As a citizenry, we are at a tipping point, witnessing the slow erosion of democracy: If they are targeting those with power, what of ‘us’ with quieter voices?
It’s quite James Bond-esque; allegations of governments spying on their own people, questions being parried by prevarications, and the hyperbolic self-aggrandisement by a private company. What the NSO-Pegasus exposé has made amply clear, in case there was still any doubt, is that in the 21st century, it’s not merely about money or ammunition, but rather the real weapon, one of limitless potential and even greater propensity for harm — information. Information is power.
There has not been an outright denial from either the Indian government or NSO that the Indian government is a client or uses the Pegasus software. The NSO has stated that only governments, specifically law enforcement and intelligence organisations, are its customers, and not private entities. But the software is designed to be insidious. It does not use the earlier spear-phishing attack, which required a potential target to click on a malicious link to download infected code. Instead, it uses a “zero-click” attack which allows the device to be taken over remotely by exploiting software and hardware vulnerabilities
Let’s make no bones about it — Pegasus has been used to illegally hack into people’s lives and to obtain private information outside the boundaries of the law. Having seen the mendacious propaganda in the build-up to the state elections last year, the treatment of farmers and students protesting the citizenship law, the lack of public outcry can only signal that the dangerous forces at work are succeeding.
Freedom of thought, speech, expression and privacy are something that we have to protect, because at this bleak hour there is no one else. These rights go hand in hand with each other. The alleged use of Pegasus to illegally hack into persons’ lives, listen in on private conversations, to thereafter use this private information against said persons in hope of gaining undue advantage, are all outside the boundaries of the law. Political espionage at this level shows the insidious conduct and intent. If the allegations of the government using Pegasus are found to be correct, then what are the safeguards to protect our rights?
Sections 43 and 66 of the Information Technology Act, 2000 criminalise hacking. Should it be proved that the Indian government used the Pegasus software to hack into the phones of its citizens, without any reasonable cause, it would be a watershed moment, akin to Watergate.
A person has the basic fundamental rights of liberty, privacy, speech and expression amongst others. The government barging into closed doors and private conversations is deplorable. The effect is that a person does not have the freedom to think, to speak or even be in the privacy of their own homes. Instead of being able to take constructive criticism, hearing the voice of the people on their problems and using that to course correct, the government prefers to simply silence dissent and the minority.
The Data Protection Bill (yet to be passed by Parliament) offers no protection in respect of surveillance. A government whose surveillance policy is opaque and covert offers no remedies and actual recourse. These policies have a chilling effect.
The majority is not always right. A democracy has the indelible right to question, to demand answers and explanations. State surveillance and a police state are oppressive. Surveillance on this level would have the effect of instilling fear and directly hampering a person’s ability to freely make their own decisions and pander to the majority. It would lead to people craving the anonymity offered by protection of the majority at the cost of free speech.
Singhal is a lawyer. In 2012, she filed a PIL in the Supreme Court against Section 66(A) of the Information Technology Act and in 2015, the apex court struck down the law in Shreya Singhal v. Union of India.
This article was originally published on The Indian Express. Views in this article are author’s own and do not necessarily reflect CGS policy.