On Apple’s spyware attack notification – Why government’s defence on Apple spyware advisory is weak – and in bad faith

Source: The post is on Apple’s spyware attack notification based on the article “Apar Gupta writes: Why government’s defence on Apple spyware advisory is weak – and in bad faith” published in “Indian Express” on 2^nd November 2023.

UPSC Syllabus Topic: GS Paper 3 Internal Security – Challenges to internal security through communication networks; basics of cyber security.

News: The article discusses spyware attacks on India’s politicians in the context of Apple’s alerts to various users in India. The article stresses transparency, accountability, and allegiance to the Constitution over the government.

What is the threat notification issued by Apple?

Apple has been sending automated threat notifications to users likely targeted by state-sponsored cyberattacks.

These notifications are triggered by Apple’s system when it detects patterns of activity that may indicate such an attack.

The notification does not specify which state might be sponsoring the attack, as revealing this could help attackers avoid future detection.

Apple’s alert advises users to take protective measures such as updating their software, setting strong passwords, and turning on two-factor authentication.

What is the government’s response to reports of a spyware attack?

Investigation Order: An investigation into the recent spyware alerts by Apple was ordered, to be carried out by the Indian Computer Emergency Response Team (CERT).

Dismissal of Prior Attacks: The government dismissed previous accusations regarding the Pegasus spyware attacks, stating that a judiciary-supervised investigation had been completed with no incriminating findings.

Flaws in Apple’s Advisory: The minister pointed out that Apple’s advisory was vague and global, implying it was not specific to India.

Why are investigations into suspected spyware attacks facing criticism?

Dismissive Attitude: Critics fear the minister’s dismissive initial response to the allegations might influence the investigation’s outcome.

Lack of Investigative Body’s Autonomy: The Indian Computer Emergency Response Team (CERT), responsible for the probe, reports to the minister’s ministry, raising questions about its independence.

Limited Scope of Probe: The investigation is seen as limited, focusing on technical checks rather than comprehensive inquiry methods like witness testimonies.

Past Record: The government’s handling of previous spyware attack allegations, particularly involving Pegasus, has been criticized for lack of transparency and conclusive results.

Question for practice:

The fundamental right to privacy forms an important part of the right to life and liberty. However, it is facing constant threats. Discuss in context of the recent Apple’s recent spyware attack notification.