Days after the Parliamentary Standing Committee on Information Technology voted on pursuing the issue of data privacy and the WhatsApp breach case, the committee has asked WhatsApp representatives to depose before it on the issue.
The committee is also scheduled to hear cyber security experts and representatives from the Department of Telecommunications (DoT) and Home Ministry, and Delhi’s Chief Secretary on Wednesday. The topic is listed as “citizens data security and privacy”.
In October, The Indian Express had reported about the WhatsApp accounts of 121 Indian citizens being surveilled through Pegasus — a software developed by Israeli cyber firm NSO Group. The group has claimed that it only offers it services to government agencies.
In the committee’s first hearing in November, sharp political differences emerged as BJP members objected to the committee having jurisdiction over the topic, citing parliamentary procedure rules. It is learnt that 12 non-BJP members, including from BJP-allied parties, voted to discuss the matter, while 12 BJP members voted against it. The committee’s chairman Shashi Tharoor broke the tie with his second vote in favour of discussion.
Since the debate took roughly two hours of the meeting, the senior MHA representative had to leave before he could be summoned. Some committee members, who want to know who bought the software from the NSO Group, later commented that the drawn out debate over jurisdiction led the representative, who might have had information on that question, to leave.
At the first meeting, it is learnt that the IT Ministry laid out the known facts of the WhatsApp breach case, and the legal parameters allowing government surveillance of mobile phones.
Certain committee members also said they would seek the direction of the Secretariat to understand if the question of jurisdiction could be re-opened by BJP members, further stalling discussion, as well as the rules around the committee calling upon state officials who might have more knowledge of the breach, given that surveillance at the state level only requires state approval.