WhatsApp: How private are your chats?

Your Opinion: How long do you think it will take to find a Covid-19 vaccine and get the entire country vaccinated?

View Results

Loading ... Loading ...

WhatsApp, not a safe handle anymore! Does that shock you? When you get to know that your messages, photos, and videos over the Facebook-owned WhatsApp are not safe and encrypted anymore? Albeit the Messaging app WhatsApp handled by Facebook confidently mentioned in their privacy policy that “Respect for your privacy is coded into our DNA”.

Central Government’s response to WhatsApp cyber intrusion

There are multiple instances of WhatsApp chats being Decrypted by Governmental agencies that lead investigations. This primarily came to light during the investigation of Shushant Singh’s mysterious death when investigating agencies, began to leak the selective WhatsApp chats to the media houses. Later the Narcotics Control Bureau (NCB) used Rhea Chakraborty’s alleged chats with her drug peddler which led her arrest and then Bollywood actresses like Deepika Padukone and many others.

The intrusion due to the Pegasus spyware had led many questions against the government in Parliament concerning their involvement in this.

On the question “whether the government does Tapping of WhatsApp calls and Messages in the country?” raised by M.P. Shri Dayanidhi Maran in the Lok Sabha on 19th November 2019, Shri G. Kishan Reddy Minister of State in the Ministry of Home Affairs, categorically ignored it by quoting Section 69 of the Information Technology Act, Section 5 of the Indian Telegraph Act, and other related rules, which empowers the Government to intercept, monitor any information generated by in any computer resource in the interest of sovereignty and security of the state.

On 20th November, Minister of Electronics & Information Technology on the question raised by Mr. Asaduddin Owaisi reveals the fact that WhatsApp informed the MEITY on 5th September 2019 that around 121 users in India have been breached by Pegasus. This contradicts Meity’s earlier statement over their knowledge about the scale of the breach.

With the following concerns regarding WhatsApp being monitored by the Government and its agencies, on 20th September 2020 answering to the question raised by Shri Pinaki Misra in the Lok Sabha, Shri G. Kishan Reddy Minister of State in the Ministry of Home Affairs clearly denied that the government has no details about the Human Right defenders being targeted by the NSO Group’s Pegasus spyware in 2019.

Whereas on 9th November 2019 Ravi Shankar Prasad asserts, CERT-In (Indian Computer Emergency Response Team) wrote to WhatsApp, seeking more information, including a need to conduct an audit and inspection of WhatsApp’s security systems and process.

What is Pegasus?

A report by Citizen Lab, an interdisciplinary lab based at the Munk Schook of Global Affairs & Public Policy, University of Toronto discloses, that Isreal-based Cyber Warfare vendor NSO Group produces and sells a mobile phone spyware suite called Pegasus.” NSO group asserts that Pegasus is only being provided to the Governments only for their national security purpose.

According to the Citizen Lab, it is very crucial to understand the nature of Pegasus, it works through an external link, the malware allows the surveillance as soon the user clicks on the link. Once Pegasus is installed the spyware can control the camera and microphone without letting you know and they can even track your entire day, what you do and to whom to meet.

The first reports on Pegasus’s spyware operations emerged in 2016, when Ahmed Mansoor, a human rights activist in the UAE, was targeted with an SMS link on his iPhone 6.

In a report by The wire, Nihalsing Rathod, a victim of the Pegasus attack, asserts that he received some calls from international numbers. The moment he answered, it gets disconnected. On October 7, 2019, Rathod was acknowledged by John Scot-Railton senior researcher from Toronto university’s ‘Citizen Lab’ informing him he faced a “specific digital risk”.

Rathod is one of the lawyers litigating the Bhima Koregaon case along with him other human right defenders like Rupali Jadhav cultural and anti-caste activist, Degree Prasad Chouhan lawyer and a Dalit right activist, Bela Bhatia, Anand Teltumbde and Saroj Giri, and Shalini Gera were also been targated by the Pegasus spyware and all of them received a message from WhatsApp on their security breach. The common thing that arises from these attacks is that all these victims are connected to the Bhima Koregaon case, this cannot be merely a coincidence.

The message that Rathod received from WhatsApp. Credit: The Wire.

Digital Privacy laws in India

The Constitution of India does not directly safeguard the Right to Privacy as a Fundamental Right, but in many landmark Judgments, the Supreme Court of India read the Right to privacy along with Fundamental Rights enshrined under, Article 19 (1) (g) and Article 21 of the Constitution of India. Recently in the landmark case of Justice K S Puttaswamy (Retd.) & Anr. vs. Union of India and Ors, the Supreme Court had considered the right to privacy as a Fundamental Right, subject to certain Reasonable restriction imposed by the State.

Unlike the European Union, India does not have a separate law for data protection. Still the Information Protection Act, 2000, and the Contract Act, 1872 are the only codified laws that govern the Digital Crimes. However, according to the Ravi Shankar Prasad, the Meity is working on the personal Data Protection bill to safeguard the privacy of citizens, and it is proposed to table it in Parliament.

Section 69 of the Information Technology Act 2000, empowers the government to order their officers or appropriate Government agencies to intercept, monitor, or decrypt any information including information of personal nature i.e. WhatsApp messages too, in the interest of the sovereignty, defense of India, friendly relations with foreign states, public order, for preventing incitement to the commission of any cognizable offense and for any investigation of any offense.

The legal protection for personal information in India is ascertained in the Information Technology Rules 2011, under section 45A of the Information Technology Act 2000.

  • Rule 4: Body corporates must provide a privacy policy to all ‘providers of information.
  • Rule 5(1): They must obtain consent in the letter, fax, or email from the ‘provider of information’ before collecting, using, or disclosing any sensitive personal information.
  • Rule 5(2)(a): While collecting the information, they must ensure that the individual is informed of the (a) fact that the information is being collected; b) the purpose for which the information is being collected; c) the intended recipients of the information; d) the name and the address of the agency collecting information, and the agency that will retain the information.

Though, the only preventive measure which was laid down by the ‘Citizen Lab’ to the victims of Pegasus, is to change your mobile phone.

You already voted!
Nahush Gautam
Nahush Gautam
Student of Gujarat National Law University.

Get Our Monthly Digest Delivered Straight To Your Inbox

CONTINUE READING

After repealing section 377, its time to Legalise Same-Sex Marriage in...

0
A draconian, archaic law that criminalized homosexuality was struck down in a historic judgment given by the Supreme Court in 2018. Two years after the judgment, the LGBTQ (lesbian, gay, bisexual, transgender, and queer) community has now sought legal recognition of their relationships. As...

Modern Day Book Burning a.k.a Internet Shutdowns

0
The internet has become an indispensable element in our society for all the obvious reasons. For the majority of users, not a single day goes by where we don't 'need' the internet and the lack of a reliable and fast connection can feel paralyzing.

Letter to UNHRC – Dr Kafeel Khan, Punished Because He’s Muslim

0
Kafeel Khan, a doctor by profession and a social activist has been targeted by Yogi Government since 2017, in 3 years he had been maliciously arrested 3 times & imprisoned for around 14 months on the false charges set up against him at many instances. Now he...

Prison Life In India and its Aftermath

0
Everyone prays to never see the bars of prison in their lifetime. Yet, as fickle as life is, it is quite hard to predict the future. It is in everyone’s benefit to know a little bit about prison life; for movies and cinemas do not do justice...

Decoding WhiteHat Jr.’s Coding Face ‘Wolf Gupta’

0
Digital learning has taken a new turn in India – this time with coding classes as a niche for 6-year-olds. With the shutting of schools in lockdown, pushy Indian parents got a fresh excuse to make their children learn coding to cope up with the ‘rat race’...

WhatsApp: How private are your chats?

0
WhatsApp, not a safe handle anymore! Does that shock you? When you get to know that your messages, photos, and videos over the Facebook-owned WhatsApp are not safe and encrypted anymore? Albeit the Messaging app WhatsApp handled by Facebook confidently mentioned in their privacy policy that “Respect...