IT Minister Ravi Shankar Prasad told Parliament on Thursday, 28 November that a WhatsApp CEO-led delegation had not mentioned about any vulnerability of their system during their meetings with the ministry, and that the government was yet to receive the names of people targeted by unnamed entities using Pegasus spyware.
Replying to a question in Rajya Sabha, Prasad said the government had issued notice to Israeli technology firm NSO Group, which created Pegasus, on 26 November, seeking details about the malware and its impact.
The minister also said digital players must erect appropriate security walls or be ready to face action.
He was replying to a special mention by Congress MP Digvijay Singh on the use of the spyware against some Indians.
Notice to NSO Over Malware’s Impact on Indian Users
“During the high level engagements like meeting of CEO Will Cathcart and VP Policy Nick Clegg of WhatsApp that took place with the ministry on 26 July 2019 and 11 September 2019, no mention was made by the high level WhatsApp team regarding this vulnerability,” Prasad said in a statement.
According to the minister, when reports about the breach came in media, CERT -IN (Computer Emergency Response Team) on 9 September sought submissions from WhatsApp, including a need to conduct an audit and inspection of WhatsApp security system and process.
“The response from WhatsApp was received on 18 November 2019 and further clarification and technical details have been sought on 26 November 2019,” he said.
Prasad continued, “CERT-IN has also sent a notice to NSO Group on 26 November, 2019 seeking details about the malware and its impact on Indian users.”
Prasad also said that the government is committed to ensure safety and security of online platforms such as WhatsApp.
He also said that the government is also working to strengthen the Information Technology (Intermediaries Guidelines) Rules 2011.
Govt Calls On Global Community to Do Business in India
The minister asserted India would never compromise its data security.
Replying to concerns raised by some members, Prasad said the global business community is welcome to do business in India but they would also have to acknowledge and understand that safety and security of Indians is indeed of prime importance.
"You can come to India for business, but there are sensitive and hyper-sensitive data and India would claim its right over that," Prasad said, adding he would discuss in detail once the Data Protection Law comes into force.
The minister said the Bill will be introduced in Lok Sabha soon.
According to WhatsApp, the spyware was developed by Israel-based NSO Group and had been used to snoop on about 1,400 users globally, including 121 users from India.
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)