It’s time to end the rampant use of invasive spyware in India. Access Now is alarmed by reports of potential “state-sponsored” remote attacks on the Apple devices belonging to politicians, journalists, and individuals involved in public policy across India.
For India to uphold fundamental rights, authorities must initiate an immediate independent inquiry, implement a ban on the use of rights-abusing commercial spyware, and make a commitment to reform the country’s surveillance laws. These latest warnings build on repeated instances of cyber intrusion and spyware usage, and highlights the surveillance impunity in India that continues to flourish despite the public outcry triggered by the 2019 Pegasus Project revelations.
It is always difficult to attribute spyware attacks to their perpetrators, but receiving a notification is grounds for investigation.* While the Ministry for Electronics and Information Technology has undermined the alerts as “vague and non-specific,” Apple notifications must be taken very seriously, having exposed spyware use in countries like El Salvador, Poland, Thailand, and Armenia.
The Indian government has refused to blocklist NSO Group — which supplies Pegasus spyware — and other hack-for-hire firms despite international calls for a moratorium on spyware, and prohibitions by other governments. Moreover, it has failed to ensure the privacy of more than a billion people in India through a Data Protection Act that fails to protect against excessive and centralised government surveillance, ignoring trends showing an increasing use of spyware globally.
The use of spyware erodes democratic processes and curtails human rights, and authorities in India must act today.
*Access Now urges everyone who received the notification to enable Apple Lockdown Mode. While it is not a silver bullet, it dramatically reduces the ability of an attacker to successfully infect your device.