Democracy needs privacy: ban rights-violating spyware in India now 

It’s time to end the rampant use of invasive spyware in India. Access Now is alarmed by reports of potential “state-sponsored” remote attacks on the Apple devices belonging to politicians, journalists, and individuals involved in public policy across India. 

For India to uphold fundamental rights, authorities must initiate an immediate independent inquiry, implement a ban on the use of rights-abusing commercial spyware, and make a commitment to reform the country’s surveillance laws. These latest warnings build on repeated instances of cyber intrusion and spyware usage, and highlights the surveillance impunity in India that continues to flourish despite the public outcry triggered by the 2019 Pegasus Project revelations. 

These Apple notifications underline the lack of action and accountability on spyware abuse in India over the years. The continued use of invasive surveillance tech, especially on journalists and critical voices, erodes democratic processes and values, hinders press freedom, and enables repeated human rights violations. Rand Hammound, Surveillance Campaigner at Access Now

It is always difficult to attribute spyware attacks to their perpetrators, but receiving a notification is grounds for investigation.* While the Ministry for Electronics and Information Technology has undermined the alerts as “vague and non-specific,” Apple notifications must be taken very seriously, having exposed spyware use in countries like El Salvador, Poland, Thailand, and Armenia

Despite the mounting evidence of flagrant spyware use across India, the parliament and judiciary have been unable to hold the executive branch accountable. No meaningful action has been taken despite the 2021 revelations of Pegasus spyware attacks on more than 300 Indian phone numbers and 2022 reports linking Indian police to a hacking campaign to incriminate human rights defenders. Accountability is the first necessary step to stop India’s descent into a surveillance state. Raman Jit Singh Chima, Asia Pacific Policy Director at Access Now

The Indian government has refused to blocklist NSO Group — which supplies Pegasus spyware — and other hack-for-hire firms despite international calls for a moratorium on spyware, and prohibitions by other governments. Moreover, it has failed to ensure the privacy of more than a billion people in India through a Data Protection Act that fails to protect against excessive and centralised government surveillance, ignoring trends showing an increasing use of spyware globally.

People in India have the right to not only privacy, but also to transparency and accountability around any allegations of spyware use. As the government fails to provide answers and take action, the Indian Supreme court must step up to protect fundamental rights, share the expert committee report from its previous spyware proceedings, and issue an order to stop invasive surveillance. Namrata Maheshwari, Asia Pacific Policy Counsel at Access Now

The use of spyware erodes democratic processes and curtails human rights, and authorities in India must act today. 

*Access Now urges everyone who received the notification to enable Apple Lockdown Mode. While it is not a silver bullet, it dramatically reduces the ability of an attacker to successfully infect your device.