'Absolutely baseless', WhatsApp refutes in SC claims of 'unsecure' payment services system

Dec 14, 2020

New Delhi [India], December 14 : Messaging service WhatsApp on Monday refuted before the Supreme Court the claims that it's payment services system was not secure and reliable and can be hacked by Israeli spy software 'Pegasus'.
The 'Pegasus' issue was referred by senior advocate Krishnan Venugopal, appearing for Rajya Sabha MP Binoy Viswam, who has filed a plea alleging breach of financial data security of Indians using 'Unified Payments Interface' (UPI) services by Amazon Pay, GooglePay and others.
A bench headed by Chief Justice SA Bobde referred to Venugopal's submission and told senior advocate Kapil Sibal, who was appearing for WhatsApp, that a serious allegation was made against WhatsApp that it can be hacked.
"Krishnan Venugopal has made a serious allegation that your system (WhatsApp) can be hacked by something called 'Pegasus'," the bench said.
Sibal, while denying the allegations, said, "Absolutely baseless. There is no such pleading (in the writ petition). It is just an oral submission made across the bar without basis."
Venugopal also asserted that another issue in the case was data localisation.
"Problem with WhatsApp, Amazon and Google is that when they allow payment to happen and data goes abroad. Critical financial data is allowed to be accessed by companies abroad and RBI justifies it. This is a violation of privacy judgment as my data is being grossly misused as these companies then collect this data and use it for advertisement purposes," Venugopal said.
He added that all the data is being shared with the parent companies in violation of the National Payments Corporation of India (NPCI) guidelines.
"The data is being processed by the infrastructure of the parent company. The RBI has allowed WhatsApp, even when the case is pending before the court, to go ahead and share this data with companies like Google, Amazon, Facebook, etc without any circular or formal regulation," Venugopal further argued.
After a brief hearing, the apex court posted the matter for further hearing in January.
The bench was hearing a PIL filed by Viswam, a Communist Party of India (CPI) leader, who has alleged breach of financial data security of Indians using UPI services offered by big players like Amazon Pay, GooglePay and challenging the permission to WhatsApp to start UPI services.
The plea also sought directions to the Reserve Bank of India for framing regulation to ensure that data collected on UPI platforms are not "exploited" or used in any manner other than for processing payments.
On October 15, the apex court had sought responses from the Central government, RBI, National Payments Corporation of India (NPCI) and others including Google Inc, Facebook Inc, WhatsApp and Amazon Inc on the plea.
Viswam has sought directions to the RBI and the NPCI to ensure that the data collected on UPI platforms is not shared with their parent company or any other third party under any circumstances.
"In India, the UPI payments system is being regulated and supervised by RBI and NPCI, however, the RBI and the NPCI instead of fulfilling their statutory obligations and protecting and securing the sensitive data of users are compromising the interest of the Indian users by allowing the non-compliant foreign entities to operate its payment services," the plea said.
"The RBI and NPCI have permitted the three members of "Big Four Tech Giants', Amazon, Google and Facebook/WhatsApp (Beta phase) to participate in the UPI ecosystem without much scrutiny and in spite of blatant violations of UPI guidelines and RBI regulations," it added.
The plea claimed that this conduct of RBI and NPCI put the sensitive financial data of Indian users at huge risks, especially when these entities have been "continuously accused of abusing dominance and compromising data", among other things.