#pegasus 🧵
There is nothing shocking or surprising about governments spying using Pegasus. We've known about Pegasus since at least 2016. First known use in India that we know about was in Bhima Koregaon spying, allegedly by Indian govt. A few points for your consideration:
1/
1. A govt has used it to spy: Pegasus is sold only to govts. So it would follow that it has been used by a govt against ministers, journalists, opposition leaders, supreme court judges, and many others. This is essentially an attack on our freedoms in india.
2/
2. Pegasus, once installed on our phones, is used to extract all communications (iMessage, WhatsApp, Gmail, Viber, Facebook, Skype) and locations. Remember that content on your phone itself is not secure.
3/
Apps can log your keystrokes, screenshot your screen, take control of your apps. All this is easy once in. End to end encryption only protects messages in transit, not on device. Messages and files are typically unencrypted on device.
4/
Pegasus can be installed on a targets phone in many ways: by sending infected links (spear phishing), social engineering etc. This malware is designed to evade forensic analysis, avoid detection by anti-virus software, and can be deactivated and removed by operators.
5/
4. Cybersecurity threats and cyber surveillance are here to stay. There is a weaponisation of cyberspace that is taking place at an alarming pace. We need the UN to step in. We need disarmament of the cyberspace. No one will ever feel secure to have trusted communications
6/
5. The solution to government surveillance, was also alleged in the Bhima Koregaon case, is not the privacy bill, because it exempts the Indian government from accountability. We need surveillance reform. A law to bring accountability to surveillance.
7/
6. Our intelligence agencies need to be held accountable to parliament. Usage of such software against parliamentarians & Indian citizens needs to require judicial sanction, &future declassification. Authorisation by a "competent authority" is insufficient as long as this
8/
is classified, and it's collection is sanctioned by an entity that is accountable only to itself or its peers (other bureaucrats). This is dangerous for democracy. 7. The number of cybersuveillance and cybersecurity issues are only going to increase going forward.
9/
The cybersecurity policy is still stuck with the cabinet. We don't even know what it looks like. The govt needs to buck up on this count. 8. What we need most of all is disarmament of cyberspace, & especially making the sale of software such as Pegasus illegal globally.
10/
States need to prevent the manufacturing and sale of such cyberweapons. We need the UN to step in. 9. Also, without doubt, those in positions of power have to develop strategies to protect their communications. This could involve using multiple devices, multiple modes
11/
Of communication. I'm no expert on this, but everyone in a position of influence and power needs to be careful of their devices. Trust nothing. Be paranoid. Easier said than done, of course.
12/
Can't emphasise this enough:India NEEDS surveillance reform. Our agencies need to be held accountable.
Those in power - govt - who have this unrestricted freedom will not change.
We need cases to be filed by those impacted for courts to uphold the fundamental right to privacy
Wrong. Everyone has something they trust others with. Could be a health concern. Could be personal info about a loved one. This is about privacy.
Could be election/business strategy. About security. Spying means we can't trust our communication.
Every govt does surveillance. UPA did it too. All acts of govt surveillance are attacks on our freedoms. There needs to be probable cause,judicial sanction, parliamentary oversight, future declassification, lots more checks to mitigate abuse of power.
Response: I do have a problem with big tech snooping on us. We need a strong privacy law, which data minimisation, privacy by design, informed consent and lots more.
What we don't need is big tech snooping being used to justify govt snooping.
Response: government has denied "unauthorised" surveillance. If a bureaucrats proposes and a bureaucrat approves, where's the independent accountability? Hence parliamentary oversight by a committee is needed. Hence judicial approval is needed.
I have a slightly unusual take on the Indian government / @GoI_MeitY 's threat to remove intermediary status for @Twitter if it doesn't comply with the Rules.
Thread 👇 1. An intermediary is an entry which is merely a platform for you & me to publish / transfer info. It does
1/
Not modify the content, so isn't liable. So if I defame you on Twitter, you can't hold Twitter responsible. Unless, under India law, you have actual knowledge. Now the Indian Supreme Court said, on March 24th 2015, that actual Knowledge = court order or govt order.
2/
2. Thus, if Intermediary status is removed, Twitter is liable for this hypothetical defamation suit. Expand that to millions of potentially defamatory tweets, and Twitter won't survive it. So removing intermediary status is a very serious threat. They might as well shut down.
3/
So WhatsApp has sued the Indian government for imposing the IT Rules 2021. This is probably the most significant privacy case in India, ever since the Right to Privacy case.
Thread on what this is about:
1. WhatsApp uses end to end encryption. This doesn't just mean that they don't know what is in our messages. It also means that they don't know who has sent what message.
The only time they can see the content of the message is when someone marks it as spam,in which case the
1/
user who has marked it as spam unencrypts it for WhatsApp to see.
2. The IT Rules force WhatsApp to change this: the govt has said that it wants WhatsApp to identify the originator of a message (but doesn't want the message content). When this is for law enforcement
2/
Seeing lots of tweets suggesting that Twitter & Facebook might be banned tomorrow after IT Rules 2021 come into effect.
Some news entities irresponsibility playing on this with alarmist clickbait headlines too indiatoday.in/technology/new…
This is wrong. I'll explain:
1/
1. IT Rules 2021 are coming into effect tomorrow, and even if the deadline won't get extended, the Govt is unlike to enforce all the provisions & hold platforms to account unless it really needs to, because the platforms could then move court to challenge the guidelines.
2/
The govt wouldn't want to give platforms reason to go to court because these rules are so majorly unconstitutional that they won't want to risk embarassment in courts. The rules are already being challenged on such grounds btw. Need more.
So, a thread with some context on the Government of India asking Twitter to remove the "Manipulated Media" tag on Sambit Patra's tweet. Story here: medianama.com/2021/05/223-sa…
1. There's no official statement, no copy of the letter sent, but news agencies like ANI and PTI are
1/
reporting it quoting anonymous sources so there seems to be a selective leak. What stops MEITY from publishing its correspondence anyway? Not clear. We'll file RTI's anyway.
2. The government can object all it wants, but exactly what part of India's IT Act allows them to have
2/
this "manipulated media" tag removed? None. Twitter can tag whatever it wants, whoever it wants, whenever it wants. It's their platform. Govt can only request, not order for the tag to be removed AFAIK.
3. There is a suggestion from the ANI tweets that as per MEITY,this puts
3/
So, some thoughts on the deplatforming of Kangana Ranaut by Twitter.
1. This is probably the first instance where Twitter has deplatformed a significant (and politically active) user in the country. It creates for an interesting debate.
2. Indian politicians were worried:
1/
In January 2021, @Tejasvi_Surya had raised concerns about Twitter's exercise of such power when Donald Trump had been deplatformed. He had called for amendments to India's approach to Intermediary Liability to address such situations. 2/ medianama.com/2021/01/223-bj…
This is a wake-up call to the threat to democracies posed by “unregulated big tech companies”, he said. “If they can do this to POTUS, they can do this to anyone”.
Platform regulation has been an important issue for him. He's also on the Parliamentary
1. Censor board doesn't have the capacity to deal with 20000+ movies being produced in India annually. Where will it find the capacity to apply its mind to all the movies being produced for OTT globally? The lag will destroy consumer choice
2. The need is to move from censorship and govt certification to self certification. And more detailed certification than just a rating. OTT streaming services already do this and have norms. If someone violates the law, prosecute them.
2/
3. All streaming is pull content. People are choosing to watch something: not being pushed at them. Norms for broadcast cannot apply here. Not the same thing. You can't treat it the same as TV.
3/