What to do in the age of WhatsApp Spyware Attack?

Some things to remember amidst this WhatsApp hack sensation:

The government may not actually have in any records, data on who all have been targeted for illegal surveillance and accessing of their devices. Such unauthorised surveillance – conducted by private contractors – is never directly contracted by police/IB etc. Front organisations, like the one that issued the invitations to European MEPs to visit Kashmir, set up by individual officials via their proxies are the ones that contract the surveillance contractors. In some cases, major Indian corporate players do the contracting on behalf of government officials. All information gathered in this manner is ultimately filed by the official concerned as “received from sources” without any further clarification.

The “deep state” is not an institution – it is the set of such informal and ad-hoc arrangements between individuals in the ruling class – the actual ruling class (‘class’ in a generic sense, not in its various social scientific meanings) of individuals with authority over institutions – not the conceptual ruling class or bourgeoisie or any other such broad category.

This is not actually a particularly sophisticated structure. The same methods are also used for less technical operations – sting operations, clandestine video/audio recordings, people getting disappeared and bumped off etc. Only, in those cases, the “contractors” are operating outside the law – so called mafias and underworld organisations – unlike the surveillance contractors that are legally registered as “security services companies” and such. The same basic mechanism is at work – individual officers, via proxies, commission such “contractors” to carry out their business. At the most basic level, it is just as simple as paying individual informers and infiltrators for information, when the intention is not to act but just to monitor.

Following security practices for our electronic communications is essential for democratic activists of course, but it doesn’t prevent a determined monitor from seeing what one is doing. The only way to avoid any surveillance is to not communicate electronically at all, to use human messengers and couriers, which is what the revolutionaries do for good reason. Short of this, any of our communications for politics and activism are in theory, and mostly in practice as well, available to authorities to see and manipulate. No Wire or Telegram or Signal or ProtonMail or anything else prevents this. Our democratic activism and politics is in this sense “authorised” – the legal and natural rights that are guaranteed and (supposed to be) protected by the constitution prevents the government from acting on the information it is collecting all the time, almost all of it illegally.

Despite the sensation of people getting messages saying they have been hacked – the far bigger ever present surveillance is human infiltration. This is where we are weakest and almost thoroughly compromised. Realise that the close familiarity of the government with democratic organisations that the patterns of arrests and now surveillance have revealed could never have been possible without direct personal human monitoring. This was not possible through tapping phones. We have no defense against this either – other than revolutionary organisations no strain of democratic activist sensibility has developed any methodology for how to deal with informants among us or around us, let alone identify them.

Last, when we discover we are under surveillance it is somewhat pointless to go public about it, and it can even put people at risk, except under specific circumstances. In this case, since there is a suspicion that incriminating materials were planted, there was a point – to highlight it potentially aiming to discredit “evidence” gathered against already arrested people and safeguard against potential future arrests. If there is a suspicion that something has been stolen and is going to be made public in a deleterious manner, then going public can be done to try to pre-empt it. Other than that, it serves no purpose.

What to do is to change ones protocols of communication and identify and exorcise informants and infiltrators from core communication chains. What to do generally is to keep changing our “addresses” – physical addresses, emails, phone numbers, chat and social media accounts – at frequent intervals. This is an ongoing game of cat and mouse that will never end. Ultimately the point is not to expose that it happens or to fight it – nothing will stop it short of an unimaginable legislative overhaul that no political party will ever bring about in current circumstances – it is to find ways to remain effective in democratic activism and politics despite it. If an investigative authority decides to “get” you, it can and will.


Subscribe to RAIOT via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 15.7K other subscribers
Abir Dasgupta Written by:

Abir Dasgupta is an independent investigative journalist based in New Delhi

Be First to Comment

Leave a Reply