Did Govt Use Israeli Spyware? MHA's Non-Answer Cites a Law That Allows Snooping on All Computers


New Delhi: Asked to clarify whether the government was involved in the deployment of Israeli spyware to snoop on Indian citizens via WhatsApp, the ministry of home affairs on Tuesday cited a law that allows agencies to monitor and decrypt any information stored in any computer on grounds of internal security and has often been criticised by right to privacy advocates.

In response to a detailed questionnaire by DMK parliamentarian Dayanidhi Maran on the WhatsApp spygate episode that had caused an uproar last month, minister of state for home, G Kishan Reddy, only gave a boilerplate answer – it had the powers to snoop under Section 69 of the Information Technology Act 2000.

The law cited above, the MHA said, empowers the central and state governments to authorise government agencies to intercept, monitor or decrypt “any information generated, transmitted, received or stored in any computer resource”.

The government also cited Section 5 of the Indian Telegraph Act, 1885, which authorises specific individuals to view messages in the case of a public emergency or in the interest of public safety.

Every case that can be snooped upon is authorised by the union home secretary in case of the union government and by the concerned state home secretary in case the matter relates to a specific state, the government stated, citing the law.

However, it did not answer whether the government had purchased the Israeli snooping software Pegasus that was used to hack the WhatsApp of human rights activists and journalists, among others, or if there was any specific protocol followed to get permissions for tapping of WhatsApp messages and calls.

While the answer stated that no agency is given blanket permission to monitor messages and requires permission for each case, it did not explicitly touch answer the questions posed by Maran on the use of Pegasus.

Last month, several lawyers and activists had confirmed their phones were hacked after WhatsApp revealed that Indian users were targets of surveillance using Israeli company NSO Group’s spyware Pegasus.

In all, the Facebook-owned messaging platform had said 121 Indians were targeted by the spyware and it had informed the government of it in May and September.

The spyware had exploited a bug in the call function of WhatsApp to make its way into the phones of those select users, where it would have access to every bit of information.

But what had remained troubling was that it remained unclear on whose directions the users were spied on. On its part, the NSO Group had maintained that it only sold the software to government intelligence and law enforcement agencies. But the government in an RTI reply earlier had said it had “no information” on whether it had bought the software.

The 2009 law cited by the government on Tuesday lays down six grounds on the basis of which authorisation can be granted for snooping – 1) in the interest of the sovereignty or integrity of India 2) security of the state 3) friendly relations with foreign states 4) public order 5) to prevent incitement to the commission of any cognizable offence relating to the above 6) for the investigation of any offence.

All authorisation orders issued by the government under Section 69(1), however, must be reasoned and written, and must be subject to the procedure laid down in the Information Technology Rules. As per these rules, all such orders must be scrutinised by a review committee of the Centre, or the state in question and these review committees set up comprise only of government secretaries.

The MHA’s answer did not elaborate on the protocol followed. The Section 69 of I-T Act had also come under scrutiny last year after the government had given blanket permission to 10 agencies to intercept information on grounds of internal security.

Critics had seen this as an extreme measure to deny people their right to privacy — more so because agencies such as the Delhi Police, the CBI, and the Directorate of Revenue Intelligence cannot be strictly termed as organisations concerned with homeland security.