Get App
Download App Scanner
Scan to Download
Advertisement

WhatsApp Username Feature Runs Into India's Push For Telecom-Linked Identity

The government's concern stems from the possibility that fraudsters could create usernames resembling banks, government departments, celebrities or trusted contacts and use them to deceive users.

WhatsApp Username Feature Runs Into India's Push For Telecom-Linked Identity
WhatsApp has said usernames will be capped at 35 characters.
Photo by Dima Solomin on Unsplash

Meta Platforms Inc.'s proposed WhatsApp usernames feature has landed in regulatory crosshairs in India, with the government asking the company to explain the rollout and refrain from enabling the feature in the country until consultations are completed.

The move reflects concerns that usernames could make impersonation scams easier by allowing users to interact without revealing their phone numbers.

On the surface, the dispute is about a privacy feature. WhatsApp says usernames will allow users to communicate without sharing their mobile numbers and will be accompanied by additional privacy controls. The company has also indicated that it plans safeguards around usernames, including protections for public figures and institutions, as part of the rollout.

The legal battle, however, is shaping up around a much bigger question: can India move from a telecom-based identity model to a platform-based identity model without increasing fraud risks?

The government's concern stems from the possibility that fraudsters could create usernames resembling banks, government departments, celebrities or trusted contacts and use them to deceive users. In a country already grappling with rising cyber fraud, officials appear worried that removing phone numbers from public view could weaken an important trust signal that users have traditionally relied upon.

That concern becomes more significant when viewed alongside India's recent telecom policy.

Last year, the Department of Telecommunications introduced SIM-binding requirements for messaging platforms such as WhatsApp, Telegram and Signal under the Telecom Cyber Security Rules. The rules were aimed at preventing cybercriminals from operating messaging accounts linked to Indian numbers after the underlying SIM had been removed, deactivated or moved overseas. Platforms were required to maintain a continuing link between messaging accounts and the registered SIM and periodically re-authenticate web sessions.

ALSO READ: 'Multiple Safeguards Built': WhatsApp Reacts To Govt Notice Amid Concerns Over Username Feature

Nikhil Narendran, partner at Trilegal, said regulators are likely to examine whether the usernames feature sits comfortably alongside that policy objective. "The intent behind SIM-binding was to ensure that messaging identities remain tethered to verified mobile numbers. Once a username becomes the primary identity visible to users, regulators are likely to ask how trust, authentication and accountability will be maintained, particularly in cases involving fraud and impersonation," he said.

His comments point to what may be the government's strongest legal and policy concern. Even if WhatsApp continues maintaining phone numbers internally, users would increasingly interact through platform-created identities rather than telecom-linked ones. That shifts responsibility for authenticity from a visible phone-number framework to WhatsApp's own anti-impersonation systems.

By contrast, several of the legal objections being discussed appear less compelling.

For instance, lawyers broadly agree that the feature is unlikely to violate the "first originator" requirement under India's Information Technology Rules, 2021.

Aparna Gaur, partner at Trace Law Partners, said the law only requires a platform to identify the first originator of a message when served with a valid court order or authorised government direction. "So long as an SSMI has the ability to identify the first originator, there is no requirement to ensure that this first originator's identity is visible to other users."

Experts say the key legal requirement is backend traceability, not public visibility. If WhatsApp retains the verified phone number associated with every username, law-enforcement agencies may still be able to identify users when legally required.

The more difficult question is whether the government can justify potentially blocking the feature altogether.

Madhu Gadodia, deputy managing partner at Naik Naik & Co., said any such move would likely have to satisfy the proportionality principles laid down by the Supreme Court in the landmark Puttaswamy privacy judgment.

According to Gadodia, a complete prohibition could face scrutiny if less restrictive alternatives are available to address the government's concerns. Those alternatives could include verification badges for banks, government departments and public figures, restrictions on deceptive or lookalike usernames, stronger anti-impersonation systems and expedited complaint-resolution mechanisms. A targeted regulatory response would likely be easier to justify than an outright ban, she said.

The same reasoning may complicate any attempt to invoke Section 69A of the Information Technology Act. Ankita Singh, co-founder of A&P Partners, said Section 69A generally requires a demonstrable threat rather than a hypothetical one.

"Section 69A requires a demonstrable threat, not a speculative one. The real risk is limited to fake handles mimicking celebrities or government accounts, and WhatsApp has already reserved those. For the ordinary user, there's no searchable directory. Nobody can find or message you without knowing your exact username. That makes a public order threat difficult to sustain," Singh explains. 

Legal experts suggest that while impersonation concerns may be genuine, they may not automatically rise to the threshold required for blocking powers traditionally associated with threats to public order or national security.

A separate argument that has surfaced is whether introducing usernames could threaten WhatsApp's safe-harbour protection under Section 79 of the IT Act.

Apurv Sardeshmukh, managing partner and co-founder of Stride Legal, said that argument is unlikely to succeed. "Safe harbour immunity is based on whether a platform modifies or authors third-party content being transmitted, not the architectural identity features."

He said the proposed change relates to how users identify themselves on the platform rather than how content is created, modified or transmitted. As a result, the introduction of usernames alone is unlikely to alter WhatsApp's status as an intermediary.

ALSO READ: WhatsApp Username Rollout: How To Use The New Feature To Contact Others - Step-By-Step Guide

Essential Business Intelligence, Sharp Market Insights, Practical Personal Finance Advice, Daily Fuel, Gold and Silver Prices and Latest Stories — On NDTV Profit.

Newsletters

Update Email
to get newsletters straight to your inbox
⚠️ Add your Email ID to receive Newsletters
Note: You will be signed up automatically after adding email

News for You

Set as Trusted Source
on Google Search
Add NDTV Profit As Google Preferred Source