The recent monsoon session of Parliament was totally disrupted on the issue of Pegasus. This was after information by some foreign agencies which alleged that the messages and data on several VIPs and officials were being tapped using Pegasus. But it is unclear who is behind this instigation. It is true that Pegasus is a spyware and can be used for war or peace.
Cyber laws are very strong in our country, and there is a strong mechanism to implement them. It is not easy to break the law of the land, but the possibility of misuse by some unruly elements cannot be ruled out. The matter is under consideration of the Supreme Court, and we will have to wait until the verdict comes out.
Today’s world cannot exist without the internet, computer and cell phones. All these have made communication from any nook and corner of the world instantaneous. The revolution which has taken place through innovation, computer chips, memory devices, fiber-optic communication, mobile multimedia services etc have shrunk the entire globe to a village. Any data or news is accessible at the touch of a finger. Modern civilisation cannot sustain without these systems and gadgets.
In India, these technologies are used in almost all walks of life, much faster than even advanced countries. E-governance system using digital technology has penetrated day-to-day life even in villages as well. The mainstay for all these activities is data without which governance, business, and security cannot function. The database starting from individual details, natural resources, infrastructure, financial and commercial activities are collected and maintained by various agencies and reside in the servers maintained by Government and private agencies either in their own servers or in cloud networks. All such data for any government or commercial use — many of which are confidential in nature — has to be secured.
A lot of development has taken place to evolve various measures to protect data and make it available only to the actual users. So, there is a natural tendency by interested groups to break such protective measures to access vital information, especially used for defence of the country. Spywares are used for penetrating the firewalls and gaining access to confidential information.
Several private companies specialise in developing such software for cracking the protective system using hardware or software. There were also instances in which China, Russia as well as some terrorist groups had attempted to disrupt the computer systems of other countries. Naturally, several countries will be interested in obtaining information about other countries or groups and, in case of conflict, interfere with networks such as power grid and communication system. As a countermeasure, Governments will be interested in monitoring such hostile activities to get advanced information and take preventive measures.
In this context, the first priority is to protect the database and servers handling such information. Firewalls, encryption techniques, even physical separation of the network from the public domain are some of the means employed for this. To counter this, spy software penetrating a protection system and completely destroying or modifying the database are invented by hostile groups, and they evolve mechanisms by which such software modules can be injected into the computer network in the form of viruses without the knowledge of users. Antivirus software developed to counter such situations is effective to a large extent.
Let us look at what Pegasus is and how it has been used since 2010 by several agencies for spying on others. The original development was undertaken by an Israeli company with private equity participation from a US firm namely Francisco Partners. After 2019 onwards, the company is totally owned by the NSO group in Israel specialising in development of spyware which could be used on mobile devices operating with IOS and Android. The software is covertly installed in such devices and is capable of reading text messages, collecting call details, passwords and location, etc.
No one takes the responsibility of this spyware but this company claims that it is used by authorised government agencies only to combat terrorist activities and crime. The company also insists that it can be used only for criminal or national security investigations. The software was available in 2019. Facebook has initiated action against NSO claiming that Pegasus was used for intercepting WhatsApp communication. Probably, this is what triggered the claims by several activists in India alleging tapping of communication of several VIPs.
Internationally, this facility is believed to be used even by drug cartels in Mexico. It is claimed that Saudi Arabia with a licensed version of Pegasus has successfully monitored several terrorist groups and taken advance corrective measures. Similar instances are quoted on spying of industrial houses and banks, and by the government mechanism on the advisory or opponents. Paris-based non-profit journalism group Forbidden Stories has claimed to have access to 50,000 telephone members whose communications were intercepted by the clients of NSO. Several media personnel from the UK, France,
Germany and military states were in this list. The NSO had disowned this report, and the source of allegation is unreliable.
Most of the commercial devices use IOS or Android as a standard operating system, developed, verified and controlled by smart device manufacturers, but they have no hold on the application programmes developed by others which are loaded in the smartphone devices. Such software could be more vulnerable for hacking and unauthorised installation of spyware. So the only way is to ensure that such add-on software is verified and certified by competent agencies and avoid their use to the maximum possible extent.
The spyware is like a virus similar to Covid virus. It enters a system, modifies its operation and collects the details contained in smart devices. Like the use of masks and keeping a safe distance, the solution is by providing proper shield and screening mechanism before installation of software and to avoid loading unwanted or sparingly used software modules. Another precaution which can be taken is to use a dumb device without complex bought out software and loaded only with simple modules for limited purposes of communication
In today’s world when everything is turning digital, monitoring and control of data storage and its use is the primary responsibility of any government. For this, they will have to depend on some software packages developed by reputed companies or of their own. Critical application development of protection systems and monitoring any misuse of cyber capabilities have to be taken by the Government on priority. While doing so, the freedom of expression and maintaining confidentiality of personal details are to be ensured. Adequate checks and balances are to be put in place through formal official mechanisms while monitoring social media and personal communications without compromising national security.
G Madhavan Nair
Space scientist and former ISRO chairman