Central Idea

Several prominent opposition leaders recently reported receiving “threat notifications” from Apple regarding a potential state-sponsored spyware attack on their iPhones.
This incident has drawn parallels with the Pegasus Spyware Case, which targeted individuals globally, including in India.

About Pegasus Spyware

Functionality: Pegasus, like its name suggests, is a spyware designed to surveil individuals through their smartphones.
Covert Installation: It infiltrates a target’s device by enticing them to click on an exploit link, installing the malware without their knowledge or consent.
Comprehensive Access: Once installed, Pegasus grants the attacker complete control over the victim’s phone, enabling eavesdropping, data retrieval, and even activation of the camera and microphone.

Global Revelation: In July 2021, a collaborative global investigative project uncovered the use of Pegasus spyware, developed by NSO Group, an Israeli cybersecurity company, to target mobile phones worldwide, including India.
Government Denials: The Indian government denied the allegations and accused the opposition of undermining national security but did not explicitly deny using Pegasus.
Supreme Court’s Involvement: On October 27, 2021, the Supreme Court appointed an Expert Committee headed by Justice R V Raveendran to investigate the allegations, considering their public importance and potential violation of citizens’ fundamental rights.
Cyber Terrorism: This intrusion constitutes a cyber-terrorism attempt and calls for the application of Section 66(F) of the Information Technology Act 2008 (IT Act) to deal with the perpetrators.

Terms of Reference: The committee had seven terms of reference, including determining the entity that procured Pegasus, verifying if petitioners were targeted, and assessing the legal basis for using spyware like Pegasus on Indian citizens.
Policy Recommendations: It was also tasked with making recommendations on a legal and policy framework for cybersecurity to protect citizens’ privacy.
Technical Expertise: The committee comprised technical experts from various fields, including cybersecurity and forensic sciences.

Lack of Conclusive Evidence: On August 25, 2022, the Supreme Court revealed that the expert committee did not find conclusive evidence of Pegasus use in the 29 phones it examined.
Government Non-Cooperation: The Centre did not cooperate with the committee, as observed by the panel itself.
Malware Discovery: While malware was found in five phones, it could not be definitively linked to Pegasus.
Inconclusive Determination: The committee concluded that the limited data available made it inconclusive to determine Pegasus use.
National Security Concerns: The committee’s report contained information about malware that could pose threats to national security and private confidential information.

Fundamental Right to Privacy: Protecting citizens’ smartphones through technologies like encryption is crucial for national security.
Need for Inquiry: Establishing an independent high-level inquiry with credible members and experts can restore confidence and ensure transparency.
Global Cooperation: Given the multinational impact of such attacks, coordinated global cooperation is essential for a thorough investigation.
Data Sovereignty and Privacy: Citizens’ data sovereignty should encompass their right to privacy, with stringent punishments for privacy violations.

The Pegasus spyware case, which raised significant concerns about citizen privacy and national security, prompted a comprehensive investigation by the Supreme Court-appointed Expert Committee.
While the committee did not find conclusive evidence of Pegasus use, it emphasized the potential risks associated with malware and cybersecurity.
The case remains open, and further developments may shed light on the extent of surveillance and privacy infringements.