Dubai’s Princess Latifa, daughter of the Prime Minister of UAE, was on board to freedom, or so she thought. Sequestered on the Nostromo, a ship from Oman, she was on a voyage. She wanted to escape the familial abuse she claimed to have experienced in her household. In a video made before leaving, she said, “I don’t know where I’m going, but I know where I’ll be stopping for a while.” Goa, where she wanted to stay for a while before applying for visas for other countries. “I want to wake up in the morning and know what it feels like to have the freedom to do what I want”, she says in the video. Indian Special Forces intercepted her journey near the coast and handed her over to Emirati forces. According to the United Kingdom High Court Statement, her last words, as she was dragged away, kicking and screaming were, “You can’t get me back alive. Don’t take me back. Shoot me here, don't take me back.” What Latifa did not know was that as soon as she left her phone in a cafe in Dubai, the phones of all her close friends and family members had been intercepted with a highly invasive software known as Pegasus. It requires zero clicks to install and can record almost all significant activities of the device. Latifa had been communicating with her friend Sioned Taylor, whose phone had already been infiltrated. She hasn’t been seen in public since then. Private conversation, a sacred and intimate part of our life, is in grave danger.
Pegasus is a sophisticated software developed by Israeli intelligence agencies, such as the NSO Group, and private companies alike. Made in Tel Aviv, the software enables remote surveillance of smartphones. The NSO group claims the company creates technology that "helps government agencies" prevent and investigate terrorism to save lives around the globe. The software can hack into both Android and iOS devices. The traces left behind are so invisible that they are only detectable under forensic investigation. The software exploits vulnerabilities in both operating systems to invade the device in zero clicks.
The NSO group states that its software is for vetted governments only. Despite this, the levels of information extracted using the software are petrifying. The software can view call logs, text messages, Whatsapp messages, photos, videos and stored files. It can also start the device camera to record the surroundings and fire off the microphone to listen to conversations in the background.
Forbidden Stories, a non-profit working to protect journalists, published a list of countries using spyware on their citizens. Ten governments on the list include Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary, India, and the United Arab Emirates (UAE). Certain high profile persons of interest in India are among the targets. A similar scandal broke out in late 2019 as the software was being used to spy upon over a thousand WhatsApp users in twenty countries. This list included Indian Journalists. The report, done by The Wire, in conjunction with international groups, has the names of at least 136 Indians from business sectors, politicians, student activists, CBI officers and scientists from different parts of the country.
Two accounts were those of Senior Congress leader Rahul Gandhi. Poll strategist Prashant Kishor and Ashwini Vaishnav, the recently appointed IT minister, were among the targets included. Prahlad Patel, the Minister of Jal Shakti, and his wife Pushpalata Patel were on the list. The report included fifteen other contacts connected to him. The Nipah infection, which plagued Kerala in May 2018, was under the domain of virologist Gagandeep Kang. Kang was among the prominent target names. In the 2019 Lok Sabha elections, the Electoral Commission decided on a clean chit on the poll complaints against PM Modi and Amit Shah. Ashok Lavasa, an ex Election Commissioner who had opposing viewpoints in this matter was also on the list.
The Government has denied all the allegations. While they have neither outright denied nor accepted buying the software, they have referred to media reports as “fishing expeditions… to malign the Indian democracy.” All this is to say that the issue has been politicised. The tone of the coverage till now has been about the ethics of specific politicians using this software for nefarious purposes. Accusations aside, what is going on here?
Pegasus takes up a lot of resources and research to maintain. Sophistication comes at a cost. It is not replicable. Israel arrested a former employee a few years ago for attempting to sell the software on the black market. The infrastructure required is too expensive for a person from any corner of the internet to build. While both spyware and zero-day vulnerabilities are available on the net, there is a reason the software is sold to governments and not individuals. Chances are, your government is watching you, not a random person who has copied the technology.
Almost all instances of the use of spyware involve high profile persons or persons who have raised their voices against government policies. This is why, when a layperson hears this story, the first response might be: “Oh well, those people are being spied upon. I am not an activist or a journalist, I will be fine.” A rational response to the current climate, but is a slippery slope. The way forward is to work to ensure that the vulnerabilities the software is built to exploit are fixed when spotted. General users must provide as much information on target attacks as possible to software and security vendors. Facing the problem head on is the only option available. Big brother is watching us, and it seems we don’t care. Power to the people, we don’t want it, we want pleasure. But for how long will we barter our freedoms for pithy crumbs of safety? If we don’t decide the answers to these questions for ourselves, they will be decided for us.