By Sankalp Phartiyal
NEW DELHI (Reuters) – A right-wing social activist in India filed a petition asking the country’s top court to order a probe into Facebook Inc and WhatsApp over revelations that a piece of spyware had exploited vulnerabilities in the popular messaging app to snoop on hundreds of devices.
The petition could present a new legal headache for WhatsApp and its parent Facebook in India, where it has already been hit by backlash over fake news messages and a lawsuit around its adherence to data localization norms that together have delayed the launch of a payments service on WhatsApp, which is used by over 400 million Indians.
K.N. Govindacharya filed his petition on Monday, just days after Facebook sued Israeli surveillance firm NSO Group, accusing it of helping clients break into the phones of roughly 1,400 users across four continents. The targets of the hacking spree included diplomats, political dissidents, journalists, along with both military and government officials.
NSO has defended itself saying it only sells technology to government and intelligence agencies to counter terrorism and crime.
Of those allegedly affected by NSO’s Pegasus spyware, 121 are based in India, according to two sources familiar with the matter.
Govindacharya, who has previously fought and won some court battles that have compelled social media companies to implement certain policy changes in India, asked the Supreme Court to direct the country’s counterterrorism agency to probe Facebook, WhatsApp and NSO for breaching the privacy of Indian users, according to a copy of the petition reviewed by Reuters.
Govindacharya, who himself has not been affected by the WhatsApp breach, is also seeking “perjury proceedings against the company for deliberately misleading” the courts in another matter for having claimed “that users data is fully encrypted and no one including WhatsApp has the key.”
In a brief statement on Monday, WhatsApp said it provides end-to-end encryption to help protect user privacy and security, and that the malware it had identified targeted vulnerabilities within the underlying operating systems of devices. It added it had also taken action in courts to hold NSO accountable.
Govindacharya’s petition also urged the court to direct the federal government to “stop any surveillance through Pegasus or other similar applications.”
New Delhi has neither confirmed nor denied using the spyware, but India’s Technology Minister last week tweeted that authorities have “a well-established protocol for interception” and decried opposition attempts to gain “political capital” out of the spy scandal.
Meanwhile, Indian lawyers and activists, who were among those targeted, say they are increasingly concerned about their safety, privacy and state-backed surveillance.
Reuters spoke with more than half a dozen Indians, who have learned that they were among those targeted in the attack, and some say they also plan to sue.
“I’m going to court for sure,” said Nihalsing Rathod, a human rights lawyer based in the Indian city of Nagpur.
“It’ll be against the government, it will be against NSO and others,” said Rathod, who was involved in defending rights activists last year accused of inciting violence in a village in western India.
(Reporting by Sankalp Phartiyal; Editing by Euan Rocha)