Govt investigating reported Tata Electronics data leak, seeks explanation from WhatsApp over username feature: MeitY Secretary
New Delhi, July 3
The government has sought an explanation from WhatsApp over its username feature, saying it could facilitate cybercrime, while also investigating the reported data leak allegations involving Tata Electronics, Secretary, Ministry of Electronics and Information Technology, S. Krishnan said on Friday.
Speaking on the sidelines of a CII Conference, Krishnan responded to an ANI question on government's concerns over WhatsApp, Signal and Telegram username feature, "The kind of encouragement that it provides or the facility it provides for committing more cybercrimes, which is a very serious issue... we have directed WhatsApp to explain why they have this feature and likewise we have similarly sought explanations from others," he said.
The government's concerns come amid growing scrutiny of username-based messaging features on encrypted platforms, with officials examining whether such functionalities could make it easier for cybercriminals to conceal identities, impersonate users or evade detection during online fraud and other cyber offences.
Responding to another ANI question on the reported Tata leaks, Krishnan said, "This is also a kind of cybercrime. We are investigating it....It has been reported to us."
The remarks come amid reports alleging a data leak involving Tata Electronics, a major supplier in Apple's global manufacturing supply chain that produces iPhone components in India.
Reports have claimed that sensitive internal information linked to the company was leaked online by threat actors. The government is examining the reported incident to ascertain its nature, extent and possible cybersecurity implications.
Responding on whether WhatsApp had sought additional time to respond to the government's queries, Krishnan said, "Not that I am aware of."
On whether the government was considering a legal framework for Virtual Private Networks (VPNs) to prevent users from accessing banned applications, Krishnan said the issue required both legal and technological interventions rather than relying solely on legislation.
"That is a techno-legal aspect. We have to look at both a technology solution in addition to just a legal solution," he said.
Krishnan said existing guidelines already require VPN service providers to register if they operate in India. However, he noted that some providers choose not to register and instead offer services from outside the country, making enforcement more challenging.
"There is a requirement even under certain guidelines currently for VPNs to register. What happens is many of them choose not to register. They offer it from elsewhere and it is offered at the software level and therefore we have to find technology-based solutions to address this," he said.
The MeitY Secretary said the government was examining the issue from both legal and technological perspectives to ensure that restrictions on applications are implemented effectively while addressing challenges posed by services operating outside India's jurisdiction.
— ANI
Reader Comments
The username feature actually helps with privacy - I don't want to share my phone number with strangers. But I understand the government's concern about cybercrime. Maybe there's a middle ground where platforms can offer usernames while still cooperating with law enforcement when there's genuine criminal activity.
Data leak at Tata Electronics? 😱 That's huge! Apple supply chain mein itna sensitive data bina secure karke? Hope government investigates thoroughly. Also, MeitY should ensure VPN regulations are practical - not everyone using VPN is a criminal, some use it for legitimate privacy needs in this digital age.
Good that the government is asking questions, but I think there's a risk of overregulation. WhatsApp username could actually reduce scams if implemented correctly - scammers won't be able to scrape phone numbers. The key is proper implementation with KYC-like verification for usernames used in business transactions.
Ye VPN wala point interesting hai - "techno-legal approach" bola hai. Actually sensible hai, pure law se kaam nahi chalega jab services bahar se operate kar rahi hain. Par data protection bill ka kya hua? Ruko kab tak? Common citizen ko clear framework chahiye for data privacy and protection. 😤
We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.