arises when sophisticated surveillance occurs without our knowledge or consent, making the process unethical — and dangerous.
India’s response echoes this idea of national security. When former Minister of Information and Technology Ravi Shankar Prasad was asked regarding the usage of Pegasus to spy on citizens back in 2019, he said: “… no ‘unauthorized instruction’ has been done.” Notably, a report last year analyzed 198 countries on its Right to Privacy Index and found countries in Asia to be at the highest risk for privacy violations of their people; noting that digital surveillance tools are lending authoritarian leaders more power during the pandemic.
Interestingly, among the phone numbers that figure in the list was activist Umar Khalid’s, who was charged with sedition last year for allegedly conspiring in the Delhi riots.
The findings blur the lines between “legal” and “illegal” surveillance. Arguably, our phones are privy to thoughts and information. Illegal surveillance — particularly of this scale — amounts to a blatant invasion of privacy.
In an earlier article, The Swaddle debunked the idea of privacy being irrelevant if one doesn’t have anything to hide: “Privacy is a basic human right. It’s not necessarily about hiding a wrong. Even if a person isn’t doing anything illicit or illegal, it’s possible they might want to keep aspects of their life private, such as their intimate relationships online, political beliefs, and consumer habits. Digital surveillance is not just deployed to keep a moralistic check on internet users; it’s used to manipulate people online by tracking their behavior, which reports show can also happen after the user has shut off certain apps or systems.”
Related on The Swaddle:
The usage of Pegasus also shows the destruction of free speech in the hands of authoritarian leaders. There may be a sense of cynicism and a resignation to the government’s disdain for free speech, and it might even seem intuitive that the ruling government may have surveilled on its critics.
Three examples of misuse — from Mexico, Hungary, and Saudi Arabia — lay bare the severity of what this surveillance system can do, and the risk it poses to activists and journalists across the world. “The phone number of a freelance Mexican reporter, Cecilio Pineda Birto, was found in the list, apparently of interest to a Mexican client in the weeks leading up to his murder, when his killers were able to locate him at a carwash. His phone has never been found so no forensic analysis has been possible to establish whether it was infected,” the report explains.
Sushant Singh, one of the journalists who was found to be targeted by Pegasus spyware even this month, noted in The Wire: “It creates an environment of fear and intimidation for both the journalist and her sources, placing them at grave risk. Moreover, it vitiates the reporting environment for the community of journalists.”
The report also undoes the myth that innocent people are spared from spying. This also sparks concerns about the lack of digital rights in cyberspace and the need for surveillance reform.
“This matter has to be raised. It’s state surveillance. It is a very, very serious issue. It compromises the very system of constitutional democracy and the privacy of the citizens. The government cannot get away by saying that they have to verify and all. These are serious issues. Which are the agencies that got the malware? Which are the agencies which bought Pegasus? This is not something that the government can run away from,” Congress deputy leader in Rajya Sabha Anand Sharma told The Indian Express.
Experts have noted the need for reform in how we see surveillance measures. This is also different from a data privacy law that is currently in the pipeline by the ruling government; the latter will still help the government evade accountability, critics say.
For now, experts have raised demands for a transparent, judicial probe. There needs to be caution in how we process the findings — normalizing a structure of state surveillance that stomps on dissent and free speech, while slowly suffocating privacy online and offline, comes with a cost.