THE GIST of Editorial for UPSC Exams : 25 December 2019 (Pegasus snoopgate (Indian Express))

Pegasus snoopgate (Indian Express)

Mains Paper 3: Science and Tech
Prelims level: Pegasus spyware
Mains level: Provisions required in IT Act to address the spyware problem

Context:

• On November 29, in the Rajya Sabha, the Minister of Electronics and Information Technology was repeatedly asked whether any Indian agency had commissioned the attack vector ‘‘Pegasus” that was used in the attacks from the Israeli firm NSO.
• Where a categorical response would have sufficed, the minister chose to muddy the waters through vague assertions such as “standard operating procedures have been followed”.

Background:

• There are cogent reasons pointing towards an Indian law enforcement agency’s hand in procuring Pegasus.
• NSO maintains that it only sells services and software to state agencies.
• Some of the known Indian targets of the vulnerability are human rights activists. These individuals work on India-specific issues and hardly qualify as serious threats in the eyes of a foreign government.

SEC 69 of IT Act:

• The government derives some of its powers to conduct electronic surveillance from Section 69 of the Information Technology (IT) Act.
• The procedures for such surveillance are defined in the IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.
• It is these rules, and not the parent Act that define the terms “interception” and “monitoring” as “acquisition of the contents of any information through the use of any means” and “to view or to inspect or listen to or record information”, respectively.
• These all-encompassing definitions seemingly permit authorised law enforcement agencies to use Pegasus-like tools.

Provisions for penalizes:

• The IT Act also penalises unauthorised access to computers without the owner’s permission.
• These provisions, namely section 43 and 66, do not carve out an exception for law enforcement agencies.
• As lawyer Raman Chima highlighted recently, any action explicitly prohibited under the Act cannot be justified by procedures laid out in subordinate legislation.
• Therefore, no law enforcement agency can “hack” devices, though they may “intercept” or “monitor” through other means.
• Additionally, the Supreme Court’s privacy verdict held any invasion of privacy by the state must be based on a law.
• As some of the agencies authorised to conduct surveillance (like the Intelligence Bureau) do not have statutory backing, surveillance by them is unconstitutional.

Victim of Spyware:

• The use of spyware gives the state access to private conversations, including privileged communications with lawyers.
• Such an infringement of rights may be justified for militants suspected of actively planning an armed attack.
• For academicians and human rights activists, the use of broad surveillance without any evidence or anticipation of such activities is unfathomable in a democracy.
• With the popularity of end-to-end encryption, surveillance may require the exploitation of vulnerabilities on end-users’ devices.

Way ahead:

• The Pegasus snoopgate is an opportune moment to revisit the legal framework governing the state surveillance framework.
• It is crucial to dismantle state agencies that run surveillance operations despite lacking statutory authority.
• For other agencies, there is a need to introduce judicial and parliamentary oversight. Depending on the concerns of law enforcement, it may be necessary to enact legislation permitting “hacking” into devices on extremely limited grounds.

Conclusion:

• The government has taken a massive leap backwards by ignoring the standards laid down by the Supreme Court and Justice Srikrishna Committee’s recommendations, and introducing unconstitutional surveillance enablers in the Data Protection Bill.
• Now is the time for Parliament to guarantee the privacy and security of Indians.

Online Coaching for UPSC PRE Exam

General Studies Pre. Cum Mains Study Materials

Prelims Questions:

Q.1) With reference to the laws for internet shutdown, consider the following statements:
1. Section 144 of the Code of Criminal Procedure, 1973 gives the District Magistrate or any other executive magistrate empowered by the state government the power to issue orders to “maintain public tranquility”.
2. Section 5(2) of the Indian Telegraph Act, 1885, allows central and state governments to prevent the transmission of messaging during a “public emergency or in the interest of public safety”.

Which of the statements given above are correct?
(a) 1 only
(b) 2 only
(c) Both 1 and 2
(d) None of the above

Ans: C
Mains Questions:
Q.1) What are the major provisions required to be included in the IT Act to address the spyware threat in India?