Editorial: Power of denial

This week, iPhone maker Apple warned its smartphone users about ongoing Pegasus-like sophisticated mercenary spyware attacks targetting a small number of individuals – often journalists, activists, politicians and diplomats. While such attacks have historically been associated with state actors per past research and reports, the implication of this warning is pronounced in a year when around 60 countries, including India, are going for elections. Such mercenary spyware attacks cost millions of dollars and often have a short shelf life, making them much harder to detect and prevent.

It was just last year that a covert Israel-based spyware company with hacking capabilities comparable to that of NSO Group’s highly-invasive Pegasus was revealed to have customers in at least 10 countries, including North America and Europe. The report confirmed that its hacking tools were employed against opposition party politicians and journalists using a zero-click exploit. The report went on to say that some of the state clients include nations with dismal track records pertaining to widespread human rights issues, such as Mexico and UAE. No specific cases involving Indian operations were found.

But that’s little consolation as episodes involving the use of such surveillance techniques have often been reported, only to be silenced once the next big story drops. Two years ago, a major international daily had reported that India had acquired Pegasus from Israel as part of a defence deal in 2017. A probe led by a global consortium of media outlets revealed how the malware was used by governments around the world to hack phones of dissidents. The phone numbers of the so-called targets were on a database which was believed to be of interest to clients of the NSO Group.

In spite of all the agitation raised by Opposition leaders, the demand for answers fell on deaf ears. Unsurprisingly in 2022, the Supreme Court said its technical expert committee, after months of forensic scrutiny, was unable to find Pegasus spyware in the 29 mobile phones of complainants. The CJI-led bench was categoric in its remarks when it said that the government did not cooperate with the technical committee on scrutiny of the devices for Pegasus spyware.

Then, last year in December, Amnesty International, in partnership with The Washington Post, revealed new details regarding the continued use of Pegasus to target prominent journalists in India, including one who had previously been a victim of an attack using the same spyware. The prospect of eavesdropping on the media or political opponents is now finding champions among world leaders too. Last month, former Polish PM Jaroslaw Kaczynski told a parliamentary committee that he believed Warsaw was in urgent need of advanced spyware. And, despite his leadership position, he wasn’t interested in how or against whom it was used.

Interestingly, the US, which has a dubious reputation vis-a-vis surveillance, cultivated in the post-War years, is waking up to the perils of spyware. In March, the Treasury Department sanctioned a Greece-based spyware company headed by a former Israeli military officer that developed, operated and distributed technology used to target US government officials, journalists and policy experts. The measure comes on the back of Washington restricting its use of commercial spyware tools, under an executive order issued by President Joe Biden. It might be a tall order to get India to enforce such legislation, considering our go-to response is denial.