Threat to privacy of civic space

Government of India seems concerned at the breach of privacy of citizens of India on the messaging platform WhatsApp. India is WhatsApp’s biggest market with 400 million users and according to reports, 121 Indians were targets of a massive snoop through a spyware that broke into phones through ‘WhatsApp’. The social networking app has admitted that Indian journalists, lawyers and human rights activists were among those globally spied upon by unnamed entities using an Israeli spyware Pegasus.

How the spyware works?

The spyware Pegasus gets into the user’s phone when the person gets a video call. As the phone rings, the attacker transmits a malicious code and the spyware is installed even if the user does not answer the call at all. By taking over the phone’s systems, the attacker gets access to the user’s WhatsApp messages and calls, regular voice calls, passwords, contact lists, calendar events, phone’s microphone and camera. It can even turn on the camera and mike to track and hear what is happening around the user.

Response from FB & WA

In a statement, the Face-Book-owned company has said it had “worked quickly to resolve the issue” after sending the first alert to the Indian authorities in May and also in the last week of September this year. Both the alerts were reportedly sent to the Computer Emergency Response Team (CERT-In), a department under the Ministry of Electronics and Information Technology.

In the meantime, WhatsApp has also filed a complaint in a U.S. court attributing the intrusion to NSO Group, an Israeli technology firm, which claims on its website that its products are used “exclusively” by government intelligence and law enforcement agencies “to fight crime and terror.”

WhatsApp has found that a total of 1,400 mobile numbers and devices over 20 countries were impacted globally. These included attorneys, journalists, human rights activists, political dissidents, diplomats, and other senior foreign government officials.

Indian Government’s response

India’s Information Technology Minister Ravi Shankar Prasad has said that government agencies have a well-established protocol for interception, which includes sanction and supervision from highly ranked officials in Central and State governments, for clearly stated reasons in national interest.

However, there appears to be no acceptance or denial whether any government agency in India has sought NSO’s services.

Petition in Supreme Court

A criminal petition has been filed in the Supreme Court of India by K. N. Govindacharya, founder of Rashtriya Swabhimaan Aandolan and former Rashtriya Swayamsevak Sangh (RSS) ideologue against WhatsApp along with its parent firm (Face-book) and the Government of India has also been made a party.

While the petition seeks an investigation by the National Investigation Agency (NIA) against WhatsApp and Face-book along with accusing the messaging application of misleading the government on its encryption security standards, it has also sought a prayer to the Supreme Court to direct the government to stop any surveillance through Pegasus or similar applications.

Information sought under RTI

Meanwhile, activist Saurav Das, who is a part of the ‘National Campaign for People’s Right to Information’ and who had earlier filed a Right to Information (RTI) application regarding Pegasus with the Union Home Ministry (MHA) on October 23 2019, and subsequently been told that it does not have any information on Pegasus, has now filed an appeal with the appellate authority in connection with the first response he received from MHA.

He has also filed six fresh RTIs with the IT ministry, CBI, Enforcement Directorate, NIA, Intelligence Bureau and the department of telecommunications.

Threat to privacy of civic space

Civic spaces are the digital and real-life settings where people formulate ideas, discuss them with like-minded people and groups, raise dissenting views, consider possible reforms, expose bias and corruption, and organize to advocate for political, economic, social, environmental, and cultural change.

Civic spaces include public streets, squares, and parks, as well as digital sphere including the Internet, messaging apps, and social media platforms. However, police and intelligence agencies can extract information on a widespread scale from these civic spaces, and then create granular, searchable archives of the people who participate in them.

What’s worse, these agencies are capable of conducting generalized, invisible, real-time surveillance of civic spaces, from a distance, without people knowing or consenting.

The current unregulated uses of surveillance technologies in civic spaces violate peoples’ right to privacy and can hinder their ability to freely communicate, organize and associate with others.

Right to privacy

Privacy creates spaces for people to develop and debate ideas and exercise these rights and freedoms. In private spaces, members of minority groups who may fear discrimination or harassment on the basis of their ethnicity, race, religion, sexual orientation, or gender identity can be empowered to express their opinions and cooperate to advance objectives that may be overlooked by majority groups.

The right to privacy is a fundamental right and one of the freedoms of democratic societies, including: the right to equal participation in political and public affairs, and the freedoms of opinion, expression, peaceful assembly, and association.

Surveillance agencies should be accountable to the public

The use of Pegasus spyware by powerful agents to spy on Indian activists was not a surprise to many of the country’s human rights activists and members of civil society. 

What is more important is the intent behind the surveillance and the processes that are deployed. As Srinivas Kodali rightly states in ‘The Wire’: “All surveillance enterprises operate in secret and until the veils of secrecy are lifted, it will be hard to make them accountable to the public. Any future law that aims to regulate mass or targeted surveillance cannot work or be implemented effectively until we know the methods of snooping that are being carried out. The main issue therefore is not how the NSO Group’s spyware operates, but rather how powerful actors within and outside India procures and uses these systems.”