© IE Online Media Services Pvt Ltd
Tags:
Journalism of Courage
The Rajya Sabha on Thursday witnessed a heated debate on the Pegasus spyware controversy which affected users in India also. While Information and Technology Minister Ravi Shankar Prasad said the government wants an audit of WhatsApp’s security systems, Congress leader Digvijaya Singh countered if the government had initiated any inquiry against the NSO Group, which licenses the spyware.
“There are three possibilities in the WhatsApp hacking case. One is that the government legally carried out surveillance. The second is that without the government’s knowledge, an illegal surveillance was done. Or third, the government itself carried out illegal surveillance,” Singh said in the Rajya Sabha demanding a Joint Parliamentary Committee to investigate the issue.
Singh asked whether the government or any of its agencies had illegally purchased the Pegasus software for surveillance, noting that if this did happen then it would be a violation of the Supreme Court’s privacy judgment. “If the government was not involved, then it would appear than NSO Group did the surveillance on its own, which becomes a national security issue,” Singh said.
He added that this is a time of cyber warfare, which can cause great harm to any nation, and pointed to the question of the cyber attack on the Kudankulam nuclear power plant reported last month, and whether the government knew who was responsible for it.
Singh went on to compare the WhatsApp surveillance to a car theft, stating that in this case the police knows the thief, but were busy questioning the owner of the car. . The Congress leader asked for details on those who were affected, and whether WhatsApp had given a list of those impacted to the government.
Read more: Congress demands JPC on WhatsApp row, Centre says digital players must erect appropriate security walls
Senior Congress leader Anand Sharma also raised the issue and asked whether there was any unauthorised intercepts by government agencies. “Besides authorised, have the government agencies made unauthorised use of this Pegasus spyware. Do you have any information? If yes, then please share the information with the house,” Sharma said.
Also read: Surveillance via WhatsApp: The case against Israeli spyware firm NSO, and how attack happened
It has been reported that NSO’s Pegasus spyware cannot be sold without authorisation from the Israeli defence ministry given it is classified as a cyber weapon. NSO itself claims it only sells the software to governments and law enforcement agencies for dealing with terrorism and the like.
While the minister did not answer whether the government had authorised the Pegasus surveillance or which agency sanctioned it, he said: “To the best of my knowledge, no unauthorised interception has been done.” Prasad said there is a standard operating procedure when it comes to interception.
The minister also said India would never compromise its data security. He said CERT-In had sought information from WhatsApp including the need to conduct an audit and inspection of WhatsApp’s security systems and processes on November 9. Further clarifications and details have been sought on November 26.
“We have told them (WhatsApp) that we want to conduct an audit and inspection of WhatsApp’s security systems and processes,” the IT minister said. He also said the government has sent a notice to NSO.
Prasad said digital players must erect appropriate security walls, failing which action would be taken against them. “During the high-level engagements like meeting of CEO Will Cathcart and VP Policy Nick Clegg of Whatsapp that took place with the ministry on July 26, 2019 and September 11, 2019, no mention was made by the high-level Whatsapp team regarding this vulnerability,” he told the House.
The minister also talked about the government’s discussions with WhatsApp regarding tracing of messages. “If there is provocation from any messages or communal violence happens, then you would have to tell the origin, who started it. We are having discussions with them,” said Prasad, adding that several such messages originated from Pakistan.
Explained: What is Israeli spyware Pegasus, which carried out surveillance via WhatsApp?
Prasad said it was a coincidence that the surveillance had happened as there were discussions happening on tracing Whatsapp messages.
He said the Supreme Court has upheld privacy as a fundamental right, but added that the apex court has also stated that a terrorist and a corrupt person cannot expect the right to privacy. He said there is a need to balance “competing interest of privacy and security” of the country.
As reported earlier, in May, WhatsApp identified and fixed a vulnerability and asked all users to update to the newer version of its apps across platforms, including Android and iOS versions of the app. Earlier this month, the Indian Express reported that WhatsApp had confirmed that individuals in India were targeted using the Pegasus spyware which exploited this vulnerability.
