The ‘Pegasus-WhatsApp’ issue has found another mention in the Supreme Court as a petition sought Reserve Bank of India (RBI) and National Payments Corporation of India (NPCI) intervention to ensure data protection of various UPI Platforms including WhatsApp Payments and Google Pay.
The petition was filed by Rajya Sabha MP Binoy Viswam, who was represented by senior advocate Krishnan Venugopal. The senior advocate mentioned that the system of WhatsApp was not secure enough to support a payments service.
Senior advocate Kapil Sibal, the counsel for WhatsApp, denied the allegations as “absolutely baseless”. He submitted that such an allegation was not there in the writ petition filed by Viswam and it was a “baseless oral submission” made across the bar, LiveLaw reported.
The Chief Justice of India Jagdish Singh Khehar, Justices AS Bopanna and V Ramasubramanian comprised the bench hearing the petition and asked the NPCI to reply to the petition and adjourned the next hearing till the last week of January 2021.
India is WhatsApp’s biggest market with over 400 Mn active users out of a total user base of 1.5 Bn user base. Last year, even the Indian government had started questioning WhatsApp’s security and capabilities to handle something as sensitive as digital payments after the Pegasus spyware debacle came to light. However, the payments system received RBI’s approval to go live in the multi-bank model on November 25, 2020, after fulfilling all compliance.
According to IT minister Ravi Shankar Prasad, the personal data of at least 21 WhatsApp users might have been accessed through Pegasus, which is developed by Israeli company NSO Group and supplied exclusively to government agencies. Overall, 1,400 users were impacted across 20 countries, largely comprising academicians, lawyers, journalists and activists.
Prasad also mentioned that WhatsApp had two high-level meetings in July and September 2019, but never mentioned anything about the security breach or cyber-attacks on Indian users. However, when they reported the incident to CERT-In, it had only mentioned that the company had identified the vulnerability and fixed it, without the mention of Pegasus or spying on Indian citizens.