The Apple’s India team’s recent ‘clarification’ on its so-called algorithm malfunction has much to discuss. However, it refrained from explicitly mentioning the (perceived as absurd) theory of an algorithm malfunction. In fact, it brought attention to two specific pieces of information that swiftly caught the government’s interest. Notably, none of the individuals who had received the alert the previous night and sought further information and assistance from Apple received any response. In contrast, the company promptly issued a statement that initiated with the declaration: “Apple does not attribute the threat notifications to any specific state-sponsored attacker.”
The Algorithm Malfunction Theory
Upon reaching out to Apple India’s team to inquire about the ‘algorithm malfunction’ theory, their response was unequivocal: “This is untrue, and we are unaware of its origin… We are advising all reporters the same on background.” Before delving into an analysis of Apple’s ‘clarification’ and its repercussions, the fact that a government minister was privy to the company’s intent to “issue a statement in this regard in some time” reveals two key insights. Firstly, it implies that the Modi government was eager for Apple to address the matter. Secondly, it suggests there might have been a negotiation process between the government and Apple regarding the content of the ‘clarification.’ This could be the reason behind the Apple representative’s repeated emphasis to journalists, including the independent media group- The Wire, to consider including the “150 countries statistic” in their reporting, as found in the background information.
The reference to 150 countries in Apple’s statement pertained to the period since 2021. However, IT minister Ashwini Vaishnaw portrayed it as if Apple had simultaneously alerted people in 150 countries when they contacted individuals in India. This is how the minister conveyed it to the media, as reported by ANI:
Apple has released a clarification that the allegations by compulsive critics are not true. Such advisories have been sent to people in 150 countries. The people who cannot see the growth of the country are doing destructive politics…”
By creating the impression that the opposition politicians who had received the ‘state-sponsored attack’ alerts from Apple were part of a global group spread across 150 countries, all of whom were informed simultaneously, Vaishnaw seemed to attempt to divert blame away from his government. In reality, Apple initiated its threat notifications process in November 2021, in response to revelations from the Pegasus Project. The first time Apple employed the “150 countries” figure was in July 2022 when it became aware of a significant vulnerability in the iPhone, prompting the introduction of the ‘lockdown mode’ as a security feature and notifications to potential targets worldwide who might have been vulnerable to an iMessage exploit. As reported by the Washington Post:
“Researchers at the University of Toronto’s Citizen Lab captured what they identified as a new version of Pegasus last year that exploited Apple devices via iMessage without requiring any action from the victim to install it. This triggered an Apple investigation and the dissemination of notifications to potential targets. “During a call with reporters on Tuesday, Apple representatives underscored that these warnings had reached residents in 150 countries, underscoring the extensive scope of the issue.”
Are Apple’s warnings considered ‘vague’?
This is a big question that arises especially when the IT minister has sought to downplay the emerging surveillance scandal by characterizing Apple’s alert as “vague” due to its lack of specific details. However, this is not the first instance where Indian phone users have received alerts about potential spyware usage against them. In 2018, WhatsApp reached out to two dozen individuals to caution them about the risk. In 2021, when The Wire examined the leaked Pegasus database, it uncovered the numbers of many individuals contacted by WhatsApp.
Given that spyware payloads are typically delivered through messaging channels, it is reasonable to assume that Apple, with its capability to detect anomalies in the use of Apple IDs, iMessages, and FaceTime calls, would be in a similar position as WhatsApp was when it sounded the alarm five years ago. Regarding the future, while Apple may have indeed notified individuals across 150 countries over the past two years about hacking attempts on their phones, what it did on Monday night was specifically to inform a group of opposition politicians and journalists in India. These individuals likely became vulnerable due to the activities of “state-sponsored attackers.” This leads us back to the initial question: Who are these attackers?
Vaishnaw has declared that his government will investigate these attacks and has called for cooperation from both Apple and the individuals it contacted. Apple, however, has consistently stated that it is “unable to provide more information about what caused us to send… this notification, as that may help state-sponsored attackers adapt their behavior to evade detection in the future.” This implies that Apple, despite likely possessing more information than it has disclosed, will not willingly share further details. The Modi government is also unlikely to employ any coercive measures at its disposal to compel Apple to reveal what it knows, as such revelations may further harm the government.
The Final Thoughts
This situation mirrors the impasse seen with the Pegasus spyware, where the government neither confirmed nor denied its use and defied the Supreme Court’s directive to cooperate with the probe panel led by Justice (retd) Raveendran. The Supreme Court permitted the shelving of the Raveendran report and chose not to initiate contempt proceedings against the government. However, the recent alerts from Apple confirm that the use of spyware for illegal surveillance persists.
Utilizing spyware against political opponents not only violates individuals’ right to privacy but also subverts the electoral process. Moreover, the expenditure of public funds on acquiring spyware for the ruling party’s benefit constitutes an offense under the Prevention of Corruption Act and the Representation of People Act. In the United States, President Richard Nixon was compelled to resign over a surveillance operation that appears minor compared to the high-tech intrusive attacks employed against the opposition in India. However, for some reason, these matters do not seem to be a cause for concern in India.
Mohd Ziyauallah Khan is a freelance content writer based in Nagpur. He is also an activist and social entrepreneur, co-founder of the group TruthScape, a team of digital activists fighting disinformation on social media.”