New Delhi: The government wants to conduct an audit of WhatsApp's security systems following revelations of Israeli spyware exploiting its vulnerabilities, IT Minister Ravi Shankar Prasad said but refused to say if the government had bought the spyware.
The Indian Computer Emergency Team (CERT-In) "has clearly said that we want to audit your (WhatsApp) entire system... we have told them that we want to conduct an audit and inspection of WhatsApp's security systems and processes," Prasad said in reply to a short duration discussion in Rajya Sabha over the spying controversy.
He, however, did not give a direct reply to Congress leader Digvijaya Singh's repeated query if the government had bought Pegasus spyware from Isreali firm NSO.
WhatsApp, last month, sued Israeli surveillance firm NSO Group, accusing it of helping those buying its spyware Pegasus break into the phones of roughly 1,400 users across four continents.
The targets of the hacking included diplomats, political dissidents, journalists, along with military and government officials. In India, 121 users are believed to have been compromised.
Prasad said cybersecurity agency CERT-In had sought information from WhatsApp including the need to conduct an audit and inspection of WhatsApp's security systems and processes on November 9, and further clarifications and details have been sought on November 26, following response from WhatsApp on November 18.
Stating that WhatsApp CEO had made no mention of vulnerability in their system by Pegasus spyware during his meeting with the Ministry, Prasad also warned digital players that they must erect appropriate security walls, failing to which appropriate action would be taken.
The Indian cybersecurity agency has also sent notice to NSO group on November 26, 2019 seeking details about the malware and its impact on Indian users, he said.
According to Prasad, WhatsApp reported an incident to CERT-In, wherein it mentioned that it had identified and promptly fixed a vulnerability that could enable an attacker to insert and execute code on mobile devices and that the vulnerability can no longer be exploited to carry out the attack.
Moreover, he also said that the government along with the USA, UK and Australia is in discussion with WhatsApp to identify the source of the message and videos which have violence.
The minister also said that several of such messages originated from Pakistan.
"I want to inform you that several times, many things start from Pakistan. Due to security reasons, I would not be able to share details," he said.
Prasad also said that the Supreme Court has upheld privacy as a fundamental right. However, the apex court has also stated that a terrorist and a corrupt person has no right to privacy.
He also said that there is a need to balance "competing interest of privacy and security" of the country.
"In the interest of the sovereignty and integrity of India, intercepts can be made of the people including their computer resource but this has to be authorised by the home secretary of the government of India," he said.
The minister also informed the Upper House that the work on Data Protection law is on progress and would be introduced very soon in Parliament.
