WhatsApp says it alerted Centre of privacy breach in May, government refutes it
The Facebook-owned company claimed it had ‘notified relevant Indian and international government authorities’ months ago.
WhatsApp on Friday said it had in May informed government authorities about a privacy breach that affected some Indian users, ANI reported. A day earlier, the Centre had issued a notice to the Facebook-owned company asking for an explanation on the hack.
“Our highest priority is the privacy and security of WhatsApp users,” ANI quoted a WhatsApp spokesperson as saying. “In May, we quickly resolved a security issue and notified relevant Indian and international government authorities. We agree with the government of India, it is critical that together we do all we can to protect users from hackers attempting to weaken security.”
However, the government has countered this. In May, WhatsApp had reportedly sent information to the Indian Computer Emergency Response Team, or CERT-IN, which was in “pure technical jargon” and contained no “mention of Pegasus (the spyware) or the extent of the breach”, ANI reported. “The information shared was only about a technical vulnerability but nothing on the fact that privacy of Indian users had been compromised,” The Hindu quoted a government official as saying.
Following the communication from the Facebook-owned company, CERT-IN had posted a vulnerability note in May, on a vulnerability in WhatsApp, The Indian Express reported. This had not mentioned any security breaches either.
The official also told the English daily that the messenger company’s unwillingness to be transparent about security matters maybe considered when the government has to approve WhatsApp payment services in India. The official pointed out that this came amid growing demands for traceability and WhatsApp to be more accountable, from other countries such as the United States, United Kingdom and Australia as well.
WhatsApp’s Chief Executive Officer Chris Daniels had met Telecom and Information Technology Minister Ravi Shankar Prasad in July, and Nick Clegg, vice-president for global affairs and communications at Facebook, had met Prasad in September, but no mention of the security breaches were made.
The security breach
On Thursday, reports revealed that several members of the civil society in India may have been the targets of surveillance through a spyware, Pegasus, purportedly developed by an Israeli cyber intelligence firm NSO Group. Pegasus was used to target around 1,400 users globally during a two-week period in May.
The Israeli firm refuted the allegations and claimed that it has sold Pegasus only to government agencies. Following reports, the Ministry of Communications and Information Technology sought WhatsApp’s response on the security breach by November 4.
Ravi Shankar Prasad, who is in charge of the IT ministry, said on Thursday that the government was concerned about the breach, and that state agencies have a well-established protocol for interception for clearly stated reasons in national interest.
Opposition parties have meanwhile accused the government of snooping on citizens.