The Pegasus surveillance software represents a new advanced layer of snooping intelligence. It is different from earlier instances of phone tapping as the software allows injection of the spyware in targeted mobile phones through non-click methodologies. Hence, it represents a more sophisticated level of today’s mechanisms of how monitoring through spyware can be effectively enforced. The controversy has actually thrown up some interesting cyber legal questions. This is a classical case of spyware that has led to monitoring and interception. This software has been subscribed to by various governmental agencies across the world. This is so because a number of countries across the world do not have cyber security laws to deal with technological advancements in surveillance techniques. Most of the countries have in place the traditional cyber laws that are more focused on promoting electronic format and electronic commerce. Only a handful of countries, including China, Vietnam and Singapore, have dedicated cyber security laws. India does not have any dedicated cyber security law.
As of now, the only law applicable to such a mechanism is the Information Technology Act, 2000, whose Section 69 deals with lawful interception. This law allows legal interception by the central government only in the interest of sovereignty or integrity of India, its defence, security of the State etc. In India, spyware is illegal because it does such activities that constitute cybercrimes under Section 66 read with Section 43 of the Information Technology Act.