The Narendra Modi government on Thursday said that it was planning to carryout a security audit of WhatsApp despite giving no straight answers on whether it used the Pegasus software to spy on over 40 individuals.
Law and IT minister Ravi Shankar Prasad beat around the bush and never got to the point, despite questioning from the Opposition, but was quoted by Reuters as saying in Parliament, The Indian Computer Emergency Team (CERT-In) “sought submission of information from WhatsApp on November 9, 2019, including a need to conduct an audit and inspection of WhatsApp’s security systems and processes.”
The Reuters report said that WhatsApp had declined to comment on such an audit.
HuffPost India had reported that the lawyers of many activists arrested under the controversial Bhima Koregaon case had also been spied on. Newslaundry and other organisations reported that Bela Bhatia, Anand Teltumbde and other prominent activists were also affected.
The fact that people’s phones were hacked into came to light when WhatsApp sued Israeli surveillance firm NSO Group — who makes the Pegasus spyware — accusing it of helping clients break into the phones of about 1,400 users across the world. Those hacked included journalists, activists, government officials and military people.
An unnamed source from Facebook-owned WhatsApp had told Hindustan Times that former Union minister Praful Patel and former Lok Sabha MP Santosh Bhartiya were among 41 people they had identified as having been spied on—of this group, 21 were journalists, lawyers and activists, the person told HT.
The scary part is that NSO makes this spyware only and only for use by governments. But, Prasad remaind tightlipped, and did not provide a yes or no answer to whether the Modi government bought this software. He told Parliament, “In the interest of sovereignty and safety of India, data can be intercepted as per the IT law.”
While Congress tried to get an answer from him, Prasad maintained, “If they (enforcement agencies) have to, they do it only through a standard operating procedure. Oversight is there.”
Even when the news of the hacking had made headlines, the home ministry had cited section 69 of the Information Technology Act, 2000, that empowers the Central Government or a State Government to intercept, monitor or decrypt people’s phone or other devices.
Huffpost India had found the user manual for the software that showed it gives the interceptor access to everything on a person’s phone. The guide specifically highlights why a government would choose this spyware over other options.