This article has been authored by Yash Bhatnagar, an undergraduate law student at Dr. Ram Manohar Lohiya National Law University, Lucknow


The right to privacy is a fundamental right guaranteed by the Indian Constitution and a basic human right recognized by the ICCPR. However, its invulnerability now stands on trial.

‘The Pegasus Project’ is an international investigative journalism effort to reveal spying abuses by various governments upon journalists, opposition politicians, activists, business-people, and others using the private NSO Group's Pegasus spyware, officially marketed for surveillance of serious criminals and terrorists. A recent report by a leading media house of India, The Wire has shown that Indian National Congress Party Leader, Rahul Gandhi along with former Chief Election Commissioner, Ashok Lavasa, and many other political leaders, journalists, and even Supreme Court Judges, were allegedly targeted for surveillance by the Pegasus Spyware. A Spyware, made initially for the security of the state, is now being used to breach privacy and basic civil rights?

Amnesty International’s Study

‘Pegasus’ is a spyware developed by the Israeli cyber arms firm NSO Group that can be covertly installed on mobile phones running most versions of iOS and Android. Once installed on a phone, Pegasus can harvest any information or extract any file. SMS messages, address books, call history, calendars, emails, and internet browsing histories can all be exfiltrated. It is also being said that the spyware can also de-encrypt WhatsApp texts and have access to the microphone and camera of an infected device. NSO Group, the makers of the spyware, claims through its Transparency and Responsibility Report 2021, that its Pegasus spyware is only used to “investigate terrorism and crime” and “leaves no traces whatsoever.” However, a deep forensic study conducted by Amnesty International suggests otherwise. Amnesty International’s Security Lab performed in-depth forensic analysis of numerous mobile devices from human rights defenders (HRDs) and journalists around the world. This research has uncovered widespread, persistent, and ongoing unlawful surveillance and human rights abuses perpetrated using NSO Group’s Pegasus spyware. If the results of the forensic study are deemed to be true, the data and private details of hundreds stand at a risk of being breached.

Privacy and Human Rights at Risk

Article 12 of the Universal Declaration of Human Rights talks about privacy as one of the basic and most intrinsic human rights. However, usage of such spyware rakes higher than just breaching ‘individual user privacy’. Most of the targets mentioned in the ‘leaked’ list are people with political and institutional tie-ups, and some are renowned journalists as well. It has been reported that over 300 verified Indian mobile telephone numbers, including those used by ministers, opposition leaders, journalists, the legal community, businessmen, government officials, scientists, rights activists, and others” are included in the targeted list that got leaked. Amongst this data, lies one phone number that is surprisingly registered in the name of a Supreme Court Judge. The permission of such violative surveillance is not only a violation of Article 21 of the Indian Constitution but also goes against a basic human, political, and civil right provided under Article 17 (1) of the International Covenant on Civil and Political Rights (ICCPR), a treaty that India is a signatory of. It has further been alleged that India is one of the many countries, especially amongst ‘Western Democracies’, using the spyware ‘incorrectly.’ This list has been kept confidential by the NSO Group, but is reported to include major developed nations as well. Breach of data at this rate not only raises concerns for individual privacy but the security of the people in position, who actively contributes to the socio-political and judicial service structure of the country

Creating a surveillance society

The report also broadens the heated argument around the ‘surveillance society, and whether there are any limitations to ‘being seen’. Furthermore, Section 69 of the Information Technology Act, 2000