Pegasus Spyware: Law of Surveillance in India

Introduction :

The right to privacy is in danger nowadays as technological advances are taking place. Any kind of surveillance on an individual unlawfully definitely breaches the right to privacy and confidentiality. The ongoing issue of Pegasus spyware is one of the electronic surveillance targeted on the public personalities. Pegasus spyware is Israeli-based spyware developed by NSO group which is used to put surveillance on eminent public figures that work zero-click vulnerability. It means spyware gets automatically installed through water without the knowledge of the user. Recently global collaborate to intelligence project reported that in India, around 300 people were targeted including MP’s, Union ministers, and several journalists. So it is important to examine the legal provisions connected with this issue.

Law regulating Interception of Communication:

In India, there are two laws that regulate the interception of communication they are the Indian telegraph Act 1885 and the Information technology Act 2000. Any unlawful form of surveillance attracts the provisions of both Acts. The information technology Act has undergone many amendments with the changing time. Any type of unlawful interception of electronic communications is considered a criminal offense under this Act.

Provisions under Indian Telegraph Act, 1885:

Indian Telegraph Act, 1885 is one of the British enactment which has been formulated to control and regulate the telegraphs across the territory by the Governments. Under this Act, any attempt to intercept telegraph devices or obstructing communication by destroying telegraphs is a punishable offense. The Act is still in force and it also regulates the act of surveillance and interception of communication.

Section 5 (1) of the telegraphic Act, grants power to the Central or State Government or any officer appointed by this act can take possession of telegraph or it can order for the interception of the message in the case of public emergency or safety. 

Section 5 (2) of the telegraphic Act, specifies that the Central or State Government or any officer authorized under this act is given the power to intercept communication provided that it is in the interest of a public or public emergency or any ground specified under the article 19 (2) of Indian Constitution.

In the case of Justice K. S. Puttaswamy (Retd.) and Anr. vs Union Of India And Ors (2017), the supreme court held that ‘Right to privacy is a basic fundamental right of a citizen and it is protected under the Constitution in Article 14,19 and 21’.

Justice Chandrachud. J pointed out that: “Dignity cannot exist without privacy.  Both reside within the inalienable values of life, liberty, and freedom which the Constitution has recognized. Privacy is the ultimate expression of the sanctity of the individual.  It is a constitutional value which straddles across the spectrum of fundamental rights and protects for the individual a zone of choice and self-determination”

To make the government accountable in the case of PUCL.V. Union of India(1997),the supreme court granted some of the regulations to be followed by the government as to intercept communication for public emergency and safety, such as :

6. The authority which issued the order shall maintain the following records:

1. the intercepted communications,
2. the extent to which the material is disclosed,
3. the number of persons, and their identity to whom any of the material is disclosed.
4. the extent to which the material is copied and
5. the number of copies made of any of the material.

From the judgment of the PUCL case, the guidelines were codified in Rule 419(A) of the Indian Telegraph Rules, 1951 in 2007. As per Rule 419(A), a direction for interception under Section 5(2) of Indian Telegraph Act 1885.

Section 25 of the telegraphic Act prohibits or criminalizes any act of intercepting the contents of any message or obstructs the transmission or delivery of messages or intentionally damages telegraph is punishable with 3 years imprisonment or fine or both.

Hence hacking and tampering with phone calls and communication is considered a punishable offense. Under this Act, the interception of communication of journalists is exempted to ensure freedom of the press. So illegal phone tapping or interception of devices without the consent of the user is considered a punishable criminal offense.

Provisions under Information technology Act, 2000:

Information technology Act, 2000 deals with the intersection of the electronic communication section 69 of Information technology Act and Information technology (procedure for safeguarding for the interception, monitoring and Decryption of Information rules, 2009 price specific procedure to intercept electronic communication by the content it takes on illegal intersection of electronic communication.

Under this act section, 69 provides that electronic interception can only be done for investigation procedures.  The central or the state government with the permission of the secretary of home affairs of the central government all state governments or union territories can issue directions to put surveillance on communication.

In 2018, the Ministry of Home Affairs issued a notification based on rule 4 of Information technology (procedure for safeguarding for the interception, monitoring and Decryption of Information rules, 2009 by this it granted the power to central investigation agencies to intercept communication for investigation purposes. These authorities include :

1. Intelligence Bureau;
2. Narcotics Control Bureau;
3. Enforcement Directorate;
4. Cabinet Secretariat(RAW);
5. Central Board of Direct Taxes;
6. Central Bureau of Investigation;
7. Directorate of Signal Intelligence (for service areas of Jammu and Kashmir, North East and Assam only);
8. National Investigation Agency;
9. Directorate of Revenue intelligence;
10. Directorate of Signal Intelligence (for service areas of Jammu and Kashmir, North East and Assam only);
11. Commissioner of Police, Delhi.

All these authorities are granted with the power to intercept communication provided that the consent of the Home ministry is necessary as to keep proper record and data about the manner of interception, purpose, time period up to which the interception is carried out must be specified for legal interception of communications for the investigation purposes. 

Challenges to face:

There are many challenges that must be addressed in the present world of cyberspace and security. The Pegasus like spyware created few challenging issues to be addressed by the government and judiciary such as :

  1) The privacy of an individual must be protected from zero vulnerability spyware and malware.

2) Many people are unaware of malware and spyware. So they may be targeted through electronic mediums and thereby breaching privacy.

3)  Misuse of apps and software may take place by criminals and anti-nationals if such electronic software becomes a handy tool to such individuals.

4) Since Pegasus Spywares gets installed itself with the knowledge of a person or by zero-clicking, the attacker can easily track such person and get videos, audios, or even files. So there will be no confidentiality and the privacy of a person can easily be infringed.

5) Data security protection and security for the messages or communication must be strictly ensured otherwise third parties can access our data very easily.

Suggestions:

There are a few precautions and steps which must be taken by the people along with the Government to ensure the protection of privacy from cyber attackers. Some of the suggestions include:

1) The Government must take strict investigation about Cyber attacks and illegal surveillance through various soft wares and apps. It should put a ban on such apps which breach the privacy of an individual and regulate such methods by Information technology laws.

2) There is a need to create awareness among the people regarding such harmful soft wares and apps from being victimized through suspicious links via WhatsApp, email, etc. The people need to take care of facts.

3) The Government must take action against spyware that works on zero-click vulnerability. This type of software has a tendency to breach the privacy of the targeted person even though there is no action by such person.

4) These soft wares can be used by criminals for committing serious crimes. So the government has to take strict measures to avoid such circumstances and to protect the privacy of the citizens.

Conclusion:

The Privacy of the individual must be protected from illegal and unethical surveillance by reforming the existing laws and making them more stringent by laying down definite procedures for legal interception. There is also a need to investigate the matters where the privacy of an individual is getting compromised by the policies of apps, soft wares, etc. The ongoing problems must be addressed correctly and effectively by making some changes in the legislation in order to protect the confidentiality of data by illegal hacking and surveillance.