What is Pegasus Spyware?

 Pegasus Spyware

Pegasus is a spyware developed by the Israeli cyberarms firm NSO Group that can be covertly installed on mobile phones (and other devices) running most versions of iOS and Android. The 2021 Project Pegasus revelations suggest that the current Pegasus software can exploit all recent iOS versions up to iOS 14.6.  As of 2016, Pegasus was capable of reading text messages, tracking calls, collecting passwords, location tracking, accessing the target device's microphone and camera, and harvesting information from apps. The spyware is named after the mythical winged horse Pegasus—it is a Trojan horse that can be sent "flying through the air" to infect phones.

Why in News?

Throughout the past week, we’ve seen story after story about a company called NSO Group, and a piece of spyware called Pegasus. Some of the stories have been shocking, with allegations that fully updated smartphones can be hacked with a single text message, and reports that two women close to murdered journalist Jamal Khashoggi were among those targeted by a government agency using the spy tool.

A coalition of news outlets, including The Washington Post, Le Monde, and The Guardian is behind the reporting, and they’re calling it the Pegasus Project. The project was led by Forbidden Stories, an organization of journalists that works on stories after the original reporters have been silenced in some way. Amnesty International ran detailed forensics on 67 smartphones to look for evidence that they were targeted by Pegasus spyware — and 37 of those phones tested positive. But many crucial details still aren’t clear.

Who was being spied on?

We don’t know for sure. However, much of the reporting centers around a list containing 50,000 phone numbers, the purpose of which is unclear. The Pegasus Project analyzed the numbers on the list and linked over 1,000 of them to their owners. When it did so, it found people who should’ve been off-limits to governmental spying (based on the standards NSO says it holds its clients to): hundreds of politicians and government workers — including three presidents, 10 prime ministers, and a king — plus 189 journalists, and 85 human rights activists.

India's stand on Pegasus

In response to the finding by a global collaborative investigative project that Israeli spyware Pegasus was used to target at least 300 individuals in India, the government has claimed that all interception in India takes place lawfully. So, what are the laws covering surveillance in India?

Communication surveillance in India takes place primarily under two laws — the Telegraph Act, 1885 and the Information Technology Act, 2000. While the Telegraph Act deals with interception of calls, the IT Act was enacted to deal with surveillance of all electronic communication, following the Supreme Court’s intervention in 1996. A comprehensive data protection law to address the gaps in existing frameworks for surveillance is yet to enacted.