The Parliamentary Standing Committee on Information Technology (IT), headed by Member of Parliament Shashi Tharoor, met on Wednesday and got off to a stormy start, with members being at odds over whether to take up the WhatsApp-Pegasus snooping issue.
Eventually, the matter was put to vote and the panel decided in favour of discussing the issue that involves snooping on 121 Indians.
The meeting, which lasted over two and a half hours, took a political turn, with members taking sides, while the ruling alliance members were largely opposed to taking up the WhatsApp issue. The voting on whether WhatsApp-Pegasus should be discussed ended in a tie. It was Tharoor’s vote in favour that ended the debate.
In May, WhatsApp became aware of NSO Group, an Israeli company, having used a coding glitch in the messaging app that let its customers spy on some people. The software developed by NSO Group for spying is called Pegasus. As many as 1,400 people were targeted by the spyware worldwide and 121 in India — most of them being activists and journalists.
On October 29, WhatsApp decided to sue NSO Group for misusing the messaging platform’s code to compromise user privacy. The issue has since taken a political turn, with the government asking WhatsApp to explain the breach of Indians’ privacy. The government has also come under some heat for not answering whether any of its agencies bought the Pegasus software.
The meeting, attended by secretaries of the Ministry of Electronics and IT (MeitY), Ministry of Home Affairs, and Department of Atomic Energy, briefed the panel on ‘citizens’ data security and privacy’.
NSO Group has always maintained that it sells Pegasus only to governments. When asked by the committee members, the bureaucrats were ‘evasive’ and ‘jittery’ and claimed they had no more information than what had appeared in the press. Sources said the ministry representatives claimed that WhatsApp had not given them the names of the people who were breached, and the NSO Group has no operations in India, so it had not been contacted.
Further, it was also mentioned that Pegasus is available on the darkweb as well, so a private individual could have also downloaded or purchased the software from there and spied on Indian citizens. Sources said that the Department of Atomic Energy apprised the committee of the recent cyberattack on the Kudankulam nuclear plant, apologised for the breach, and assured the committee it will take steps to safeguard cyber systems in the future.
The panel had met to discuss issues of citizens’ data security and privacy, digital payment and online security measures for data protection, review of functioning of Unique Identification Authority of India, safeguarding citizens’ rights and prevention of misuse of social/online news media platforms, including special emphasis on women’s security in the digital space, promotion of electronics/IT hardware manufacturing sector and measures for reduction of imports, and policy issues in IT, including cross-border data flows, artificial intelligence, and Internet of Things.
Given the controversy around the WhatsApp issue, Tharoor had earlier written a letter to the members of the committee, saying the alleged use of technology for snooping on Indian citizens would be discussed on Wednesday.
However, two hours of the meeting were spent in pro-government members claiming the WhatsApp-Pegasus issue is outside the purview of the panel, said sources.Business Standard reported on Tuesday that WhatsApp told the government it could have worked better with the authorities on the ongoing issue of Israeli spyware used to snoop on Indian citizens using vulnerability in the messaging app’s code. In a communication with MeitY, WhatsApp has assured the government it will engage more to address issues that impact Indian citizens’ privacy.