Monday, August 2, 2021

PEGASUS (Israeli Spyware):A Threat To Right To Privacy? Legal Approach

The following article written by Mr. Anuj Kumar Kashyap (Advocate, Delhi High Court) based on extensive research, gives an overview about a spyware known as Pegasus which has been in news lately and discusses whether it has violated the fundamental right of privacy guaranteed by the Constitution of India, 1950. If yes, then what laws have been legislated by the parliament and what precedents have been set-up by the High Courts and Supreme Court of India in this regard. 

The Following article is very important for the aspirants of Judiciary, UPSC and state civil exams from the point of view of mains examination. However, it is equally important for the common masses, as the pegasus spyware has threatened the right of privacy of every citizen.  



1. About Pegasus


  • It is a spyware developed by the Israeli cyber arms firm NSO Group Technologies.
  • It is a type of malicious software or malware classified as a spyware.
  • It mainly uses exploit links, clicking which installs Pegasus on the target’s phone.
  • It is designed to gain access to devices, without the knowledge of users, and gather personal information and relay it back to whoever it is that is using the software to spy.
  • Pegasus has been developed by the Israeli firm NSO Group that was set up in 2010.

  • The earliest version of Pegasus discovered, which was captured by researchers in 2016, infected phones through what is called spear-phishing – text messages or emails that trick a target into clicking on a malicious link.

  • The list contains 50,000 telephone numbers of people identified as potential targets via Pegasus between 2016 and June 2021. The names include at least 65 business executives, 85 human rights activists, 189 journalists and over 600 politicians and government officials, including heads of state, prime ministers, cabinet ministers, diplomats, military and security officers.

  • Over 300 people in the list were Indian politicians, activists, business persons and journalists. It is yet to be ascertained who put the numbers on the list or why.

         Since then, however, NSO’s attack capabilities have become more advanced. Pegasus infections             can be achieved through so-called “zero-click” attacks, which do not require any interaction from          the phone’s owner in order to succeed.


  • Citizen Lab which has investigated several cases of Pegasus infections showed through its research that social engineering is a very common strategy to deliver the most sophisticated spyware.


  • Pegasus does so by exploiting vulnerabilities in the phone’s operating systems (OS).


  • Lookout, which is a cybersecurity company, had partnered with Citizen Lab to investigate Pegasus and found that it had exploited three zero-day vulnerabilities in iOS to successfully attain all the user access of the phone.


  • A zero-day vulnerability is a flaw in a software or hardware that is previously unknown to the party responsible.


  • Facebook has sued NSO Group in the US for allegedly targeting some 1,400 users of its encrypted messaging service WhatsApp with a zero-click exploit.


  • In WhatsApp case, a specially crafted call was used to trigger a buffer overflow, which in turn was used to take control of the device.(WhatsApp sued Israeli technology firm NSO Group, accusing it of using the Facebook-owned messaging service to conduct cyberespionage on journalists, human rights activists and others.)



2. What is "Pegasus" & why in News?


  • Pegasus is a hacking software or spyware that is developed, marketed and licensed to governments around the world by the Israeli company NSO Group. It has the capability to infect billions of phones running either on iOS or Android operating systems.

  • Recently, it has been reported that Pegasus, the malicious software, has allegedly been used to secretly monitor and spy on an extensive host of public figures in India.

  • The Israeli spyware, revealed to have been used to target hundreds of phones in India, has grown less reliant on clicks. Pegasus can infect a device without the target’s engagement or knowledge.



3. Targets:-


  • Human Rights activists, journalists and lawyers around the world have been targeted with phone malware sold to authoritarian governments by an Israeli surveillance firm.


  • Indian ministers, government officials and opposition leaders also figure in the list of people whose phones may have been compromised by the spyware.


  • Facebook has sued NSO Group in the US for allegedly targeting some 1,400 users of its encrypted messaging service WhatsApp with a zero-click exploit.


  • In 2019, WhatsApp filed a lawsuit in the US court against Israel's NSO Group, alleging that the firm was incorporating cyber-attacks on the application by infecting mobile devices with malicious software. 



4. Recent Steps Taken in India by Central Govt:-


1.  Cyber Surakshit Bharat Initiative:- It was launched in 2018 with an aim to spread awareness             about cybercrime and building capacity for safety measures for Chief Information Security                     Officers (CISOs) and frontline IT staff across all government departments.


2.  National Cyber security Coordination Centre (NCCC):- In 2017, the NCCC was developed to         scan internet traffic and communication metadata (which are little snippets of information hidden         inside each communication) coming into the country to detect real-time cyber threats.


3.  Cyber Swachhta Kendra:- In 2017, this platform was introduced for internet users to clean their         computers and devices by wiping out viruses and malware.


4.  Indian Cyber Crime Coordination Centre (I4C):- I4C was recently inaugurated by the                     government.


5. National Cyber Crime Reporting Portal has also been launched pan India.


6. Computer Emergency Response Team - India (CERT-IN):- It is the nodal agency which deals             with cybersecurity threats like hacking and phishing.




5. Legislation:-


1. Information Technology Act, 2000:-

  • It elaborates on offenses, penalties, and breaches.
  • It outlines the Justice Dispensation Systems for cyber-crimes.
  • It provides for the constitution of the Cyber Regulations Advisory Committee.
  • The Information Technology Act is based on The Indian Penal Code, 1860, The Indian Evidence Act, 1872, The Bankers’ Books Evidence Act, 1891, The Reserve Bank of India Act, 1934, etc.

2. Personal Data Protection Bill, 2019:-

  • In August 2017, the Supreme Court  held that privacy is a fundamental right, flowing from the right to life and personal liberty under Article 21 of the Constitution.  The Court also observed that privacy of personal data and facts is an essential aspect of the right to privacy.  In July 2017, a Committee of Experts, chaired by Justice B. N. Srikrishna, was set up to examine various issues related to data protection in India.  The Committee submitted its report, along with a Draft Personal Data Protection Bill, 2018 to the Ministry of Electronics and Information Technology in July 2018.  The Statement of Objects and Reasons of the Personal Data Protection Bill, 2019 states that the Bill is based on the recommendations of the report of the Expert Committee and the suggestions received from various stakeholders.



6. Judicial Precedents:-


(Case No.1)
NASSCOM v. Ajay Sood & Ors.

Citation:119 (2005) DLT 596, 2005 (30) PTC 437 Del

Facts:- The case deals with Phishing, which is kind
 of Internet fraud. A fraudulent personation was 
done in the name of “National Association of 
Software and Service Companies” (NASSCOM) which 
is India's premier software association. The Delhi 
High Court expressed that phishing is a type of web
 misrepresentation where an individual claims to be
a genuine affiliation. A similar case of significance
 is Autodesk, Inc. & Anr. vs. Prashant Deshmukh & 
Ors., in this case the Delhi High Court granted the
 plaintiff permanent injunction sought for as punitive 
damages against the defendant for copyright and 
registered trademarks infringement.

Observation & Decision of the  Delhi High Court:-
1. It's clear that the defendants in whose names the 
offending e-mails were sent were fictitious 
identities created by an employee on defendants’ 
instructions, to avoid recognition and legal action.

2. Subsequently, the defendants admitted their illegal acts
 and the parties settled the matter through
 the recording of a compromise in the suit proceedings. 

3. According to the terms of compromise, the defendants
agreed to pay a sum of Rs1.6 million to the
plaintiff as damages for violation of the plaintiff’s trademark rights. 

4. The court also ordered the hard disks seized from the defendants’ 
premises to be handed over to the 
plaintiff who would be the owner of the hard disks.

5. The Delhi HC expressed that despite the fact that there is no 
particular enactment in India to punish
 phishing still the court held the demonstration of phishing
as going off and discoloring Nasscom's.

6. Finally, the Delhi High Court declared that "phishing"
 on the internet to be an illegal act, entailing an
 injunction and recovery of damages.

NOTE:- This case reaffirms IP owners’ faith in the Indian
judicial system’s ability and willingness to 
protect intangible property rights and send a strong message
 to IP owners that they can do business in
 India without sacrificing their IP rights.


(Case No.2)

Justice K. S. Puttaswamy vs. Union of India and ors.
(AIR 2017 SC 4161)

Bench strength:- 9 Judges.
Related laws:- Article 14, Article 19, Article 21, 
Article 110 of the Constitution of India,1950.

On 26th September 2018, the Court delivered its judgment. 
It upheld the Aadhaar Act as constitutionally valid.

The constitution bench of the Supreme Court led by Chief 
Justice Dipak Misra ruled that Aadhaar
 is mandatory for filing of income tax returns (ITR) and 
allotment of Permanent Account Number
 (PAN). So if you are a tax payer or want a PAN card 
then you cannot run away from Aadhaar.

To buy a new SIM card, your telecom service provider 
cannot seek Aadhaar details from you.
 Just provide other KYC documents like Voter ID card, 
driving license, etc to get a new SIM card.

Students of CBSE, NEET, UGC also do not require 
Aadhaar number to appear in exams. Even 
schools cannot seek Aadhaar card for admissions.

The apex court has struck down Section 57 of the 
Aadhaar Act as “unconstitutional". This means 
that no company or private entity can seek Aadhaar
identification from you.

Note:- In this case, the Supreme Court held that
 the right to privacy is protected as an intrinsic part 
of the right to life and personal liberty under Article 
21 and as a part of the freedoms guaranteed by
 part-3 of the Constitution of India,1950.


(Case No.3)

Shreya Singhal and Ors. v. Union of India 
(AIR 2015 SC 1523)

Two Judges Bench:- Justice R.F. Nariman, Justice
 Chelameshwar

Intro:-  It is a judgement by a two-judge bench of 
the Supreme Court of India in 2015, on the issue 
of online speech and intermediary liability in India. 

Facts of the Case:- In 2012, two girls were arrested 
by Mumbai Police for expressing their displeasure
 against a strike by shiv sena for shiv sena chief's death. 
The accusation made against the petitioners
 was that they were involved in posting their comments 
on the Facebook and liking the comment at
 the same time which resulted in widespread public protest.
The provisions were challenged in the
 Supreme Court, in a series of writ petitions by Shreya Singhal,
 People's Union for Civil Liberties, 
Common Cause(NGOs), and companies(Mouthshut.com). 
The various petitions were clubbed together
 and heard by a two-judge bench of Justices Chelameswar and Nariman.

Issues:-

1. Whether Sections 66-A, 69-A and 79 
of the IT Act are constitutionally valid? 

2. Whether Section 66A of IT Act is violative 
of fundamental right of freedom of speech 
and expression?

Decision of the Court:-
In a 52-page judgement, the Supreme 
Court struck down Section 66-A of the
 Information Technology Act,2000, relating 
to restrictions on online speech, as unconstitutional
 on grounds of violating the freedom of speech 
guaranteed under Article 19(1)(a) of the Constitution
 of India.
                   The Court further held that the Section was not saved by virtue of being a 'reasonable
restriction' on the freedom of speech under Article 19(2) 
of the Constitution of India.
                   The Supreme Court also read down Section 79
 and Rules under the Section. It held
 that online intermediaries would only be obligated to 
take down content on receiving an order
 from a court or government authority. 

NOTE:- The case is considered a watershed moment 
for online free speech in India.


(Case No.4)

People’s Union for Civil Liberties(PUCL) v. Union of India

Known as "Tapping of Telephone Case"
 Writ Petition (Civil) No.196 of 2001


Intro:- Telephone tapping constitutes a serious
invasion of an individual’s right to privacy.

Facts:- In this case Public Interest Litigation was 
filed protesting rampant instances of
phone tapping of politician’s phones by CBI.

Issue:- 1. Is telephone tapping constitutionally 
permissible in India?
2. challenged the validity of Section 33B of the 
Representation of People Act, 1951?

The questions posed above have been fully considered 

by the Supreme Court :- 
The Court concluded that Section 33B of the Representation
of People Act, 1951, was unconstitutional [as violative 
of Article 19(1)(a) of the Constitution]. And the 
court ruled that ‘telephone conversation is an important
 facet of a man’s private life’. 
The right to hold a telephone conversation in the privacy 
of one’s home or office without
 interference can certainly be claimed as “right to privacy”. 
So, tapping of telephone is a 
serious invasion of privacy. This means that telephone 
tapping would infract Article 21
 of the Constitution of India,1950, unless it is permitted 
under the procedure established 
by law. The procedure has to be “just, fair and reasonable”.


7. Types of Cyber Attacks:-


1. Malware:- It is short for malicious software, refers to any kind of software that is designed 

to cause damage to a single computer, server, or computer network. Ransomware, Spy ware, 

Worms, viruses, and Trojans are all varieties of malware.

The malware infects both ios and Android devices and grants access to all information stored

 in a smartphone.


2. Phishing:- It is the method of trying to gather personal information using deceptive e-mails

 and websites.


3. Denial of Service attacks:- A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users.

DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash.



7. Others:- 

1. Spyware usage is tantamount to hacking of a communication device. It performs activities like copying data, sending data to outside device, all without the permission or knowledge of the concerned person. These are classical offences under Section 66, 43 of the Information Technology Act.


2. Supreme Court lawyer and cyber law expert Pavan Duggal says that spyware cannot be brought within lawful interception under Section 69 of the IT Act.


References

1. The Hindu Newspaper 
2. The Hindustan Times
3. Washington Post
4. Times of India
5. Indian express
6. https://prsindia.org/theprsblog/personal-data-protection-bill-2019-all-you-need-know
Posted by at 5 comments:

Saturday, July 31, 2021

WOMEN LAW IN INDIA: An Overview (Part-1)

 

  •    35 Acts, Rules and Regulations 

Women Empowerment not only means to strengthen the social, economic and educational status of women. It also means creating an environment where there is no violence or gender discrimination and where women have equal rights in community, society and workplace.

Today, there is a rape every 29 minutes, a case of molestation every 15 minutes and a dowry death every 4 hours. This is, inhuman for a nation that prides itself for all the dignity it gives to its women as part of its culture and traditions.

Every woman has an equal right to live, and right to live with dignity and freely express herself! In the present times, various crimes against women are prevalent not only in India but across the globe, including be it domestic violence, cruelty, desertion, or stalking, rape, harassment, extortion or other crimes. Though we have laws protecting women in India yet, the women both in Urban and Rural India face constant threats both online and offline and continue to face discrimination or other unfair acts and crimes whether at home or at their workplace. This article aims at giving an overview of the various laws made for protection and empowerment of women in India.     

Followings are the 35 laws for women in India:-

1.   Commission of Sati (Prevention) Act, 1987:- An Act to provide for the more effective prevention of the commission of Sati and its glorification and for matters connected herewith or incidental thereto. It provides for punishments for offences relating to Sati, e.g. Attempt to commit Sati, abetment of Sati and glorification of Sati.    

2.   Commission of Sati (Prevention) Rules, 1988.

3.   Dissolution of Muslim Marriage Act, 1939:-  An Act to consolidate and clarify the provisions of Muslim Law relating to suits for dissolution of marriage by women under Muslim law and to remove doubts as to the effects of the renunciation of Islam by a married Muslim woman on her marriage tie.

4.   Divorce Act, 1869:- An Act to amend the law relating to Divorce and Matrimonial causes

5.   Dowry Prohibition Act, 1961:- An Act to prohibit the giving and taking of dowry.

6.   Dowry Prohibition (Maintenance of List of Presents to Bride and Bridegroom) Rule, 1985.

7.    Hindu Widows' Re-Marriage Act, 1985:- An Act to remove all legal obstacles to the marriage of Hindu widows. 

8.    Hindu Women's Rights to Property Act, 1937:- An Act to amend the Hindu law governing Hindu Women's Rights to property. 

9.    Immoral Traffic (Prevention) Act, 1956:- An Act to provide in pursuance of the international convention signed at New York on 9th day of May 1950 for the prevention of immoral traffic.  

10.  Indecent Presentation of Women (Prohibition) Act, 1986:- An Act to prohibit indecent representation of women through advertisement or in publications, writings, paintings, figures or in any other manner and for matters connected therewith or incidental thereto. 

11.  Maternity Benefit Act, 1961:- An Act to regulate the employment of women in certain establishments for certain period before and after child birth and to provide for maternity benefit and certain other benefits. 

12.  Medical Termination of Pregnancy Act, 1971:- An Act to provide for the termination of certain pregnancies by registered by registered medical practitioners and for matters connected therewith or incidental thereto. 

13.  Medical Termination of Pregnancy Rules, 2003

14.  Muslim Women (Protection of Rights on Divorce) Act, 1986:- An Act to protect the rights of Muslim women who have been divorced by, or have obtained divorce from, their husbands and to provide for matters connected therewith or incidental thereto. 

15.  Muslim Women (Protection of Rights on Divorce) Rules, 1986 

16.  National Commission for Women Act, 1990

17.  Pre-Conception and Pre-Natal Diagnostic Techniques (Prohibition of Sex selection) Act, 1994

18. Pre-Conception and Pre-Natal Diagnostic Techniques (Prohibition of Sex selection) Rules, 1996

19.  Pre-Natal and Pre-Natal Diagnostic Techniques (Regulation and Prevention of Misuse)(Advisory Committee) Rules, 1996

20. Protection of Women From Domestic Violence Act, 2005

21. Protection of Women From Domestic Violence Rules, 2006

22. Sexual Harassment of Women at Workplace Act, 2013

23. The Code of Criminal Procedure, 1973

24. Constitution of India, 1950

25. Employee's State Insurance Act, 1948

26. Equal Remuneration Act, 1976

27. Indian Evidence Act, 1872

28. Factories Act, 1948

29. Hindu Marriage Act, 1955

30. Hindu Adoption and Maintenance Act, 1956

31. Hindu Succession Act, 1956

32. Mines Act, 1952

33. Indian Penal Code, 1860

34. Protection of Human Right Act, 1993

35. Special Marriage Act, 1954

Posted by at 4 comments:
Subscribe to: Posts (Atom)