The Supreme Court-appointed committee, which probed allegations of unauthorised use of Israeli NSO Group’s Pegasus software for surveillance, found no conclusive evidence on use of the spyware in phones examined by it but noted that the Central Government “has not cooperated” with the panel, Chief Justice of India N V Ramana said on Thursday.
“They (the panel) observed that the Government of India has not cooperated. Whatever stand you have taken here (in the court earlier), you have taken the same stand, it appears, before the committee also,” the CJI, heading a three-judge bench that perused the report by the committee, told Solicitor General Tushar Mehta.
Mehta replied, “I am not aware. I will not be able to respond.” The CJI said, “We are also not aware. Let’s examine the report.”
Mehta urged the court to “kindly go through the report”, saying the Government may have answered leading questions put to it on the issue. “That’s right. That’s why we do not want to make any comment without looking into the report,” the CJI said.
The bench also said that the committee examined 29 phones but did not find any conclusive evidence of Pegasus being used in any of them. “…inconclusive evidence…In five phones they found some malware, but it doesn’t mean it is malware of Pegasus. That’s what the finding appears,” the bench, also comprising Justices Surya Kant and Hima Kohli, said after perusing the report.
“Based on the above, it is concluded that 5 of the 29 phones may have had some infection due to a malware or due to poor cyber hygiene and data available is limited and hence inconclusive to determine…”, the CJI said, citing the report.
In its order, the court stated: “…the Technical Committee and the Overseeing Judge have submitted their reports in sealed covers. The same are taken on record. The sealed covers were opened in the Court and we read out some portions of the said reports. Thereafter, the reports were re-sealed and kept in the safe custody of the Secretary General of this Court, who shall make it available as and when required by the Court”.
It also directed that the matters be listed after four weeks for further hearing.
The three-member technical committee comprised Dr Naveen Kumar Chaudhary, Dean of National Forensic Sciences University in Gandhinagar; Dr Prabaharan P, Professor at Amrita Vishwa Vidyapeetham in Kerala; and Dr Ashwin Anil Gumaste, Institute Chair Associate Professor at IIT-Bombay. The panel was supervised by former Supreme Court judge Justice R V Raveendran.
During the hearing of petitions seeking a probe into the issue, the Centre had “unequivocally” denied the allegations that it was involved in unauthorised use of the software. It had taken the stand that the matter involved issues of national security due to which it did not wish to put the details in an affidavit and make it a matter of public debate. It said it would divulge the details to a committee of experts who would examine the issue and urged the court to allow it to set up such a panel.
The court, however, turned down the request, stating that allowing the government to do so “would violate the settled judicial principle against bias, i.e., that ‘justice must not only be done, but also be seen to be done’. The court then appointed its own committee on October 27, 2021, and directed that Justice (retired) Raveendran would be assisted by two other experts — former IPS officer Alok Joshi and cyber security expert Dr Sundeep Oberoi.
On Thursday, the bench, which opened the report in open court, pointed out that it was in three parts. The first part, it said, answered the court’s queries, including “whether…Pegasus…was used on phones or other devices of the citizens of India to access stored data, eavesdrop on conversations, intercept information and/ or for any other purposes not explicitly stated herein?”
The second part contained the committee’s recommendations as sought for by the court to improve cyber security. And the third part contained the report of the supervising judge.
The CJI said the committee had stated that the report contained information about malware which can be exploited by criminals to get a lead over law enforcement agencies. It could also create new and more sophisticated malware, “information/ research material related to malware, attribution that might pose threat to the national security apparatus” and “material extracted from private mobile instruments which may contain private confidential information”, the CJI said.
“So they have said it is not to be published, nor for public distribution…,” said CJI Ramana, adding that it appears there is a request from the persons who have given their phones, not to make the information public. “It is better to look into it and what portions we can release,” he said.
Senior Advocate Kapil Sibal, appearing for one of the petitioners, said, “We understand there is some security, confidentiality, we don’t want Your Lordships to give us those. But your Lordships can give us a redacted report which takes away those parts and the balance can be given to us. Many of us have given our phones and if they found malware, we are entitled to know…”
The CJI reiterated: “Let’s see what portions we can (release)”. He said, “You know that we are not experts in this. We have appointed these members after getting a lot of feedback and all that. To what extent they succeeded, what inputs they have given…how to go ahead, we will look into it.”
The court said there is nothing secretive about the report of Justice Raveendran, which will be uploaded on its official webpage.
A counsel appearing on the side of the petitioners urged that national security should not be such an overriding factor while the court examines the report. The CJI pointed out that even in the order that set up the committee, the court had said that while it’s “a settled position of law that in matters pertaining to national security, the scope of judicial review is limited…this does not mean that the State gets a free pass every time the spectre of ‘national security’ is raised”.