WhatsApp may block devices linked to digital arrest scams: Centre tells SC
✨ AI Summary
🔊 جاري الاستماع
E-PaperSubscribeSubscribeEnjoy unlimited accessSubscribe Now! Get features like WhatsApp has agreed to examine the feasibility of blocking device IDs — not just accounts — linked to digital arrest scams, the Union government has told the Supreme Court, even as the Centre sought judicial backing for a coordinated national framework spanning banks, telecom regulators and investigative agencies to combat the rapidly expanding fraud. WhatsApp to explore device ID blocking for digital arrest scams (Pixabay)A bench led by Chief Justice of India Surya Kant is scheduled to consider the status report filed by the ministry of home affairs on May 12. The report lays out enforcement measures across four fronts — platform accountability, banking safeguards, SIM traceability and a legal framework for victim compensation — marking a significant escalation since the court constituted an Inter-Departmental Committee (IDC) in December to address the scam epidemic. The IDC, constituted on December 26, decided in its first meeting that victims should not bear losses attributable to negligence by banks, telecom providers or other regulated entities. The court had taken suo motu cognisance on October 17 after a 73-year-old Ambala woman wrote that fraudsters posing as CBI officials used fake SC orders to compel her to transfer over ₹1 crore. The device-blocking proposal addresses a well-documented enforcement gap: fraudsters routinely cycle through multiple SIM cards and accounts while operating from the same handset. Targeting the device rather than the number would make re-registration harder. Also Read | WhatsApp banned 9,400 accounts involved in digital arrest scams since January this year: Centre to SC The platform has also agreed to consider retaining data of deleted accounts for a minimum of 180 days, as required under the Information Technology Rules, to aid law enforcement in tracing digital footprints in cases where accounts are swiftly deleted after a fraud. Over a 12-week period beginning January, WhatsApp banned more than 9,400 accounts linked to digital arrest scams in India, acting on inputs from I4C, MeitY and the department of telecommunications, the Centre submitted in court. Its internal investigation traced a significant share of the fraudulent accounts to organised scam centres in Southeast Asia, particularly Cambodia, with perpetrators using display names such as “Delhi Police”, “CBI” or “ATS Department” alongside official insignia. WhatsApp said it has deployed logo-matching systems to identify impersonation, logging of account display names, and large language models trained to detect evolving scam patterns. Product-level interventions include warnings for suspicious first-time messages, visibility of account age for unknown contacts, and suppression of profile photos in high-risk interactions. The Centre’s submission said these measures are expected to produce a “material and observable decline” in such scams. The Centre has pressed that such measures may eventually need to be standardised across platforms, signalling a broader regulatory framework for intermediary obligations in cyber fraud cases. Sumeysh Srivastava, partner at the public policy firm The Quantum Hub, said these are “reasonable measures aimed at a real problem, but the route being taken is reshaping how platform obligations get set in India.” Compliance obligations of this kind are typically the product of consultation, rule-making and parliamentary oversight, he said. “Anchoring them instead in undertakings made before the Supreme Court collapses that process and shifts platform governance from a regulatory exercise into a litigation-driven one.” It also creates an asymmetry, he added, where commitments offered by the largest platforms become the de facto standard for an ecosystem that was never consulted. “The capability being created, particularly around device-level blocking, will outlive this particular problem.” The status report also urges the court to approve a standard operating procedure (SOP) formulated by RBI for placing temporary debit holds on suspicious accounts — a measure the court had flagged while noting delays by banks in responding to fraudulent transactions. The SOP provides for time-bound inter-bank coordination to track fund diversion across mule accounts, priority restoration protocols to return defrauded amounts, and automated red-flagging systems — potentially using AI — to detect abnormal transaction behaviour. The Centre wants uniform implementation across the country, arguing disparate practices undermine anti-fraud effectiveness. On the unresolved PMLA question, the status report asks the court to direct the Department of Revenue to expedite examination of using Section 12AA for cyber fraud and digital arrest-related transactions, and to frame the required rules. The Centre has requested the court to direct DoT to notify and operationalise the Telecommunications (User Identification) Rules alongside a Biometric Identity Verification System. These are designed to create a national-level database enabling real-time visibility into SIM issuance, cross-jurisdictional traceability of numbers used in frauds, and swift deactivation of flagged numbers. Meghna Bal, director at the Esya Centre, a technology policy think tank, said platforms should be allowed to innovate around solving for scams since “they are much closer to the problem and have a much better understanding of it than any government authority or agency would.” The emphasis on biometric linkage, she warned, risks excluding people whose biometrics cannot reliably be captured — such as those in hard manual labour with worn fingerprints — and that biometrics are also easy to forge, flaws already demonstrated in the Aadhaar context. The temporary debit holds suggested by RBI, she added, are “likely to create substantial problems for consumers and online and offline merchants alike.” The underlying issue, Bal said, is one of public trust: “The reason why digital arrest scams are so effective is because the scammers are able to weaponise fear of the State.” The status report flags the absence of a statutory framework for compensating victims — a significant gap given that cybercrime losses surged to ₹22,845 crore in 2024, a 206% jump from the previous year, with over 2.2 million incidents reported. The Centre has asked the court to seek a categorical response from the ministry of law and justice on whether fresh legislation is required. The Centre has also sought directions to MeitY to operationalise the long-pending adjudicatory framework under the IT Act, including a dedicated portal for complaints under Section 43, and to complete its examination of whether civil liability can be imposed on intermediaries whose failures contribute to cyber fraud. Apar Gupta, lawyer and founder director at the Internet Freedom Foundation, said “the concern here is constitutional, not technical.” Standardising device-level blocking and 180-day retention through a status report in a suo motu proceeding creates a de facto compliance regime that bypasses parliamentary sanction, he said, adding that this is happening alongside IT Rules that already go beyond the legislated powers under the IT Act. “Suo motu monitoring transforms judges into administrators,” Gupta said. “While tackling fraud is a legitimate objective, sanctioning surveillance and blocking infrastructure from the bench, without legislative deliberation, is not.”
