On snooping, Centre cites national security in House
Union minister Ravi Shankar Prasad on Thursday said that the government was pursuing WhatsApp and Israel-based NSO group for more information into the surveillance of Indian citizens, but cited national security when opposition lawmakers asked if the government or any of its agencies had purchased the Pegasus spying tool.
The Rajya Sabha discussion began on a “calling attention” motion moved by Congress MP Digvijaya Singh over the surveillance issue, which came to light in late October after makers of WhatsApp disclosed a widespread snooping operation carried out with the use of Pegasus, which exploited weaknesses in its systems.
WhatsApp has filed a lawsuit against the makers of Pegasus, the NSO Group, in a US court, over what it says was a “global campaign” targeting nearly 1,400 people including Indians.
Prasad opened the discussion with a statement detailing communications between WhatsApp, the government, and India’s cyber security agencies on the discovery of the weaknesses, and how it may have impacted Indian citizens. “In November, we asked WhatsApp for an audit and review of their security processes and Cert-IN has also sent a notice to NSO Group for details of its malware and its impact on Indian users,” Prasad said.
In a follow-up question after the statement, Singh asked Prasad to specify whether it was a government agency that purchased the tool Pegasus. “NSO Group says it sells only to government agencies. The government should tell us which agency bought it, how much was spent and under what head were the spends made?” Singh asked.
The question was repeated by five other Opposition members – DMK’s M Shanmugan and P Wilson, Trinamool Congress’s Nadimul Haque, Communist Party of India (Marxist)’s KK Ragesh and Rashtriya Janata Dal’s Manoj Kumar Jha, who asked the government to disclose if it was a client of NSO Group.
“They [the MPs] are asking for something very specific, and I have repeatedly said there is a standard operating procedure that is to be followed. It is a matter of national security,” Prasad said, only leading to some other MPs repeating the question. “In our Constitution, fundamental rights and freedoms are subject to reasonable restrictions. Article 19(1) gives the freedom of speech and express, assembly, association, movement etc. But 19(2) clearly states that in the interest of public order, these can be controlled. How we balance the competing interests of privacy with the security of the country is something the government, any government, needs to be alive to that,” Prasad added during his response.
“The fundamental question still remains. The government is right when it comes to authorised interception. Besides authorized [surveillance], have government agencies made unauthorized use of this spyware?” asked Congress member Anand Sharma.
“To the best of my knowledge, no unauthorised instance has been done,” Prasad replied.
Singh also demanded that a joint parliamentary committee be set up to investigate the issue. Last week, a parliamentary panel on information technology headed by Congress MP Shashi Tharoor decided to take up the WhatsApp breach to examine. The decision was made through a rare voting in the 31-member panel, which was won by a margin of 1. The panel is next expected to meet on December 4.
Experts said that lack of clarity on whether the government uses such tools may fuel concerns on whether the government is endorsing such surveillance. “NSO Group has said it only sells to the government. WhatsApp has also cited in its US court case a contract between NSO Group and the government of Ghana, which illustrates that such kind of software requires an export approval from the Israeli government. This really makes it hard for any person to deny that there could be no influence by the government in the use of such software,” said Apar Gupta, founder of Internet Freedom Foundation, a privacy and online liberties advocacy group.
Several human rights activists, lawyers and journalists in India came forward last month to say that they had been identified as targets of Pegasus. The incident triggered alarm among civil society groups as well as privacy activists. Cyber security researchers have expressed worry over how people could be targeted – the hack was carried out by a video call. Even a missed video call was enough for the malware to be embedded into the target’s phone, from where data – including microphone and camera access – could be gained.
NSO Group has denied allegations of wrongdoing and said it sells its Pegasus software only to government and law enforcement agencies for surveillance.
HT reported on Thursday that the government plans to cite the Pegasus incident to push a rule to compel companies to store digital user data of Indians locally in order to have better control over it. Privacy experts, however, have said the plan comes with fears that surveillance by government will become easier, while digital companies such as Facebook and Amazon have flagged the increased costs that would come with such a compulsion.