IT Minister Ravi Shankar Prasad told Parliament on November 28 that a WhatsApp CEO-led delegation had not mentioned about any vulnerability of their system during their meetings with the ministry, and that the government was yet to receive the names of people targeted by unnamed entities using Pegasus spyware.
Replying to a question in Rajya Sabha, Prasad said the government had issued notice to Israeli technology firm NSO Group, which created Pegasus, on November 26, seeking details about the malware and its impact.
The minister also said digital players must erect appropriate security walls or be ready to face action.
He was replying to a special mention by Congress MP Digvijay Singh on the use of the spyware against some Indians.
"During the high level engagements like meeting of CEO Will Cathcart and VP Policy Nick Clegg of WhatsApp that took place with the ministry on July 26, 2019 and September 11, 2019, no mention was made by the high level WhatsApp team regarding this vulnerability," Prasad said in a statement.
According to the minister, when reports about the breach came in media, CERT -IN (Computer Emergency Response Team) on September 9 sought submissions from WhatsApp, including a need to conduct an audit and inspection of WhatsApp security system and process.
"The response from WhatsApp was received on November 18, 2019 and further clarification and technical details have been sought on November 26, 2019.
"CERT-IN has also sent a notice to NSO Group on November 26, 2019 seeling details about the malware and its impact on Indian users," he said.
Prasad also said that the government is committed to ensure safety and security of online platforms such as WhatsApp.
He also said that the government is also working to strengthen the Information Technology (Intermediaries Guidelines) Rules 2011.
The minister asserted India would never compromise its data security.
Replying to concerns raised by some members, Prasad said the global business community is welcome to do business in India but they would also have to acknowledge and understand that safety and security of Indians is indeed of prime importance.
"You can come to India for business, but there are sensitive and hyper-sensitive data and India would claim its right over that," Prasad said, adding he would discuss in detail once the Data Protection Law comes into force.
The minister said the Bill will be introduced in Lok Sabha soon.
According to WhatsApp, the spyware was developed by Israel-based NSO Group and had been used to snoop on about 1,400 users globally, including 121 users from India.