New Delhi:
Union Minister for Electronics and Information Technology, Ravi Shankar Prasad on Wednesday assured that the Government is committed to protect the fundamental rights of citizens, including the right to privacy. Some statements have appeared, based on reports in media, regarding this. These attempts to malign the Government of India for the reported breach are completely misleading. Ministry of Electronics & Information Technology is working on the Personal Data Protection Bill to safeguard the privacy of citizens, and it is proposed to table it in Parliament, he added.
This he said in a written statement to a starred question sought to be raised in the Lok Sabha by AIMIM members Asaduddin Owaisi and Syed Imtiaz Jaleel on the issue of Mobile Phone Data. Owaisi and Jaleel wanted to know “whether the Government has taken note of the fact that a spyware/malware ‘Pegasus’ of Israel-based NSO group has reportedly been used to infect/spy/steal mobile phone data of many human rights activists, journalists and other eminent persons of the country.”
Meanwhile, sources in the government disclosed that WhatsApp has written to Government of India (GoI) expressing regret over the issue, CERT-In is examining the issue. “The government is committed to security and safety of its citizens. Government expects WhatsApp to reinforce its security wall. Any more breach in WhatsApp will not be tolerated”, government sources added.
In his reply Prasad said that the government has taken note of the fact that a spyware/malware has affected some WhatsApp users. “According to WhatsApp, this spyware was developed by an Israel based company NSO Group and that it had developed and used Pegasus spyware to attempt to reach mobile phones of a possible number of 1,400 users globally that includes 121 users from India”, he said.
The Union Minister for Electronics and Information Technology stated that the Government operates strictly as per provisions of law and laid down protocols. There are adequate provisions in the Information Technology (IT) Act, 2000 to deal with hacking, spyware etc.
Prasad disclosed that the Indian Computer Emergency Response Team (CERT-In) published a vulnerability note on May 17, 2019 advising countermeasures to users regarding a vulnerability in WhatsApp. Subsequently, on May 20, 2019 WhatsApp reported an incident to the CERT-In stating that WhatsApp had identified and promptly fixed a vulnerability that could enable an attacker to insert and execute code on mobile devices and that the vulnerability can no longer be exploited to carry out attacks.
The Union Minister for Electronics and Information Technology further stated that on September 5, 2019 WhatsApp wrote to CERT-In mentioning an update to the security incident reported in May 2019, that while the full extent of this attack may never be known, WhatsApp continued to review the available information.
It also mentioned that WhatsApp believes it is likely that devices of approximately 121 users in India may have been attempted to be reached. Based on media reports on 31st October, 2019, about such targeting of mobile devices of Indian citizens through WhatsApp by spyware Pegasus, CERT-In has issued a formal notice to WhatsApp seeking submission of relevant details and information.
