A Parliamentary standing committee on Wednesday decided to hold discussions on the WhatsApp security breach after much dilly-dallying, reported PTI. While the Bharatiya Janata Party members of the panel were against taking up the matter, legislators of parties such as Lok Janshakti Party and YSR Congress Party were keen on a discussion.
Of the 25 members, 12 voted against taking up the matter, while 12 favoured a discussion, reported The Indian Express. Finally, Congress MP Shashi Tharoor, who heads the committee, voted in favour of discussing the contentious matter, as the chairperson gets a second vote in the event of a tie.
Last month, reports had revealed that a security breach on WhatsApp through a spyware had targeted several Indian journalists, lawyers and activists in a two-week period in May. The spyware used for the purpose was Pegasus, which is sold only to government agencies, according to its Israeli owner NSO Group.
The BJP members of the panel cited “jurisdiction issues” and pointed out that WhatsApp had not given information on the names of those targeted by the breach.
Earlier, Tharoor had written a letter to the panel members calling for discussion on the matter. He had said that the alleged use of technology for snooping was a matter of “grave concern”.
During Wednesday’s meeting, secretaries of the Ministry of Electronics and Information Technology, Ministry of Home Affairs and Department of Atomic Energy briefed the panel on “citizens’ data security and privacy”. When the committee members asked about the spyware sale, the bureaucrats reportedly gave evasive answers, according to Business Standard. The Department of Atomic Energy also apologised for the cyber security breach on the Kudankulam nuclear plant, and assured the committee that it will take steps to safeguard the systems.
On Tuesday, 17 of the human rights activists, scholars and journalists targeted by the spyware wrote to the Parliamentary Standing Committee on Information Technology, asking it to summon officials from relevant government departments to investigate unauthorised surveillance operations. They urged the panel to ask the officials if they had purchased and deployed Pegasus.
Activists Bela Bhatia, Degree Prasad Chouhan and Shalini Gera, academic and writer Anand Teltumbde, and Nagpur-based lawyer Nihalsing Rathod are among those who signed the letter. The letter’s signatories said their work involves “defending the rights of farmers, workers and marginalised communities like Adivasis, Dalits, and Muslims as well as the rights of those who have been wrongfully targeted and arrested in the so-called Bhima-Koregaon case”.
Pegasus was developed to hack into any phone simply through a missed call, predominantly via WhatsApp, giving the attackers unfettered access to the device, including location data, emails, passwords and even the ability to turn on its microphone and camera. NSO Group has disputed the allegations.
Earlier this month, WhatsApp said it had informed government authorities about the privacy breach in May. The tech company reportedly sent the Centre a second alert in September. It attached the two vulnerability notes in its response to a government notice last week.
India is WhatsApp’s biggest market with 400 million users. The platform is globally used by some 1.5 billion people monthly and has often advertised a high level of security, including end-to-end encrypted messages that cannot be deciphered by WhatsApp itself or other third parties.