A recent New York Times investigation seems to confirm something that has been widely speculated all along: Pegasus spyware entered India through a deal between governments. The newspaper alleges that the weapons-grade surveillance package was part of a $2 billion-dollar deal signed in 2017 during Prime Minister Narendra Modi’s visit to Israel.

With that, India joined the distinguished company of Hungary, Poland, Saudi Arabia and other authoritarian countries that bought Pegasus to hack into phones and spy on dissidents.

The article suggests that former Israeli Prime Minister Benjamin Netanyahu traded in cyber weapons made by the NSO Group, an Israeli firm with close ties to the country’s intelligence apparatus, to gain diplomatic leverage and concessions. In India’s case, this meant voting in favour of Israel at the United Nations and walking back on New Delhi’s previous support to Palestine.

Both Israel and India have denied allegations of a quid pro quo. But that still leaves the Centre with a lot of explaining to do.

The Indian government used the argument of “national security” to remain vague about whether it bought Pegasus, to fob off discussion in Parliament and to get out of providing a detailed affidavit to the Supreme Court. As the court observed in a damning judgement in October, national security cannot be used as an alibi to evade accountability.

The government had to “plead and prove the facts which indicate the information sought must be kept secret as their divulgence would affect national security concerns”. This was not done. It was also not clear whether the government had balanced the demands of national security with an individual’s fundamental right to privacy, laid down by the KS Puttaswamy judgement and reiterated in several Supreme Court rulings since.

Answer this

As the New York Times article points out, when NSO introduced the spyware in the market over a decade ago, it was argued that this was a necessary weapon for law enforcement and intelligence agencies because terror groups and organised crime rackets had devised technologies to escape surveillance by investigators. That rationale has long fallen by the wayside, with Pegasus being instrumental in state repression and human rights abuses in several countries.

With the Centre now directly linked to the sale of Pegasus, the government needs to answer several pressing questions.

First, what compulsions prompted the purchase of spyware that has been called a “weapon”, far more intrusive and powerful than traditional surveillance mechanisms?

Second, what “national security” concerns justified hacking hundreds of phones, including those belonging to journalists, opposition leaders, a woman who accused a former Supreme Court judge of sexual harassment, an election commissioner?

Third, did the use of Pegasus have any legal backing? Indian intelligence agencies operate in a regulatory wilderness, screened from legislative oversight in Parliament, and the bar for sanctioning the surveillance of private individuals is notoriously low. The use of Pegasus would have to be backed by the Telegraph Act, an antiquated law dating back to 1885, and the Information Technology Act, 2000.

Bureaucrats may sign off on phone tapping under the Telegraph Act in a “public emergency” or in the interests of “public safety” – both concepts that have been loosely interpreted in the past. The Information Technology Act does away with these requirements, enabling the surveillance of electronic communication “for the investigation of an offence”. Were even these feeble regulations followed?

No trivial matter

The Pegasus revelations cast grave doubts on the government’s credibility. Exactly how grave these are was made apparent by the fact that the Supreme Court appointed an independent committee to look into the allegations in October. After all, the government has shown a marked lack of enthusiasm to investigate such data breaches in the past.

Members of the ruling Bharatiya Janata Party had opposed a probe in 2019, when it emerged that WhatsApp accounts had been hacked using Pegasus. Two parliamentary standing committees headed by Congress leaders eventually did look into it but the inquiry appears to have gone nowhere.

While the Supreme Court-appointed committee’s findings are awaited, the government must do more to address the growing concerns around Pegasus. So far, it has worked to trivialise the allegations. When the extent of Pegasus hacking was revealed by an investigative reporting project in July 2021, the government accused the Opposition of raking up the matter to disrupt the monsoon session of Parliament. Now, a Union minister has dismissed the New York Times report as the work of “supari [hit job] media”.

Contrary to what the government would have us believe, the Pegasus revelations are not trivial. They tap into fundamental questions about an individual’s right to liberty and privacy, about the duties the state has towards its citizens, about the basic conditions of life in a democracy.