Saturday, January 29, 2022

Pegasus and Privacy Law - Crescent School of Law - Nashita Nazneen. A

Genre: Tech/Cyber Laws
                                        Source: NASA 

This Blog is published by Nashita Nazneen. A, 4th year student of Crescent School of Law, pursuing BBA LLB (Hons). 

INTRODUCTION 

There are nearly 450 million internet users with a growth rate of 7-8%. India is constantly adapting to the digital economy with various internal and external measures aiming to use their large market for the benefit of the economy[1]. Privacy is a subjective and abstract concept that is relative i.e., it varies from person to person. The prevailing Pegasus Spyware issue that has spread worldwide, has caused too much chaos. Advanced technology often is a threat to data protection. Pegasus Spyware is termed as a ‘threat to democracy' in India. Pegasus at its core violates the privacy of netizens. The data protection issue is mainly attached to the right to secrecy and confidentiality.

CONCEPT OF PRIVACY 

The word privacy is derived from ‘Privatus’ meaning ‘separated from the rest of the world’. According to John Locke, privacy is intrinsic to the notion of freedom. As per Locke,
“A person who operated within the confines of a social contract, but shall be free within the confines of those contracts”
On August 24, 2017, the Hon’ble Supreme Court held that the right to privacy is a Constitutional right guaranteed under Part III of the Constitution. Being a part of the Fundamental Rights, it is available against the State. Nonetheless, an individual's right to privacy is equally safeguarded. In Prince Albert v. Strange[2], it was upheld that a third-party intrusion into one’s privacy results in grave violation of the right to privacy and hence implies the need for legal protection of the right to privacy. It is harmful to social order when a citizen's fundamental right to privacy is violated by fellow citizens. Hence, the right to privacy is protected not only against the state but also against third parties[3]. 

India does not have any comprehensive and separate legislation specifically for privacy. However, they have been inculcated under several legislations dealing with different subject matters. Without data protection, the economy will face an increase in surveillance, profiling of individuals and an impact on individual’s independence. 

The term "data protection" comes from the German "Datenschutz". Currently, the Personal Data Protection Bill, 2019 hereinafter referred to as ‘the Bill’ has been drafted by the Committee of Experts with the objective to ensure a digital economy while keeping the personal data of citizens secured.

Amidst the lack of privacy laws and the Bill which grants arbitrary and unreasonable power to the Government to access private information, Pegasus Spyware has come as a shocker being the most dangerous Spyware ever invented by mankind. 

Pegasus has become the biggest story of the threat to data protection and the drawback of advanced technology on human beings. Let’s understand the Pegasus Spyware in detail. 


                                                                                                                                    Source: Tingey Injury Law Firm
PEGASUS – EXPLAINED 

Pegasus has been derived from Greek mythology which represents a white hose with wings. Spyware is software that enters secretly onto the device with malicious behavior that aims to gather information about that person/entity, usually to cause harm to the user by trading the information to a third party or used by the operator. 

A spyware/virus once infected can access the phone from sitting anywhere across the world. It can open our cameras, microphones, gain access to data, restrict usage of certain applications, locations, passwords among other undesirable things. Other than reading and transferring of data, this spyware can command the device as well. Pegasus is a malicious malware that infects electronic devices that are proving to be the most dangerous and outrageous scam of the century. 


                                                                                                                           Source: Chrispoter Gower 

To substantiate the aforementioned point, French President Emmanuel Macron changed his phone and phone number as his name was on the list of potential targets[4]. Pegasus Spyware, a ‘weapon-grade Spyware’ was developed by NSO Group, an Israeli company. It was set up in January 2010. The name originates from its founder’s name; Niv Carmi, Shalev Hulio and Omri Lavie respectively. This Spyware was primarily developed to investigate and prevent terror and crime through advanced technology. Pegasus was made specifically for vetted Government agencies for national security and law enforcement. 
 
Earlier, a link was being sent to the mail ID or in SMS, once the user opens the link the virus will infiltrate into the device. Now, there is no such requirement. The user need not even click on anything i.e., it is a remote cyber-attack. They can attack both Android and iOS devices, the latter operates on a closed system and the former operates on open-source code. 

Pegasus is primarily a privacy issue. Therefore, to understand the Pegasus issue from a legal perspective, it is necessary to look into the privacy laws in India. 

PRIVACY LAW – EXPLAINED 

Under the Constitution, the concept of privacy is implied under the Preamble, Articles 14, 19, 21, 25 and 28. Article 21 of the Indian Constitution, for example, preserves the right to privacy as an inherent part of the right to life and personal liberty, as well as the freedoms guaranteed in Part III as under Justice K.S. Puttaswamy’s case[5]. 

India's Constitution provides the right to life and personal liberty in Article 21. The landmark case of Justice K.S. Puttaswamy v. UOI[6] provided a comprehensive brief of the privacy concept. The Court concluded the following, 
  • Life and personal liberty are inalienable rights. They are inseparable from human existence. 
  • These rights are recognized by the Constitution, primarily under Article 21. 
  • Privacy is a Constitutional core of human dignity that includes personal intimacies. 
  • Privacy is a concept that evolved through judicial interpretations. 
  • Privacy is not an absolute right and it's restrictive on several grounds. 
  • Privacy is both positive and negative right. 
  • A component of the right to privacy is informational privacy. 

EVOLUTION OF PRIVACY 

M.P. Sharma & Ors. v. Satish Chandra, District Magistrate, Delhi & Ors.[7] 
The SC held that right of privacy is a constitutional guarantee which was refrained by the Court. 

Kharak Singh v. State of Uttar Pradesh & Ors.[8] 
The majority were of the opinion that that right to privacy is not expressly provided under Article 21 and is thereby not a fundamental right. Nevertheless, the minority opinion, recognized the right to privacy as a fundamental right under Article 21. 

⬇ 
Gobind v. State of M.P.[9] 
The Supreme Court held that the police regulations were not in compliance with freedom and accepted the right to privacy as a fundamental right and are not absolute. 

⬇ 
R. Rajagopal & Anr. v. State of Tamil Nadu[10] 
This case summarized certain board principles, giving a more substantive base to the concept of privacy. The right to privacy is implicit in Article 21 - Right to be let alone. 

 
People’s Union of Civil Liberties v. Union of India[11] 
The Court has once again showed no hesitation in declaring that the right to privacy is a part of the right to life and personal liberty as under Article 21 and shall be curtailed only according to the procedure established by law. 

⬇ 
K. S. Puttaswamy (Retd.) v. Union of India[12] 
The Supreme Court unanimously held that, life and personal liberty are inalienable and are inseparable from human existence. Privacy is a Constitutional guarantee under Article 21 of the Constitution. The elements of privacy vary according to the context and other facets. However, it is not an absolute right. The above cases stand overruled. 

CONCLUSION 

In comparison with the international scenario, it is high time that the Indian Government should also enact legislation specific to privacy and protection of data. There have been trade restrictions due to inadequate privacy laws. Data security and advanced technology must go hand in hand. However, that has become an issue to secure an internet environment for effective communication. On the other hand, advanced technology and the probability of threat is also increasing which makes data protection difficult. 

Investigation into the Pegasus issue is the need of the hour. Reliable investigation with the aid of the judiciary will give credibility to the reports, this will provide assurance of authenticity. We as citizens need to know whether we are being spied upon, if yes, then for what purpose are we spied upon, who is having access to this information, are the reasons for spying valid and legal and is there an issue of national security at present. People of India have the right to information about what is happening in their nation and the right to privacy at large. 

REFERENCES 

[1] MeitY (Government of India), Data Protection in India, State IT Secretaries Conf, 12-13 Feb 2018 Data Protection in India (digitalindia.gov.in) 
[2] [1849] 64 ER 298 
[3] White Paper Of the Committee of Experts on Data Protection Framework For India – Government of India https://innovate.mygov.in/wp content/uploads/2017/11/Final_Draft_White_Paper_on_Data_Protection_in_India.pdf 
[4] Reuters, Pegasus Spyware: French President Changes Phone, Phone Number, July 23, 2021 https://gadgets.ndtv.com/mobiles/news/pegasus-spyware-france-president-emmanuel-macron-change-phone-number-nso-group-morocco-target-reaction-2492866 
[5] Justice K.S. Puttaswamy v. UOI, AIR 2015 SC 3081 
[6] Ibid 
[7] 1954 SCR 1077 
[8] (1964) 1 SCR 334 
[9] (1975) 2 SCC 148 
[10] (1994) 6 SCC 148 
[11] (1997) 8 SCC 735 
[12] Supra Note 5
By at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)