Not so curious case of Government of India (GOI) and WhatsApp hacking
The Modi govt has not yet denied acquiring the spyware. In any case, it takes assistance of pvt companies and individuals in IT investigations; hacking is often unauthorised and conviction around 1%
Let us look at a few facts to try and understand the WhatsApp hack on Indians.
First, the company that has been accused of the crime has been taken to court in America for the hack by Facebook, which owns WhatsApp. The accused firm, NSO Group of Israel, has built and sold a platform that allowed its clients to hack into at least 1400 and possibly more mobile phones worldwide through a missed call.
This happened this year between April 29 and May 10. The important fact here is that all of NSO Group’s clients are national governments.
The company says that it “helps government maintain public safety”. It claims it has made "best-in-class technology to help government agencies detect and prevent a wide-range of local and global threats.”
The company’s products "help government intelligence and law-enforcement agencies use technology to meet the challenges of encryption to prevent and investigate terror and crime.
NSO technology is designed by telecommunications and intelligence experts who, positioned at the forefront of their fields, are dedicated to keeping pace with the ever-changing cyber world.”
Second, the people targeted in India are those that our government refers to as anti-nationals. They include the lawyers of the people arrested in the Bhima Koregaon matter and activists who work on the issues of minorities and in tribal areas. Many of them have been harassed by the government before. Many of these people are individuals I know and have worked with.
Third, the Modi government did not deny that it had acquired the NSO platform, and did not deny that it was spying on its citizens by hacking into their phones. A statement from the Union minister for Information Technology instead said India had asked WhatsApp to explain what the nature of the breach was and what it was doing to protect the privacy of Indians.
It would have been appropriate for the government to flatly deny that it was involved. However, possibly because the matter is in the courts in America, where judges cannot be manipulated easily, it is possible that the government is holding on to its options in terms of how much information it could reveal. NSO said in a statement that it was “not able to disclose who is or is not a client."
Fourth, the government of India uses private companies to assist it in IT investigations. When my organisation was ‘raided’ (I am using the word in quotes because there was and there is no charge against us or even a complaint) last year, our server was handed over to two individuals from a private company to clone. Meaning to copy it.
During this ‘raid’ my mobile phone was taken from me and I was forced to unlock it and hand it over. When I asked if action this was legal, I got no answer. My phone was passed around between some people who fiddled with it and I was not informed what was done with it, before it was given back to me. The same has happened at other recent ‘raids’ including that on the Network 18 founder Raghav Bahl’s company.
Fifth, unlike the United States, there is no judicial oversight of surveillance by the government in India. In America, a judge has to authorise a wiretap. In India this is not needed.
An RTI filed by the Indian Express some time ago revealed that the Union home secretary approved of 10,000 phone taps per year. This means 300 approvals per day indicating that he is approving everything without looking at the details. Unlike America, in India there is no accountability for unauthorised and illegal leakage of the material gathered. Officers and ministers do not get punished for this here.
Sixth, the material that is gathered even on this scale does not result in convictions. The conviction rate for the laws under which terror accused are charged is about 1%. In 99% of the cases the government fails or has wrongly booked individuals.
This failure includes the UAPA (under which the Bhima Koregaon activists have been booked). There is no accountability in the government for this failure and for this misuse either.
This is the background that we have to know when we consider the fact that someone paid an Israeli company to hack into the phones of Indian citizens whose work the government does not approve of.
Usually such matters in India do not reach conclusion because media interest dies and the government as I said is never held accountable. Some years ago, a newspaper I was editing had published the taped conversations of Salman Khan and Preity Zinta.
The actress took me to court for defamation and in court it turned out that the Mumbai police had tapped Salman’s phone without permission, but no punishment was handed out and the thing was hushed up.
However, this time even Americans have been hacked and in their justice system the truth is likely to be revealed in due course. And when it is revealed who is behind the hack, we can always say that 'anti-nationals' in any case do not deserve the right to privacy and that any action against them, even if it is illegal, is permissible.