Lawyers, activists spied on in India in coordinated operation: Amnesty report

Amnesty International on Monday released a report co-authored with Citizen Lab, an interdisciplinary laboratory of the Munk School of Global Affairs and Public Policy at University of Toronto, which explains how nine human rights defenders in India were targeted by a coordinated spyware operation.

The list of those spied on includes lawyers Yug Mohit Chaudhury, Ragini Ahuja, Nihalsing Rathod, Shalini Gera and the human rights collective Jagdalpur Legal Aid Group (JAGLAG), a journalist who did not wish to be named, activist Isha Khandelwal and academics PK Vijayan and Partho Sarothi Ray.

Nine human rights activists were targeted, and while evidence is available for such activity against them between January and October 2019, it is likely that more people have been the target of this operation, the report indicates. At least three of the nine were also targeted by Israel based NSO Group’s Pegasus software, which was revealed in the press earlier. Eight of them had called for the release from jail of the ninth, held under accusations of involvement in the Bhima Koregaon violence of January 1, 2018.

Activists, lawyers, academics and journalists were among the targeted, and this is an attack on their freedom of expression and their right to privacy, the report says.

“Between January and October 2019, each of the targets was sent spearphishing emails containing malicious links that, if opened, would have installed NetWire, a commercially available spyware. A spearphishing attack is a targeted attempt to install a spyware (malicious software) on the victim’s computer or smartphone. Spearphishing is generally performed by sending very carefully crafted and personalized emails to the target, often impersonating colleagues or loved ones,” the report says.

NetWire’s use in cybercrime and corporate espionage is known. This was among the few instances where it was used against activists.

“Surveillance of people based solely on their human rights work amounts to an arbitrary and unlawful attack on their privacy and violates their right to freedom of expression and other rights that are enshrined in the International Covenant on Civil and Political Rights, to which India is a state party,” the report says.

“In February 2020, the National Investigation Agency (NIA) took over the case from the Maharashtra police after the newly-elected Maharashtra Government raised doubts about the police investigation and signalled a probe against the officials,” the report states, explaining the background to the violence at Bhima Koregaon and the charges of terrorism against the activists.

“The case relies almost entirely on digital evidence obtained from the arrested activists’ devices. In a breach of due process, some materials found on their devices were also released to the media in an effort to smear the activists.”

The report calls the arrest “an egregious example of how Indian authorities are clamping down on dissent and activism”.

The activists were charged under Unlawful Activities (Prevention) Act (UAPA), which allows for holding people in jail without charge, even before a crime is committed. Police are given sweeping powers, making bail difficult. While earlier, only organizations could be named “terrorist”, an amendment last year made it possible to brand even individuals “terrorists” under this law. UAPA is a tool of oppression; between 2014 and 2016, 75 per cent of cases under it ended in acquittal or discharge.

In October last year, WhatsApp revealed that the security firm NSO Group had put under surveillance activists seeking the release of those jailed in India. NSO Group, which defines its motto on its website as “Developing technology to prevent and investigate terror and crime”, has claimed that it sells its products “only to government intelligence and law enforcement agencies.” It is naïve to assume, though, that law enforcement agencies in government will not allow use of technology available to them for criminal activity.

NetWire, used against these activists, is a commercially available spyware. It generated emails from fictional accounts and could steal credentials and audio recordings from electronic devices. The fictional email account would send an attachment that looked like a PDF file, and once the receiver of the email clicked on it, it would open a file and dispel any doubt, but secretly allow the NetWire software to be installed on the device.

“This spyware campaign is very concerning in the context of an already perilous situation for HRDs in India where surveillance is used along with threats, imprisonment and smear campaigns against activists to shrink the space for civil society,” the Amnesty report says.

Amnesty and Citizen Lab have urged the Government of India to probe these findings, and offered a list of email ids and files sent to the targeted activists and academics.