Facebook isn’t new to privacy scrutiny. The CEO of the Californian social media company was recently interrogated by the American Congress not once, but twice owing to privacy concerns. India too is grappling with issues, especially with the Facebook-owned WhatApp’s ‘Pegasus’ snoopware coming to the spotlight. The firm has told the Indian government that the computing malware affected 20 out of 121 WhatsApp users.
Pegasus has been around for approximately three years and. It works by sending a link, and if the target user clicks on it, it is installed on the user’s device. Once installed, it begins to contact control servers which allow it to relay commands so one can gather data from the infected device. It has the potential to steal your passwords, contacts, text messages, calendar info, as well as voice calls made through messaging apps, in this case, WhatsApp.
WhatsApp said to the government on November 18 that the attack on users was of a high order of complexity and sophistication. “(Due to) WhatsApp’s limited visibility into certain aspects of the attack, WhatsApp’s investigations into the attack are ongoing.
The government noted that WhatsApp said, “121 users is where the attempts were made while 20 users are where the attempt seems to have been successful.”
“The government is committed to protecting the fundamental rights of citizens, including the right to privacy. The government operates strictly as per provisions of law and laid down protocols,” Union minister of electronics and information technology Ravi Shankar Prasad said in a written response.
WhatsApp told the government that it could have communicated the issue better to the Indian authorities, it said in a statement, in a departure from its earlier stance on the issue. On September 5th, 2019, WhatsApp wrote to CERT-In mentioning an update to the security incident reported in May, and that while the full extent of this attack may never be known, WhatsApp continued to review the available information, according to the response.
In a piece of separate news, Prasad said, “The government is working on the Personal Data Protection Bill to safeguard the privacy of citizens, and it is proposed to table it in Parliament.” It informed Parliament that there was no proposal to link Aadhaar with social media accounts of individuals, and said that Section 69A of the Information Technology Act, 2000, empowers the government to block data under certain conditions, such as public order and security of the state.