Facebook-owned WhatsApp confirmed that Indian journalists and human rights activists were under surveillance until May 2019 via Israeli spyware Pegasus. The Bombay High Court recently ruled that phone tapping by the government will be permitted only if it’s a public emergency or a public safety issue, upholding the Supreme Court’s 2017 right to privacy judgment and the 1997 tapping verdict.
ThePrint asks: WhatsApp surveillance: Are Supreme Court guidelines on tapping outdated & need strengthening?
Govts across the world exceed boundaries. Passing a law doesn’t make it a reality on ground
Abhijit Iyer Mitra
Senior fellow, Institute of Peace and Conflict Studies
When one is under surveillance, one feels violated. The feeling is not very different from being robbed, but we don’t acknowledge it as such. Why aren’t the people who were under surveillance telling us who they are? That is an equally important question to be asked.
India has never taken surveillance and privacy laws seriously. It is a larger systemic problem. We always focus on the micro and lose track of the macro. The only reason privacy and data security laws were introduced was that European data was being outsourced to countries that had such laws. It had nothing to do with actually protecting citizens of the country. There are no rules and regulations, and there is no accountability for the bureaucracy. This is what happens when the rule of law is a joke.
I’m not surprised that this has happened. The judiciary is meant to act as a controlling body. Governments all across the world always exceed their bounds. Passing a law doesn’t make it a reality on the ground. The fact of the matter is that there is no accountability when our privacy keeps getting violated. Privacy is a very European concept.
State-sponsored spyware goes against SC and Bombay HC judgments on unlawful interception
Prasanto K. Roy
Policy professional and tech writer
We now know that Pegasus, Israeli spyware for smartphones, was used to spy on Indian citizens before the 2019 Lok Sabha election.
Only governments have access to Pegasus, its Israeli creator NSO Group has said in the US court. So, were Indian citizens being spied by a foreign government? It’s unlikely, given the targets include journalists and human rights activists. This means it could only be an Indian agency, a proxy for a political party.
How easy is it for a state agency to spy on Indian citizens? Very. Two years after the Supreme Court declared privacy a fundamental right, India still has no privacy law: a draft bill may be tabled in Parliament this winter session.
Last week, the Bombay High Court in a case ruled against the government’s decision to tap a businessman’s phones, citing a 1997 Supreme Court ruling (PUCL vs Union of India) that phone conversations come under the purview of the right to privacy, under Article 21 of the Constitution.
In theory, state-sponsored spyware on our smartphones goes against the same SC and Bombay HC judgments on unlawful interception. But given the difficulty in proving the perpetrator’s identity, and the low chances of any real help from WhatsApp against the Indian State, very little would come of it.
What Indians urgently need is a strong privacy law, and a strong judiciary to enforce it. We will definitely not get the former, given the sweeping exemptions to state agencies likely in the law. And we are increasingly seeing fewer signs of the latter. Which leaves Indians particularly vulnerable to intrusions by the State, and perhaps worse, associated non-state and political actors.
WhatsApp’s revelation signals a need for urgent surveillance reform to protect citizens against the use of malware, spyware
Executive Director, Internet Freedom Foundation
According to Israel-based NSO Group, its clients for spyware “Pegasus” were only government agencies. Reports in Indian media have revealed that the targets include lawyers in the Bhima Koregaon case, Bela Bhatia and Anand Teltumbde. This raises some extremely disturbing questions about likely illegal hacking by unknown government agencies – or other actors operating in India – and suggests flagrant disregard for the rule of law and contempt for our fundamental right to privacy.
There is an urgent need for official disclosure on whether and how this spyware was used in India to hack some citizens. The government of India must issue an official statement providing complete information. It must also clarify which law empowers it to install such spyware. To the best of our understanding and knowledge, no such power exists in India’s lawbook, and the pre-existing surveillance powers available under the Indian Telegraph Act, 1885 and the Information Technology Act, 2000 do not permit the installation of spyware or hacking mobile devices. Hacking computer resources, including mobile phones and apps, is a criminal offence.
WhatsApp’s revelation signals a need for urgent surveillance reform to protect citizens against the use of malware, spyware, and the creation of vulnerabilities in technologies that offer privacy protection by design. Legislative measures must be introduced in Parliament to uphold the nine-judge bench decision of the Supreme Court of India recognizing privacy as a fundamental right. The use of legal or technical means to access data and intercept communications in India must be authorised only in emergency situations, under judicial control and oversight, and with other protections to safeguard citizens’ rights.
People with proof can challenge such govt action under Article 32 in SC and Article 226 in HCs
Advocate, Supreme Court and expert in cyberlaw
The WhatsApp incident tells us that existing guidelines are not adequate in India. Section 69 of the Information Technology Act talks about state interception under certain circumstances. Here, state agencies have purportedly colluded with WhatsApp. Justice Puttaswamy’s judgment strengthens the fact that our right to privacy is a fundamental right, and is part of our right to life under Article 21 of the Constitution.
We require more proactive guidelines for service providers giving government agencies access to information. The government needs to come up with specific guidelines under Section 79 of the IT Act for intermediaries and data repositories on how and in what manner, information on these platforms can be shared with government agencies.
If people have proof that this unauthorised interception has taken place, then they can challenge the government’s action under the writ jurisdiction of the Supreme Court under Article 32 and High Court under Article 226 of the Constitution of India.
This entire episode should act as a wake-up call for all users. We should not blindly trust any application and try to ensure that cybersecurity becomes an integral part of our lives. Due diligence will have to be the new mantra for all users if they want to protect themselves, their data and their privacy in the digital age.
Current Indian laws also sufficient to file case against WhatsApp snooping by Pegasus
Legal Correspondent, ThePrint
The government has been given the right to intercept telephones under Section 5(2) of the Indian Telegraph Act, 1885.
However, anyone who wants to tap phones is supposed to seek approval from the home ministry. In the permission application, particular reasons need to be mentioned. Additionally, the need for interception of the telephone must be proved. Every agency fills out an authorisation slip before placing a telephone under surveillance. The home secretary of the particular state signs it when it has to do with state matters. The Supreme Court has upheld privacy as a fundamental right. Intercepting a telephone of an individual without any intimation also infringes on their right to privacy and amounts to a violation of fundamental rights.
All the academics and activists who have been at the receiving end of this unauthorised spying by Israeli software Pegasus have a legitimate case of their fundamental right to life being violated.
The aggrieved can immediately file a complaint with the National Human Rights Commission. An FIR against unauthorised tapping can also be lodged. The aggrieved person can also move the court against the person/firm under Section 26 (b) of the Indian Telegraph Act.
The Telegraph Act also has certain safeguards against such incidents. Section 25 of the Act states that if any person intends to intercept or make themselves acquainted with any message and tampers with any device with that motive in mind shall be punished with imprisonment, which may extend up to three years, or fine, or both.
Although it’s true that laws need to be reformed, current laws are also sufficient to ensure the culprit is punished.
By Taran Deol, journalist at ThePrint