Government Directs WhatsApp to Halt Username Feature Rollout in India, Issues Show-Cause Notice Over Cybercrime Concerns
The Central Government has directed WhatsApp to suspend the rollout of its proposed username feature in India and has issued a show-cause notice over concerns that it could increase phishing, impersonation, identity theft, financial fraud, and digital arrest scams. The company has been asked to respond within three days while consultations with the government continue.
In the notice issued to WhatsApp LLC, owned by Meta, the government stated that it had taken note of the company's announcement regarding the phased rollout of usernames, a feature designed to allow users to connect without sharing their mobile phone numbers. While acknowledging that the proposal is intended to enhance user privacy, the government expressed concern that it could also enable malicious actors to conceal their identities and target unsuspecting users more effectively.
According to the notice, the proposed functionality has the potential to significantly facilitate cyber fraud by allowing malicious individuals to hide their identities while impersonating trusted entities. It warned that cybercriminals could create usernames closely resembling those of individuals, government agencies, financial institutions, or other organisations, making phishing attacks and identity spoofing substantially easier.
The government further stated that the feature could undermine ongoing efforts to combat cybercrime at a time when incidents of online financial fraud and digital arrest scams continue to increase across the country. It noted that concealing mobile phone numbers from first-time contacts could make it more difficult for both users and law enforcement agencies to identify and verify the identity of the communicating party.
Referring to WhatsApp's obligations as a Significant Social Media Intermediary, the government asked the company to explain why action should not be initiated under the Information Technology Act, 2000, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and other applicable laws. The notice specifically cited Section 79 of the Information Technology Act, which grants intermediaries safe harbour protection subject to compliance with due diligence obligations. It also referred to Rule 4(2), relating to the identification of the first originator of information, along with Sections 66C and 66D, which deal with identity theft and cheating by personation through computer resources.
WhatsApp has been directed to submit its response, along with all supporting documents, within three days of receiving the notice. The government has also instructed the company to refrain from rolling out the proposed username functionality in India until consultations with the Ministry have been completed to its satisfaction. The notice further states that it has been issued without prejudice to any additional action that may be taken under applicable law.
The government's intervention marks a significant escalation in regulatory scrutiny of digital communication platforms, underscoring concerns that privacy-focused technological features must also ensure accountability and safeguard users against the growing threat of cybercrime, online fraud, identity theft, and digital impersonation.

Comment List