Shri Ashwini Vaishnaw, the Minister of Electronics & Information Technology made following statement on “Alleged use of spyware Pegasus to compromise phone data of some persons as reported in Media on 18th July 2021” in Lok Sabha here today:
A highly sensational story was published by a web portal yesterday night.
Many over the top allegations have been made around this story.
The press reports have appeared a day before the Monsoon session of Parliament. This cannot be a coincidence.
In the past, similar claims were made regarding the use of Pegasus on WhatsApp. Those reports had no factual basis and were categorically denied by all parties, including in the Supreme Court.
The press reports of 18th July 2021 also appear to be an attempt to malign the Indian democracy and its well established institutions.
We cannot fault those who haven’t read the news story in detail. And I request all Members of the House to examine the issues on facts and logic.
The basis of this report is that there is a consortium which has got access to a leaked database of 50,000 phone numbers. The allegation is that individuals linked to these phone numbers were being spied upon. However, the report says that:
The presence of a phone number in the data does not reveal whether a device was infected with Pegasus or subject to an attempted hack.
Without subjecting a phone to this technical analysis, it is not possible to conclusively state whether it witnessed an attack attempt or was successfully compromised.
Therefore, the report itself clarifies that presence of a number does not amount to snooping.
Let us examine what NSO, the company which owns the technology has said. It said:
NSO Group believes that claims that you have been provided with, are based on misleading interpretation of leaked data from basic information, such as HLR Lookup services, which have no bearing on the list of the customers’ targets of Pegasus or any other NSO products.
Such services are openly available to anyone, anywhere, and anytime, and are commonly used by governmental agencies as well as by private companies worldwide. It is also beyond dispute that the data has nothing to do with surveillance or with NSO, so there can be no factual basis to suggest that a use of the data somehow equates to surveillance.
NSO has also said that the list of countries shown using Pegasus is incorrect and many countries mentioned are not even our clients. It also said that most of its clients are western countries.
It is evident that NSO has also clearly rubbished the claims in the report.
Let us look at India’s established protocol when it comes to surveillance. I’m sure my colleagues in the opposition who have been in Government for years would be well aware of these protocols. Since they have governed the country, they would also be aware that any form of illegal surveillance is not possible with the checks and balances in our laws and our robust institutions.
In India, there is a well established procedure through which lawful interception of electronic communication is carried out for the purpose of national security, particularly on the occurrence of any public emergency or in the interest of public safety, by agencies at the Centre and States.
The requests for these lawful interception of electronic communication are made as per relevant rules under the provisions of section 5(2) of Indian Telegraph Act,1885 and section 69 of the Information TechnologyAct, 2000.
Each case of interception or monitoring is approved by the competent authority. These powers are also available to the competent authority in the state governments as per IT (Procedure and Safeguards for Interception, monitoring and Decryption of Information) Rules, 2009.
There is an established oversight mechanism in the form of a review committee headed by the Union Cabinet Secretary. In case of state governments, such cases are reviewed by a committee headed by the Chief Secretary concerned. The law also provides an adjudication process for those adversely affected by any incident.
The procedure therefore ensures that any interception or monitoring of any information is done as per due process of law. The framework and institutions have withstood the test of time.
In conclusion, I humbly submit that:
- The publisher of the report states that it cannot say if the numbers in the published list were under surveillance.
- The company whose technology was allegedly used has denied these claims outrightly.
- And the time tested processes in our country are well-established to ensure that unauthorised surveillance does not occur.
When we look at this issue through the prism of logic, it clearly emerges that there is no substance behind this sensationalism.