Explained |  Is there clarity on Pegasus malware report?

What has the technical committee told the Supreme Court? What is the stand of the Union government? 

August 28, 2022 04:40 am | Updated 10:23 am IST

Prying eyes: Youth Congress activists during a protest over Pegasus issue in New Delhi. File Photo

Prying eyes: Youth Congress activists during a protest over Pegasus issue in New Delhi. File Photo | Photo Credit: Ravi Choudhary

The story so far: The Supreme Court on August 25 said that the panel that it had constituted to look into the Pegasus issue had found no conclusive evidence of the Israeli-origin spyware on the 29 phones it examined. The Court, which said it was studying the detailed reported from the panel, also noted that the Central government had continued the stance that it had taken in front of the court — of not cooperating with the probe — with the panel too.

Why was the panel constituted?

The Supreme Court had constituted the panel on October 27 last year after several pleas came before it for a probe into allegations that Central agencies had used Pegasus to spy on politicians, journalists and others. The Centre had, at that time, refused to submit a detailed affidavit on the allegations, as asked for by the court.

The panel consists of a three-member technical committee supervised by retired Justice R.V Raveendran. The members are Naveen Kumar Chaudhary of National Forensic Sciences University in Gandhinagar; Prabaharan P of Amrita Vishwa Vidyapeetham in Kerala, and Ashwin Anil Gumaste of IIT-Bombay. The panel informed the court in an interim report in May this year that it had come up with its own protocols and software to test phones for Pegasus infection.

What do we know of the panel’s report?

The then Chief Justice of India N.V. Ramana, who was heading the three-judge Bench on the case, stated during the latest hearing that the Bench had read parts of the sealed report and would pursue a detailed reading soon.

The panel had been working on two key aspects: first, the technical details of the probe into the allegations of Pegasus use; and second, the enhancement of the current laws surrounding digital surveillance, cyber security, and privacy rights.

Explained | One year since the Pegasus spyware revelations

On the first aspect, as per the CJI’s reading of the report, five of the 29 phones that were submitted for examination had shown signs of malware infection, but not necessarily Pegasus.

Watch | Explained: Pegasus, the spyware that came in via WhatsApp

The report itself has three parts: the technical details of the phone analysis, the report of the technical committee, and the report of the supervising judge. The Hindu has reported that Justice (retd) Raveendran has called for a special investigation agency for investigating cyber attacks.

What is the Centre’s stance?

The Centre had earlier refused the Supreme Court’s order to submit a detailed affidavit regarding the use of Pegasus, arguing that such a public affidavit would compromise national security. The Centre had also wanted the panel probing the issue to be under it, which the court denied citing the possibility of bias.

On August 25, CJI Mr. Ramana noted that the panel had also mentioned in its report that there was no cooperation from the Centre on the probe.

Listen: The Pegasus saga and the legality of surveillance in India | In Focus podcast

How was Pegasus used in India?

Reports that appeared in July 2021 from the Pegasus Project, which includes The Wire in India, The Guardian in the U.K., and The Washington Post in the U.S., said that in India, at least 40 journalists, Cabinet Ministers, and holders of constitutional positions were possibly subjected to surveillance using Pegasus. The reports were based on a database of about 50,000 phone numbers accessed by the Paris-based non-profit Forbidden Stories and Amnesty International. These numbers were reportedly of interest to clients of the NSO Group (developer of the Pegasus software). According to The Guardian, Amnesty International’s Security Lab tested 67 of the phones linked to the Indian numbers in the database and found that “23 were successfully infected and 14 showed signs of attempted penetration”.

Since Pegasus is graded as a cyberweapon and can only be sold to authorised government entities as per Israeli law, most reports have suggested that the governments in these countries are the clients.

On January 28, the New York Times published an article which claimed that Pegasus was part of a $2-billion “package of sophisticated weapons and intelligence gear” transaction between India and Israel after Narendra Modi became the first Indian Prime Minister to visit Israel. The article claimed that it was after this deal that India changed its historically pro-Palestine stance and voted in Israel’s favour in 2019 at the U.N.’s Economic and Social Council to deny observer status to a Palestinian human rights organization.

Top News Today

Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.