The WhatsApp Pegasus spyware scandal seems to be never-ending as it is taking newer turns every day. Now, a piece of new information surfaced that the US-based social media company had already informed the Indian government that the privacy of users in India was compromised by the spyware.
The social media giant has now claimed that on September 5, 2019, it had informed the Ministry of Electronics and Information Technology (MeitY) about the privacy of around 121 WhatsApp users carried out by the Pegasus spyware.
The new disclosure of the information came from none other than the ministry itself. MeitY, on November 20, has put forward its response to the questions raised by the Lok Sabha MP Asaduddin Owaisi regarding the spyware case.
Earlier, the IT Minister Ravi Shankar Prasad in a tweet, on October 31, 2019, had said that the government has asked Whatsapp to explain the kind of breach and what it is doing to safeguard the privacy of millions of Indian citizens. However, now it seems that the government was already aware of the breach and Prasad just commented to show empathy of the government.
Moreover, WhatsApp earlier had alleged that the Indian government or one of its bodies might have used the Israeli spyware to snoop on Indian users. However, the ministry has now denied such claims.
Moreover, MeitY is now saying that the reports about the government purchasing Pegasus are baseless and are nothing but attempts to malign the Indian government.
MeitY And WhatsApp Hiding The Breach Since May 2019
The response of Meity to the MP also had the timeline of all the instances wherein the government or its bodies have contacted the social media company regarding the spyware breach.
It all started when the computer emergency response team- India (CERT-In) published a vulnerability note on May 17, 2019, advising countermeasures to users regarding a vulnerability in WhatsApp.
Subsequently, on May 20, 2019, WhatsApp reported an incident to the CERT-In stating that WhatsApp had identified and promptly fixed a vulnerability that could enable an attacker to insert and execute code on mobile devices.
Further on September 5, 2019, WhatsApp wrote to CERT-In mentioning an update to the security incident reported in May 2019. WhatsApp said that while the full extent of this attack may never be known, it continued to review the available information. The social media company further said that it is likely that devices of approximately 121 users in India may have been attempted to be breached.
Finally, on October 31, 2019, when the whole scandal was out in media reports, CERT-In had issued a formal notice to WhatsApp seeking submission of relevant details and information.
Now the question here arises that if the government and WhatsApp already knew about the breach occurred in the month of May, what was really stopping them from revealing the information to the masses?