What Pegasus says about cyber power and our national security?

ForumIAS announcing GS Foundation Program for UPSC CSE 2025-26 from 10th August. Click Here for more information.

Source: Livemint

Syllabus: GS3 – Security

Relevance: Implications of the Pegasus issue

Synopsis: Pegasus issue has crucial national security and geopolitical dimensions that must enter the national debate.

Conflict b/w liberty & national security

Information governance (the way in which information is used and managed) in liberal democracies has two key goals:

  • First, to protect the fundamental rights (privacy included) of citizens; and
  • second, to defend the national information sphere from hostile state and non-state enemies.

These goals are sometimes in conflict. There is a trade-off between liberty and national security. Liberal democracies achieve a balance by codifying the trade-off, placing limits on the state’s powers, defining due processes, and subjecting government actions to parliamentary and judicial review.

While the Indian state has managed a balance in many areas, privacy and surveillance have remained in a grey zone since the Constitution came into force.

Implications of the Pegasus issue
  • Governance framework for surveillance: Pegasus shows that any country that can afford a few thousand dollars can hack the smartphones of heads of government. Hence, the need for a governance framework covering surveillance and information operations is necessary for national security
  • Weakness of India’s cyberwarfare capacity: Beyond national security, the Pegasus revelations highlight a disturbing weakness in India’s cyber warfare capacity. If it is indeed true that Indian government agencies had to purchase a foreign commercial cyber-weapon for their needs, then we have advertised a strategic vulnerability that is bound to be exploited unless rectified quickly.
  • Misuse of data insights: Another vulnerability arises from the fact that vendors of commercial cyber-weapons can get insights as to how their product is being used. This information can be misused by making it available to their governments. It is also vulnerable to other governments with superior cyber capabilities. The maker of Pegasus has a very good idea of what its customers are up to. It can turn it off at will. Even the political costs of being exposed could be used as leverage against the buyer.
  • Data encryption must not be weakened: Citizens need to be empowered with a strong encryption. At least until a robust governance framework is put in place, the government must not weaken data encryption.
  • Intelligence reform: India needs intelligence reform. The Shah Commission and the LP Singh Committee recommendations need to be looked into.
    • In the meantime, the surveillance review process needs to be bolstered. It should be mandatory for the requesting agency to deposit a refundable financial guarantee along with the application.
Way forward

India lacks offensive cyber capacity and is thus not a credible cyber power. It needs a serious, realist, non-partisan policy debate on the development and governance of national cyber capabilities.


Print Friendly and PDF