Telecom and IT minister Ravi Shankar Prasad on Thursday told the Rajya Sabha that the government has issued notice to Israeli technology firm NSO Group, which created Pegasus, on November 26, seeking details about the malware and its impact in the WhatsApp snooping case which came to light last month.
Replying to a question, Prasad said a delegation led by WhatsApp CEO had not mentioned about any vulnerability of their system during their meetings in July and September with officials, and the government was yet to receive the names of people targeted by unnamed entities using Pegasus spyware.
“During the high-level engagements like meeting of CEO Will Cathcart and V-P (policy) Nick Clegg of WhatsApp that took place with the ministry on July 26 and September 11, 2019, no mention was made by the high-level WhatsApp team regarding this vulnerability,” Prasad said.
According to the minister, when reports about the breach were reported in the media, CERT-IN (Computer Emergency Response Team) on September 9 sought submissions from WhatsApp, including a need to conduct an audit and inspection of WhatsApp security system and process.
“The response from WhatsApp was received on November 18, 2019, and further clarification and technical details have been sought on November 26, 2019. CERT-IN has also sent a notice to NSO Group on November 26, 2019, seeking details about the malware and its impact on Indian users,” he said.
Prasad reiterated that the government is committed to ensure safety and security of online platforms such as WhatsApp. He also said the government is also working to strengthen the Information Technology (Intermediaries Guidelines) Rules 2011.
The minister asserted India would never compromise its data security. On concerns raised by some members, Prasad said the global business community is welcome to do business in India but they would also have to acknowledge and understand that safety and security of Indians is indeed of prime importance. “You can come to India for business, but there are sensitive and hyper-sensitive data and India would claim its right over that,” he said, adding that he would discuss in detail once the Data Protection Law comes into force.
According to WhatsApp, the spyware was developed by Israel-based NSO Group and had been used to snoop on about 1,400 users globally, including 121 from India.