TAG: GS 2: POLITY GS : 3 INTERNAL SECURITY
THE CONTEXT: The Washington Post and Amnesty International alleged the continued use of Pegasus spyware targeting journalists in India.
EXPLANATION:
- In October 2023, a forensic analysis revealed that the phones of Siddharth Varadarajan (founding editor of The Wire) and Anand Mangnale (South Asia editor of OCCRP) were infected with Pegasus.
- These findings emerged after Apple issued security notifications to certain users, including MPs, about state-sponsored attacks on iPhones.
- Amnesty International’s Security Lab examined the infected devices and found evidence of Pegasus activity.
- They identified a “zero-click exploit” sent through iMessage to of OOCRP editor’s iPhone on August 23.
- This exploit facilitated the covert installation of Pegasus.
ZERO-CLICK EXPLOIT AND BLASTPAST MECHANISM
- A zero-click exploit allows spyware installation without user consent or action.
- BLASTPAST, a specific exploit allegedly used, operates in two phases:
- attempting a link with Apple HomeKit and
- sending malicious content through iMessage.
- The first phase aims to exploit the device or monitor it for future exploitation, while the second phase delivers the full spyware “payload.”
NSO’s Response
- NSO, the company behind Pegasus, stressed that its technology is licensed to vetted law enforcement and intelligence agencies for fighting terrorism and major crime.
- They claim policies and contracts prevent targeting journalists, lawyers, or human rights defenders not involved in serious crimes, asserting no visibility over targets or collected intelligence.
Previous Incidents and Responses
- In July 2021, the ‘Pegasus Project’ exposed possible surveillance of journalists, ministers, and constitutional positions in India using Pegasus.
- A database of 50,000 phone numbers suggested NSO Group clients’ interest.
- A Supreme Court committee investigated these allegations, finding the Indian government non-cooperative.
- In response to petitions alleging mass surveillance, the Centre refused detailed disclosure, citing national security concerns.
Analysis and Implications
- Persistent Targeting of Journalists
- The recurrence of Pegasus allegations targeting journalists raises concerns about press freedom and privacy breaches.
- The use of zero-click exploits demonstrates sophisticated surveillance capabilities, enabling surreptitious surveillance without user interaction.
- National Security vs. Transparency
- The clash between demands for transparency and national security concerns poses challenges.
- While activists seek accountability through detailed disclosure, governments may invoke national security as grounds for limited transparency, sparking debates about the balance between surveillance for security purposes and citizen rights.
- Legal and Ethical Concerns
- NSO’s assertion of vetting customers and restricting targeting to combat crime contrasts with reported surveillance of journalists and activists.
- The ethical implications of such surveillance and the potential misuse of surveillance tools for suppressing dissent warrant international scrutiny and potential legal ramifications.
- Judicial and Investigative Repercussions
- The ongoing investigations by the Supreme Court and international bodies reflect attempts to address these allegations.
- The findings of these inquiries may influence policies regarding surveillance technology, accountability frameworks for intelligence agencies, and privacy safeguards for journalists and citizens.
Pegasus Spyware
- Pegasus is a malware/spyware developed by Israel’s NSO Group.
- The spyware suite is designed to access any smartphone through zero-click vulnerabilities remotely.
- Once a phone is infiltrated, the spyware can access entire data on that particular phone.
- It also has real-time access to emails, texts, phone calls, as well as the camera and sound recording capabilities of the smartphone.
Conclusion
- The allegations surrounding Pegasus spyware targeting journalists in India continue to raise significant ethical, legal, and privacy concerns.
- The clash between national security interests and demands for transparency.
- It underscores the complexity of balancing surveillance for security purposes with safeguarding fundamental rights, necessitating further scrutiny, accountability, and policy adjustments to protect privacy and press freedom.
