This Article is written by our Editor: Abhishek Unnithan of RGNUL, Punjab
“There is no greater threat to a free and democratic nation than a government that fails to protect its citizen’s freedom and liberty as aggressively as it pursues justice.”
– Bernard B. Kerik
INTRODUCTION
The foundational social contract underpinning the criminal justice mechanism is the inherent belief that, despite the severe ordeal and mental anguish that litigation engenders, justice will be dispensed. When this belief goes for a toss because of an aggressive law enforcement machinery, it casts a pall over the entire judicial setup. The travails of human rights defender and Bhima Koregaon accused Rona Wilson illustrates the dangers of an elected government using sophisticated technology to clamp down on dissent.
Ever since the Pegasus Project revelations were unearthed by the Paris-based media non-profit Forbidden Stories and human rights organization Amnesty International, it has rocked the political conscience of a host of democratic countries, including India. The highly commendable investigative journalism revealed the names of numerous dissidents, journalists, political opponents, human rights activists, lawyers, businessmen and others who were the victims of massive governmental surveillance using the “Pegasus” spyware, developed by the Israeli technology firm NSO Group. The documents, leaked to Forbidden Stories, contained the target list of some 50,000 people spread across the globe who were earmarked as “people of interest” by the clients of NSO Group. The information was subsequently disseminated to 17 media organisations under the umbrella of “The Pegasus Project” and reports started pouring in from mid-July 2021. Worryingly, NSO Group has clarified that it only sells technology to vetted governments and this raises the troubling specter of a democratically elected government using surveillance technology to crush political opposition, dissidents and human rights defenders. The military-grade spyware Pegasus is licensed for export by the Israeli Ministry of Defense only to foreign governments. In India itself, the target list includes political rivals, dissidents, minority rights activists, lawyers, religious heads, Supreme Court judges, journalists, and bureaucratic administrators.
A US digital forensic investigation firm Arsenal Consulting, retained by the defense lawyers of incarcerated human rights activist Rona Wilson, released a report on December 17, 2021, alleging that the iPhone of Mr. Wilson was attacked numerous times by the Pegasus spyware over the course of nearly 22 months. Mr. Wilson is an accused in Bhima Koregaon case and has been languishing in prison since June 2018. A previous report by Arsenal had confirmed that incriminating files had been planted in Mr. Wilson’s computer using a malware called NetWire. These files had been relied on by the National Investigation Agency (NIA) to charge Mr. Wilson under the stringent Unlawful Activities (Prevention) Act (UAPA). The Arsenal reports, coupled with the Pegasus Project revelations, have cast a pall of suspicion over the entire investigation and highlighted the growing tendency of the state to crush political dissent, by whatever means necessary. The judiciary must take note of this flagrant abuse of governmental authority and recognize the ease with which sophisticated technology can tamper with electronic evidence. In light of the rapidly developing technological landscape, there is a striking need to develop new evidentiary principles.
WHAT IS PEGASUS
Pegasus is the flagship product of the NSO Group that can stealthily infiltrate a smartphone and gain access to everything in it. This can turn devices running Android, iOS, Blackberry, and Symbian operating systems into surveillance systems. The company has taken pains to clarify that it sells the product only to countries and with the primary objective of preventing serious crimes and terrorism. Pegasus exports are supervised by the Defense Exports Control Agency (DECA) operating under the Israeli Ministry of Defense. Some of the earliest documented evidence of Pegasus spyware included the tracking of Mexican drug kingpin El Chapo Guzman and monitoring the people close to murdered Saudi dissident Jamal Khashoggi. Named after the mythical winged horse Pegasus, the spyware accorded malicious opportunities to governments around the world to snoop down on disquieting elements of society by tracking calls, acquiring passwords, tracking locations, reading text messages, and harvesting information. It can avoid detection by antivirus and self-destruct on remote control command.
Rather than relying on a single specific vulnerability, the Pegasus spyware uses a host of exploits to infect the host system including the Apple Music Store, the Photos App, iMessage etc. Pegasus also uses “zero-click exploits” – without needing any interaction from the victim. This makes the system uniquely dangerous as it quietly works in the background rendering the victim defenseless.
RONA WILSON AND PEGASUS
The Bhima Koregaon case included the incarceration of sixteen human rights activists, academics, lawyers, and artists under the draconian UAPA for a period ranging from one year to over three years for alleged Maoist links. Two of the accused in the case, leading Telugu poet Varavara Rao and human rights activist Sudha Bharadwaj were released on bail while another accused Father Stan Swamy, a tribal activist and Jesuit priest, passed away in prison earlier this year due to deteriorating health conditions.
One of the other accused in the case is Rona Wilson, a researcher, doctoral student and the public relations secretary for the Committee for the Release of Political Prisoners (CRPP) which actively fights for the release of many political prisoners and campaigns against repressive laws like UAPA.
The December 17 report by Boston-based digital forensics firm Arsenal Consulting confirms that there have been at least 49 different occurrences of Pegasus attack against Mr. Wilson through his iPhone long before he was in police custody. The period of the Pegasus attacks ranged from July 5, 2017 to April 10, 2018. Arsenal had previously submitted a report highlighting that Mr. Wilson’s computer had been hacked multiple times in the past using the NetWire Remote Access Trojan (RAT) between June 13, 2016 and April 17, 2018 – in a bid to plant incriminating evidence on his computer which was later used by law enforcement authorities to charge him under UAPA. This tactic was disturbingly similar to the one used against another accused in the Bhima Koregaon case, lawyer Surendra Gadling. Arsenal Consulting has confirmed that neither of the two accused ever opened the damning files that incriminated them. Thus throughout 2017 and 2018, Mr. Wilson was under the surveillance program of Pegasus and victim of incriminatory evidence planting through NetWire Rat.
The firm has clarified that the 10 letters used by the Pune Police (which included a plot to assassinate Prime Minister Narendra Modi) and later the NIA as conclusive evidence against the accused were planted in Mr. Wilson’s computer. Arsenal, retained by Mr. Wilson’s defense to analyze the electronic evidence against him, relied on the hard drive consisting of forensic images and police work related to Mr. Wilson and the other defendants. Rona Wilson’s lawyer Sudeep Pasbola has filed a petition in the Bombay High Court, attaching the Arsenal report, seeking dismissal of the case against his client.
KEY TAKEAWAYS
The shocking revelations by Arsenal Consulting highlight the very real danger of framing innocent civilians as alleged criminals using sophisticated cyberattacks that undermine the core of India’s criminal justice system. The principle of audi alteram partem i.e., “hear the other side as well” is an essential ingredient of natural justice. Every accused person has the right to be heard and no person should be convicted without a fair trial. This necessitates that the accused should have the fair opportunity to respond to the evidence against them. If that evidence is planted in an attempt to imprison the accused, it constitutes a grave perversion of constitutional integrity. Article 14[1] (equality before the law) and Article 21[2] (protection of life and personal liberty) of the Indian Constitution hold the tenets of natural justice. In the case of Maneka Gandhi vs. Union of India[3], the court opined that the procedure established should be just, fair and reasonable.
The government’s deafening silence against accusations of constitutional impropriety challenges the objectivity of the state in prosecuting the Bhima Koregaon accused. The NIA must investigate the forensic findings of Arsenal and, if needed, course corrects itself to preserve prosecutorial legitimacy. The government must take note of the vast surveillance empire that has cast a shadow over India’s criminal justice system and flouted the rights of its citizens. The independent panel formed by the Supreme Court to investigate the Pegasus scandal must vigilantly assess the illicit connections between “Pegasus” and the Bhima Koregaon case. The judiciary must take cognizance of the dystopic potentials of technology and revisit its judgment denying bail to the accused, relying on electronic evidence. At a minimum, the judiciary should rigorously ascertain the veracity of the evidence used to convict the Bhima Koregaon accused in light of the revelatory new report by Arsenal.
Comments