Slaps notice on Meta; concerns raised over impersonation, fraud
New Delhi: The Centre on Wednesday issued a notice to Meta regarding the controversial username feature on WhatsApp in India due to concerns about impersonation and fraud, and warned the platform not to roll it out until consultations on the issue are completed “to the satisfaction of the government”.
It has also directed Meta to furnish a detailed explanation on the username feature, backed by relevant documents, within three days.
In the notice, the government expressed concern that the WhatsApp username feature may “materially increase” cases of online fraud, phishing, digital arrest scams, and impersonation attacks by enabling bad actors to solicit and message victims.
It has asked Meta to explain why action shouldn’t be initiated under IT Act and rules over WhatsApp’s new feature that may increase cybercrimes.
The Centre has also reminded Meta that WhatsApp, as a significant social media intermediary, is bound by due diligence obligations under the IT Act and rules.
WhatsApp, in a statement on Wednesday, defended the feature, citing built-in safeguards to prevent scams and impersonations and protect users.
India is WhatsApp’s largest market, with more than 500 million users.
“It is felt that the feature may materially increase the incidence of online fraud, phishing, digital arrest scams and impersonation attacks, by enabling bad actors to solicit and message victims.
“Furthermore, this feature may facilitate impersonation and identity spoofing, including impersonation of individuals, public authorities, financial institutions, and government agencies, by permitting the adoption of usernames closely resembling those of genuine persons or institutions,” said the notice addressed to chief compliance officer, WhatsApp India Operations.
The notice cited provisions of the Information Technology Act and the IT Rules, 2021, including Section 79 on intermediary due diligence obligations, portions of rules 3 and 4 governing intermediary responsibilities and lawful identification of the first originator of messages, as well as Sections 66C and 66D that deal with identity theft and cheating by impersonation using computer resources.
It also referred to intermediary liability under Section 79(3)(a) of the IT Act for aiding, abetting or inducing unlawful acts.
“In this regard, you are directed to furnish a detailed explanation, supported by relevant documents, on this new feature, within three days of its receipt,” it said.
The notice also directed Meta not to roll out WhatsApp’s new feature until the consultation on this point is achieved “to the satisfaction of the Government”.
A WhatsApp spokesperson said the ability to use a username is not yet live and will roll out slowly later this year.
“To protect against impersonation, we’ve held the highest-profile names – think public figures, government entities, celebrities, verified Meta accounts – so they can only ever be claimed by their legitimate owners and lookalike derivatives of known names are held as well,” a WhatsApp spokesperson said.
Users still require a phone number to use WhatsApp, Meta said and added that it has built multiple layers of defence against scams into usernames.
“Other users need to know the exact username to message you. We will limit how many new people an account can contact, block repeated attempts to guess someone’s username key, and have systems to detect and remove activity showing common impersonation and abuse patterns,” the company said.
WhatsApp will show whether a first-time sender is a new account, contact, mutual group member or from another country before users respond.
“When the feature becomes available, and someone sends a message for the first time via your username, we will show you if they’re a new account, if they’re your contact, if you have groups in common, and if they’re based in a different country, so you can decide whether to respond,” WhatsApp said.