Faced with a barrage of questions on the WhatsApp snooping controversy in Parliament Thursday, Minister for Communications, Electronics & Information Technology Ravi Shankar Prasad said there has been no unauthorised spying to the “best of my knowledge”. And that the government is committed to ensuring safety and security of online platforms such as WhatsApp. The minister asserted India would never compromise on data sovereignty.
Prasad also said the government wants to conduct an audit of WhatsApp’s security systems following revelations of Israeli spyware exploiting its vulnerabilities. The Indian Computer Emergency Team (CERT-In) “has clearly said that we want to audit your (WhatsApp’s) entire system… we have told them that we want to conduct an audit and inspection of WhatsApp’s security systems and processes,” Prasad said.
In response to pointed questions from Congress MPs Digvijaya Singh and Jairam Ramesh whether the government bought the Pegasus software, which was allegedly used for surveillance on over 100 people in India, Prasad said that all electronic interception of communications in India followed a standard operating procedure — and did not give a categorical denial to questions whether the government or any of its agencies had bought the spyware. When Congress MP Anand Sharma pressed on the issue that whether he was aware of government-authorised surveillance, Prasad said: “To the best of my knowledge, no unauthorised interception has been done.”
The disclosure follows a lawsuit filed in a US federal court in San Francisco in which WhatsApp alleged that the Israeli NSO Group targeted some 1,400 WhatsApp users with Pegasus.
While WhatsApp declined to reveal the identities and “exact number” of those targeted for surveillance in India, its spokesperson had told The Indian Express that WhatsApp was aware of those targeted and had contacted each one of them. “Indian journalists and human rights activists have been the target of surveillance and while I cannot reveal their identities and the exact number, I can say that it is not an insignificant number,” a WhatsApp spokesperson had said.
Digvijaya Singh raised the issue in the Rajya Sabha through a calling attention motion. Replying to another question in Rajya Sabha, Prasad said the government had, on November 26, issued notice to NSO Group seeking details on the malware.
On questions about privacy, the Minister invoked national security: “A terrorist has no right to privacy, a corrupt person has no right to privacy.”
He said that fundamental freedoms have to be operated under “reasonable restrictions” and referred to RJD MP Manoj Jha’s remark that the Government was using national security as “an elastic concept like chewing gum.”
“National security has been compared to chewing gum. We just witnessed the anniversary of 26/11 two days ago. Those who die for the country, we have to think about them as well. We have to balance (that) with privacy.”
According to the minister, when reports about the breach came in media, CERT-IN (Computer Emergency Response Team) on September 9 sought submissions from WhatsApp, including a need to conduct an audit and inspection of WhatsApp security system and process.
“The response from WhatsApp was received on November 18, 2019 and further clarification and technical details have been sought on November 26. “CERT-IN has also sent a notice to NSO Group on November 26, 2019 seeking details about the malware and its impact on Indian users,” he said.
Prasad said: “During the high-level engagements like meeting of CEO Will Cathcart and VP Policy Nick Clegg of WhatsApp that took place with the ministry on July 26, 2019 and September 11, 2019, no mention was made by the high level WhatsApp team regarding this vulnerability.” He added that the government was yet to receive names of people targeted by unnamed entities using Pegasus spyware. The minister underlined that digital players must erect appropriate security walls or be ready to face action.
“Any violation of the procedure is actionable in law. Anyone who has a problem can file and FIR or a formal complaint and the government will look into it. No unauthorised interception has been done,” he said.
Prasad also added that it seemed “too much of a coincidence” that the names that had “come out in the open have a chronic hatred against Narendra Modi”, a reference to the fact that a substantial number of those targeted by the WhatsApp vulnerability include activists and human rights lawyers.
“Our view is very clear. Whoever has a complaint, he can file a case, get damages of Rs 5 lakh, and send (the accused) to jail. The union government will cooperate fully in that enquiry. But government should not be involved in any fishing enquiry as it is a matter of Indian people’s respect,” he said.
Prasad said the global business community is welcome to do business in India but they would also have to acknowledge and understand that safety and security of Indians is indeed of prime importance.
“You can come to India for business, but there are sensitive and hyper-sensitive data and India would claim its right over that,” Prasad said, adding he would discuss this in detail once the Data Protection Law comes into force. The minister said the Bill will be introduced in Lok Sabha soon.
According to WhatsApp, the spyware was developed by NSO Group and had been used to snoop on about 1,400 users globally, including 121 users from India.
Digvijaya Singh demanded a Joint Parliamentary Committee (JPC) to be set up to probe the breach. Questioning the government’s role in the entire row, Singh said, “They should tell the House if people were spied upon. The government should tell us which journalists, activists were targeted in the breach. This is a violation of right of privacy…There are only three possibilities in the matter of Whatsapp hacking. First, the government legally engaged in espionage. Second, espionage happened illegally without the government’s knowledge. Or the government illegally engaged in espionage.”
BJP’s Rakesh Sinha said that India should consider developing a parallel social media platform, parallel to WhatsApp. CPI(M)’s K K Ragesh said that those who are being snooped upon are those questioning the government.
At least two dozen academics, lawyers, Dalit activists and journalists in India were contacted and alerted by WhatsApp that their phones had been under state-of-the-art surveillance for a two-week period until May 2019.