Statement: Scary disclosures on use of NSO spyware in India signal a need for urgent reform

News reports have revealed the targeting of lawyers, journalists and activists in India through NSO's illegal spyware, Pegasus. While these revelations have left many of us shaken, we must demand transparency from the govt and push for surveillance reform in parliament and courts.

31 October, 2019
2 min read

Today, the Indian Express broke a story about how spyware developed by an Israeli cyber-intelligence firm, NSO Group was used on dalit activists, journalists and lawyers in India. The spyware, “Pegasus” would be installed through a missed call on Whatsapp after which an attacker would gain complete access to a smartphone. As per the NSO Group, “Pegasus” was only sold to government clients. Subsequent reports by Huffington Post and News Laundry have revealed that the targets include lawyers in the Bhima Koregaon case, Bela Bhatia and Anand Teltumbde. This raises some extremely disturbing questions about likely illegal hacking by unknown government agencies- or other actors operating in India- and suggests flagrant disregard for the rule of law and contempt for our fundamental right to privacy.

There is an urgent need for official disclosure on whether and how this spyware was used in India to hack our citizens. The Government of India must issue an official public statement providing complete information. The Government must also clarify which law empowers it to install such spyware. To the best of our understanding and knowledge, no such power exists under Indian law, and the pre-existing surveillance powers available under the Telegraph Act, 1885 and the Information Technology Act, 2000 do not permit the installation of spyware or hacking mobile devices. Hacking of computer resources, including mobile phones and apps, is in fact a criminal offence under the Information Technology Act, 2000.

This expose signals a need for urgent surveillance reform to protect citizens against the use of malware, spyware and creation of vulnerabilities in technologies which offer privacy protection by design. We call on the Government to stand by democratic commitments and reject the use of spyware in their pursuit of social objectives of policing and security. Legislative measures must be introduced in Parliament to uphold the 9 judge bench decision of the Supreme Court of India recognizing privacy as a fundamental right. The use of legal or technical means to access data and intercept communications in India must be authorised only in emergency situations, under judicial control and oversight, and with other protections to safeguard our citizens.

Over the next few weeks, we at IFF will attempt to reach out to any victims of illegal surveillance in India and we will make every attempt to ensure that they can access the legal system to seek redress. We will also examine avenues for further engagement with all branches of government - legislative, executive and judicial- to advance our ongoing work on surveillance reform.  

In addition to seeking transparency through full disclosure, we hope to work towards solutions to ensure that something like this never happens again. We will continue our public advocacy through the SaveOurPrivacy Campaign which seeks to put forth a model draft law that provides for judicial oversight and parliamentary controls in the surveillance process. In July, a revised version of this model draft law was introduced in Parliament as a private member’s bill by Dr. Ravikumar as the Personal Data and Information Privacy Code Bill, 2019 which if enacted may help prevent such a recurrence.

If you have been affected by this breach, we are here to help and please feel free to reach out to us at [email protected].

Important Documents:

  1. Personal Data and Information Privacy Code Bill, 2019 introduced in Parliament (link)
  2. IFF’s Surveillance Reform PIL (W.P. Civil No. 44 of 2019) (link)
  3. Save Our Privacy Campaign (link)

Subscribe to our newsletter, and don't miss out on our latest updates.

Similar Posts

1
We will not be tracked! Indian Railways’ plans to introduce FRT surveillance in train coaches is a big departure from the right to privacy

Indian Railways has floated a tender for the installation of 3.3 lakh FRT-enabled CCTV cameras in train coaches which will be used alongside face-matching servers to surveil and identify passengers and ‘curb crime’. We write to authorities pushing back against this massive privacy violation.

10 min read

2
Correspondence over comments & consent: MIB’s pursuit of permission for releasing comments on the Broadcasting Bill

We wrote to the MIB asking them to proactively make the responses received on the Broadcasting Bill public. MIB also wrote to us and other participants of the consultation process seeking permission to share their comments with RTI applicants requesting it.

2 min read

3
IFF presents: A Know-Your-Rights information leaflet and merchandise on Digi Yatra #RejectDigiYatra

You asked, we delivered! In collaboration with several artists, IFF presents an all-you-should-know leaflet and a special line of merchandise on Digi Yatra that you can flaunt when catching your next flight.

3 min read

Donate to IFF

Help IFF scale up by making a donation for digital rights. Really, when it comes to free speech online, digital privacy, net neutrality and innovation — we got your back!