Following the Israeli Pegasus spyware breach, the Indian government has been criticising WhatsApp for not disclosing information about the breach in a clear manner. But now WhatsApp has fired back saying it reminded the government about the breach, not once but twice.
WhatsApp had earlier said it had alerted the government about the vulnerability in May. But government officials on the weekend said this alert came in the form of a vulnerability report, which was vague and did not specify the issue at hand. Now, WhatsApp claims it sent another letter to the government in September, informing it about the data privacy breach of 121 Indians by the same spyware.
According to a media report, while responding to government’s notices over WhatsApp’s alleged misconduct, the social media company showed the notices it sent in May and September.
In May, WhatsApp claimed to have resolved a security issue and notified the government authorities about the issue.
The officials of the Ministry of Electronics and Information Technology (MeitY) have also confirmed that they received a letter from WhatsApp in September. The letter stated that personal data of Indians was likely to be compromised by the Israeli spyware. However, the officials said that the letter was still too vague. Notably, the letter has not been submitted into the public domain.
On Thursday, the Indian government had asked WhatsApp to explain the breach by November 4, 2019.
The September letter has further sparked talks about government involvement in the WhatsApp spying controversy. The government is surrounded by questions of not disclosing the information of the September letter to the public. Moreover, WhatsApp’s previous allegations of the involvement of the government in spying on over a dozen users in India using the Pegasus spyware, have sparked off a bigger political controversy.
WhatsApp and Citizen Lab, a cybersecurity lab at the University of Toronto, investigated the Pegasus matter and reported that human rights defenders, activists and journalists were targetted by the Pegasus spyware on WhatsApp. News reports since have released some of the names and information that hint at the Indian government’s involvement with the NSO Group and the Pegasus spyware.