Government Wants to Conduct Audit of WhatApp Security System

Government Wants to Conduct Audit of WhatApp Security System

The government wants to conduct an audit of WhatsApp’s security systems following revelations of Israeli spyware exploiting its vulnerabilities, IT Minister Shri Ravi Shankar Prasad said but refused to say if the government had bought the spyware.

This News is Brought You By

The Indian Computer Emergency Team (CERT-In) has said that they want to audit WhatsApp system &  want to conduct an inspection of security systems & processes, he said in reply to a short duration discussion in Rajya Sabha over the spying controversy.

WhatsApp, last month, sued Israeli surveillance firm NSO Group, accusing it of helping those buying its spyware Pegasus break into the phones of roughly 1,400 users across four continents.

The targets of the hacking included diplomats, political dissidents, journalists, along with military and government officials. In India, 121 users are believed to have been compromised.

The minister said cybersecurity agency CERT-In had sought information from WhatsApp including the need to conduct an audit and inspection of WhatsApp’s security systems and processes on 9th November and further clarifications and details have been sought on 26th November 2019, following response from WhatsApp on 18 November.

Ravi Shankar Prasad

Stating that WhatsApp CEO had made no mention of vulnerability in their system by Pegasus spyware during his meeting with the Ministry, Prasad ji also warned digital players that they must erect appropriate security walls, failing to which appropriate action would be taken.

During the high-level engagements like meeting of CEO Will Cathcart and VP Policy Nick Clegg of Whatsapp that took place with the Ministry on 26 July, 2019 and 11 September, 2019, no mention was made by the high-level Whatsapp team regarding this vulnerability, said Prasad ji in a statement.

The Indian cybersecurity agency has also sent notice to NSO group on 26 November, 2019 seeking details about the malware and its impact on Indian users, he said.

According to the minister, WhatsApp reported an incident to CERT-In, wherein it mentioned that it had identified and promptly fixed a vulnerability that could enable an attacker to insert and execute code on mobile devices and that the vulnerability can no longer be exploited to carry out the attack.

Moreover, he also said that the government along with the USA, UK and Australia is in discussion with WhatsApp to identify the source of the message and videos which have violence.

“If there is provocation from any messages or communal violence happens, then you would have to tell the origin, who have started it. We are having discussions with them,” said Prasad asserting that they would have to tell the law enforcement agencies about the origin of the rogue message.

According to the minister, when the discussion was on, NSO espionage happened and this was a coincidence.

He also said that the Supreme Court has upheld privacy as a fundamental right. However, the apex court has also stated that a terrorist and a corrupt person has no right to privacy.

He also said that there is a need to balance “competing interest of privacy and security” of the country.

“In the interest of the sovereignty and integrity of India, intercepts can be made of the people including their computer resource but this has to be authorised by the home secretary of the government of India,” he said.

The minister also informed the Upper House that the work on Data Protection law is on progress and would be introduced very soon in Parliament.

The Minister also said that India would never compromise its data security. He also stated that digital companies are welcome to do the business in India but they would also have to acknowledge and understand that safety and security of Indians are of prime importance.

Related posts