The Ministry of Home Affairs on Tuesday did not provide a direct answer when asked in the Lok Sabha if it had used the Pegasus spyware to intercept WhatsApp calls and messages of Indians activists and journalists. Instead, the ministry listed the laws that empower it to intercept information based on certain conditions.

Dravida Munnetra Kazhagam MP Dayanidhi Maran had asked the Centre a series of questions about the topic, which were answered by Minister of State for Home Affairs G Kishan Reddy in writing. Last month, reports had revealed that a security breach on WhatsApp had targeted several Indian journalists, lawyers and activists in a two-week period in May. The spyware used for the purpose was Pegasus, which is sold only to government agencies, according to its Israeli owner NSO Group.

Reddy said the government has the power to intercept, monitor and decrypt any information in national interest under Section 69 of the Information Technology Act, 2000. He also listed 10 government agencies authorised to intercept messages in the public interest after following the due process set out under Section 5 of the Indian Telegraph Act, 1885.

Dayanidhi Maran had also sought to know the protocols followed by the government to tap WhatsApp calls and messages. He also asked if the government taps calls and messages on other social media platforms such as Facebook Messenger, Viber and Google.

Reddy said no agency had “blanket permission” for interception, monitoring or decryption. Permission from the competent authority was necessary in each case, he added.

17 targeted individuals write to parliamentary panel

Meanwhile, 17 of the human rights activists, scholars and journalists targeted by the spyware wrote to the Parliamentary Standing Committee on Information Technology on Tuesday, asking it to summon officials from relevant government departments to investigate unauthorised surveillance operations. They urged the panel to ask the officials if they had purchased and deployed Pegasus.

The standing committee is scheduled to meet on Wednesday, ANI reported. It is headed by Congress leader Shashi Tharoor.

The letter’s signatories said their work involves “defending the rights of farmers, workers and marginalised communities like Adivasis, Dalits, and Muslims as well as the rights of those who have been wrongfully targeted and arrested in the so called Bhima-Koregaon case”.

They said illegal surveillance was a violation of their “fundamental right to privacy” and compromised the security of their families, colleagues and every person communicating with them through mobile phones. The Pegasus attacks have serious implications for national security, the activists added.

“The fact that foreign private companies and other foreign actors have penetrated the national telecommunications infrastructure without detection by Indian security agencies, and now possess the ability to access and extract the most intimate details of so many Indian citizens, is a violation of international norms and is a direct attack on our national sovereignty,” said the activists.

Activists Bela Bhatia, Degree Prasad Chouhan and Shalini Gera, academic and writer Anand Teltumbde, and Nagpur-based lawyer Nihalsing Rathod are among those who signed the letter. They posed eight questions about the attacks and sought an opportunity to provide oral testimony before the committee.

Pegasus was developed to hack into any phone simply through a missed call, predominantly via WhatsApp, giving the attackers unfettered access to the device, including location data, emails, passwords and even the ability to turn on its microphone and camera. NSO Group has disputed the allegations.

Earlier this month, WhatsApp said it had informed government authorities about the privacy breach in May. The tech company reportedly sent the Centre a second alert in September. It attached the two vulnerability notes in its response to a government notice last week.

India is WhatsApp’s biggest market with 400 million users. The platform is globally used by some 1.5 billion people monthly and has often advertised a high level of security, including end-to-end encrypted messages that cannot be deciphered by WhatsApp itself or other third parties.

Also read:

  1. WhatsApp spyware: How many people have been targeted by the Pegasus hack?
  2. Can the government confirm it did not use WhatsApp spyware on Indians?
  3. Where is the personal data protection law that Indians were promised?

Now, follow and debate the day’s most significant stories on Scroll Exchange.