EDITORIAL ANALYSIS    Drop the phone checking, draft surveillance curbing orders

Source: The Hindu

 

• Prelims: Pegasus, linkage of organised crimes with terrorism, Right to privacy etc
• Mains GS Paper III: Linkage of organised crimes with terrorism, implications of Pegasus on security etc

ARTICLE HIGHLIGHTS

• The Pegasus case (of allegations that the ‘personal communication devices of a range of people in India, including journalists, civil society activists and politicians were targeted illegally using the Israeli-made spyware’).
• The hope in the Supreme Court of India (which had appointed a committee to probe the allegations) that the probe outcome would be decisive have now been deflated.

 

INSIGHTS ON THE ISSUE

Context

Pegasus:

 

      

• It is a type of malicious software or malware classified as a spyware.
• It is designed to gain access to devices, without the knowledge of users, and gather personal information and relay it back to whoever it is that is using the software to spy.
• Pegasus has been developed by the Israeli firm NSO Group that was set up in 2010.
• The earliest version of Pegasus discovered, which was captured by researchers in 2016, infected phones through what is called spear-phishing – text messages or emails that trick a target into clicking on a malicious link.
• Zero-click” attacks: NSO’s attack capabilities have become more advanced. Pegasus infections can be achieved through so-called “zero-click” attacks, which do not require any interaction from the phone’s owner in order to succeed.

 

Different laws on surveillance around the world:

• Wiretap Act in the United States: The law prohibited private agencies from engaging in surveillance.
• Report on Privacy in Ireland(1997): It was released with its focus on private parties and it recommended the recognition of a new statutory tort.
• The Patriot Act 2001: Also known as Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 was enacted to counter international terrorism also required court approval.
• United States Foreign Intelligence Surveillance Court: It was established in 1978 when Congress enacted the Foreign Intelligence Surveillance Act (FISA).
• The New South Wales Law Reform Commission, 2005: It established the office of the privacy commissioner with inspectors to investigate complaints.
• No secret rules: United Nations contributed to the development of a legal framework evolving the “no secret” rules.
• The European Court of Human Rights: Court warrants were required to obtain information, the intrusion was to be supervised by independent bodies.
• The Venice Commission Report, 2015: Independent control and oversight was necessary which included control over the executive, parliamentary oversight, judicial review and oversight of expert bodies.
• UN Good Practices:
  • Practice 6: Oversight Institutions includes the setting up of a civilian independent institution.
  • Practice 7: It empowers this institution to carry out an investigation and have unhindered access to information.
  • Practice 9: It empowers individuals to complain to a court.

 

Indian Case:

• Orders by police: In India, authorities authorize 9,000 interception orders every month, and these orders are not issued by courts but by police officers.
• Facial recognition technology: It has been found to be violative of human rights in several countries and is routinely resorted to in India, with hardly any protest.
  • The European Union and the United States stopped facial recognition.
• Planet Blue Coat: Mapping Global Censorship and Surveillance Tools report: The Citizen Lab, a digital surveillance research agency, published this report saying “Blue Coat devices are being used around the world. we found these appliances in India”.
  • A surveillance software called “FinFisher” has been found on servers in India.
• The UN General Assembly “Report of the Special Rapporteur” 2013: The Government of India is proposing to install a centralized monitoring system that will route all communications to the central government allowing security agencies to bypass the service provider.
• The Guardian: It published a news article placing India at fifth position among countries where the largest amount of intelligence was gathered.
• Delhi police tender(2017): Inviting technology companies to supply Internet monitoring equipment.
• The Surveillance Industry in India: published by the Center for Internet and Society, which describes the activities of ClearTrail technologies (an Indian company) and the company’s “mass monitoring, Deep Packet inspection”.

 

Judgements related to Surveillance:

• People’s Union for Civil Liberties (PUCL) vs Union of India case: Supreme Court said telephonic conversations are covered by the right to privacy, which can be breached only if there are established procedures.
• S. Puttaswamy vs Union of India verdict of 2017: the Supreme Court reiterated the need for oversight of surveillance, stating that it should be legally valid and serve a legitimate aim of the government.

 

Steps taken by India:

 

 

Response by other countries to Pegasus:

• Israel set up a senior inter-ministerial team: Team for investigation while the Foreign Minister said that the government would work to ensure that Pegasus did not fall into the wrong hands.
• France ordered a series of investigations: Within a day of the revelations; on September 25, 2021, its cybersecurity agency confirmed that the spyware had been used to target French citizens.
• The United States: It added NSO to its ‘Entity List for Malicious Cyber Activities’, which restricted the ability of U.S. companies to export goods or services to NSO.
• United Kingdom: The spyware company implemented a change to ensure that Pegasus could no longer target U.K. numbers after revelations, in 2021, that Dubai’s ruler had used the spyware to hack the phones of his wife.

 

Way Forward

• Justice B.N. Srikrishna Committee report: It stated that “much intelligence gathering does not happen under the remit of the law, there is little meaningful oversight and there is a vacuum in checks and balances to prevent the untrammeled rise of a surveillance society”.
• Protecting privacy: Considering the severity of the threat posed by these disclosures, and the credibility of the evidence which backs them, it is important to examine how each branch of the Indian state has responded, or failed to respond, in protecting the privacy of citizens.
• Preventing unlawful surveillance: The Supreme Court of India could do well to follow the extensive precedents developed abroad and enable binding orders that severely curtail the unlawful surveillance going on in India by the Government and private parties alike.
• Prevent indiscriminate monitoring: An overhaul of surveillance laws is necessary to prevent the indiscriminate monitoring of people and entities by the state and private actors.
• Independent oversight provisions: The Information Technology Act, 2000 and the Indian Telegraph Act 1885 which empower the Government to surveil, concentrate surveillance powers in the hands of the executive, and do not contain any independent oversight provisions, judicial or parliamentary.
  • These legislations are from an era before spyware such as Pegasus were developed, and, thus, do not respond to the modern-day surveillance industry.
• Surveillance reforms: In the absence of immediate and far-reaching surveillance reform, and urgent redress to those who approach authorities against unlawful surveillance, the right to privacy may soon become obsolete.

 

QUESTION FOR PRACTICE

1. Discuss different types of Cybercrimes and measures required to be taken to fight the menace.(UPSC 2020)

(200 WORDS, 10 MARKS)

1. What is the CyberDome Project? Explain how it can be useful in controlling internet crimes in India.(UPSC 2019)

(200 WORDS, 10 MARKS)

1. With unchecked surveillance by governments and private parties, the top court must be guided by overseas precedents. Discuss.

(200 WORDS, 10 MARKS)