The government has given time till November 4 to WhatsApp for explaining how the Israeli surveillance software was used to spy on some people in India and what the firm was doing to stop such occurrences.
It is still not clear which government entity bought the software that has reportedly impacted 1,400 devices globally. WhatsApp has said it was filing a complaint in the US against Israeli technology firm NSO Group for the cyberattack that exploited vulnerability in the app's video calling feature.
“Government of India is concerned at the breach of privacy of citizens of India on the messaging platform WhatsApp. We have asked WhatsApp to explain the kind of breach and what it is doing to safeguard the privacy of millions of Indian citizens,” Ravi Shankar Prasad, the Minister for Electronics and Information Technology, tweeted. The Ministry of Home Affairs (MHA) said the attempts to align the government for a reported breach were “misleading”. “It is clarified that the government operates strictly as per provisions of the law. There are adequate safeguards to ensure that no innocent citizen is harassed or his privacy breached,” it said. However, it did not address the question of whether the central or state governments or any of their agencies have ever bought NSO Group’s spyware technology or its well-known product Pegasus.
In the vulnerability, a WhatsApp user could receive what appears to be a video call and even if the call is unanswered, the attacker could transmit malicious code to infect the victim’s phone with spyware. Another NSO Group software, Pegasus, was used to install spying software on devices between August 2016 and August 2018 by Toronto-based Citizen Lab.
The NSO Group claims to sell surveillance technology to governments globally only for the purposes of fighting terrorism and crime but has been accused of selling to governments that have a track record of spying on its citizens.
In response to a Right to Information request, asking if the government has bought from the NSO Group, filed by activist Saurav Das, the MHA said it had no information on the issue. The Opposition and experts did not take kindly to the government’s stand. “I am extremely concerned and I am sure the parliamentary committee on information technology would share my concerns. However, the story only broke after our last meeting. I intend to consult other members by email on the matter. In any case, cybersecurity is a major issue on our agenda and we are definitely going to take this up under that rubric. Of course, we will be seeking clarifications from the government,” said Shashi Tharoor, who heads the panel on IT.
Randeep Singh Surjewala, in-charge, All India Congress Committee Communications, said the Centre needs to answer which agency purchased the software and what action it would take.