WhatsApp Snooping and Data Privacy | PDP Bill, 2018
Keywords: WhatsApp Snooping, Data Privacy, Snooping, Protection, Fundamental Rights
WRITTEN BY: SONALI SINGH
Introduction
The Personal Data Protection (PDP) Bill 2018 has not yet been introduced in India’s Parliament. Victims, lawyers, and other stakeholders must rely on the Information Technology Act of 2000 (IT Act) and its interpretation of privacy until the time it comes. The IT Act, while not as comprehensive as the PDP Bill, covers the subject to a degree. The Right to Privacy is safeguarded as a fundamental constitutional right under Articles 14, 19, and 21 of the Indian Constitution, according to Justice KS Puttaswamy’s groundbreaking decision. The nine-judge panel also agreed that “the right to privacy is safeguarded as an integral aspect of the right to life and personal liberty under Article 21 and as a part of the rights granted by Part III of the Constitution.”
The WhatsApp Snooping Incident
WhatsApp was utilized for digital espionage on over 1,400 persons in roughly 20 countries. Including India, by the Israel-based NSO Group Program and its program Pegasus. It is still unclear who hired the NSO Group to snoop on these individuals. WhatsApp has since filed a lawsuit in a federal court in the United States. According to the suit, the Israeli cyber spy business NSO Group used WhatsApp to target journalists and human rights activists. The majority of the victims were from Mexico, Bahrain, the United Arab Emirates, and India. Even Indian politicians are now claiming to be victims of the snooping scandal.
These types of cyber-surveillance firms are numerous, targeting their victims through seemingly innocent apps and mobile devices. The market for cyber surveillance is mostly unregulated. This case could pave the way for an end to the widespread surveillance that already exists.
IT Act
According to Section 70B of the IT Act, the government would establish an Indian Computer Emergency Response Team (Government Team). This government team will gather, analyze, and disseminate information about cyber events. As well as anticipate cyber security incident alerts, emergency responses to cyber security incidents, and coordination of cyber incident response activities. Under the statute, the Government Team may also create white papers and guidance on information security practices, processes, prevention, response, and reporting of cyber incidents.
WhatsApp and Government Team
The Indian government accused WhatsApp of not sharing the details of the WhatsApp spying incident with Indian officials. In response to Indian authorities, WhatsApp stated that it had told Indian authorities of the security issue in May 2019. The Indian authorities further say that WhatsApp failed to mention that the security vulnerability had also affected Indian residents. Pegasus had breached the security of a select targeted Indians, which WhatsApp had not disclosed. Only after WhatsApp filed the complaint did Indian authorities realize that Indian citizens were also victims.
WhatsApp and IT Act
Any security event should be immediately reported to the Government Team, according to Section 70B of the IT Act. Despite meeting with the government team, WhatsApp neglected to warn them about the security breach that targeted Indian activists and human rights advocates.
The Modus Operandi
It was difficult to tell whether or not the phones had been hacked. Anyone who utilized the NSO Group software to hack phones had to call their intended victim. Even if the target did not pick up the phone, NSO’s Pegasus software would be placed in it. Giving the owner of Pegasus access to the contents of the phone. A missed call to a London-based lawyer had tipped him off. And he was able to locate the digital spying software Pegasus on his phone.
WhatsApp said that it had notified all of the victims of the security breach. WhatsApp is also seeking a permanent restraining order against NSO Group and Pegasus. Pegasus was solely used by intelligence and law enforcement organizations in authorized anti-terrorism and crime-fighting efforts, according to the NSO Group. It was never utilized for personal or vengeful purposes. In reality, NSO Group stated that its software, Pegasus, has aided in the recent saving of thousands of lives.
The NSO Group also stated that it only sells Pegasus, a cyber-surveillance software, to governments with a terrible human-rights record. It was eager to point out, however, that it kept very few records of how its tools were used after they were in the hands of governments. NSO Group stated that they are only aware of the software being abused or if information appears in the media. Otherwise, the NSO group had a limited understanding of the Pegasus cyber-surveillance software’s usage pattern.
Whatever the outcome, this case will raise awareness about cyber-surveillance and privacy concerns. In the interest of innocent users, such cyber-surveillance software will be better moderated and controlled. This will lead to a thorough investigation of the situation.
CERT-In issued notice to WhatsApp seeking info on Pegasus spyware
Ramco Systems’ Global Head of Legal and Chief Data Protection Officer, K Satish Kumar, is a keynote speaker, author, and Ramco Systems’ Global Head of Legal. ‘Top 50 Legal Leaders 2019’ by Legal IP Gorilla in Singapore, ‘GC Power List India 2018’ by London-based Legal 500, and ‘Legal Counsel of the Year -2018’ by INBA are among the many honours he has received. Through Chennai Lawyers, he is actively involved in a variety of pro bono services.
New Delhi, Dec 1 (IANS) The WhatsApp snooping controversy, which involves the privacy invasion of 121 Indian users out of 1,400 worldwide via third-party Israeli Pegasus spyware. It has prompted serious questions about the government’s handling of such a sensitive issue in the absence of a robust digital legal framework.
The petitioner, KN Govindacharya, founder of the Rashtriya Swabhimaan Aandolan. Argued in a legal brief written to IT and Telecom Minister Ravi Shankar Prasad that the Minister’s remarks in the Rajya Sabha last week on the WhatsApp-Pegasus snooping case did not expose the entire facts.
In response to the Minister’s claim that no one has lodged a complaint with the IT Ministry. Regarding the WhatsApp Snooping spyware case. The memorandum stated that a petition was filed on behalf of Govindacharya in the Supreme Court on November 2. Requested an NIA investigation into the WhatsApp-NSO data leak, As well as perjury proceedings against WhatsApp and Facebook.
“In a previous case involving Cambridge Analytica, public data was exposed, and the government ordered an inquiry by the Central Bureau of Investigation on its own” (CBI). “However, no such action has been taken in this case,” the petition stated.
Prasad told Rajya Sabha that WhatsApp has even established its office in India.
Contentions by Petitioner
The petitioner argued that WhatsApp Inc is a company registered in the US and has been doing business in India for the last 10 years.
“Wait, WhatsApp doesn’t have a presence in India yet.” In his plea, RSS ideologue Govindacharya stated. “WhatsApp Application Services Private Limited is an Indian subsidiary with a different corporate personality and has no authority over the WhatsApp program, which is utilized by over 40 crore users in India.”
A third major point addressed by Prasad in the Rajya Sabha was the fact that WhatsApp has employed a Grievance Officer in India to handle customer complaints. The petitioner indicated unequivocally that the so-called Grievance Officer was appointed in the United States. And not in India, as the minister claimed.
After being chastised by the Supreme Court for failing to appoint a Grievance Officer and complying with other Indian regulations. WhatsApp appointed Komal Lahiri as the country’s Grievance Officer in September last year.
Lahiri, who works at WhatsApp’s headquarters in Menlo Park, California, can only be reached by email or regular mail.
“India, with the world’s largest user base, has become a data colony because all of our user’s data is being sent abroad,” the petition stated. The Supreme Court is slated to hear Govindacharya’s writ petition in the WhatsApp-NSO Group snooping case on December 2.
“In the lack of a strong digital law framework, global corporations such as WhatsApp and its parent company Facebook are abusing the data of India’s 40 million users.” For a long time, internet behemoths have fought against data privacy rules in the country. “India should pass a data protection law as soon as possible and issue IT Intermediary Rules,” Gupta told IANS.
Incident Reported by CERT-In by WhatsApp
According to an earlier statement from Prasad, the Computer Emergency Response Team (CERT-In) published a vulnerability advisory on May 17 warning users of workarounds for a vulnerability in WhatsApp. On May 20, WhatsApp reported an incident to the CERT-In, according to the Minister.
The Minister went on to say that WhatsApp wrote to CERT-In again on September 5 with an update on the security incident reported in May 2019. That while the exact details of the event are still being worked out. “It is evident that WhatsApp misled this Hon’ble Court into believing that its systems were safe,” according to the petition, which will be heard on December 2. WhatsApp intentionally withheld information on the NSO hacking from the Hon’ble Supreme Court, and thereby committed perjury.”
“With over 40 crore users, India is WhatsApp’s largest market. Facebook, which also owns Instagram, owns WhatsApp. In India, Facebook has over 30 million users, whereas Instagram has roughly 6.9 million.” As a result, it is apparent that Indian data, including governmental data, is being held on systems that have previously been breached, putting national security at risk” mentioned the government.
Mail us at edumoundofficial@gmail.com
