Analysis

Pegasus Depositions: Mr. Sandeep Shukla

Prof. Sandeep Shukla from IIT Kanpur warned about the insidious and dangerous way in which the Pegasus spyware operates.

On October 27th 2021, the Supreme Court constituted a Technical Committee to investigate allegations made by journalists, activists and political officials that the Union government used a spyware called ‘Pegasus’ to spy on them. The Court empowered the Committee to take statements from any person connected with the case in order to investigate the allegations. The Committee was overseen by former SC Justice R.V. Raveendran. The Committee heard depositions and recorded the statements of petitioners, cyber-security experts, and other involved parties between December 10th, 2021, and February 14th, 2022.

Prof. Sandeep Shukla is a Professor of Computer Science and Engineering at IIT Kanpur and is one of the petitioners in the case. He was invited by the Technical Committee to provide his expertise and suggestions on the subject of Pegasus.

Pegasus Hurts Indians’ the Right to Privacy

Mr. Shukla warned that Pegasus is too dangerous to be allowed as a tool for state surveillance. He stated that the use of such technology by the state for surveillance has the potential to alter the relationship between citizens and the Government. The deployment of Pegasus by the State ‘strikes at the heart’ of Right to Privacy.

Mr. Shukla drew a comparison with the approach of the United States of America towards Pegasus. The United States government has included the NSO group, the company behind Pegasus, in its trade blacklist. The Biden Administration stated that the Pegasus spyware had been used by governments to ‘maliciously target’ activists and journalists, and restricted exports of technology to the company. In India the government, so far, has been non-committal about whether they used Pegasus.

Understanding the Extent of Surveillance through Pegasus

Mr. Shukla and his colleagues developed their own software to study six devices that were infected by Pegasus. They found that Pegasus was ‘insidious in its operations’ and displayed ‘extraordinary’ spying capabilities. Each device had a unique version of the Pegasus spyware. In one of the devices, the spyware had the ability to evade detection if the device was examined using a malware detecting tool.

Mr. Shukla revealed that Pegasus has a ‘root privilege’. The spyware has access to all running applications, including communication applications. It gains permission to control all accessory devices such as microphones, cameras, etc. He submitted that the Pegasus spyware had access to all the information on the target’s mobile device including pictures, personal details and private communications. Mr. Shukla pointed out that this is in gross violation of Section 43 of the Information Technology Act, 2000 which provides the punishment for damaging a computer system without the owner’s permission. He further observed that, unlike other spywares, Pegasus could infect and infiltrate a fully secured device as well.

To watch the full deposition visit pegasus-india-investigation.in.