As we are halfway through the year 2021, the year we thought would put an end to the miseries of the new normal, we find ourselves helplessly staring at what might be history's scariest snooping scandals, allegedly resulting in a streak of state-sponsored abductions, murders, and muzzling of dissent. Imagine having an uninvited guest at every meeting you attend, a stranger listening to everything you say, or a spy who could read every message you type. This is Pegasus, in essence. As individuals embrace encrypted technology to address privacy concerns, an Israeli organization has invented a new surveillance vice - spyware which can take over a device undetected, enabling the spy to read our texts, record our conversations and even switch on our camera or voice recorder.

The NSO Group and the Spyware

A global collaborative project called the Pegasus Project, involving a group of media houses, has brought out certain key facts about this spyware which has raised eyebrows across the globe. NSO, like many not-so-creative business enterprise names, happens to be the abbreviation of three of its founders Niv Carmi, Omri Lavie, and Shalev Hulio, and was founded in 2010. The NSO Group, which sells their spyware product named Pegasus, asserts that the said software is a solution to “collect data from the mobile devices of specific individuals, suspected to be involved in serious crime and terror.” The Guardian reports that an organization popped up from an idea enabling phone companies to take remote control over phones to fix tech issues. However, the idea eventually grew into a surveillance tool that is sold to governments. In August 2016, award-winning UAE activist Ahmed Mansoor was targeted with NSO Group's Pegasus spyware in the form of a text message with a link that would reach a website identified as suspicious by Citizenlab, giving a certain amount of conclusive evidence to their investigation since this was the first NSO infection they identified. The NSO tries to provide an impression that Pegasus could have been useful in tracking and avoiding terror attacks of the sorts of 9/11. However, the information brought out by few major media entities seems to suggest otherwise since targeted individuals include dissidents and human rights activists. In India, key individuals from opposition parties, human rights activists, journalists, and the like are the ones observed to have been targeted.

The NSO Group develops, markets, and licenses to governments worldwide by the Israeli company NSO Group. The earliest traces of the spyware were identified in 2016, where phishing was used to get access into phones by luring targets to click on a malicious link. Later on, in 2019, WhatsApp had identified how software by NSO had been used to send malware to more than 1,400 phones by exploiting the vulnerability. No form of preliminary examinations or malware detection software can identify the presence of Pegasus on an infected phone.

Furthermore, it was also found that now the software could gain access to a target's phone without requiring any action from the user. Once installed, the spyware could take complete control over the device and harvest any amount of data, reports The Guardian. Forbidden Stories Consortium and Amnesty International have had access to information on affected users since 2016. Forbidden Stories states that "The leaked data showed that at least 180 journalists had been selected as targets in countries like India, Mexico, Hungary, Morocco, and France, among others. Potential targets also include human rights defenders, academics, business people, lawyers, doctors, union leaders, diplomats, politicians, and several heads of states." Although the NSO Group denies these allegations, these data on affected phone numbers, brought out by Forbidden Stories, The Guardian, Amnesty International, and other media outlets, are true. We are pacing forward to an Orwellian state of affairs far worse than even 1984 imagined.

Uproar for Investigation in India

Pegasus infections in India have been particularly susceptible to suspicion since the targets included major dissenting forces to the ruling alliance in India, the NDA. For instance, it was found that the leader of the largest opposition party, Mr. Rahul Gandhi, was subjected to a Pegasus infection.

The Wire reports that phone numbers of over 40 Indian journalists appear on a leaked list of potential targets for surveillance and that forensic tests have confirmed that some of them were successfully snooped upon. Key members of opposition and persons linked to the same, including Rahul Gandhi, former election commissioner Ashok Lavasa, Prashant Kishor, and Mamata Banerjee's nephew Abhishek Banerjee, allegedly have been attacked by Pegasus spyware. The Central Government in India seems to have dismissed claims of illegal surveillance and calls for an investigation. There has been a huge uproar for an investigation on the same. Subramanian Swamy, an MP of the ruling alliance, too has called for the government to come clean on this matter with a tweet.

"It is quite clear that Pegasus Spyware is a commercial company which works on paid contracts. So the inevitable question arises on who paid them for the Indian "operation." If it is not Govt of India, then who? It is the Modi government's duty to tell the people of India."

— Subramanian Swamy (@Swamy39) July 19, 2021

Pegasus Infections and the Serious Human Right Challenges

This spyware or, if reality turns out to be scarier, this class of spyware poses greater threats to human rights than any other similar products since this involves a no-click entry into the targeted devices, as per reports. Furthermore, if the said spyware is used by governments against their own citizens, as widely alleged, the range of violations expand to a greater extent, essentially resulting in the possibility of governments using taxpayers money to infringe upon the fundamental right to privacy of citizens; the cost of the spyware goes into hundreds of thousands of dollars, excluding the annual system maintenance fee of 17% of the total cost of the program. Furthermore, the reports suggest that the surveillance tool has been linked to murders of journalists and individuals who choose to dissent across nations under the radar for the use of the software.

In India, allegations of the Government using the tool against its own citizenry have been adopted by major opposition parties, even accusing the Prime Minister of Treason. The Indian National Congress, the biggest opposition party in the Indian Parliament, has been vehemently demanding an investigation in vain. The identities of the individuals who were allegedly attacked, including journalists, members of the opposition, and Ashok Lavasa, the former election commissioner of India, who had faulted Modi for violations of the model code of conduct before the 2019 election, seems to have raised eyebrows in all the opposition camps in India, against the ruling Government. The opposition alleges that the root of democracy in India has been attacked.

Bottom Line

“The government is as much responsible for the surveillance of the phone as it is for Pegasus spyware and for the security of personal privacy that is being questioned across the country. This is an inconsistency under the Information Security Act.”

Says Justice B N Srikrishna, former judge of the Indian Supreme Court.

The UN Human Rights Chief has termed these intrusions as extremely alarming. The alleged links to attacks, murders, abductions, and such serious Human Rights violations make us tend to agree. Better regulation of products that could be misused for illegal surveillance and "Human Rights Due Diligence by developer corporations to assess the possibilities of their technological products snowballing into misuse by authoritarian regimes to muzzle protests seem to be the need of the hour.