A group of 19 journalists, human rights activists and writers targeted by a spyware developed by Israeli company NSO Group have written a letter to the government, asking it to reveal whatever information it has about the cyber attack, other methods of mass surveillance, and the identity of the suspects.

The spyware, named Pegasus, was used to hack into any phone simply through a missed call, predominantly via WhatsApp, giving the attackers unfettered access to the device, including location data, emails, passwords and even the ability to turn on its microphone and camera. According to a report, 121 Indians were affected in the privacy breach.

“The knowledge that we have all been under surveillance by an unknown entity and that our intimate details, personal conversations, financial transactions etc. were being spied upon is deeply disturbing,” said the signatories to the letter. “This violates our fundamental right of privacy, and compromises not only our security, but also of those in our extended network of family, friends, colleagues, clients, sources etc.”

The group said it was “a matter of public concern whether Indian tax payer money has been spent on this kind of cyber surveillance requiring the expenditure of crores of rupees and a vast infrastructure of information technology”. They said international private corporations, among other foreign players, had penetrated all levels of telecommunication channels in India “and have the ability to access the most intimate details of so many Indian citizens”. This “threatens our national sovereignty”, they added.

Among the signatories are activists Bela Bhatia, Degree Prasad Chouhan, Shalini Gera, and Seema Azad.

WhatsApp filed a lawsuit against NSO Group last week, accusing it of helping government spies break into the phones of roughly 1,400 users, including political dissidents, journalists and government officials, across the world. The company denied the allegations.

The signatories to the letter asked the government whether it was “aware of any contract between any of its various ministries, departments, agencies, or any state government, and the NSO group or any of its contractors to deploy Pegasus or related malware” for operations within India.

“If so, then the details of such a contract, including its total value and the contracting agencies should be placed in the public domain, including information regarding the monitoring and oversight to which these operations have been subjected in order to prevent their abuse,” they added. “And if indeed, the Government of India had no information of any such surveillance, then the public should be fully informed of all the steps being taken to identify the culprits behind these cyber-attacks and to secure our telecommunication channels to prevent such an attack in the future.”

A “responsible government” should ensure the security of all its citizens, the group added.

On October 30, the Centre had asked WhatsApp to explain the nature of the breach and the steps taken to protect Indian users by November 4. In response, the Facebook-owned messaging platform attached both a vulnerability note filed in May and a letter it sent to the government in September in which it reportedly alerted the Centre about the hacking.

Now, follow and debate the day’s most significant stories on Scroll Exchange.