There’s only so much tech can do: WhatsApp, Apple react to Pegasus row

The crisscross of snooping charges against the government by media groups, and the stout denial by the Centre, has led to a larger question that’s leaving the public uneasy: Whither security technology?

The common man is led to believe that if he follows basic security measures — such as changing the password per suggested norms, and not replying to spam mails/messages — his device is safe from prying. This has taken a hit from the recent allegation that the Centre used Israeli company NSO Group’s Pegasus spyware to hack into the phones of media persons, opposition leaders and other authorities.

Also read: Explained for you: The Pegasus spyware data leak

Reacting to the concerns, instant messaging platform WhatsApp and devices giant Apple have said that as technology stands today, it is feasible for governments, which enjoy ‘brute’ IT powers, to deploy spyware. Stricter regulation alone can curb the menace, is the broad consensus.

Spyware industry is out of control: WhatsApp

Calling the Pegasus issue a wakeup call for internet security, WhatsApp head Will Cathcart said much of the fault lies with NSO Group, and it ought to be pulled up. There is a critical need for “more companies, and, critically, governments, to take steps to hold NSO Group accountable”, he said in a series of tweets.

This groundbreaking reporting from @Guardian, @WashingtonPost, and many others demonstrates what we and others have been saying for years: NSO’s dangerous spyware is used to commit horrible human rights abuses all around the world and it must be stopped.https://t.co/dMD0wKjceF

— Will Cathcart (@wcathcart) July 18, 2021

It’s past time for a “global moratorium on the use of unaccountable surveillance technology”, he added. “The spyware industry is out of control and it must be stopped.”

Cathcart stressed on the need for end-to-end encryption (E2E), of which his company has been an ardent advocate. “…deliberately weakening security (by not implementing E2E) will have terrifying consequences for us all,” he cautioned.

The Facebook-owned messaging platform has been engaged in a legal tussle with the Indian government over privacy legislation. It has moved the Delhi High Court against the Centre’s new IT rules that include a traceability clause. WhatsApp argues that it’s a violation of privacy.

“NSO’s dangerous spyware is used to commit horrible human rights abuses all around the world and it must be stopped. Human rights defenders, tech companies and governments must work together to increase security and hold the abusers of spyware accountable,” he wrote on Twitter.

Further, he thanked American technology peers including Microsoft, Google, Cisco and VMWare, as well as the Internet Association, for speaking up against giving immunity to NSO and other spyware firms.

It’s consumer tech vs ‘brute’ tech: Apple

The iPhone, widely considered ‘unhackable’, is not really so, and this has shocked a large proportion of its user base. Apple enthusiasts have staunchly defended the hefty prices of the devices, saying its iOS software offers better security vis-à-vis rivals such as Google’s Android. Yet, the Pegasus spyware has proved so sophisticated that it overwhelms the iOS’ security features.

Also read: Pegasus rising: Data protection bill could save govt from accountability

Defending its devices, Apple said the operating system it has developed for individual consumers is no match for the kind of technological muscle that state-bought spyware can deploy. “The attacks described in the reporting are well-funded, highly-sophisticated, and targeting specific individuals,” it said in a statement.

“While we take them seriously and work to quickly render them unusable, they do not represent a threat for the vast majority of iPhone users.”

Here’s the full quote from Apple’s Ivan Krstic (@radian) on the big NSO/Pegasus iOS zero-day story https://t.co/EaZGd8yC0k pic.twitter.com/CyGMxrAVHZ

— Ryan Naraine (@ryanaraine) July 19, 2021

When a government decides to use ‘brute IT force’ to snoop on people, there’s precious little a consumer technology firm can do to prevent it, said the US phone-maker. Yet, it pointed out, Apple has been constantly working on fixing the security gaps. As soon as it patches a vulnerability, NSO spots another weakness to introduce its spyware, said the statement.

Global condemnation

The Pegasus row has attracted comments from several other global organisations and personalities, too.

Renowned whistle-blower Edward Snowden tweeted that sharper regulation is needed. “The coming week’s stories about the global hacking of phones identical to the one in your pocket, by for-profit companies, make it clear that export controls have failed as a means to regulate this industry.  Only a comprehensive moratorium on sales can remove the profit motive,” he wrote from his Twitter handle.

John Scott-Railton, Author at The Citizen Lab, was also highly critical of NSO Group. “NSO Group puts up a facade of caring about human rights, doing due diligence, etc. This leak exposes the farce of that performance. When your customers are dictators…they will do bad things. NSO knows this. We know it,” he tweeted.