By Sushil Kutty
Nearly 300 phone numbers of Indians most-likely not friendly with the Modi Government were hacked and infected by a military-grade Israeli spyware during the run-up to the 2019 general elections which the BJP led by the Modi-Shah combine won with a thumping majority. In all 50,000 phone numbers worldwide were unearthed by a global investigation conducted by 17 media houses including one Indian news outlet.
The phone numbers included those of 40 Indian journalists, three prominent Opposition leaders of India, at least two ministers in the Modi Government, one justice of the Supreme Court of India, scores of businessmen, scientists, activists and current and retired heads of Indian government security organisations. In all over 300 verified Indian mobile phone numbers. The Israeli spyware ‘Pegasus’ that was used to hack and infect these phone numbers is only licensed to governments.
In the year 1988, the then Karnataka Chief Minister Ramakrishna Hegde quit following charges of phone-tapping of political rivals. Hegde had a sterling reputation but then “snooping” via phone-tapping is a weighty charge and those accused often crumble under its weight. Current Home Minister Amit Shah was also accused of ordering “snooping” on a woman in 2013. But the charge did not stick though it did not go away entirely.
That said, the Hedge and Shah cases were national embarrassments. Now we have this international scandal to reckon with. That of an Israeli military-grade spyware used to spy on Indian citizens. Israel’s NSO Group is the owner of the Pegasus software. The spyware was used to target the phones of heads of state, prime ministers, members of the Saudi royal family and slain Saudi journalist Jamal Khashoggi’s fiancée.
The NSO Group has refuted the allegations, calling them “baseless”. The media partners involved in the investigation call it the “Pegasus Project”. There’s intense speculation as to who all were under surveillance accompanied by a vicarious thrill. “Being on the 50,000 phones list will be a feather in the cap,” said a journalist. “But I’ll also be worried why I was under surveillance and what data of mine was mined, and how much of my data/info is with the government. It’s very scary.”
The NSO Group is on record that the Pegasus software is used only for legitimate criminal and anti-terror investigations. But what if tomorrow any of the client-governments turned and accused somebody innocent of being involved in criminal/terror activities based on what Pegasus unearthed? The onus will be on the accused to disprove the allegations. Harassment apart, it’ll be extremely expensive and time-consuming to get off the government’s criminal/terror list.
The NSO Group said in a statement that neither did it “operate the spyware it had licensed to governments”, nor did it have “regular access to the data gathered by these governments”. In other words, the NSO Group gave itself a clean chit and claimed that its technologies actually helped prevent bombings and bust criminal rings including those involved in human and sex/child trafficking. The company denied spying on Jamal Khashoggi’s relatives.
But forensic tests on a cross-section of these phones showed signs of targeting by Pegasus spyware in 37 phones, ten of which were of Indians. The NSO Group says it has sold Pegasus to “36 vetted governments”, but refused to identify its clients. The majority of the 50,000 phone numbers are from 10 countries including India, Mexico and the United Arab Emirates.
Incidentally, the technical lab of Amnesty International was also involved in the investigation. The use of hacking to deliver surveillance spyware is an offence under the Indian Telegraph Act, and the Information Technology Act. The names of the Indians whose phone numbers were spied upon are not known though it’s believed that the accused in the Elgar Parishad Case were spied upon.
According to a report, the Prime Ministers’ Office and the Ministry of Electronics and Information Technology have both said that India is committed to ensuring the right to privacy to all its citizens and that there was no truth to the allegations that the Government spied on specific people. MEITY said “each case of interception, monitoring, and decryption is approved by the competent authority, and done as per due process of law.”
So, given the conclusions of the global investigation, who all were spied upon by the Modi Government prior to and during the run-up to the 2019 General Elections, and how much of the data mined go to help the BJP to win the elections? According to one report, “the procedure for lawful interception involves not just written, time-bound authorisation in each instance, but the use of the telecom or computer resource intermediary as well as who is supposed to enable the interception, and does not cover the activities proscribed by Section 43 of the IT Act under the definition of hacking. Hacking an individual’s smartphone is a necessary step in subjecting an individual to surveillance by spyware such as Pegasus.” (IPA Service)