Government tells WhatsApp to provide details regarding breach of security

“Government of India is concerned at the breach of privacy of citizens of India on the messaging platform WhatsApp. We have asked WhatsApp to explain the kind of breach and what it is doing to safeguard the privacy of millions of Indian citizens," electronics and information technology minister Ravi Shankar Prasad said on Twitter.

At least two dozen Indian journalists, activists, lawyers and academics were targeted for surveillance, The Indian Express newspaper reported on Thursday. The Indian breach was reported after WhatsApp sued Israeli surveillance firm NSO Group on Tuesday, accusing it of helping government spies break into the phones of roughly 1,400 users across four continents in a hacking spree whose targets included diplomats, political dissidents, journalists and senior government officials.

WhatsApp director of communications Carl Woog declined to give names and numbers, but said: “Indian journalists and human rights activists have been the target of surveillance and while I cannot reveal their identities and the exact number, I can say it is not an insignificant number."

In a lawsuit filed in San Francisco, WhatsApp, owned by Facebook, accused NSO of facilitating government hacking sprees in 20 countries, naming Mexico, the United Arab Emirates and Bahrain.

Prasad said in his tweet, “Government agencies have a well established protocol for interception, which includes sanction and supervision from highly ranked officials in central and state governments, for clear stated reasons in national interest."

NSO denied the allegation, saying, “The sole purpose of NSO is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime."

The issue took on a political colour in India after the opposition Congress’s chief spokesman, Randeep Surjewala, said in a series of tweets: “Modi govt caught snooping! Appalling but not Surprising! After all, BJP Govt- 1. Fought against our right to privacy. 2. Set up a multi crore Surveillance Structure until stopped by SC."

Prasad hit back, saying: “Those trying to make political capital out of it need to be gently reminded about the bugging incident in the office of the then eminent finance minister Pranab Mukherjee during UPA regime. Also a gentle reminder of the spying over the then Army Chief Gen. V.K. Singh. These are instances of breach of privacy of highly reputed individuals, for personal whims and fancies of a family."

A PTI report said WhatsApp has been asked to furnish its response by 4 November.

On the security aspect, however, the Centre remained non-committal, saying only that any breach of privacy would be dealt with strictly.

“Some statements have appeared regarding breach of privacy of Indian citizens on WhatsApp. These reports to malign the government of India are completely misleading. The government is committed to protect the fundamental rights of citizens including right to privacy and will take strict action against any intermediary responsible for the breach of privacy," central government officials said on condition of anonymity. They added that the government “operates strictly as per provisions of law and laid down protocols. There are adequate safeguards to ensure that no innocent citizen is harassed or his privacy breached".

The controversy dates back to May, when the Financial Times reported a vulnerability in WhatsApp, which allowed attackers to hack into people’s smartphones using a commercial spyware called Pegasus developed by NSO Group, which also goes by the name Q Cyber Technologies.

After investigating the attack with assistance from experts at Citizen Lab, a cybersecurity research laboratory based at the University of Toronto, and an NSO employee, WhatsApp filed a lawsuit against NSO Group seeking permanent injunction to ban the firm from using WhatsApp. The company told the court that NSO sent malware to 1,400 mobile devices to conduct surveillance of specific WhatsApp users. After the hackers were unable to break the platform’s end-to-end encryption, they used the malware to access messages and communication after they were decrypted.

Citizen Lab told Reuters the targets included well-known television personalities, prominent women who had been subjected to online hate campaigns and people who had faced “assassination attempts and threats of violence".

Citizen Lab claims spyware such as Pegasus is being sold to government clients without appropriate controls over how they are using them.

PTI and Reuters contributed to this story.