Oh come on. Rahul Gandhi should not be quite so shocked by Pegasusgate. He changes his phone every few months, I am told. I’d be willing to bet that this is not because of an addiction to iPhone upgrades. Now, as a member of the Pegasus club, he rides that winged horse of Greek myths in distinguished company, from multiple heads of state to at least one king. Not bad for someone with no official administrative title. Yes, yes, I know the Pegasus club also admits the hoi polloi — hapless journalists, dissidents, friends of a princess, but not the princess, and even someone who had the audacity to accuse a former Chief Justice of India of sexual harassment. Even if it is an operative in the home ministry, there is someone who cares about Mr Gandhi. In a world where attention is the greatest currency, that must mean something.
Mind you, I do not wish to make light of his predicament. Pegasus is a scary piece of spyware, especially so for the hoi polloi who make it their job to not get attention and prefer to direct attention towards the dismantling of democracy. The Pegasus exposé should not make any of us feel comfortable about the current unsteady dance between living digitally and living in democracies. The Israeli company, NSO, responsible for this beast, which can get your phone to record and share your every move with a spook, says its clients are all “fully vetted governments”.
You never know with fully vetted governments these days. Something tells me that the vetting of the Indian government was done when former Israeli prime minister Benjamin Netanyahu and India’s Narendra Modi were wetting their feet in the Mediterranean Sea during the 2017 Modi visit. But the Indian government neither acknowledges nor denies that it is an NSO client.
Where do we go from here? In the near-term, Rahul Gandhi’s high-frequency phone swapping may be impractical for most of us. Mamata Banerjee’s putting “plaster” on the phone may be a cheaper fix. But we need better longer-term solutions to sleep more soundly.
The first step is to put Pegasus in context. There are other horses in the surveillance stable; cleaning it is a task that is beyond Herculean. Nurtured by repressive governments and with exports to other governments aspiring to similar heights of repression, the industry is booming. Israel — and its elite Unit 8200 — itself is a hotbed of crackerjack surveillance tech firms that can assist you with phone hacking, facial recognition and other creepy smartphone spyware. Israel’s drones, ostensibly for border control, can be deployed to control civilians well within the border as well. The ultimate surveillance capitalists — US Big Tech — are at risk of being commandeered by governments, such as India’s, to use their platforms and data to do the government’s bidding, if not for direct surveillance, then to manipulate the narrative and suppress dissent. Meanwhile, the capitalists that are handmaidens for state surveillance — Chinese Big Tech — may be ostracised by some countries, but none, including India, can do without the Chinese video snooping powerhouse, Hikvision.
In parallel, India’s own surveillance infrastructure gets more sophisticated, from a central monitoring system for intercepting online activities directly to police apps that track social media behaviours, sentiments and trends. India holds the world record in internet-muting, a well-honed control tactic. On top of that, the legal infrastructure has expanded to extend the surveillance net. Section 69A of India’s Information Technology Act, the Telegraph Act and new internet regulation laws give the government more power to censor and conduct online surveillance.
India’s trump card could ultimately prove to be Aadhaar, already with a record of numerous privacy red flags. In March 2020, reports surfaced that the government is assembling a National Social Registry that could track every Indian — whom they marry, where they live or move to, occupations, financial status, etc. The database is founded in services tied to Aadhaar, but could go well beyond that and could become the ultimate nationwide surveillance machine.
A second development to keep an eye on are Greek horses of a kind different from Pegasus — Trojan horses that provide the acceptable rationale for surveillance technologies, which spill over to other purposes once the technology is in place. Besides national security and public safety we now have the pandemic as the newest excuse. Contact tracing and Covid exposure notification apps proliferated last year. Most of these weren’t effective in serving their original objective, but can be repurposed. Sadly, India offers a case in point — the exposure identification app, Aarogya Setu, has been put to non-Covid use in Jammu and Kashmir, where the data was shared with local police.
Let’s talk about possible solutions. No question, the legality of incursions into privacy by the state or by corporations should be debated and challenged by civil society in legislatures, independent media and the courts within India and elsewhere. In addition, we need clearer lines protecting the idea of privacy itself, which has become a fluid concept in a digitally saturated age. We need to find technologically feasible and legally enforceable ways to give users agency over use of their data.
Work needs to be done beyond India’s borders, as the best technology is imported. We cannot expect much from either Israel or China unilaterally, as they are secretive and will cite national interests. The US seems oblivious and this needs to change. Like Edward Snowden, who raised the alarm about the surveillance state, those concerns seem to be in exile overtaken by an obsession with the ills of surveillance capitalism. We urgently need trans-national treaties along the lines of the Paris climate accord to collectively make it difficult for rogue governments and corporations to implement surveillance at scale. Past attempts, like the Wassenaar Arrangement, to promote transparency in exports of conventional arms and dual-use technologies, haven’t succeeded. A new proposal from David Kaye, a former UN special rapporteur and Marietje Schaake, a former member of the European Parliament, calls for a multi-pronged approach combining a moratorium on spyware sales until a global export regime is defined, transparent, rule-of-law based requirements for use of such technologies, giving legal recourse to targets and requiring companies to adhere to globally accepted codes-of-conduct.
In the meantime, I won’t hold my breath. I hope that better angels will prevail every time I pick up my phone. I also keep the phone far from my bed so that I can at least get some sleep at night. And I would hate for it to broadcast to the world that I snore.
This column first appeared in the print edition on July 30, 2021 under the title ‘The Pegasus nightmare’. The writer is dean of Global Business at The Fletcher School at Tufts University, the founding executive director of Fletcher’s Institute for Business in the Global Context and a non-resident senior fellow at the Centre for Social and Economic Progress.