In a very crucial hearing before the Supreme Court today, August 5, the Chief Justice of India, NV Ramana, led Bench directed all parties to serve copies of their respective petitions to the central government. CJI Ramana clarified that the hearing cannot continue without the presence of the central government, and posted the matter for August 10. The Bench also consisting of Justice Surya Kant observed that the Pegasus allegations are “serious” if news reports regarding the same are true.
A total of 9 petitions have been filed in the Supreme Court regarding the Pegasus scandal. Five journalists, who have allegedly been directly targeted through Pegasus, namely Paranjoy Guha Thakurta, S.N.M. Abdi, Prem Shankar Jha, Rupesh Kumar Singh and Ipsa Shataksi, approached the Supreme Court a few days ago for relief. They have contended that they have been directly subjected to “deeply intrusive surveillance” and a forensic examination done by Amnesty International on their mobile phones have revealed interference.
Their petition explains how the Pegasus spyware can be installed on a target’s mobile device to mine or plant data, without their knowledge, consent, or any action on their part. It also states that there is also no way short of a detailed forensic analysis by a highly skilled lab for an affected citizen to even know if their phone has been infected and compromised by the Pegasus malware.
The plea explains that after infiltration and installation, the malware takes control of the target’s phone and can then collect data, view contact lists, messages, and internet browsing history, intercept communications, remotely control peripherals such as turning on the phone’s camera and microphone, use GPS functions to track a target’s location and movements, track SMSs, emails, WhatsApp chats, calendar, contacts book, photos and videos etc.
The petition also submits that the Pegasus spyware is constantly evolving, and, therefore, the version of the Spyware detected on approximately 1,400 phones in 2019, and 50,000 phones in 2021, was more complicated and dangerous than the one identified in 2016. This is because, from 2018 onwards, Pegasus used the “zero-click” method, as found by Amnesty International Security’s Lab in its report dated August 8, 2021.
The writ petition reads, “The zero-click method uses a remote cyber-attack which does not require any interaction from the target. Simply put, a device can be attacked without needing the target to click on a malicious link. This is done by successfully exploiting vulnerabilities in the software and hardware of the phone. Once the attacker has found a vulnerability that they can exploit, they craft special data — such as a hidden text message or image file, to inject code in the target’s device. This compromises the device.”
Their plea also refers to the past responses of the Government with regards to surveillance. It mentions the statement made by the then Minister of Electronics and Information Technology (MEITy), Ravi Shankar Prasad, who had made an elaborate statement without categorically addressing the issue of surveillance using Pegasus. Instead of categorically confirming or denying the allegations or providing a concrete response to these questions of using Pegasus on Indians, the Minister at the time spoke about the successful digital ecosystem of the country, permissible restrictions on privacy, and India’s legal framework of surveillance.
The plea states that he had also told the House, “Government is required to balance the competing interests of privacy and national security and that whenever the Government or its agencies which are authorized – I repeat it – if they have to do so for the safety and security of India, they do so only as per the Standard Operating Procedure.” He insisted that the Government engages in “authorized surveillance” only.
The petition states that since hacking using a military-grade technology on a smartphone, which falls within the definitions of ‘computer’ and ‘computer system’ as under Section 2 of the IT Act, is ex facie illegal and violates the Information Technology Act, as it involves accessing a computer/computer system by introducing a ‘contaminant’ or ‘virus’; damaging the device and extracting data without permission of the owner of the device, thorough investigation is required. “Pegasus therefore is a ‘computer virus’ and a ‘computer contaminant’ as under the IT Act since it is designed to attach itself to a targeted device, and then modify, record and transmit data from the targeted devices”, reads the petition.
The journalists have also stated that Pegasus cannot be classified as a “form of legitimate or authorised surveillance” permitted under Section 69 of the IT Act or even Section 5 of the Telegraph Act, read with the relevant Rules, “as it goes much beyond the mere interception, monitoring, or decryption of messages. It falls entirely beyond the, arguably unconstitutional, existing regime of lawful surveillance and does not even offer the limited safeguards afforded therein to aggrieved persons.”
It also states that the central government has failed to unequivocally refuse the assertions that it did not enter into contracts for purchase of Pegasus spyware or otherwise sanction its use, and therefore it is reasonable to assume that the hacking was the result of actions traceable to public servants, and it is incumbent upon the government to furnish information to identify the source of what it claims was an illegal executive action.
The petitioners have stated that this illegal surveillance has a chilling effect on their fundamental rights under Article 21 of the Constitution and “casts an even darker and nearly indelible shadow of intrusion upon persons and renders the enjoyment of their fundamental rights impossible by aggrieved persons.”
Thus, they have requested the court to declare the installation and/or use of malware or spyware such as Pegasus is illegal, and issue a direction, directing the government to produce and disclose to the court and the petitioners all materials and documents with respect to all investigation, authorisation, and/or order(s) pertaining to the use of Pegasus.
Editors Guild of India’s PIL
The Editors Guild of India (EGI), on the other hand, has sought for a Special Investigation Team (SIT) investigation into the alleged spying of around 300 Indians including many incumbent and former ministers, a Supreme Court judge, journalists, lawyers, human rights activists and others.
Their plea has requested the court to direct the Centre to produce all orders that it allegedly issued authorising the interception, monitoring and decryption of electronic communication devices of the Indian citizens under the relevant law and rules. It has also asked for the Union to disclose if they procured license, or use the spyware Pegasus from NSO Group or its group companies and/or affiliates on Indian citizens.
The PIL also seeks from the court to, “Direct the Union of India to disclose the details of how many of the Indian Citizens who have been under electronic surveillance, hacking, or otherwise spied on, were charged with indulging in serious crime.” Alleging that Pegasus by its very design, can never pass the tests of necessity and proportionality, EGI’s PIL states that the privacy of the citizens of the country has been infringed and the Union of India has in reality, failed to act to safeguard this fundamental right.
The plea also points out that in the absence of parliamentary or judicial oversight, electronic surveillance gives the executive government the power to influence the subject of surveillance as well as all classes of persons, and that there is a severe threat to public safety at the very least, and potential threat to national security. The plea also reads, “hacking and electronic surveillance through spyware cannot be a suitable means for furthering any legitimate goal of the state in public safety or national security.”
Besides the aggrieved journalists and EGI, veteran journalists N Ram and Sashi Kumar had also filed a PIL before the Apex Court last week. John Brittas, a Rajya Sabha member too, moved the top court seeking a court monitored probe into the surveillance allegations. SabrangIndia has filed a detailed report on the contents of their petitions that may be read here.
Two PILs have also been filed by Jagdeep S Chhokar, Narendra Mishra and Advocate ML Sharma.
Pegasus Snoopgate: RS MP, Journalists move SC for court monitored probe
Pegasus Project: 5 targeted journalists move SC, say have been subject to intrusive hacking
India’s Deep State: Is any citizen safe?