The WhatsApp head also reacted to statements from the NSO Group and disclosed new information about the 2019 Pegasus attack.
WhatsApp’s chief executive officer Will Cathcart urged governments to step in and impose a complete moratorium on the spyware industry in an interview with The Guardian. He was speaking to the newspaper to disclose new details about the 2019 Pegasus attack on 1,400 WhatsApp users in the aftermath of the Pegasus Project’s revelations.
“NSO Group claims that a large number of governments are buying their software, that means those governments, even if their use of it is more controlled, those governments are funding this. Should they stop? Should there be a discussion about which governments were paying for this software?” Cathcart was quoted as saying to the newspaper.
The Pegasus Project, a consortium of 17 news organisations led by Forbidden Stories and Amnesty International, accessed a list of around 50,000 phone numbers that were potential targets by government clients of the Israeli company NSO Group. Pegasus is military-grade spyware sold only to vetted governments for use against criminals and terrorists. However, the consortium discovered that heads of state, government ministers, diplomats, activists, journalists, and lawyers were included in the list.
Why it matters? This is not the first time that the NSO Group has been accused of violating the privacy of people using its spyware. In 2019, the Financial Times reported that WhatsApp calls were used to inject Pegasus into phones surreptitiously. Cathcart, in his interview, went on to draw parallels between the revelations on Pegasus brought forth in 2019 and 2021.
What did Will Cathcart say?
On the 2019 Pegasus attack against WhatsApp users: Cathcart’s disclosure to the newspaper revealed that senior government officials across the world, including some high-ranking officials in national security, were targeted in the 2019 spyware attack by clients who had purchased Pegasus from the NSO Group.
“The reporting matches what we saw in the attack we defeated two years ago, it is very consistent with what we were loud about then,” Cathcart told The Guardian.
On NSO’s remark that 50,000 is an exaggerated figure: He questioned NSO’s remark of 50,000 surveillance targets being an exaggerated number by citing the attack against 1,400 WhatsApp users over a two-week period in 2019. “It tells us that over a longer period of time, over a multi-year period of time, the numbers of people being attacked are very high,” he explained. Cathcart also said that the attack should be a wake-up call for internet security. “Mobile phones are either safe for everyone or they are not safe for everyone,” he added.
On the role of the tech industry in the Pegasus affair: He urged the technology industry to raise awareness about the dangers of malware. “It’s not enough to say, most of our users don’t need to worry about this. It’s not enough to say ‘oh this is only thousands or tens of thousands of victims’,” he said.
On whether a backdoor is necessary for law enforcement agencies: Cathcart spoke about the perils of malware and surveillance to the security and privacy of citizens, including the danger in demanding so-called backdoors. In another interview with the Committee to Protect Journalists (CPJ), he said that the backdoor to encryption creates a centralised vulnerability in the whole communications network.
“The scenario you need to be worried about is: what if a spyware company, what if a hostile government, what if a hacker accessed all of the communications? It’s why, honestly, the proposals from some governments to weaken end-to-end encryption are just terrifying. They aren’t grappling with the nightmare scenario of everyone’s communications in a country being compromised,” Cathcart pointed out.
On how to curb the spyware industry: He has also called for import controls and other kinds of regulations to rein in the spyware industry. “Governments need to step in and have a complete moratorium on the spyware industry. It’s got to stop,” he concluded.
Edward Snowden, a former computer intelligence consultant and a whistleblower who leaked highly classified information about the National Security Agency’s mass surveillance program in 2013, also echoed the demand for a moratorium on the spyware industry stating that “the consortium’s findings illustrate how commercial malware has made it possible for repressive regimes to place vastly more people under the most invasive types of surveillance.”
In a statement to The Guardian, an NSO spokesperson said: “We are doing our best to help creating a safer world. Does Mr Cathcart have other alternatives that enable law enforcement and intelligence agencies to legally detect and prevent malicious acts of pedophiles, terrorists and criminals using end-to-end encryption platforms? If so, we would be happy to hear.”
Timeline of WhatsApp’s legal response to the 2019 Pegasus attack
- May 2019: WhatsApp identifies a bug in its call function which had been reportedly exploited by Pegasus to snoop and collect data on phones.
- September 2019: WhatsApp informs CERT-In that 121 Indian users were targeted by Pegasus through the vulnerability, adding that “the full extent of this attack may never be known”.
- October 2019: WhatsApp sues the NSO Group in federal court under US state and federal laws, including the US Computer Fraud and Abuse Act.
- April 2020: NSO seeks to dismiss the lawsuit stating that its dealings with foreign governments, which it said use its technology to fight terrorism and other serious crimes, granted it immunity from lawsuits filed in U.S. courts under the Foreign Sovereign Immunity Act (FSIA).
- July 2020: The court rejects the charge and rules that the lawsuit can go forward following which NSO said that it was reviewing the ruling.
Also read:
- Pegasus Spyware: All The Latest Facts On Who Was Targeted, The Modus Operandi, And More
- A Guide To The NSO Group’s Pegasus Spyware In India
- Pegasus spyware: How do we rein in State surveillance? Here’s what experts had to say
- A decade-old Bill had proposed to regulate surveillance by govt agencies; this is what it said
Have something to add? Subscribe to MediaNama and post your comment
