Disturbing revelations about snooping on citizens

A UK research team recently reported that India is the democracy with the largest surveillance system. Close on the heels of this finding, reports have surfaced about snooping on citizens by some as yet unidentified agency using Israeli-made spyware.   

Comparitech, the UK research group which provides information to help compare tech service, said that on its privacy index India’s score was 2.4 on a scale of 0-5.

This, it said, indicated a systemic failure to maintain privacy safeguards. Only two countries had a worse record than India in this respect: China and Russia.

Revelations about snooping have come in from multiple sources in the recent past.

The Citizen Lab, an interdisciplinary outfit based at the University of Toronto’s Munk school of Global Affairs and Public Policy, reported in September 2018 that its research showed Israeli-made Pegasus,  which can install itself on a mobile phone without the user’s knowledge or permission, was active in 45 countries, including India.

Subsequently it called a few human rights activists and journalists at different locations in India to inform them that they were facing a digital threat.

Investigators said Pegasus was infiltrating mobile phones mainly through Facebook’s messaging platform, WhatsApp, which is extremely popular in India.

Of WhatsApp’s 1.5 billion users worldwide, as many as 400 million are in India.

After its own investigations confirmed that users had been exposed to risk, WhatsApp alerted its customers who had been targeted.

The opposition Congress party has said its General Secretary, Priyanka Vadra, who is the daughter of party President Sonia Gandhi, was among those who were alerted.

WhatApp also initiated legal action against NSO Group, makers of the Pegasus spyware, in a federal court in San Francisco.  It accused the Israeli firm of using WhatsApp servers in the United States and elsewhere to send malware to about 1,400 mobile phones and devices in 20 countries in four continents during April-May this year.

In a public defence, the Israeli firm said it ordinarily sold Pegasus only to government agencies.  

WhatsApp head Will Catheart, writing in the Washington Post, said the surveillance had targeted at least 100 human rights defenders, journalists and other civil society members across the world.

“Tools that enable surveillance into our private lives are being abused, and the proliferation of this technology into the hands of irresponsible companies and governments puts us all at risk,” he added.

WhatsApp informed its users it had stopped an attack by “an advanced cyber actor” who had used its video calling facility to install malware. It advised users to stay secure by updating their mobile operating system to receive the latest security protections.

The Indian government, responding to reports of breach of privacy, demanded a detailed explanation from WhatsApp.

Information Technology Minister Ravi Shankar Prasad said the government was concerned at the breach of privacy of Indian citizens.

It appeared to be a move designed to deflect attention away from government agencies.

In response to the IT ministry’s notice, WhatsApp sent to the government copies of a vulnerability note it had filed in May and a letter it had sent to the government in September saying some 121 persons might have been affected by the malware.

The IT ministry admitted it had received the letter but argued it was too vague to act upon.  

If indeed the government found it too vague to initiate any action, a logical course to adopt was to ask WhatsApp immediately for the details it wanted.

As far as is known the government made no move to find out who in India had acquired the Israeli spyware.

Since WhatsApp has identified the targets as human rights activists and journalists, the needle of suspicion necessarily points to the government, which has a record of using its agencies to silence its critics.

Two parliamentary committees headed by opposition Congress leaders have announced plans to investigate the snoopgate.  

Anand Sharma, who chairs the Standing Committee on Home Affairs, said the WhatsApp hacking episode was worrisome and the committee would take it up at its next meeting on November 15.

Shashi Tharoor, who chairs the Standing Committee on Information Technology, said cyber security was a major issue and the committee would seek clarifications from the government. “We must not, at any price, become a surveillance state like China,” he added.

Ironically, information technology, which was initially given credit for facilitating the emergence of new, free and open media, is turning out to be a new threat to privacy and personal freedoms.