Right to Privacy with respect to the Pegasus Project

By Amit Sheoran

Introduction

As you know, We are living in a democratic country. There are certain fundamental rights that are available for the citizens which helps them to raise their voice if any of their rights are violated.  Every individual has full power to enjoy their rights in a lawful manner. But they have no power to violate the rights of other individuals. In the same way, they also have a right to keep their privacy. No one can interfere in the privacy of anyone’s life. It is clearly mentioned under article 21 of the Indian constitution, which talks about the right to life and personal liberty. This means that every individual has the right to keep their secrets with themselves without telling any other person. 

Nowadays, we are living in the era of science and technology. Technology makes our life easy and fast. But in the electronic mode, there is always a threat of violation of anyone’s privacy because various software is developed through which hackers can steal the data and personal information of any individuals, even they can steal the bank details and can withdraw the money from the account of that individual. In the time of the corona crisis, every work is happening in online mode. In this time, working from home by online mode becomes a daily routine of life. And with the work on in online mode, the threat of hacking is also increasing. Today, not only India but the entire world is suffering from this problem. Some people who are well aware of the technology, misuse their knowledge by developing new-new software which helps them to steal the personal details of any individual without the consent of the victim. The main issue is that due to advancements in technology people are not able to keep safe their personal records or details.

Similarly, we can take the example of the pegasus project, which is highly highlighted in the news. This software can steal the entire details of any individual without his consent and the main feature of this software is that through this software the users can control the mobile, laptop, or any smart device of the victim and can misuse it. The software user can turn on the mic, camera, see mail and messages and even can call and send messages without the consent of the individuals. These types of things are creating a threat to the privacy of any individual and lead to misuse of the personal details of the victim. 

About Right to Privacy 

In today’s India, the concept of the right of privacy was used for the very first time in the Constituent Assembly. But it was not added to the Constitution of India. Now the question arises for what the term privacy stands for? The answer is quite simple. The term privacy indicates to live or to keep things only limited to the individuals. It is also indicated in the constitution of India, under article 21 which talks about the right to life and personal liberty. Here the personal word is used to represent the privacy of any individual liberty. In fact, the right to privacy is acting like a bundle of rights. We can say that as per the Black’s Law Dictionary, the term privacy means the right to be left alone or acting with his choice and keep the things limited to himself and the right of a person which is to be free from any unwarranted or unwanted publicity. Today, all the nations have recognized the right to privacy and mentioned it clearly in their Constitution. Some countries have not been mentioned in the constitution but they are inherent in some other provisions which are existing already, these countries are the United States and Ireland. As it is mentioned in Indian Constitution, under Article 21, states that “No person shall be deprived of his life or personal liberty except the procedure established by law”. The scope of Article 21 has taken much time in widening to interpret that the term ‘life’ also includes all aspects of life and personal liberty as well, that help to make the life of a person meaningful.

About the Pegasus Project

Pegasus is like spyware which is developed by the Israeli company named  NSO Group. The NSO group developed software named as Pegasus project, according to them they sell it only to the vatted government. Pegasus was reportedly used here in India as well by potentially targeted journalists, opposition leaders, and also current and former ministers. Basically, the software is an internal system of a device that helps to operate the function of that smart device, but some software that defects the device or harms the device is considered as spyware. Therefore, it will not be wrong to say that the Pegasus project is like spyware. The main function of this software is to track the details of any potentially targeted individuals Because the software is able to hack the targeted potentials. The project has the tendency to control the mobile phone, laptop, tabs, and other smart devices without the consent of the individuals. The user can turn on the mic, the camera can see or check emails and messages even the user can call or mail to any other person by using the id of the victim device. It is considered that more than 50,000 people noticed that their device was traced by an unauthorized person trying to hack. And, ironically, almost all mobiles have been traced and controlled by users. This shows that even if we are away from other individuals by distance then also they can trace our details, and misuse them by using control over them. The consortium of 17 organizations along with two other organizations which are forbidden stories and Amnesty International, did a massive investigation across the 45 countries, and they found that potential targets were targeted by this software that is Pegasus software. It is an internal collaborative investigative effort that has revealed that more than 50000 people across the world were identified as the potential target.  And the surveillance using sophisticated pieces of spyware called the Pegasus. 

It is considered that Pegasus was discovered in August 2016 but afterward it failed in installation in the iOS device. But when individuals noticed that about the revealing of details by the spyware, its abilities, and as well as its security vulnerabilities. The news of the spyware started to highlight and as a result, it caused significant coverage in the media. It was found that this Pegasus spyware was called the “most sophisticated” smartphone attack ever. But later on, it was also able to attack the iOS device and was able to control the iPhone also. As a result, for the first time, a remote-based malicious exploit was found by using jailbreak to gain unwanted access to an iPhone as well as an android version had been detected successfully.

Afterward, on 23 august 2020, a piece of news was obtained by the Israeli newspaper named Haaretz that the NSO Group had sold Pegasus spyware software in hundreds of millions of US dollars to the United Arab Emirates and also the other Gulf States, for the purpose of surveillance over anti-regime activists, journalists, and political leaders, so that they can protect their nation from unwanted activities.

In July 2021, The depth analysis was made by the human rights group that is  Amnesty International which uncovered that Pegasus software was widely used against high-profile targets that can also be called a potential target. It also showed that Pegasus software was able to affect all modern iOS versions, even the latest release, iOS 14.6, through a zero-click. This is creating a threat of privacy not only for common individuals but also for ministry, national security as well as international activities.

Through the use of Pegasus software, the user can easily access the media, personal details, emails, messages of any individual. The irony is that the user can control the device of the victim and can use that device according to their choice. This leads to harm to the security or privacy of the nation as well as its citizens. 

There are various questions that pop up in the mind of the person after listening to the name of the Pegasus project. These questions may be What exactly is Pegasus? And How does it work? And How does it infect a mobile or any smart device? And What happens after it gains control or hacks a device? Now, I would like to explain all these questions briefly. Let’s see one by one to understand the Pegasus project in a better way.

1. What exactly is Pegasus?

The answer is quite simple, Pegasus is software that is developed by an Israeli company named NSO. The Pegasus is a spyware that infects mobile, laptops, and other smart devices and can transfer the data to a server user in an unauthorized or unlawful manner. The company claims that the software will be sold only to the vetted government worldwide. 

2. How does it work?

The answer is very simple, Pegasus is software in the basic form which can infect any internet-connected device which is targeted by the user. But some people or experts also claim that this software can also infect any device even without the simple click by the victim on any link or mail. Sometimes we notice that most spyware apps disguise themselves as false believing to the victim by showing the features and characteristics of that app as an anti-theft application, while in fact there is no such app found and as a result, the software user uses that app to steal the data from the device of the victim. Sometimes we notice that while viruses and malware can be detected by some anti-virus software, this software sometimes becomes useful for the spyware user in stealing data to central servers without the consent or knowledge of the users.

3. How does it infect any mobile or any smart device?

The answer is that the spyware app is considered as the easiest mode to disguise the victim and in spying the code for unauthorized and unlawful access to the users of that app. And second thing is that, stalkware or spyware app which seeks explicit permission to the software maker at the time of installation.  It is considered that these types of software hide automatically in the background after installation and continuing functioning. In the same way, the Pegasus software also infects the smart devices like mobile phones and computers of the victim throughout the most common app used and the app may be WhatsApp, iMessage, SMS or mail, etc. This software tries to gain or sometimes gain the root privileges of the device so that they can become the administrator of the device and use the device as per their wise.

4. What happens after it gains control or hacks into a device?

The answer is very simple, once the software user gains control over the device then he or she can turn on the microphone, camera and can record sound or speech, can read SMS or mail, can see a gallery of victim mobile. It is like a remote-based server that can automatically use the device as if the device is his. The software can continue to send the signals to the controller server till that the controller administrator wants.

Status of effect by Pegasus project

As we have discussed about the Pegasus project, that it is a global investigative project that has been discovered as Israeli spyware named as Pegasus project. It was used to hack or target thousands of people across the globe. We can see that in the last few days, 

The wire in collaboration with 16 other organizations has been revealing the names of those people who were potentially targeted or trying to hack their device. After the investigation was made, it was found that the targeted people were the heads of state, political figures, opposition leaders, activists, students, lawyers, and journalists, etc. It is considered that The France-based media that is a non-profit organization named Forbidden Stories had accessed a leaked database of 50,000 people who have been targeted potentially for surveillance by clients of NSO Group. Since the Israeli company claims in advance that spyware is sold only to the vetted governments for the purpose of hacking the activities of terrorists and their groups. But it will not be wrong to say that these individuals were potential targets of government or military agencies.

After the investigation made by 17 media organizations, which were working on the Pegasus Project, they were able to identify that nearly 1,500 devices were targeted potentially at least in 10 countries. It is assumed that a small cross-section of these targeted phones was examined forensically to find the traces of Pegasus spyware.

The Wire in collaboration with Amnesty International was able to forensically examine nearly  10 phones of Indians which indicate the signs of either an attempted hack or hacked successfully. But this investigation was made for the purpose to check that the Pegasus project has its hand behind the track or not.

The presence of a number in the database does not mean that the device of the victim is hacked which was successfully targeted. Unless and until there is any evidence of a forensic examination shown, it will be wrong to say that if there was an attempted or successful hack of the targeted device. A potential target may be someone whose number appears on the list, but whose device has not been examined forensically by the Amnesty group. A person is classified as a potential target only if his or her phones show evidence of an attempted or hacked successfully.

After the investigation made by 17 organizations of media, it has revealed the names of 155 people who were the potential targets for surveillance by clients of the NSO Group ( the software developer group). The targeted face was found of the activist, opposition leaders, journalists, constitutional authority, students, former and current ministers, etc. Now the list of targeted persons are given as below:- 

Ashok Lavasa ( he is a carrier bureaucrat, he was targeted when he was an election commissioner), Samujjal Bhattacharjee ( He is an adviser of the All Assam students union and the member of the high-level committee which looks into the implementation of Assam accords), Anup Chetia, Malem Ningthouja ( he is Delhi based writer and basically belongs from Manipur), Gagandeep Kang and Hari Menon ( these both individuals are the scientist and also involved in the health sector)

CBI Officers and the person who was linked individually to them ( Alok Verma, Rakesh Asthana, A.K. Sharma), Businessperson ( Anil Ambani ( reliance ADAG chairman), Tony Jesudasan ( corporate communications chief at ADGA), Venkat Rao Posina ( Representative of Dassault Aviation in India), Inderjit Sial, Pratyush Kumar, Harmanjit Nagi, Tibetan officials, activist, clerics in India ( Tempa Tsering, Tenzin Taklha, Chimney Rigzen, Lobsang Sangay), Some Kashmiri figures ( Bilal Lone, Tariq Bukhari, Syed Naseem Geelani, Mirwaiz Umar Farooq, Waqar Bhatti, Zaffar Akbar Bhat), etc.

Some political figure who were also potential targets these are, Rahul Gandhi, Alankar Sawai, Sachin Rao, Prashant Kishor, Abhishek Banerjee, Ashwini Vaishnaw, Pardeep Awasthi, G. Parameshwara, Satish, Venkatesh, Manjunath Muddegowed, Pravin Togadia, and Sanjay Kachroo, etc.

Some journalists were on the potential target. There are nearly 40 journalists who were potential targets and names of some are given as below:- 

M.K. Venu ( Editor of the wire), Sushant Singh ( former Indian express journalist who writes on national security), Vijiata Singh ( the Hindu journalist who cover home ministry), Samita Sharma ( former tv18 anchor), Shishir Gupta ( executive editor at Hindustan Times), Rohini Singh ( freelancer journalist for the wire ), Prashant Jha ( views editor of Hindustan Times), Rahul Singh (defense correspondent for Hindustan times), Aurangzeb Naqshbandi ( political reporter of Hindustan times), Manoj Gupta ( editor of investigations and security affairs at TV18) Saikat Datta ( formerly a national security reporter), Ritika Chopra ( journalist of the Indian express who covers the educations and election commission), etc.

Conclusion

After seeing the concept of the right to privacy and the project Pegasus, I would like to conclude that the Right to life is our fundamental right. And no one can violate our fundamental rights. It is clearly mentioned in article 21 of the Indian constitution that states about the right to life and personal liberty. This means that every individual has the right to live with full and personal liberty and no one can interfere with the personal life of any individual. But in the crisis of Corona, every work is happening from home by online mode, but there is some software through which the users can steal the details of any person, this leads to violation of the privacy of any individuals. These types of software are commonly known as spyware. Similarly, new software is highlighted in the news that is known as project Pegasus. It is developed by the Israeli company named NSO group. Through this software, the user can get access to the mobile, laptop, and other smart devices of any individual. After getting access the user can check the mails, calls, SMS, and gallery of any individuals. It is not only limited to the checking of details of any potentially targeted individuals but it can turn on the mic, camera, can record speech or voice, and even can call or msg to any third person. This means that once the user gets access to the victim, he can use the device as the device belongs to him. This is a clear-cut show that there is a violation of the privacy of the individuals. It would affect the details of any targeted individuals and can be misused by the controlling server. So, after going through the entire concept of privacy and the Pegasus project, I would like to say that, even if the government or many well-known people who live in high security are potential targets, the common people are like a left-hand game for them. Hence, there is a violation of the privacy of the people and the government should make some guidelines to protect the privacy of the individuals.