The flip side of living in an age of highly sophisticated technology is its unreliability. The possibility of state-sponsored hacking alerts, which several opposition party leaders as well as some activists critical of the government, received on their iPhones establishes beyond doubt that when it comes to privacy issues, both the government and big tech firms need to do a lot more. The government ordering a probe and asking Apple to cooperate is certainly welcome, but past instances of data leaks or allegations of surveillance through sophisticated software—Pegasus—does not inspire much confidence in either the outcome of such investigations or the assurance that such incidents will not get repeated in future.
While it is true that hacking and technological developments move in tandem and are two sides of the same coin, the government needs to be proactive when such incidents come to light. Normally, there’s an angle of international espionage also in such alerts, but this can be discounted in the current case because they were received only by people critical of the government. Since Apple is a key player in the government’s smartphone production-linked incentive scheme, its accountability is now higher than in the past.
The vague response by Apple on the reasons behind the alerts is certainly troubling and calls for more comprehensive and clear disclosure. However, one thing is clear: the definition of `state-sponsored’ has been interpreted differently by the company and the citizens. Apple has tried to say that by state-sponsored, it does not necessarily mean the government but broadly entities which are well-funded, organised and in possession of sophisticated technological skills. For the body politic, it means involvement of government. Whatever may be the interpretations, both the parties need to walk the extra mile to prove their bonafides.
The government also needs to exercise caution while conducting the probe and avoid being overly coercive with the company, otherwise the growing investment flow may be at risk. Apple, on its part, needs to show that its devices are fully encrypted and the possibility of any hacking is negligible, and above all it does not snoop on behalf of governments of any territory. The government should also do some additional explaining on the overall security of personal data, beyond Apple and its devices. The leakage of Aadhaar details of around 800 million citizens from the servers of Indian Council of Medical Research a day before the Apple alerts, needs an in-depth inquiry. While it is true that the server of Unique Identification Authority of India has never got hacked due to high encryption levels, it does not serve much purpose if the details come out through some other channels.
The government has recently passed a law on digital personal data protection which lays down rules regarding collection, storage and usage of such data and penalty for any misuse and leakage. The rule making for the same is still in the formulation stage. Such incidences certainly provide an opportunity to frame appropriate rules. A robust data security mechanism is needed to ensure that the digital journey that country has embarked upon is not derailed. While conducting any such probe, the government should keep in mind that the baby is not thrown out with the bathwater. Big tech firms are gradually shifting their supply chain from China to India, and this should not get jeopardised by any over-enthusiastic state agency.