Question : Mobile Phone Data

Will the Minister of Electronics & Information Technology be pleased to state:-

(a) whether the Government has taken note of the fact that a spyware/malware ‘Pegasus’ of Israel-based NSO group has reportedly been used to infect/spy/steal mobile phone data of many human rights activists, journalists and other eminent persons of the country;

(b) if so, the details thereof, State/UTwise along with the reasons therefor and the reaction of the Government thereto;

(c) whether the said breach of privacy has affected many people across the world and if so, the details thereof and the number of Indian citizens affected by this spyware;

(d) whether the Government has taken cognizance of the reports of alleged use and purchase of the Pegasus spyware by Government agencies and if so, the details thereof along with the reaction of the Government thereto;

(e) whether the Government has asked WhatsApp to explain the aforesaid spyware attack and if so, the details thereof and the response received by the Government thereon;

(f) whether the Government had received prior intimation in this regard from social media owners like WhatsApp, Facebook and if so, the details thereof along with the date on which such intimation was received and the action taken in this regard; and

(g) whether the Government proposes to enact any law to safeguard the privacy of citizens from similar attacks as mandated by the apex court and if so, the details thereof along with the other steps taken/being taken by the Government in this regard?

(a) to (g): A Statement is laid on the Table of the House.


STATEMENT REFERRED TO IN REPLY TO LOK SABHA STARRED QUESTION
NO. *47 FOR 20-11-2019 REGARDING MOBILE PHONE DATA
......

(a), (b) and (c) : Yes, Sir. Government has taken note of the fact that a spyware/malware has affected some Whatsapp users. According to WhatsApp, this spyware was developed by an Israel based company NSO Group and that it had developed and used Pegasus spyware to attempt to reach mobile phones of a possible number of 1400 users globally that includes 121 users from India.

(d) : Some statements have appeared, based on reports in media, regarding this. These attempts to malign the Government of India for the reported breach are completely misleading. The Government is committed to protect the fundamental rights of citizens, including the right to privacy. The Government operates strictly as per provisions of law and laid down protocols. There are adequate provisions in the Information Technology (IT) Act, 2000 to deal with hacking, spyware etc.

(e) and (f) : The Indian Computer Emergency Response Team (CERT-In) published a vulnerability note on May 17, 2019advising countermeasures to users regarding a vulnerability in WhatsApp. Subsequently, on May 20, 2019 WhatsApp reported an incident to the CERT-In stating that WhatsApp had identified and promptly fixed a vulnerability that could enable an attacker to insert and execute code on mobile devices and that the vulnerability can no longer be exploited to carry out attacks.

On September 5, 2019 WhatsApp wrote to CERT-In mentioning an update to the security incident reported in May 2019, that while the full extent of this attack may never be known, WhatsApp continued to review the available information. It also mentioned that WhatsApp believes it is likely that devices of approximately one hundred and twenty one users in India may have been attempted to be reached. Based on media reports on 31st October, 2019, about such targeting of mobile devices of Indian citizens through WhatsApp by spyware Pegasus, CERT-In has issued a formal notice to WhatsApp seeking submission of relevant details and information.

(g) : Ministry of Electronics & Information Technology is working on the Personal Data Protection Bill to safeguard the privacy of citizens, and it is proposed to table it in Parliament.


*******