Note4Students
From UPSC perspective, the following things are important :
Prelims level: Zero click attack
Mains level: Paper 2- Issues with surveillance
Context
The Pegasus spyware, created by NSO Group in Israel has created a political storm in India over its alleged use by the government.
About the Pegasus spyware controversy
- It uses a “zero-click” attack which allows the device to be taken over remotely by exploiting software and hardware vulnerabilities.
- The Israeli Defence Ministry’s stated that Pegasus and other cyber products are exported “exclusively to government entities” and are only for the purpose of preventing and investigating crime and counter terrorism.
- Pegasus has been used to illegally hack into people’s lives and to obtain private information outside the boundaries of the law.
- Those who were supposedly targeted range from the uppermost echelons of the judiciary, Opposition party leaders, activists and journalists.
How it harms freedoms and rights guaranteed by the Constitution
- A person has the basic fundamental rights of liberty, privacy, speech and expression amongst others.
- These rights go hand in hand with each other.
- The alleged use of Pegasus to illegally hack into persons’ lives, listen in on private conversations, to thereafter use this private information against said persons in hope of gaining undue advantage, are all outside the boundaries of the law.
- Surveillance on this level would have the effect of instilling fear and directly hampering a person’s ability to freely make their own decisions.
- The effect is that a person does not have the freedom to think, to speak or even be in the privacy of their own homes.
Legal provisions for surveillance
- In December 2018, the government authorised 10 security and intelligence agencies to intercept, monitor and decrypt any information generated, transmitted, received or stored in any computer resource.
- The authorisation is required before any of the 10 notified agencies can intercept, monitor or decrypt any information.
- This and other grounds are being taken by the government before the Supreme Court to defend its stance.
- The Data Protection Bill (yet to be passed by Parliament) offers no protection in respect of surveillance.
- Sections 43 and 66 of the Information Technology Act, 2000 criminalise hacking.
Conclusion
The majority is not always right. A democracy has the indelible right to question, to demand answers and explanations. The government has many questions to answer and steps to take to protect the rights and freedoms of its citizens.
Back2Basics: Zero-click attack
- A zero-click attack is a remote cyber attack which does not require any interaction from the target to compromise it.
- Pegasus spyware eliminates the need for human errors to compromise a device and instead relies on software or hardware flaws to gain complete access to a device.
- Zero-click attacks occur only when an attacker is able to takeover a device remotely after successfully exploiting vulnerabilities in the software and hardware of the phone.
- To make this kind of attack successful, an attacker needs to exploit flaws in a device, whereas spear phishing is a social engineering attack.
Get an IAS/IPS ranker as your 1: 1 personal mentor for UPSC 2024