Right to Privacy in the light of Pegasus Scandal
“A man’s house is his castle”, a well-known saying which implies the inherent right to privacy that every human being possess. Every human being has the right to prevent the disclosure of intimate details of their life. Right to Privacy simply allows a person to be left alone.
Right to Privacy is one such right that came into existence due to wide interpretation of Article 21 of the Constitution of India. The Constitution of India does not explicitly provide for the right to privacy as a Fundamental Right. Article 21, the heart and soul of the Indian Constitution, provides for an individual’s right to life and personal liberty. It ensures an individual’s right to dignity by protecting his right to privacy.
Before the right to privacy was declared as a fundamental right by a nine judge bench of the Supreme Court in the case of Justice K.S. Puttaswamy (Retd.) vs Union Of India And Ors. on 24 August 2017 Writ Petition (Civil) No. 494 of 2012, there was mixed opinion about the right to privacy being a Fundamental Right under the Constitution of India. The Supreme Court in this case, overruled its decisions in the case of MP Sharma vs Satish Chandra, District Magistrate, Delhi and Others 1954 AIR 300 and Kharak Singh vs State of Uttar Pradesh & Others 1963 AIR 1295 to the extent they held right to privacy is not a Fundamental Right. The Court also held that the Fundamental right of Privacy need not be separately articulated in the Constitution as it can be derived from Articles 14, 19 and 21 of the Constitution of India. This right forms an integral part of the Right to Life and Personal Liberty. It not only protects the personal information of an individual but also the choices made by him. It also shields an individual from scrutiny and surveillance of the state. However, the court also made it clear that the right to privacy is not an absolute right and is subject to reasonable restriction.
Even though the Right to Privacy has been declared to be a fundamental right, the threat of its violation has not yet toned down. With the growth of technology and the increasing use of cyberspace, the threat to an individual’s privacy also increases. The data trail left by the cyberspace users are exploited by offenders and leads to the breach of their right to privacy. The recent incident of the use of Pegasus spyware for surveillance of prominent leaders and journalists has again stirred the discussion about the safety of an individual’s privacy in this digital age.
A global investigation has led to the discovery that an Israeli spyware Pegasus was used for surveillance of thousands of people across the globe including 300 individuals from India. These 300 Indian individuals include two serving Union Ministers, three leaders of the opposition and several eminent journalists and businessmen. Even though the history of surveillance in India is not new, this is the first time that such trailblazing technology essentially meant for defense and security purposes, has been used to obtain unauthorized access to the communication of targeted individuals, breaching their Fundamental Right to Privacy. Like every spyware, Pegasus infects the phones and computers of the individuals and can automatically access the camera, chats, emails and other data stored in the device. However, the ‘Zero-click attack’ by the Pegasus spyware makes it much more dangerous than other spyware, that is the spyware can get installed in a device even in an absence of any action by the user of the device.
In India, Government can conduct surveillance only under the Indian Telegraph Act, 1885 and the Information Technology Act, 2000. However, both the Information Technology (IT) Act, 2000 and the Indian Telegraph Act, 1885 do not allow surveillance like this. Surveillance and interception of communication under the existing laws can be done only when it is absolutely necessary to do so for ensuring the security of the state, defense, sovereignty and integrity of India, to maintain friendly relations with foreign states or to investigate an offense. Even when such necessity exists, the Government cannot use spyware for the purpose of surveillance. Using spyware is as good as hacking a device. The spyware can access, copy and send data from a device to another device without authorization or knowledge of the user. All of these are offenses under Section 43 and 66 of the Information Technology Act.
Being a democratic nation, such unauthorized surveillance directly affects the Fundamental Right to Privacy of the individuals. As unanimously held by the Supreme Court in the case of Justice K.S. Puttaswamy (Retd) vs Union Of India and Ors. Writ Petition (Civil) No. 494 of 2012, an individual exercises his right to privacy by exercising absolute control over his personal data and does not lose his right to control merely due to his presence on the Internet.
In cases of surveillance like these, the violation of privacy affects the ideals of liberty and dignity as ensured by Article 21 of the Constitution of India. In today’s digital age, the concept of privacy has been blanketed by “zero detectable” surveillance. Pegasus scandal impedes the very ideals of democracy on which our nation has been founded. It endangers the nation’s sovereignty and as there is no accountable institutional framework or mechanism in place to protect citizens’ data and privacy, it forms a major source of concern for our nation. The lack of a reliable legal framework exposes the entire nation to such cyber risk. A ten-member committee led by retired Supreme Court Justice BN Srikrishna issued a detailed report on data protection in 2018 and proposed a Data Protection Bill. The draft bill is still pending for scrutiny before a Joint Parliamentary Committee.
The digitization process of India has accelerated manifold during the Covid 19 Pandemic. The use of smartphones and the internet is no longer a privilege rather it has now become a necessity. This increasing dependency on cyberspace for education, health and business makes it vital to have a comprehensive framework to deal with privacy infringement in cyberspace and other cybercrimes.
Supreme Court on Pegasus Surveillance
Till now 9 petitions have been filed in the Supreme Court about the Pegasus surveillance including the petition by Adv. ML Sharma, N Ram, director of Hindu Group of Publications, Rajya Sabha MP John Brittas. The petitions are being heard by a bench headed by Chief Justice of India NV Ramana and consisting of Justice Surya Kant. On the first hearing of he petition, on 5th August, the Supreme Court was of opinion that the allegations were serious if the reports are true as it leads to gross violation of privacy. However the Supreme Court also sought clarification as to why any complaint or FIR was not filed till now since the Pegasus surveillance was known since 2019. The Supreme Court asked the petitioners to serve copies of their petition to the Central Government as the court cannot go ahead with the hearing without the Central Government present. The Court is set hear the petions demanding a Court monitored SIT probe into the matter on 10th August when Central Government is present in the hearing.
The vision of creating Digital India by 2025, with more than 900 million internet users is plagued by the threat of the use of cyber warfare weapons by enemy states or organizations. To prevent the happening of such instances, it has become necessary for the Government to create strict privacy and data protection laws. With the increasing users of smartphones and the internet in India, the major loophole in our privacy protection laws is the lack of Data Protection Policy. According to the existing laws, there is no accountability as to who owns the digital data.
Authored By: Adv. Anant Sharma & Mahua Dutta