A global media investigation has revealed that Pegasus, a telephone hacking software invented in Israel and supposedly sold only to governments, has been used across the world to tap the phones of politicians, journalists, NGOs and others. In India, the 300 targets include Rahul Gandhi, two serving Union ministers and 40 journalists.
I applaud the investigative work behind these revelations. The media is rightly worried about press freedom. But Pegasus is just the tip of the iceberg. Cybersnooping has become vital for everything from national security to corporate competition. All countries (and many corporations) have bought or are developing a hundred versions of cybersnooping, many far more powerful than Pegasus.
Edward Snowden revealed in 2013 the extent of global surveillance by the US and its European allies. Since then, high-tech snooping has become a multi-billion dollar industry financed by governments and corporations. German Chancellor Angela Merkel was targeted by US snoopers.
I understand the indignation of hacked journalists. But this is not just a game to subvert press freedom — that is a tiny side-effect of a much bigger game. Snooping has become the very heart of national security, and covers almost everybody under sundry laws. Since the US snooped on Merkel, surely it also tried snooping on Xi Jinping, Vladimir Putin, Boris Johnson, Narendra Modi, and every leader of substance. Can anyone believe these targets are so well defended that they are hacker-proof?
The US complains bitterly about growing Russian and Chinese hacking. But the national interest of China and Russia demands that they equal or excel the US. India, with its significant IT prowess, must surely build its own hacking abilities, as well as cyber-defence capabilities.
World War II was won mainly by the British breaking Germany’s military codes and the US breaking Japan’s codes. This superiority of intelligence translated into great military victories.
For this reason, surely India must do its level best to hack into Xi Jinping, Imran Khan, and all possible systems of China and Pakistan, just as those countries must be hacking into ours. This is not a morality play. It is not about the sanctity of privacy. It is a deadly arms race in which no one can afford to be left behind.
The corporate world is fully into hacking. I was told by a New York investment banker that, for security, his colleagues change their passwords every single day and their telephones every week. A small scrap of commercial intelligence can translate into profits of billions. Commercial espionage is common in every high-tech industry, and even in conventional industries like autos. This does not happen in the US alone. No one should think Indian industry lives on a higher moral plane.
Four years ago, I attended a sobering meeting addressed by the head of a top government cybersecurity organisation. He estimated that every email and phone call is monitored by at least a hundred invisible entities, of whom 52% are private actors and 48% are state actors (of more than one country). Privacy was already an illusion long before Pegasus arrived.
Countries and corporations with the most powerful anti-hacking systems have failed to protect themselves. What hope, then, do individuals have? The cybersecurity expert says 70% of websites worldwide are compromised. Daily checks are no defence: it can take 240 days for experts to detect a hack. Viruses are growing by 66% per year, some aiming to watch and record, others aiming to destroy systems. They can see every financial transaction, every compromising revelation in emails and phone calls, every movement of you and your family.
The state has no monopoly on snooping. Rather, states themselves are hacked daily. Despite spending billions on cybersecurity, states are losing this war. Drug lords and terrorist groups have used hacking as a low-risk way of penetrating the most powerful nations.
Ransomware has become a huge commercial business. Hackers paralyse a corporate system and unfreeze it only after being paid billions. As a professed atheist, I am in greater danger of being cyber-tracked and killed by a religious fanatic than an oppressive government. The Taliban and ISIS could become greater security threats than Pakistan.
The rise of hacking is no excuse for governments to spy on their citizens through Pegasus or other devices. Personal privacy must be protected by law. But the government has vast powers to tap phones for national security, and no government will give up that power, or stop its misuse. My phone has been tapped since at least 1978, and cybersecurity experts now say a hundred other agents are watching and listening too. I do not let that inhibit my writings.
In sum, privacy matters, but is just a tiny part of the massive problem of cybersecurity. We face unprecedented threats and have no clear answers.
This article was originally published in The Times of India on 7 August 2021.
Read more: Tamil Nadu’s Unsustainable Energy Policy
The opinions expressed in this essay are those of the authors. They do not purport to reflect the opinions or views of CCS.