Amid several Opposition leaders moving a privilege motion against Minister for Information Technology and Telecom Ashwini Vaishnaw over the Pegasus issue, the government has continued to maintain that no ‘unauthorised snooping’ was done and that the time-tested processes in the country are well-established to ensure that unauthorised surveillance does not occur.
When the controversy first broke out in July last, Mr. Vaishnaw told Parliament that if the issue was looked at “through the prism of logic, it clearly emerges that there is no substance whatsoever behind this sensationalism.”
Explained | The operations of the Pegasus spyware
The response followed a news report over alleged use of Israeli firm NSO Group’s Pegasus software to snoop on journalists, politicians and activists worldwide, including in India. However, the company had stated that its products are used “exclusively by government intelligence and law enforcement agencies to fight crime and terror”.
Making a statement on the issue in the Lok Sabha, Mr Vaishnaw had argued that the “time-tested procedures of our country are well-established to ensure that unauthorised surveillance cannot occur”, and that the company whose technology was allegedly used has denied these claims outrightly. However, no mention was made about whether or not India had bought the software.
Defence Ministry’s clarification
The Ministry of Defence, in August 2021, informed Parliament that it did not have any transaction with NSO Group Technologies. However, the response was specific to the Ministry and did not exclude other Ministries or agencies that may have engaged with the firm.
In its six-page affidavit to the Supreme Court, in August last, the Ministry of Electronics and Information Technology denied allegations of unauthorised snooping, but again did not address the question whether or not India had bought the software. “I hereby unequivocally deny any and all of the allegations made against the Respondents in the captioned petition and other connected petitions. A bare perusal makes it clear that the same are based on conjectures and surmises or on other unsubstantiated media reports or incomplete or uncorroborated material,” the Ministry affidavit had said.
More recently, in December 2021, in reply to a question, Minister of State of Electronics and IT Rajeev Chandrasekhar stated that there was no proposal with the government “for banning any group named ‘NSO Group’”.
In his Parliament address, Mr. Vaishnaw, who took charge of his Ministry in July 2021, stated that the appearance of the new story a day before the start of the monsoon session of Parliament cannot be a coincidence and “appear to be an attempt to malign the Indian democracy and its well established institutions.”
The Minister said the report itself clarified that presence of a number in the list did not amount to snooping. “ …It is beyond dispute that the data has nothing to do with surveillance or with NSO. So, there can be no factual basis to suggest that a use of the data somehow equates to surveillance.”
“I highlight that the NSO has also said that the list of countries shown using Pegasus is incorrect and many countries mentioned are not even their clients. It also said that most of its clients are western countries,” he observed.
‘Established protocols’
“Let us look at India’s established protocols when it comes to surveillance… any form of illegal surveillance is not possible with the checks and balances in our laws and our robust institutions,” he said.
He elaborated that in India there was a well-established procedure through which lawful interception of electronic communication was carried out for the purpose of national security, particularly on the occurrence of any public emergency or in the interest of public safety, by agencies at the Centre and the States.
Mr. Vaishnaw asserted that the requests for these lawful interceptions of electronic communication were made as per the relevant rules under the provisions of Section 5(2) of Indian Telegraph Act, 1885, and Section 69 of the Information Technology Act, 2000. Each case of interception or monitoring was approved by the competent authority, he stressed, adding that there was a very-well established oversight mechanism in the form of a review committee headed by the Union Cabinet Secretary, and in case of a State government, such cases were reviewed by a committee headed by the Chief Secretary concerned.
Under Section 5(2), read with Rule 419-A of the Indian Telegraph Rules, lawful interception and monitoring is allowed by authorised law enforcement agencies with the approval of the competent authority. Section 69 of the IT Act empowers the Central/State governments to intercept, monitor or decrypt or get intercepted, monitored or decrypted, any information generated, transmitted, received or stored in any computer resource.
Rule 419-A provides that directions for interception under Section 5 (2) of the Telegraph Act have to be approved by Union Home Secretary and Home Secretaries in the States. In unavoidable circumstances, such an order may be made by an officer not below the rank of a Joint Secretary to the Union government, duly authorised by the Union Home Secretary, or the State Home Secretary.
In remote areas, or for operational reasons, where getting an approval is not feasible, the interception can be done with the permission of the head or the second most senior officer of the authorised agency at the Central level and the authorised officers, not below the rank of Inspector General of Police at the State level.
The directions remain in force for a period not exceeding 60 days from the date of issue and may be renewed, but cannot remain in force beyond 180 days.
The Intelligence Bureau, the Narcotics Control Bureau, the Enforcement Directorate, the Central Board of Direct Taxes, the Directorate of Revenue Intelligence, the Central Bureau of Investigation, the National Investigation Agency, the Cabinet Secretariat (R&AW), the Directorate of Signal Intelligence (for service areas of Jammu & Kashmir, northeast and Assam only) and the Delhi Police Commissioner are authorised under the Information Technology Act. The Telegraph Act empowers the above nine Central agencies, apart from the Director General of Police, of the State concerned/Commissioner of Police, Delhi for the Delhi Metro City Service Area.
Punishable offence
Unlawful or unauthorised interception is a punishable offence under Sections 25 and 26 of the Telegraph Act, with imprisonment for a term that may extend up to three years, or with fine, or with both.
Rule 419-A provides for a review committee headed by the Cabinet Secretary and Chief Secretaries in States. It determines if the directions for interception comply with Section 5(2) of the Telegraph Act, has the power to set aside irregular orders aside and direct destruction of the copies of intercepted messages. As per Rule 22 of the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, all cases of interception, monitoring or decryption of information through computer resource are also placed before the committee.