Black Friday deal: Get extra months

Journalism of Courage

Explained: The findings of the Pegasus committee, and what we know about the use of the Israeli malware

The Supreme Court Thursday took on record the report of the committee appointed by it to investigate allegations that personal phones were targeted illegally using Pegasus spyware. What has the committee found? To recall, what is the Pegasus case?

Pegasus is NSO Group's flagship product (Express illustration)

The Supreme Court on Thursday (August 25) took on record the report of the committee appointed by it to investigate allegations that personal communication devices of a range of people, including journalists, civil society activists, politicians etc., were targeted illegally using the Israeli-built spyware Pegasus.

Pegasus case: What has the committee found?

Details are not immediately available. The report has been submitted in a sealed cover.

The Bench comprising Chief Justice of India N V Ramana and Justices Surya Kant and Hima Kohli remarked in court, however, that the Government of India did not cooperate with the committee. This was expected, because even before the Supreme Court earlier, the government had declined to disclose whether the spyware had been used to snoop on citizens.

“One thing committee has said, Government of India has not cooperated. The same stand you took here, you have taken there…,” Live Law quoted CJI Ramana as saying to Solicitor General Tushar Mehta.

The court also revealed that the technical committee had found malware in five of the 29 devices that it got, but it had failed to determine if the malware was Pegasus.

Also, individuals who had submitted their phones had requested that the report not be made public, and the court would therefore consider how much of the report to release in the public domain.

However, the Bench said that it would put the report submitted by the overseeing judge, Justice R V Raveendran, out on its web site. Besides Justice Raveendran’s report, there is the report of the technical committee, which is in two parts.

To recall, what was the Pegasus case?

In July 2021, a global collaborative investigative project revealed that Pegasus, a powerful spyware developed by the Israeli cybersecurity company NSO Group, may have been used to target mobile phones of individuals in several countries, including India.


The numbers in a leaked data dump contained around 300 that were known to have been used by Indian citizens, including at least two ministers in the central government, three leaders from the opposition, a constitutional authority, and several journalists, civil society leaders, and business persons.

Following an uproar, the central government on several occasions rejected the conclusions of the global media investigation into the use of Pegasus and criticised the alleged undermining of national security considerations by the opposition. But it declined to supply any facts in the matter, and never explicitly denied the use of Pegasus.

In October 2021, the Supreme Court ordered an investigation headed by Justice Raveendran to look into the allegations of unauthorised surveillance using Pegasus.


What was this committee supposed to do?

The court set seven terms of reference for the committee, which were essentially facts that needed to be ascertained to decide the issue.

Those ranged from determining who procured Pegasus and whether the petitioners in the case were indeed targeted by use of the software, to what laws justified the use of such spyware against citizens.

The court also asked the committee to make recommendations on a legal and policy framework on cyber security to ensure the right to privacy of citizens was protected.

The committee was initially expected to submit its report in eight weeks.


Who was put on this committee?

The technical committee comprised three members: Dr Naveen Kumar Chaudhary, Dean of National Forensic Sciences University in Gandhinagar; Dr Prabaharan P, Professor at Amrita Vishwa Vidyapeetham in Kerala; and Dr Ashwin Anil Gumaste, Institute Chair Associate Professor at Indian Institute of Technology, Bombay.


Justice Raveendran was asked to supervise the working of the committee. Justice Raveendran is a highly respected member of the law community, and has been described by CJI Ramana as “one of the legends who have increased the prestige of the Supreme Court of India”.

In overseeing the work of the three-member technical committee, Justice Raveendran was to be assisted by two other experts: Alok Joshi, a former chief of India’s external intelligence agency R&AW, and Dr Sundeep Oberoi, global head of cybersecurity services at TCS.


But why was a committee needed in the first place?

It has been alleged that the unauthorised surveillance of personal mobile devices infringed upon citizens’ fundamental rights. Decisions in cases seeking enforcement of fundamental rights are based on facts. The task of determining these facts, when they are disputed or unknown, are often assigned to committees, which act as an agent of the court. Such committees or fact-finding teams can summon individuals, prepare ground reports, and inform the court.

The case involves technical questions, and required extensive fact-finding for the court to determine whether fundamental rights were violated, and to pass suitable orders. Based on the committee’s answers to the fact-based questions, the court would be able to examine questions such as: If the government indeed used Pegasus, can it be justified under law? If not, what relief must be granted to the petitioners?

Do we know that Indian governments or state agencies purchased or used the spyware?

The Israeli company has said that a powerful tool such as Pegasus is sold only to governments or government agencies, and not to individuals. Also, what is known of the cost of a licence would put it out of reach of most individual buyers, or at least appear to them to be not worth it.

But the government has committed to almost nothing either way. It did not say anything to the Supreme Court, and the court said on August 25 that it did not cooperate with the committee either.

The Indian Express reported on January 30, 2022 that at least two cybersecurity experts had deposed before the committee that there were “strong indicators” pointing to the involvement of “the state, its intelligence and law enforcement agencies” in using the spyware for unauthorised surveillance against individuals.

Also in January, The New York Times reported that following the Prime Minister’s visit to Israel in 2017, the Indian government had bought Pegasus as part of a $2-billion package for weapons including a missile system.

In March, the Andhra Pradesh Assembly passed a resolution to set up a committee to find out if the previous Telugu Desam Party (TDP) government had bought and used Pegasus. There was uproar in the AP Assembly as it discussed statements made by West Bengal Chief Minister Mamata Banerjee in the West Bengal House a few days previously that her government had refused an offer from the NSO Group for the sale of the spyware, but Andhra Pradesh “had it (Pegasus) during Chandrababu’s (Naidu) time (2014-19)”.

Subscriber Only Stories

Banerjee said that the NSO Group had approached the West Bengal government “four-five years ago” with a pitch to sell Pegasus to the state police for “Rs 25 crore”. This was the first direct confirmation of the attempted use of the spyware in India.

First published on: 25-08-2022 at 12:07:03 pm
Next Story

Ludhiana: Woman’s decomposed body found stuffed in bag

Next Story