The Pegasus surveillance software represents a new advanced layer of snooping intelligence. It is different from earlier instances of phone tapping as the software allows injection of the spyware in targeted mobile phones through non-click methodologies. Hence, it represents a more sophisticated level of today’s mechanisms of how monitoring through spyware can be effectively enforced. The controversy has actually thrown up some interesting cyber legal questions. This is a classical case of spyware that has led to monitoring and interception. This software has been subscribed to by various governmental agencies across the world. This is so because a number of countries across the world do not have cyber security laws to deal with technological advancements in surveillance techniques. Most of the countries have in place the traditional cyber laws that are more focused on promoting electronic format and electronic commerce. Only a handful of countries, including China, Vietnam and Singapore, have dedicated cyber security laws. India does not have any dedicated cyber security law.
As of now, the only law applicable to such a mechanism is the Information Technology Act, 2000, whose Section 69 deals with lawful interception. This law allows legal interception by the central government only in the interest of sovereignty or integrity of India, its defence, security of the State etc. In India, spyware is illegal because it does such activities that constitute cybercrimes under Section 66 read with Section 43 of the Information Technology Act.
Given the new technological advancements in surveillance techniques, it becomes even more necessary for inserting appropriate checks and balances under the current provisions of Section 69 of the Information Technology Act. The act needs to be appropriately amended in this regard. Further, India also needs to have a dedicated cyber security law that can actually prevent the misuse of such technological advancements in surveillance techniques.
There is no denying the fact that interception and monitoring are important tools for the government. However, the massive powers given to the central government for interception under Section 69 of the Information Technology Act need to be read down. This is imperative to ensure that the government of the day does not have the right to employ such surveillance techniques that do not serve any real purpose besides targeting opponents.
The Pegasus controversy is an event that has shaken all stakeholders who tend to take the internet and cyber security for granted. This episode needs to be a wake-up call for all digital ecosystem stakeholders to come out from their deep slumber, and to come up with more updated and appropriate strategies to deal with the constant challenges thrown up by surveillance technologies and increasing cyber security breaches.
As I have argued in my book New Cyber World Order Post Covid-19, the world is inching towards new cyberspace by the time it will be victorious in its fight against the current and subsequent waves of coronavirus infections. This New Cyber World Order will be an ecosystem where nation-states will become more powerful and there will be increasing interference in the enjoyment of digital liberties and rights of citizens.
The new cyberspace is a constantly changing target. Hence, we need to update our awareness about new surveillance levels as also our digital skills to deal with the various complicated legal issues and challenges that are thrown up by the advent of this new era of cyberspace. In the coming years, the cyber ecosystem is going to present numerous distinctive challenges. The advent of new technologies like Artificial Intelligence, Internet of Things and Blockchain means that the avenues for monitoring would also be substantially enhanced. The threat surface that is itself under attack is constantly increasing. Hence, countries like India need to take more holistic perspectives on how to prevent cyber security breaches, and also to prevent the unauthorised misuse of surveillance and interception.
(This appeared in the print edition as "Rethink Our Cyber Laws")
(Views are personal)
Advocate, Supreme Court of India, and cyber law expert