We ask the Committee on IT to let those targeted by Pegasus be heard!

We ask the Standing Committee to invite those affected by Pegasus to provide testimonials.

21 November, 2019
3 min read

Tl;Dr

Much like our representation to the Standing Committee on Home Affairs, we sent across a few concerns on the Pegasus Spyware incident to the Standing Committee on IT that we thought needed addressing at their meeting on November 20, 2019. Our primary ask has been that the Committee invite those affected by the hacking to provide testimonials!

Some background

If you haven't caught up with the ongoings of India's recent cyber-security incident, here's a statement we put out on the issue in case you need a bit of catching up to do (Read here for more).  In brief, relying on spyware supplied by an Israeli cyber-intelligence firm, which was installed through a missed call on Whatsapp after which an attacker would gain complete access to a smartphone, individuals in India were found to have been targetted.

Specific asks of the Committee

Our representation covered the lack of legality, the violation of privacy and the unavailability to remedy, as we did with the Committee on Home Affairs. However, the most significant of the asks we made of the Committee lies in the request that the victims of the hacking be given the stage to provide testimonials before the Committees. A number of these individuals have even put out a statement asking the Government to reveal information on the issue (Read here for more) and have even expressed willingness to depose before the Committee (Read here for more). It is important that these first hand human experiences be provided to fully demonstrate the patently criminal surveillance they have been subjected to.

In light of all of this, here's an interesting titbit, Isreali law requires that an export permit is granted for the sale of this software (there's a whole licensing process), therefore, the software supplied by the NSO Group is regulated under this. So, we thought it was important for the Committee to consider inviting the Israeli government to appear before the them to shed some light. Further, in Facebook's civil complaint in the California Court, an annexure of a contract between the NSO Group and Ghana indicates that the 'System Provider' which is the NSO Group  shall receive a certificate which would also contain the identity of the 'end user'. This would be particularly interesting information to happen upon in order to establish identity in the attacks in India.

Looking at the bigger picture, we did touch upon broader concerns of India cyber-security with these suggestions for consideration.

  • Need for updation: India’s National Cybersecurity Policy has not seen any amendments since 2013 and while the new National Cybersecurity Coordinator has indicated that his office is seeking to ensure India has a new Cybersecurity Strategy in 2020, Parliament must act to ensure that this is openly consulted on, drawing on inputs from security researchers and other Indians who can provide their expertise to ensure a stronger National Cybersecurity Strategy that has widespread public support and awareness.
  • Lack of guidance: The time for a permanent advisory body is now more than ever. There is need for continuous counsel on matters of advancing technology and we have encouraged the Committee to ask the Government on how it can form a standing Digital Security Advisory body with stakeholders beyond civil servants, particularly as existing statutory bodies such as the Cyber Regulation Advisory Committee - mandated by the Information Technology Act - appear to be dormant.

While the heat of these events begins to fade, we hope that the Committee considers our suggestions to ensure it is made fully aware of the incident and its hit to India's cybersecurity.

Important Documents:

  1. Representation to the Parliamentary Standing Committee on Information Technology dated 20.11.2019 [link]
  2. Statement on the Pegasus Spyware hack [link]

We're fighting for surveillance reform in India! Become an IFF member today!

Subscribe to our newsletter, and don't miss out on our latest updates.

Similar Posts

1
#FreeAndFair: Launching IFF’s Election Website

As the country gears up for the 2024 Lok Sabha elections, we watch every technological development that may affect electoral integrity. Visit the IFF election website freeandfair.in to read about IFF’s actions and efforts. 

5 min read

2
Your personal data, their political campaign? Beneficiary politics and the lack of law

As the 2024 elections inch closer, we look into how political parties can access personal data of welfare scheme beneficiaries and other potential voters through indirect and often illicit means, to create voter profiles for targeted campaigning, and what the law has to say about it.

6 min read

3
Press Release: Civil society organisations express urgent concerns over the integrity of the 2024 general elections to the Lok Sabha

11 civil society organisations wrote to the ECI, highlighting the role of technology in affecting electoral outcomes. The letter includes an urgent appeal to the ECI to uphold the integrity of the upcoming elections and hold political actors and digital platforms accountable to the voters. 

2 min read

Donate to IFF

Help IFF scale up by making a donation for digital rights. Really, when it comes to free speech online, digital privacy, net neutrality and innovation — we got your back!