Apple Alert: Threat Notifications Strike at Heart of Indian Democracy, Says Apar Gupta

New Delhi: As the list of Opposition leaders, journalists and others, going public about getting Apple alerts of their iPhones, warning about ‘State-sponsored attack’ possibilities, Apar Gupta, and advocate and founder director of the Internet Freedom Foundation, has called for full disclosure by the Indian government of its spyware purchases and deployment.

“This issue strikes at the heart of Indian democracy,” he said, noting the fact that the timing of these notifications, ahead of the ensuing Assembly elections was indeed “alarming”.

Read Also: 18 Media Organisations Write to CJI; Call for Steps to end Repressive Use of Probe Agencies Against Scribes

On Tuesday morning, several Opposition leaders of the INDIA bloc tweeted on X scheenshots of Apple alerts, cautioning them against ‘State-sponsored attacks” on the iPhones.  Congress leaders Shashi Tharoor, K C Venugopal and Pawan Khera, Samajwadi party’ chief Akhilesh Yadav, CPI(M) general secretary Sitaram Yechury, NCP’s Supriya Sule, Trinamool Congress MP Mahua Moitra , Shiv Sena (UBT) MP Priyanka Chaturvedi, senior journalists Siddharth Varadarajan and Sriram Karri are among those who received the Apple alerts.

Read Also: Pegasus: Supreme Court Says Right To Privacy Must be Protected

Read the full X post by Apar Gupta on the threat notifications and their implications for India’s democracy ahead of the elections:

“These threat notifications are due to state sponsored attacks that use spyware such as Pegasus to infect their smartphone. As per Apple, “Apple threat notifications are designed to inform and assist users who may have been targeted by state-sponsored attackers. These users are individually targeted because of who they are or what they do. Unlike traditional cybercriminals, state-sponsored attackers apply exceptional resources to target a very small number of specific individuals and their devices, which makes these attacks much harder to detect and prevent. State-sponsored attacks are highly complex, cost millions of dollars to develop and often have a short shelf life....State-sponsored attackers are very well-funded and sophisticated, and their attacks evolve over time. Detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete. It’s possible that some Apple threat notifications may be false alarms, or that some attacks are not detected.”

Let me directly address the naysayers. Are these merely 'false alarms'? Let's consider the evidence:

Firstly, reports indicate that India has been a ground for deploying Pegasus spyware by NSO Group, an Israeli firm. In October, 2019, state attackers targeted activists, and in July, 2021 they extended their reach to public officials and journalists.

The Union Government has not clearly denied these activities in the Supreme Court of India. Moreover, investigations by Amnesty, Citizen Lab, and notifications from WhatsApp corroborate its use, suggesting a pattern in India and a matching victim profile.

Secondly, Access Now and Citizen Lab last month have confirmed the validity of Apple's threat notifications sent to Russian journalists, including Meduza's publisher. These confirmations lend high credibility to such notifications.

Thirdly, Financial Times disclosed in March that India is seeking new spyware contracts starting at approximately $16 million and potentially escalating to $120 million in the next few years. These contracts involve companies like the Intellexa Alliance, recently featured in a report called 'The Predator Files'.

With imminent state assembly elections and the 2024 general elections not far off, the timing of these threat notifications is alarming.

Public cynicism or judicial stupor should not preclude us from demanding an independent, transparent technical analysis and clear disclosures from the Government of India regarding its spyware purchases and deployments. This issue strikes at the heart of Indian democracy.”