In the hearing, the petitioners highlighted how Pegasus works and that it is sold only to governments while the Chief Justice posed further questions on the matter.  

Some of the most prominent names in the legal fraternity in India logged in today to a virtually packed Court Number 1, on August 5, 2021, as the Supreme Court of India heard pleas for action following the Pegasus Project, in a case that will have a significant impact on privacy in the country, with the potential of there finally being reform and oversight over the actions of intelligence agencies in India.

Senior Advocates Kapil Sibal and CU Singh represented journalist N. Ram and Shashi Kumar, as well as the Editors Guild of India – both separate petitions- and Shyam Divan represented Prof Jagdeep Chokkar*, founder of the Association for Democratic Reforms, whose name had appeared on the list of those surveilled. Meenakshi Arora represented Rajya Sabha MP John Brittas. Arvind Datar represented journalists – and husband and wife – Rupesh Kumar Singh and Ipsa Shatakshi, while Rakesh Dwivedi represented journalists Prem Shankar Jha and SNM Abdi, all of whom were surveilled. Advocate ML Sharma, who was the first to file a petition, also spoke.

Advocate on Record Prateek Chadha appeared for journalist Paranjoy Guha Thakurta. Manish Tewari, former Minister of Information and Broadcasting, appeared for Union Minister Yashwant Sinha – who was also surveilled – asking for his petition to be tagged with these.

The bench, comprising Chief Justice of India NV Ramanna and Justice Surya Kant, ordered that the petitioners serve notice to the Union Government, and the case will be heard next on Tuesday, the 10th of August 2021. Senior Advocate Divan said that they’ve already served an advance copy to the Attorney General and the Solicitor General. During the hearing, CJI NV Ramanna asked about why petitioners haven’t filed criminal complaints, given that under the Telegraph Act and the IT Act, they can file criminal complaints, and why they’ve filed petitions now, when Pegasus surveillance first came to light in May 2019.

NSO Group doesn’t act alone

How Pegasus works: Speaking for the Editors Guild of India and journalist N. Ram, Sibal pointed out that Pegasus “is a rogue technology and infiltrates into our lives through a vector. It enters our lives using a phone. It watches, hears and surveys every of our movements. This is an assault on dignity of an individual and values of our republic.” “We have no direct access to information”, Sibal continued. Pointing towards a suit filed against WhatsApp in the California court, Sibal highlighted how Pegasus works: “once activated, the malicious code, caused the target devices caused it to connect to a device and download malware. The malware gave access to the device.” Later on, he added that “They can activate my microphone and my camera from afar, without my knowing.” ML Sharma pointed out that Pegasus can also be used to gain access to passwords, and post that, it is possible to access anything externally, and even plant documents.

Pegasus is sold only to governments: “This spyware is sold only to governments and government agencies”, Sibal continued. CJI Ramanna pointed out that as per the pleadings, the NSO Group only sells software to “vetted” governments, but asked whether it is only sold for use by the government, or is it up to them how to use it. Sibal responded by saying that the California court is questioning this very assertion, saying that there is a role that the NSO Group has, and “They do so entirely at the direction of the government customers.” To this, Justice Surya Kant pointed out that NSO had taken a plea of foreign sovereign immunity, which was declined. Advocate ML Sharma said that as per the declaration by the NSO group, they do not operate, and have never operated Pegasus. “They act purely in sales support direction”, he said. “The export of NSO Pegasus technology is regulated by Israel defence under export controls”, he pointed out.

NSO Group doesn’t act alone: “They do so only at the direction of their government’s customers, and follow their instruction entirely”, Sibal said, citing the case in the California court, pointing out that the defendants in that case – the NSO Group – “retain some role” in the act of surveillance. CU Singh, also representing the Editors Guild of India and N.Ram along with Sibal, added that this statement is a declaration by Shalev Hulio, CEO of NSO.

Indian government accepted that Indian users were impacted in 2019: Pointing towards the Editors Guild’s petition, Sibal highlighted a response from the government to a question in Parliament [read], asked by MP Asaduddin Owaisi, which stated that 121 Indians were impacted, saying that “the Government has taken note that the spyware, the malware, has affected Indian users, including 121 users from India. This is the Minister’s statement.” He cited another such reply from the IT Minister in Parliament, saying that “Government of India said this was happening, why did not lodge an FIR? Why have they kept quiet? These are questions that will have to be answered. This tech cannot be used in India unless it has been purchased. Only the government can purchase.”

Could it be a state government? In response, CJI Ramanna said that it can also be a state government that purchased Pegasus. Senior Advocate Meenakshi Arora addressed this later by pointing out it is a categorical statement before in California court by NSO that only sovereign entities can do it. “If it has been taken by a country, people need to know how they’ve used it, how they installed it. There is a need to investigate this. We need to have an agency in the nature of FISA in the USA, this cannot be done at a secretary level who authorises purchase of spyware.”

Sibal responded to the query by saying that there are terms of contracts with other governments also mentioned (in the California case, where a contract with the Government of Ghana has been filed).

“It’s not just an internal matter. It is a matter of our national security. We can’t give you all the answers. We cannot have access to these things. The government needs to come on board. If they’re using it, if they bought it, how are they using it? It costs $55,000 to penetrate into one mobile phone.” “This is posses a big threat to everything that our republic stands for. Give notice in all these petiitons. Let them come on board and tell us what these facts are.” – Kapil Sibal

Foreign governments have acted: At the beginning of the deliberations, CJI Ramanna said that in a majority of the writ petitions filed before the Court, the allegations are based on newspaper reports. “No doubt the allegations are serious in nature if the reports in the newspapers are correct”, he said, adding that the petitioners should have put in more focused work to put together material, even though the Court doesn’t want to say that the newspaper reports by reputed journalist contentions are hearsay and not believable. Senior Advocate Shyam Diwan addressed this later by saying that these are not just media reports. “We have averred in our writ, on the basis of this investigative story, two national governments have taken action – US and France. They have petitioned and informed the Israeli govt. The Israeli government has taken some action. These are media reports which enjoy credibility.”

We haven’t slept over this for two years

In response to CJI Ramanna’s question about why these petitions have been filed all of a sudden, two years after the 2019 Pegasus revelations (MediaNama’s Pegasus 2019 coverage via this link), Arora said that “We haven’t slept over this for two years. A question was put to the Minister and he answered, he said there was no unauthorised interception. In 2021, the French group which accessed the data, together with media houses, they put this for checking. Phones were sent to a lab [Citizen Lab] in Canada, and it was reported. It was then that many people realised that their phones had been targeted.”

The names have only just come out: CU Singh pointed out that detailed investigations were carried out after the 2019 Pegasus revelations, and that “the names only came out this year. They got willing firms to examine the phones. Why have we come today? Because names of people targeted were not known before this.”

A war against its own citizens

Senior Advocate Shyam Divan representing Prof. Jagdeep Chhokar said that “My phone has been surveilled and it is personal infringement. The foundation of media reports is this: there was a whistleblower who released the numbers of potential targets. Upon investigating, they were found to be matching the petitioner before your lordship. The persons include constitutional functionaries, journalists, and apolitical people whom I represent. He writes extensively on electoral democracy.”

“For a private citizen to find that a spyware has been turned against him by the government, it is something unconsitutional. It constitutes a war against its own citizens” – Shyam Divan

Are we terrorists? Sibal pointed out that “The extent of [surveillance] was not known to us. This morning we found out that registrars serving in [The Supreme Court of India] have been targeted. Their phones were accessed. This is something that is being revealed to us on a daily basis. The question is right why we didn’t come before. An old member of the judiciary was also targeted. The NSO group website states that it is used exclusively by governments to fight crime and terror. All these journalists and lawyers, court staff, academicians — are they terrorists? We’ve set out names in this petition. All we want is notice.”

Why have FIRs not been filed?

Another key issue that CJI Ramanna raised was about why petitioners haven’t made any effort to file a criminal complaint, given that provisions under the Telegraph Act and the IT Act allow them to do so.

I don’t have a provision to file an FIR under the IT Act: Senior Advocate Arvind Datar, appearing for two journalists, Rupesh Kumar Singh and Ipsa Shatakshi, husband and wife, whose names are on the list, said that there isn’t any provision for filing an FIR. “As far as I’m concerned,” he said, “if you see the IT Act, Section 43 allows me to file a suit for damages. Now we’re saying that Pegasus Spyware is used, but it is not known who has used it. Civil remedies are useless. The only (criminal) provision for privacy in the IT Act is about bodily parts. That is not applicable here. I don’t know under which provision I will file an FIR under the IT Act.” Referring to Section 66E of the IT Act, which prescribes punishment for violation of privacy, Datar pointed out “This is for sending offensive messages, not for violation of privacy.”

Who will take action but the judiciary? Explaining the inadequacy of the IT Act to address the violation of privacy, Datar pointed out that the Supreme Court has expanded the dimensions of privacy. It has “held that privacy permeates entire Part 3. What the SC said is that privacy isn’t just traceable to (Articles) 14, 19 or 21. Who will take action but the judiciary?

My submission is that what relief has to be given, there is a need to protect the privacy of India as a whole. In light of the Puttaswamy case and the limited provisions of the IT Act, they never contemplated such a sophisticated equipment (like Pegasus). This was never in contemplation. The judiciary has to be in the vanguard position. Your lordships may take it as a class action kind of proceeding.” – Arvind Datar

This is mass action: Representing journalists Prem Shankar Jha and SNM Abdi, both of whom were in the list of people whose phones have been compromised, Senior Advocate Rakesh Dwivedi said that “This is matter of a huge dimension, not of a single individual whose phone is bugged. This is a mass action.

If foreign companies are involved, whether the Government of India, since it has this spyware or it has been used by it, these are questions which the Government of India ought to take up on its own. Looking at the organisations and the companies involved. The court ought to take cognisance.”

“The whole country must be assured that their phones might not be affected like this. I can undestand that in terrorism and big crimes, it has to be as per procedures under the IT Act. Journalists cannot be surveilled like this and their phones and internets cannot be surveilled like this. This is a larger issue involving constitutionalist and not just criminality.” – Rakesh Dwivedi

Want Cabinet Secretary to respond, and a special investigation team and a fact-finding body: Shyam Divan towards the end of the proceedings, said that this case is about more than an individual FIR situation. “We have specifically requested” Divan had said earlier in the proceedins, “that any response filed by the government ought to be by the Cabinet Secretary. We don’t want a ministry to say I don’t know enough about it, as per my departments records. We have set out that it is necessary for the cabinet secretary to have knowledge of the surveillance. The cabinet secretary has the knowledge of all government departments, and regarding aspects of information of surveillance of goverment citizens.”

No remedy in the IT Act: CU Singh pointed out that if Section 69 of the IT Act is read with the procedure for rules related to in 2019, “only central and state governments can do interception, subject to safeguards. [However] There is no remedy if Central and State governments don’t comply with those safeguards. Under the rules, there has to be a review committee to review interception requests.”

Also Read

  • Pegasus Spyware: All the latest facts on who was targeted, the modus operandi, and more [Read here]
  • All you need to know about NSO Group and its Pegasus spyware [Read here]
  • Editors Guild of India demands probe over Pegasus reports while Reporters Without Borders mulls filing lawsuits against NSO [Read here & here]
  • In Lok Sabha address, IT Minister doesn’t deny using Pegasus; behind it lies a history of unclear statements [Read here & here]
  • Everything that the NSO Group has said so far on the allegations against Pegasus [Read here]

 

Views on surveillance reform and future steps

  • The Pegasus exposé is a wake-up call for how a surveillance culture reduces public trust [read]
  • Official response to Pegasus must be clearer. Plus, the system of authorising surveillance is flawed [read]
  • Surveillance reform is the need of the hour [read]
  • Pegasus Spyware: How do we rein in State surveillance? Here’s what experts had to say [Read here]
  • Intelligence gathering needs to be professionalised, parliamentary oversight introduced, and liberties and laws protected [read]
  • Edward Snowden calls for spyware trade ban amid Pegasus revelations [Read here]
  • Understanding the efficacy of the proposed Personal Data Protection Bill is crucial in regards to entrenched networked surveillance [Read here]

*

Disclosure: Prof Jagdeep Chokkar is the uncle of the author of this article.

 

Have something to add? Subscribe to MediaNama and post your comment