Tips to secure Http Headers

The controversy over Pegasus Spyware demonstrates that there is an urgent need for Supreme Court to take Su Moto cognizance and issue further elaborate directions in respect of Certificate under 65 B of Evidence Act. While the apex Court, in the recent matter of Arjun Khotkar, has laid down law related to 65 B of Evidence Act, however, looking at Pegasus controversy and other easy ways to invade electronic devices of any make, further directions are needed.

Pegasus is a spyware developed by Israeli cyber arms firm NSO Group that infects devices such as laoptops and mobile phones.

The spyware is so sophisticated that one can easily read text messages / messages on WhatsApp, tracking of location, accessing microphone, cameras and so on. Pegasus can even avoid detection by antivirus software and can be deactivated remotely. The only way probably to deal with virus is to get rid of phone. Sensing the gravity of the matter and admitting that WhatsApp users have been compromised, WhatsApp has already filed Suit in October 2019 in court in California. WhatsApp has sought Injunction under multiple Acts. NSO, the Parent Company of Pegasus, is so far opposing the Suit on the ground of sovereignty and want of notice. Now other IT giants have also joined the said suit, showing the gravity of the issue. Amazon Cloud has gone a step ahead and banned Pegasus on its portal.

In this background, serious concerns raised in the matter of Dr. Shoma Sen Vs. State of Maharashtra pending Petition in Bhima Koregaon matter will further support that there is a case for further directions in respect of 65 B Certificate. In the matter of Dr. Sen, Petitioner has relied upon the report of Arsenal, a reputed Cyber Forensic Agency based in USA. Based on the said report, prosecution is sought to be quashed. Arsenal has observed in its report that the laptop of Mr. Wilson was compromised on 13 th June 2016 long before the alleged offence and scripts were used to facilitate surveillance. The report also states that certain material was planted in the laptop. In this case, Digital Evidence is mainly relied upon by NIA in filing the charge sheet, which according to forensic experts was planted. NIA has opposed Arsenal Report contending that it is for the Trial Court to decide whether material was planted or not. Even if it is proved during the course of the trial that evidence was planted, the accused in the Bhima Koregaon case have been in jail for many years. Even though the legal principle is ``Bail is better than jail,’’ if an FIR is registered against any person by Agencies like NIA / CBI / EOW / ED and custody is sought on the basis of Digital Evidence under sections providing more than 7 years imprisonment, the person will stay behind bars for many years. Subsequent acquittal on account of planting of false evidence and grant of compensation will not erase the lost time, stigma and mental torture endured in jail during this period.

Today there is no need to acquire sophisticated software like Pegasus for any cyber- crime. All you need to become a hacker is to acquire the tools needed for this which will allow you go get into the DARK WEB or DARKNET. These tools are available easily and they allow the surfer to get into a world, the depth of which is unknown to the human mind. The DARK WEB is a world which is operated anonymously by professionals through highly secure communication channels to avoid monitoring and detection by Agencies.

The DARK market has menus for every human want, need and greed. Here, for a price, you can obtain drugs, arms, ammunition, fake credit cards, pornography, prostitution in any country at any location and so on. The list is endless. There are multiple non-detectable payment options available including Crypto currency. The protocol in DARKNET gives such a high degree of anonymity that it is difficult for even countries with the best of the tools to find the users. Lack of coordination between local, national and international investigating agencies, renders the task of detecting them nearly impossible.

In a country like India, investigating agencies are bogged down because of severe lack of IT infrastructure. Both physical and human infrastructure use outdated technology professionals are poorly trained. This scenario is compounded by lack of coordination amongst multiple investigating agencies and, unfortunately, lack of awareness in Judiciary. This state of affairs is highlighted by the case of a Pune businessman, Late Mr. Deepak Shah, who was charge sheeted for creating the profile of a woman unknown to him. When the police came to take him into custody he was in the ICU after a bypass surgery. The police had failed to understand the difference in date in the American and Indian formats and had come to charge him on the basis of misinterpreted information.

In such a scary scenario when serious provisions like sedition are frequently invoked by State the fundamental principle of “Bail is better than Jail” goes for a toss. Supreme Court should make it mandatory for Investigating Agencies, at the time of seeking of custody of the alleged accused, to file 65 B Certificate specifically supported by Authorised person of Cyber security branch of holding rank not below ACP/Dy. SP stating that “No Material is found to be planted in the Device”. It should be specifically stated that the Digital Evidence relied upon by prosecution to seek custody is not tampered by any means. Such a simple direction will certainly help in future. If such a direction were in existence, probably Father Stan Swamy would have been alive today and the Pune businessman would have been saved from torture of facing criminal law without committing any offence.

Ideally Suo Moto cognizance should be taken of all concerned issues raised in Pegasus controversy as the controversy has also cast a shadow on the Supreme Court. But that is for Hon’ble Judges to decide.