The Union government was quick to spring into action as complaints about hacking of WhatsApp data by the Pegasus spyware developed by an Israeli firm NSO group came up. 

Even as the government sought an explanation, some decided to make it a political slugfest after it was said that around 12 lawyers, journalists and activists had been targeted. 

Also read: 1,403 Bangladeshi convicts in India, around 1,284 from Bengal: Here is why Mamata Banerjee opposes the NRC

The global figures showed that around 1,400 were affected due to this breach. The Congress and others in the opposition wasted no time in blaming the Union government. Both Rahul Gandhi, his sister Priyanka Gandhi Vadra among others accused the BJP and the government for having engaged Israeli agents to snoop on the phones. 

Amidst these allegations, the Union government made it clear that it was concerned about the breach of privacy of citizens of India. We have asked WhatsApp to explain this kind of breach and what it is doing to safeguard the privacy of millions of Indian citizens, Union minister, Ravi Shankar Prasad said.

He further said that the government is committed to protecting the privacy of all Indian citizens and the agencies have a well-established protocol for interception, which include sanction and supervision from highly ranked officials in the Central and state governments, for clearly stated reasons in national interest. 

Amit Malviya, IT Cell chief of the BJP asked why didn't these affected persons speak out earlier. Questioning the timing of their complaints he also asked if they were contacted by WhatsApp earlier, why didn’t they come and say it earlier.

Right to privacy: 

In 2013, the documents released by US whistleblower Edward Snowden suggested that the US NSA accessed computers within the Indian Embassy in Washington. The documents also spoke about the aggressive nature of the NSA data-mining exercises targeting India. For this, two data-mining tools - Prism and Boundless Informant were used.

BJP MP, Rajeev Chandrasekhar had protested loudly back then after it was learnt that 1,000s of Indians were snooped upon. In fact he went on to play a key role in petitioning the Supreme Court after which a constitution bench held that right to privacy is a fundamental right.

In a tweet, while replying to Rahul Gandhi, Rajeev Chandrasekhar said, “Dear Rahul Gandhi, privacy became a fundamental right under the Narendra Modi government. This government’s response to this WhatsApp privacy breach is in sharp, sharp contrast to your UPA government’s silence on US Prism snooping on 1,000s of Indians. So zip it and go meditate.”

It must be noted here that issues relating to privacy were raised on several occasions during the UPA government. The then government was accused of keeping mum on such issues. It may also be recalled that there was a bugging incident in the office of then finance minister Pranab Mukherjee. Following an outrage, a probe was ordered and it was said back then what was stuck on the wall was not a bug but a chewing gum.

Ravi Shankar Prasad also pointed out that there was spying done on then Army chief, general VK Singh. These are instances of breach of privacy of highly reputed individuals for the personal whims and fancies of a family.

When the UPA stayed silent:

On June 13, 2013, Rajeev Chandrasekhar wrote a letter to government raising serious concerns about the Prism Project. He suggested to the government that it would be advisable to reach out to the US and discover the actual facts. If it is found that the privacy of Indians was breached, then the government of India must contemplate steps to fix the issue.

He further said that at times like this, the government has two options. First to join the other governments and seek equal access to surveillance by increasing our capabilities and scope. The second is to desist any practice that may have come to light and instead improve norms to protect privacy and safeguard individuals against mass surveillance/interception. He also pointed out that national security, lawful interception and monitoring are critical to our national objectives, but this is the time to remain balanced and lead an inter-governmental dialogue for establishing a truly multi stakeholder discourse on how to improve privacy and overall internet governance. 

However, the government did nothing about it. Rajeev Chandrasekhar said on Twitter, “ Back in 2013, I raised the issue of foreign governments snooping on Indians. The UPA government did nothing about this or the leaky Aadhaar that it built. The Narendra Modi government is putting in place a robust data protection and privacy framework.”

The long legal battle:

The fight for right to privacy as a fundamental right was a long fought battle. Many had questioned the UPA about the manner in which Aadhaar was being introduced in the country after spending crores of rupees, which belonged to the Indian public.

Rajeev Chandrasekhar had pointed out that there was no discourse, debate or legislative sanction. The deliberate lack of debate and scrutiny had led to a situation, where the database constructed clumsily had no reciprocal protection for those who were enrolled in Aadhaar and volunteered data into it.

Writing in the Financial Express, Rajeev Chandrasekhar had said that Aadhaar and its designers kept hiding behind the glib of statements like it was designed for privacy, which unfortunately many in the media and government accepted blindly. He decided to move the Supreme Court after failing to get the necessary responses from the UPA government also in Parliament.

He further said that he believes that privacy is a fundamental right under Article 21. However it is subject to reasonable restrictions and hence it is not an absolute right. Entities authorised by the state have the right to seek information and data from individual citizens for the stated cause and citizens have an obligation to provide such data.

The state entities that collect and store data must have legal and constitutionally embedded obligation of using that data only for the specified purposes. On March 11, 2014, Rajeev Chandrasekar filed an implement application in the Supreme Court in which he highlighted the violations of fundamental rights of the citizens with the implementation of Aadhaar in the form then.

On March 14, 2014, the Supreme Court directed the agencies to revoke any order made by them making Aadhaar mandatory for availing benefits and forbade the UIDAI from sharing any information in the Aadhaar data base with agency without the data subject’s consent.

This case was then referred to a nine-judge constitution bench of the Supreme Court. In August 2017, the Supreme Court delivered a landmark judgment where it held that right to privacy is a fundamental right. The court also accepted the contention of the NDA government that while privacy is a fundamental right, it is however not an absolute right.

The BJP government has always maintained that privacy is a fundamental right and it would always be respected. Even during a debate on the Aadhaar bill, the BJP government had stressed on this point. The then finance minister, Arun Jaitley had even said that in a room an individual would have an absolute right. But if he says that he will spend a large amount of cash and none have a right to find out because of his privacy, then that would be subject to restrictions that would be fair, just and reasonable.

In fact one must keep in mind that the privacy matter landed in the Supreme Court only because the UPA government brought about Aadhaar without a law.

Govt has ensured necessary safeguards:

In 2018, when the Union government in the interest of national security authorised 10 agencies to intercept, monitor and decrypt data in any computer system, there was a hue and cry.

The government had made it clear that the order does not confer any new powers to any security or law enforcement agency even as the opposition termed the move as an assault on fundamental rights.

The government made it clear that there were adequate safeguards provided in the IT Act 2000 and similar provisions and procedures existed in the Telegraph Act. Each case of such computer interception is to be approved by the competent authority, which is the Union home secretary. 

The entire process is also subject to a robust review mechanism as in case of Telegraph Act. Every individual case will continue to require prior approval of the home ministry or state government. MHA has not delegated its powers to any law enforcement or security agency, the government said.

The government, while speaking about the safeguards, said that it had relied on Rule 4 of the IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009. Under this, a competent authority may authorise an agency of the government to intercept, monitor or decrypt information generated, transmitted, received or stored in any computer resource for the purpose specified in sub section (1) of Section 69 of the Act.

Further, such cases are placed before the review committee, headed by the Cabinet secretary, which shall meet at least once in two months to review such cases. In the case of the states, such a committee is headed by the chief secretary.

What is important to note is that this order became absolutely necessary in the interest of national interest. The government is not interested in snooping on individuals, an officer with the Intelligence Bureau said to MyNation. The above mentioned order had to be passed considering that terrorism was largely online these days. Multiple agencies work on such cases.

The officer also reminded that it was thanks to this that they were able to undertake operations such as Chakravyuh as a result of which 1,000s of persons were prevented from going abroad and joining the ISIS.