India Today:
NEW DELHI: The government wants to conduct an audit and inspection of security systems and processes of Facebook-owned instant messenger
over the
, widening its regulatory action against the Mark Zuckerberg-owned companies.
This is the second major action against the American social media giant after the CBI inquiry that was ordered over the data leaks in the Facebook-Cambridge Analytica controversy.
The government has also sent a notice to Israeli technology firm NSO Group, which had created the Pegasus spyware that is believed to have hacked the WhatsApp details of 1,400 users globally, including 121 Indians.
IT minister Ravi Shankar Prasad said in the Rajya Sabha that his ministry had written to WhatsApp on November 9 on the need for an audit, to which the company responded on November 18.
The notice to WhatsApp was sent by the ministry’s cyber security wing, CERT-In (Indian Computer Emergency Response Team), that sought further “clarifications and technical details” from the company this Tuesday.
“Digital players – both Indian and foreign – are welcome to contribute in the growing digital market but they need to acknowledge and understand that safety and security of Indians is indeed of prime importance,” Prasad said in a reply to a special mention by Congress MP Digvijay Singh.
The minister said the government plans to introduce the Data Protection Bill soon, and warned companies of action if they fail to provide cyber security to their users. The government said that CERT-In had first warned about possible issues in WhatsApp through a vulnerability note on May 17. A vulnerability note had been published on the Common Vulnerabilities and Exposures (CVE) Database in the US on May 14, based on WhatsApp reporting to the CVE.
Prasad also said that no mention of the hacking was made in his meetings with senior WhatsApp officials that happened thereafter. “During high-level engagements like meeting of CEO Will Cathcart and VP Policy Nick Clegg of WhatsApp that took place with the Ministry on July 26 and September 11 respectively, no mention was made… regarding this vulnerability.”