India IT minister denies illegal use of NSO Pegasus spyware

Indian IT Minister Ashwini Vaishnaw has denied the nation illegally used the NSO Group's Pegasus spyware, but hasn't denied that India used it.

The existence of Pegasus is not news. But over the weekend, Amnesty International, French outfit Forbidden Stories and a dozen publications around the world alleged the software has been widely misused to target media, dissidents, and other individuals, and that NSO Group's assertions its products are only used in the cause of national security are insincere at best.

Indian outlet The Wire was one of the outlets given access to a list of names allegedly targeted by Pegasus and found local journalists and politicians among those targeted.

Vaishnaw yesterday made a speech in India’s Lok Sabha to address the Pegasus allegations, and started by repeating NSO Group's assertion that the list on which Amnesty and others rely does not indicate an individual's smartphone was infected by Pegasus spyware.

• Microsoft, Google, Citizen Lab blow lid off zero-day bug-exploiting spyware sold to governments
• Mobile spyware fan Saudi Crown Prince accused by US intel of Khashoggi death
• Israeli spyware maker NSO channels Hollywood spy thrillers in appeal for legal immunity in WhatsApp battle

The Minister also repeated NSO's assertion that most of its clients are in western nations, and that many countries listed in the leak aren't users.

But the bulk of Vaishnaw's speech concerned Indian laws that prevent surveillance without approval, require formal requests for approval, and implement robust approval processes that the Minister said are in place and well-used by national and state governments.

"The procedure therefore ensures that any interception or monitoring of any information is done as per due process of law," Vaishnaw said. "The framework and institutions have withstood the test of time."

"Hon’ble Speaker Sir, when we look at this issue through the prism of logic, it clearly emerges that there is no substance behind this sensationalism," he concluded.

But the Minister did not actually deny that India is an NSO Group customer, nor that it has used Pegasus.

The Register has attempted to contact NSO Group, but the email address provided for media inquiries – for a staffer at "high stakes public strategy firm" Mercury – returned a "User address unknown" error. ®