“The knowledge that we have all been under surveillance by an unknown entity and that our intimate details, personal conversations, financial transactions etc. were being spied upon, is deeply disturbing,” wrote 19 lawyers, journalists, students and activists who were reportedly snooped on WhatsApp using Israeli spyware, Pegasus.
In an open letter to the central government, the signatories sought answers from the Indian government, to reveal whatever information it has about “the cyber-attack or similar methods of mass surveillance, as well as the identity of the players concerned.”
The letter comes a fortnight after Indian representatives of WhatsApp confirmed that a ‘not insignificant’ number of journalists and human rights activists in India were targeted using spyware which infected the messaging platform in May 2019.
The signatories of the open letter are: lawyers Mandeep, Ankit Grewal, Balla Ravindra Nath, Jagdish Meshram, NihalSing Rathod, Nikita Agarwal and Shalini Gera; activists Bela Bhatia, Degree Prasad Chouhan, Rupali Jadhav, Seema Azad, Vira Sathidar and Vivek Sundara; journalists Alok Shukla, Asish Gupta and Shubhranshu Choudhary; students Devika Menon and Vidhya; and PhD scholar Ajmal Khan.
In October, Facebook-owned WhatsApp sued the NSO Group, an Israeli tech company, in an American federal court for using WhatsApp to conduct surveillance. The lawsuit said that malicious software named Pegasus was used to infect about 1,400 specifically-targeted devices.
“WhatsApp attributes this attack to a malicious spyware called Pegasus, which is the flagship product of the Israeli based NSO group and its parent company Q Cyber Technologies,” the signatories said, also terming it as “one of the most sophisticated spywares available on the market.”
Stating that the spyware was sent to their electronic devices through WhatsApp video calls, it further read: “... once installed on the device without the user’s knowledge, [Pegasus] makes all of its contents completely accessible to a remote operator, including passwords, contact lists, call logs, text messages, voice calls etc. This malware allows the operator to stealthily turn on the phone’s camera and microphone and capture the real-time activity in the immediate environment of the device.”
The signatories pointed out that it not only violates their fundamental rights and compromises their security, but also that of their extended network of family, friends, colleagues, clients and sources, and even the entire society.
“The fact that international private corporations, among other foreign players, have penetrated all levels of our telecommunication channels, and have the ability to access the most intimate details of so many Indian citizens, threatens our national sovereignty,” the letter pointed out.
The signatories questioned if taxpayers’ money was used to meet the expenditure of the cyber-surveillance.
They also asked whether the government was aware of any contract between any of its ministries, departments and agencies, any state governments, and the NSO group or any of its contractors, to deploy Pegasus or related malware for any operations in India.
“If so, then the details of such a contract, including its total value and the contracting agencies should be placed in the public domain, including information regarding the monitoring and oversight, to which these operations have been subjected in order to prevent their abuse,” the letter read.
On the other hand, if the government of India was not aware of any such surveillance, they should inform the public about all the steps being taken to identify those responsible for these cyber-attacks, to secure the telecommunication channels and to prevent such attacks in the future, the letter added.
“An engaged and informed citizenry needs to have full knowledge about the legal regime that governs its right to privacy, and a responsible government must ensure the digital security of all its citizens,” the letter concluded.
Apart from the signatories, the activists and lawyers who represented those arrested in the Bhima Koregaon case, too, were reportedly targeted.