Government to push localisation of data after snooping row | Latest News India - Hindustan Times
close_game
close_game

Government to push localisation of data after snooping row

Hindustan Times, New Delhi | BySudhi Ranjan Sen and Rajeev Jayaswal, New Delhi
Nov 28, 2019 03:29 AM IST

WhatsApp acknowledged the flaw in its system as part of a vulnerability disclosure to American authorities published on May 14 and told the Indian government that 121 Indians had been targeted in a communication in September.

The Union government is likely to cite the WhatsApp snooping controversy to push through with its plan to compel digital companies to store data of Indian users locally, which, according to officials aware of the developments, would have helped the administration carry out its own investigation in the incident.

The Union government is likely to cite the WhatsApp snooping controversy to push through with its plan to compel digital companies to store data of Indian users locally(REUTERS)
The Union government is likely to cite the WhatsApp snooping controversy to push through with its plan to compel digital companies to store data of Indian users locally(REUTERS)

The mandatory data localisation rule is part of the provisions of the personal data protection law, which could be introduced for Parliament’s approval during the ongoing Winter session. Multinational companies such as Amazon and Facebook have opposed the rule through prominent trade bodies that they are a part of.

Hindustan Times - your fastest source for breaking news! Read now.

“WhatsApp informed us about some kind of vulnerability in its software in May [2019] and later in September, it sounded the government out about some kind of infiltration in its network without any specific detail. This is a serious issue of national security, and hence, requires necessary measures, including data localisation,” said one of the officials with access to direct information on the matter.

Data localisation will help government with legal access to all kinds of encrypted data in cases of breaches similar to the WhatsApp incident, a second official added.

Experts have said data localisation presents privacy concerns. “Such a measure would heighten and consolidate the access to data by the government for surveillance, while also reducing the range of options available for an individual to choose services on the Internet, creating a very real trade-off between state sovereignty over data and individual autonomy and choice,” Nayantara Ranganathan, programme manager at the Internet Democracy Project, wrote in a piece in HT on August 26.

The WhatsApp breach was exposed earlier this year when researchers discovered a flaw that allowed a spyware called Pegasus – a malicious computer programme meant to steal stored and real-time data – to be installed on the phones of those using the popular messaging service.

WhatsApp acknowledged the flaw in its system as part of a vulnerability disclosure to American authorities published on May 14 and told the Indian government that 121 Indians had been targeted in a communication in September.

The timing of these alerts has been disputed by Indian officials, who say that WhatsApp made its direct filing to Indian authorities on May 20, three days after India’s cyber emergency response team (Cert-IN) took note of the vulnerability reported in domains such as the United States-based Common Vulnerability and Exposures (CVE) database and issued an advisory “proactively”.

“Even then [after the delayed communication] the alert was non-actionable,” the senior official who did not want to be named said, and added: “India is one of the biggest markets for WhatsApp, one wonders about the reason for the reluctance to keep India informed.”

In addition, Indian authorities were not kept in the loop when WhatsApp decided to reach to individuals who were affected by the malware, a fourth senior official said.

A WhatsApp spokesperson did not reply to requests for a comment on whether the disclosure was delayed, but pointed to the May 17 Cert.IN alert, suggesting that this was based on the company’s information.

Several human rights activists, lawyers and journalists in India came forward last month to say that they had been identified as targets of Pegasus, which has been developed by Israel-based NSO group. The incident triggered alarm among civil society groups as well as privacy activists. Cyber security researchers have expressed worry over how undetectable the hack was and how easily it could be carried out.

NSO Group has denied allegations of wrongdoing and said it sells its Pegasus tool only to government and law enforcement agencies for legal surveillance.

Unveiling Elections 2024: The Big Picture', a fresh segment in HT's talk show 'The Interview with Kumkum Chadha', where leaders across the political spectrum discuss the upcoming general elections. Watch now!

Get Current Updates on India News, Election 2024, Mukhtar Ansari Death News Live, Bihar Board 10th Result 2024 Live along with Latest News and Top Headlines from India and around the world.
SHARE THIS ARTICLE ON
Share this article
SHARE
Story Saved
Live Score
OPEN APP
Saved Articles
Following
My Reads
Sign out
New Delhi 0C
Friday, March 29, 2024
Start 14 Days Free Trial Subscribe Now
Follow Us On