The government on Wednesday told Lok Sabha that it is committed to protecting the fundamental rights of citizens, including the right to privacy, and that there are adequate provisions in the Information Technology (IT) Act to deal with hacking and spyware.
The government is also working on the Personal Data Protection Bill to safeguard privacy of citizens, and it is proposed to table it in Parliament, Minister of Information Technology Ravi Shankar Prasad said in a written reply in the Lok Sabha.
The government has taken note of the fact that a spyware/malware affected some WhatsApp users. According to WhatsApp, this spyware was developed by an Israel-based company NSO Group and that it had developed and used Pegasus spyware to attempt to reach mobile phones of a possible number of 1,400 users globally. The users include 121 people from India, Prasad said.
The government said some media reports attempting to malign the government of India for the reported breach are "completely misleading". The government is committed to protecting the fundamental rights of citizens, including the right to privacy, it said.
The government operates strictly as per provisions of law and protocols. There are adequate provisions in the Information Technology (IT) Act, 2000 to deal with hacking and spyware.
The ministry informed the House that the Indian Computer Emergency Response Team (CERT-In) published a vulnerability note on May 17 advising countermeasures to users regarding a vulnerability in WhatsApp.
Subsequently, on May 20 WhatsApp reported an incident to the CERT-In stating that WhatsApp had identified and promptly fixed a vulnerability that could enable an attacker to insert and execute code on mobile devices and that the vulnerability can no longer be exploited to carry out attacks.
On September 5, 2019 WhatsApp wrote to CERT-In mentioning an update to the security incident reported in May 2019, that while the full extent of this attack may never be known, WhatsApp continued to review the available information.
It also mentioned that WhatsApp believes it is likely that devices of approximately one 121 users in India might have been attempted to be reached.
Based on media reports on October 31 about spyware Pegasus, CERT-In issued a formal notice to WhatsApp seeking submission of relevant details and information, IT ministry said in details.