The Minister went on the offensive about allegations that several Indian activists, journalists, and politicians had been targeted between 2017 and 2019 by NSO’s Pegasus spyware that is only sold to governments.
Addressing a chaotic first day of the Monsoon Session of Parliament, Minister for Electronics and Information Technology Ashwini Vaishnaw issued a statement in the Lok Sabha on the ‘reported use of Pegasus spyware’ calling reports by The Wire and its consortium of 15 media organisations as having ‘no substance whatsoever’.
However, the Minister did not categorically deny the use or purchase of the Israel-based NSO Group’s spyware. Instead, he said that the presence of a particular number on the reported database doesn’t amount to snooping and that the infected phones have to undergo technical analysis for the same to be proven.
Why this matters: The reported database of phone numbers selected as targets by customers of the NSO Group’s Pegasus spyware consists of 50,000 individuals, of which 300 are verified to be Indians. Minutes after the IT minister’s address, The Wire reported that Ashwini Vaishnaw himself was among those selected as potential targets for surveillance, joining Prahlad Singh Patel, minister of state for Jal Shakti, and Congress leader Rahul Gandhi.
“The allegations is that individuals linked were being spied upon. However, the report says the presence of a phone number in the data does not reveal whether a device was infected by Pegasus or subjected to an attempted hack. Without subjecting the phone to this technical analysis it is not possible to conclusively state whether it witnessed an attempted hack or was successfully compromised.”- Ashwini Vaishnaw in the Lok Sabha.
Further referring to the NSO Group’s statement, Vaishnaw said that the list of countries reported to be its customers was incorrect and that many of its clients were western countries.
Lastly, referring to a specific section of Indian law, he said that ‘any form of illegal surveillance is not possible with the checks and balances in our laws and robust institutions’. Vaishnaw cited Section 5 (2) of the Indian Telegraph Act, 1885, Section 69 of the Information Technology Act, and provisions under the law for the Union Cabinet Secretary at the Centre and relevant Chief Secretaries at the State to head the review committees, as oversight mechanisms for undertaking surveillance.
The house was subsequently adjourned till 11 am tomorrow.
What is Pegasus Spyware capable of?
The spyware once successfully deployed can reportedly access the contents of any Android or Apple iPhone. The data that it can access includes-
- WhatsApp chats
- GPS data
- Contacts book
- Photos and videos
- Activate microphone
- Activate camera
- Record calls
Full text of Ashwini Vaishnaw’s address to the Lok Sabha:
Hon’ble speaker sir, I rise to make a statement on reported use of spyware Pegasus to compromise phone data of some persons. A highly sensational story was published by a web portal yesterday night, many over-the-top allegations have been made around this story. Hon’ble speaker sir, the press reports have appeared a day before the monsoon session of the parliament this cannot be a coincidence Hon’ble speaker sir. In the past, similar claims were made regarding the use of Pegasus on WhatsApp those reports had no factual basis and were categorically denied by all parties including in the Supreme Court. The press reports of 18th July, 2021 also appeared to be an attempt to malign the Indian democracy and its well-established institutions. We cannot fault those (pointing to opposition) who haven’t read the news story in detail and I requested all Hon’ble members of the house to examine the issue on facts and logic. The basis of this report is that there is a consortium which has got access to a leaked database of 50,0000 phone numbers. The allegations is that individuals linked were being spied upon. However the report says the presence of a phone number in the data does not reveal whether a device was infected by Pegasus or subjected to an attempted hack. Without subjecting the phone to this technical analysis it is not possible to conclusively state whether it witnessed an attempted hack or was successfully compromised. Hon’ble speaker sir, the report itself clarified that presence of number in the list doesn’t amount to snooping.
Hon’ble speaker sir now lets examine what the NSO, the company which owns the technology has said. I quote, that NSO group believes that claims that you have provided with are based on misleading interpretation of leaked data from basic information such as HLR look up services which has no bearing on the list of the customer’s targets of Pegasus or any other NSO products. Such services are openly available to anyone anywhere and anytime and are commonly used by governmental agencies as well as by private companies worldwide. It is beyond dispute that the data has nothing to do with surveillance or with NSO so there can be no factual basis to suggest that a use of the data somehow equates to surveillance. I highlight sir, NSO has also said that the list of countries shown using Pegasus is incorrect! And many countries mentioned are not even our clients. It also said that most of its clients are western countries. It is evident Hon’ble chairman sir, speaker sir that NSO has also clearly rubbished the claims in the report. Hon’ble speaker sir let us look at India’s established protocol when it comes to surveillance. I’m sure my colleagues in the opposition, who have been in the government for years are very well aware of these protocols since they have governed the country they would also be aware that any form of illegal surveillance is not possible with the checks and balances in our laws and robust institutions.
In India there is a well-established procedure through which lawful interception of electronic communication is carried out for the purpose of national security, particularly on the occurrence of any public emergency or in the interest of public safety by agencies at the Centre and state. The request for these lawful interceptions of electronic communication are made as per the relevant rules under the provisions of Section 5 (2) of Indian Telegraph Act, 1885 and Sec. 69 of the Information Technology Act, 2000.
Each case of interception, Hon’ble speaker sir, is approved by the competent authority these powers are also available to the competent authority in the state government’s as per the IT procedure and safeguards to interception, monitoring, and decryption rules 2008. There is a very well established over-sight mechanism in the form of a review committee headed by Union cabinet secretary. In case of state government such cases are headed by the Chief Secretary concerned. The law also provides an adjudication process for those people who are adversely affected by any such incident. The procedure therefore ensures that any interception or monitoring of any information is done as per due process of law in conclusion. The framework and institutions have withstood the test of time.
Hon’ble speaker sir in conclusion I humbly submit that the publishers of the report states that it cannot say that the numbers in the published list were under surveillance. Second, the company whose technology was alleged used has denied these claims out rightly and the time tested procedures of our country are well-established to ensure that unauthorised surveillance cannot occur. Hon’ble speaker sir when we look at this issue through the prism of logic, it clearly emerges that there is no substance whatsoever behind this sensationalism.