What has happened?
The Centre has sought an explanation from messaging platform WhatsApp after the Facebook-owned company confirmed that some Indian users of its app came under surveillance using an Israeli spyware. Most targeted in India were journalists, Dalit and human rights activists and lawyers.

Response by Whatsapp
WhatsApp filed a complaint in a U.S. court earlier this week attributing the intrusion to NSO Group, an Israeli technology firm, which claims on its website that its products are used “exclusively” by government intelligence and law enforcement agencies “to fight crime and terror.”

Response by Indian government
Information Technology Minister Ravi Shankar Prasad said the government has asked WhatsAapp to “explain the kind of breach and what it is doing to safeguard the privacy of millions of Indian citizens.”

He said government agencies had a well-established protocol for interception, which included sanction and supervision from highly ranked officials in Central and State governments, for clearly stated reasons in national interest.

The Ministry of Home Affairs (MHA) said the government was committed to protecting fundamental rights of citizens and “reports of breach of privacy of Indian citizens on WhatsApp were attempts to malign the government and are completely misleading.” An MHA official said the government would take strict action against any intermediary responsible for breach of privacy of citizens.

Meanwhile, in a response to an RTI request filed by activist Saurav Das on October 23, asking questions over whether or not the government has purchased Pegasus or intends to do so in the future, the MHA stated that it had no information in this regard.

The use of the spyware in question, named Pegasus, via WhatsApp was first identified in May this year. The spyware exploited a vulnerability in WhatsApp’s video-call feature that allowed attackers to inject the spyware on to phones simply by ringing the number of a target’s device.

The person did not even have to answer the call. Once Pegasus is installed, it can access the targeted users’ private data, including passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps. Following this, the U.S.-based firm announced that it had addressed the vulnerability and issued an update for its application.

Mobiles hit
In the investigations that followed, WhatsApp found that a total of 1,400 mobile numbers and devices were impacted globally. These included attorneys, journalists, human rights activists, political dissidents, diplomats, and other senior foreign government officials.

In its complaint filed with the federal court, WhatsApp has stated, “According to public reporting, Defendants’ [NSO Group] clients include, but are not limited to, government agencies in the Kingdom of Bahrain, the United Arab Emirates, and Mexico as well as private entities.”

NSO Group spyware is being sold to government clients without appropriate controls over how it is employed by those clients. They are, in turn, using NSO’s technology to hack into the devices of members of civil society, including journalists, lawyers, political opposition, and human rights defenders — with potential lethal consequences.

Source: The Hindu

Relevant for GS Prelims & mains Paper III; Internal Security