Data surveillance techniques have become increasingly complex in the wake of rapid technological advancement. Contrary to popular belief, an appearance on the state’s criminal watchlist is not necessarily a prerequisite to warrant surveillance of one’s activities online. In fact, our ‘digital footprint’ is constantly monitored and analysed by companies to personalise the advertisement experience offered by them. A multitude of factors are taken into account for this purpose, including a person’s location, clicks, identity and behavioural history on the internet. Based on these parameters, users of social media platforms are extensively profiled and shown targeted advertisements which tend to align with their interests and viewpoints. This practice, known as surveillance advertising is what drives the profits of tech giants such as Google and Facebook.


The massive risk which surveillance advertising poses to users’ privacy can be illustrated with the help of the Cambridge Analytica case. This firm, owned by billionaire conservative Robert Mercer made the headlines in 2016 as the perpetrator of one of the largest data leaks in history. Psychological profiles were built with the help of data that was harvested from the Facebook profiles of 87 million people without their consent ( [footnote], mostly American voters and sold to political campaigns. Cambridge Analytica could predict a person’s political alignment by simply analysing the kind of posts they frequently liked. The Trump campaign worked closely with the firm in 2016 and it could be argued that the all-encompassing and invasive nature of the gathered data is what spearheaded the Republican victory. Whistleblower Christopher Wylie's revelation of these damning facts to New York Times in 2018 sparked an outrage among social media users throughout the world, leading to Facebook’s worst year on record.


The threat of data surveillance has only grown in the years since the Cambridge Analytica scandal, which pales in comparison to the recent Pegasus controversy. Pegasus is a spyware developed by the Israeli NSO group for the purpose of targeted spying on fringe elements such as criminals and terrorists. Unlike most such softwares, Pegasus does not depend on the target to click a malicious link in order to infect the device. In fact, Whatsapp confirmed that Pegasus had infiltrated approximately 1400 iPhone and Android devices by placing a missed call to the target on Whatsapp. There was no possible way of knowing if one’s device was infected, as all existing records of this call were deleted immediately upon infiltration. Pegasus effectively provides remote access to the phone by recording phone calls, reading messages, turning on the microphone, camera and GPS covertly. The NSO Group maintains that it sells this product exclusively to “vetted governments”, a claim that would normally put to rest fears of foul play or abuse of this powerful software. However, an international investigative journalism initiative alleged in July 2021 that Pegasus had been used by numerous governments to spy on activists, government officials, opposition leaders and leading journalists. French President Emmanuel Macron was reportedly compelled to change his mobile phone after strong rumours that it had been infected by the Pegasus spyware, along with 50,000 others globally. 


It would not be far-fetched to say that both surveillance advertising and spyware pose the greatest threat to the privacy of individuals and groups across the world. However, regulation remains a pipe dream due to the sheer ease with which advancements in this field have outpaced the efforts of policymakers from Washington to New Delhi. Only time will tell if we can succeed in our bid to find a balance between the preservation of the right to privacy and the protection of national and corporate interests.

-Aniruddh Maniktala