Pegasus Project: Latest developments

Both Houses of the Parliament were adjourned sine dine on Wednesday, August 11, as members of the Opposition parties continued their protests calling for a debate and an impartial investigation into the Pegasus snooping scandal.

After being denied a debate on the scandal for the past three weeks of the Monsoon session, the Opposition even raised the matter on Tuesday, August 10, during the discussion of the 127th Constitution Amendment Bill.

While the discussion was still going on, the Leader of the Indian National Congress in the Lok Sabha, Adhir Ranjan Chowdhury, cited the examples of Israel, France, and Hungary, which have ordered probes into the suspected snooping. He further questioned the Narendra Modi-led government as to why it hasn’t accepted a discussion on this matter, and whether they are scared to do the same. Om Birla, the speaker of the House, interrupted and urged him to stick to the bill.

The Chairman of the Rajya Sabha, Vice-President M. Venkaiah Naidu stated that he had received notices under Rule 267 from four Member of Parliaments (MPs). They specifically requested to suspend the scheduled discussions so that a detailed discussion can be made possible.

Naidu, however, refused to allow the debate, saying, “The topic has previously been taken up and members were asked to ask for supplementary and clarification, which did not happen. As a result, I didn’t allow it.” He further mentioned that the House was only able to work for one hour per day even though it is sitting for the 16th time during the Monsoon Session.

However, the house was adjourned when the protests continued.

UN experts call for moratorium on sale of ‘life threatening’ surveillance tech

The United Nation’s independent human rights experts yesterday called on all States “to impose a global moratorium on the sale and transfer of surveillance technology until they have put in place robust regulations that guarantee its use in compliance with international human rights standards.”

In light of the Pegasus Project revelations, they expressed deep concern at the use of spyware “to monitor, intimidate and silence human rights defenders, journalists and political opponents”, calling it a violation of the rights to freedom of expression, privacy and liberty. The use of such sophisticated tools, these experts warn, endangers hundreds of lives, threatens press freedom, and undermines democracy, peace, security and international cooperation.

These experts have been in direct communication with the Israeli national government and NSO Group. They have called on the former to disclose its review mechanism for NSO’s export of the Pegasus spyware to entities likely to use it for human rights violations. They have also called upon the latter to disclose if it ever conducted any meaningful human rights due diligence in line with the UN’s standards for the same, and publish the findings of any investigations it conducted in this regard.

In 2019, the UN’s Special Rapporteur on Freedom of Opinion and Expression had published a report on the dangerous impact of surveillance technology on human rights, and similarly recommended an immediate moratorium on its sale and transfer till the adoption of regulations by the international community incorporating human rights safeguards.

Prima facie inconsistencies in NSO Group’s responses to Pegasus Project revelations

Every time an allegation is made that Israel’s NSO Group’s spyware product has been misused; the company’s first line of defence is that it has no idea what its government clients do with Pegasus.

In June 2021, the firm released its first transparency report where it mentioned some myths about its operations, and cleared them with facts. Furthermore, it mentioned details about the working of the technology, and how it maintains confidentiality.

The report expressly clarified that “NSO licenses Pegasus to sovereign states and state agencies, does not operate Pegasus, has no visibility into its usage, and does not collect information about customers.”

Now, it should be noted that in response to the Pegasus Project’s reporting about the misuse of the spyware, NSO has denied all claims of specific surveillance of individuals. Even when a lawsuit was filed against the firm for allegedly spying on the late Saudi journalist Jamal Khashoggi, it was quick to deny the allegation.

It is interesting to note the contradiction here. On the one hand, the firm says that it does not keep records or have any visibility of what its clients do. But, when it is accused of spying, it is always quick to reject the same.

Does this mean that the firm has the ability to verify its clients’ activities and perform a detailed inspection when such accusations are made?

According to a report by The Wire, there are two grey areas one needs to look at in this regard.

The first area is the fact that NSO’s clients are intelligence agencies and military departments. These organizations are not used to respond to internal questioning, let alone the possibility of an external accusation of human rights violation. Even if NSO decides to probe allegations against a client, going through all the records would mean a violation of its client’s privacy. In its transparency report, too, the firm implicitly mentions the sensitivity of conducting a probe.

A ‘preliminary review’ is conducted to collate information which helps to decide whether the investigation should be carried forward. Subsequently, an investigation team is appointed, led by an attorney, to provide a full investigation.

The report states, “Investigations may include review of data, interviews, meetings, and evaluation of objective risk factors, including an analysis of whether the customer has engaged in previous human rights abuses.”

The pace of this process is likely to be extremely slow. No organization or intelligence agency would ever want to get readily examined, after all, by a private foreign firm.

This is visible in one of NSO’s statements in the report which states, “Our capacity for action is also limited by the fact that we do not have visibility into the specific operational uses of our products, unless that access is granted by the customer (as contractually required in the event of an investigation of suspicion that the system has been misused).” Yet, NSO’s denials of accusations stemming from the Pegasus Project revelations have been swift and immediate.

Moreover, if and when the investigation is conducted, the clients are supposed to provide information in a tamper-proof manner. Failing to do so would lead to the suspension of the license of the client.

This raises the question: Is there a way that NSO can check whether the information has been hindered or tampered with? Regardless of the client’s cooperation, it is important to know whether the firm can access this information or not.

What is more worrying is the fact that NSO shockingly mentions in its report, “In some cases, we are unable to conclusively determine whether there was or was not a misuse of our products. In those instances, we develop and implement additional mitigation measures designed to prevent future misuse.” This is again inconsistent with the statements by NSO group rejecting the snooping allegations.

If they want to conclusively deny these allegations, they must back their claims with facts and information that can assure people of the same.

The founder of Telegram listed on Pegasus project data

The Russian tech billionaire and the founder of messaging app Telegram, Pavel Durov, finds his name on the alleged Pegasus target list, as reported by The Guardian last month. It is quite an ironic situation as he has built his reputation on creating an end-to-end messaging app that provides privacy to users, and helps evade the eyes of authorities and governments.

NSO source has denied that Durov was a Pegasus target. Furthermore, the firm claimed that the presence of a phone number on the alleged leaked target list accessible to the Pegasus Project does not mean that the number was spied upon by Pegasus.

Durov’s, who left Russian in 2013, has had several conflicts with the security services of his country. Telegram has been instrumental in mobilizing political protests in countries like Iran, Belarus, and Hong Kong. However, The Guardian reports that apparently Durov was added to the list by the United Arab Emirates (UAE) in 2018, which is around the time he shifted his residence to UAE. According to the Pegasus Project, Dubai was a former client of NSO Group, but had its access to Pegasus terminated after an investigation into allegations of misuse.

The Leaflet