Current Affairs Topics Archive
International Relations Economics Polity & Governance Environment & Ecology Science & Technology Internal Security Geography Social Issues Art & Culture Modern History

Express Exclusive: Govt asks WhatsApp to block device IDs used in digital arrest scams

March 20, 2026 5 min read Polity & Governance Science & Technology GS2 GS3
On This Page

What Happened

  • The Ministry of Home Affairs' high-level inter-departmental committee directed WhatsApp to block all device IDs (hardware identifiers) associated with accounts used to perpetrate "digital arrest" scams.
  • Unlike account-level bans that fraudsters can circumvent by creating new accounts, device ID blocking targets the physical hardware, significantly raising the barrier for repeat offenders.
  • The government additionally directed WhatsApp to retain user data of deleted accounts for 180 days (as prescribed under IT Rules, 2021) to aid law enforcement investigations.
  • The Supreme Court, in February 2026, characterised digital arrest scams as "digital dacoity," prompting the MHA to constitute the high-level committee to address systemic gaps in banking and telecom security.
  • WhatsApp will also implement caller identification features similar to those on Skype, expand AI capabilities to detect impersonation and AI-generated content, and strengthen detection of harmful APKs.

Static Topic Bridges

Digital Arrest Scams: Modus Operandi and Scale

"Digital arrest" is a form of cyber fraud in which victims are contacted by scammers impersonating law enforcement officers (CBI, ED, Narcotics Bureau, customs officials, or police) via video call. Victims are told they are "under digital arrest" — a legally non-existent concept — for alleged crimes (drug trafficking, money laundering, NDPS violations) and coerced into paying large sums to avoid "prosecution." Scammers use deepfake video overlays, AI voice cloning, and fabricated virtual police stations or courtrooms to create convincing deception. Transnational syndicates operating from Southeast Asia (particularly Myanmar and Cambodia) coordinate large-scale operations, with proceeds routed through mule bank accounts and cryptocurrency.

  • The term "digital arrest" has no legal basis under Indian law — there is no provision in the CrPC, BNSS, or any statute for law enforcement to "arrest" someone remotely via video call.
  • Prime Minister Narendra Modi warned citizens about digital arrest scams in his "Mann Ki Baat" address in October 2024.
  • Victims have reported losses ranging from lakhs to crores; a retired IIT professor lost ₹1 crore in a single digital arrest incident in 2024.
  • Scammers typically target elderly and financially literate individuals — retired government officers, professors, businesspersons — who are more likely to comply with "official" pressure.
  • The Supreme Court's February 2026 "digital dacoity" characterisation signals judicial recognition of the scale and severity of the problem.

Connection to this news: The device ID blocking directive directly attacks the operational model of digital arrest syndicates, which previously relied on the ease of creating new WhatsApp accounts after old ones were banned — a cat-and-mouse dynamic the hardware-level block is designed to end.

The Information Technology Act, 2000 and Intermediary Liability Framework

The Information Technology Act, 2000 (IT Act) is India's primary legislation governing cybercrime, electronic commerce, and the obligations of digital intermediaries. Section 69A of the IT Act grants the Central Government power to direct blocking of information on any computer resource "in the interest of sovereignty and integrity of India, defence of India, security of the State, friendly relations with foreign States or public order." The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (IT Rules, 2021) significantly expanded intermediary obligations, including a requirement to retain user data for prescribed periods and cooperate with law enforcement.

  • IT Act, 2000: India's foundational cyber law; defines cybercrimes including identity theft (Section 66C), cheating by personation (Section 66D), and fraudulent digital transactions.
  • Section 69A: allows blocking of online content/accounts; used against 59 Chinese apps in June 2020 and against social media accounts under national security grounds.
  • IT Rules, 2021 (Rule 3): significant social media intermediaries (>5 million users) must retain user data for 180 days; appoint grievance officers; enable traceability of first originator.
  • IT Rules, 2021 (Rule 4): platforms must provide government access to information upon written order; platforms must deploy automated tools to proactively identify illegal content.
  • The 180-day data retention directive in the MHA order mirrors Rule 3's existing requirement — the government is specifically enforcing this against WhatsApp which had previously cited end-to-end encryption to resist data requests.

Connection to this news: The MHA directive operationalises Section 69A and IT Rules 2021 Rule 3 by requiring WhatsApp to move from reactive account removal to proactive device-level blocking — a significant escalation of the regulatory leverage India is exercising over social media intermediaries to combat organised cyber fraud.

Cyber Crime Governance in India: Institutional Architecture

India's response to cybercrime is organised through multiple overlapping institutional frameworks. The Indian Cyber Crime Coordination Centre (I4C) under the Ministry of Home Affairs serves as the nodal body for coordinating cyber crime response across states. The National Cyber Crime Reporting Portal (cybercrime.gov.in) enables victims to report incidents centrally. The Financial Crimes Investigation Unit (within I4C) focuses on cyber-enabled financial fraud. The Sanchar Saathi portal and the TAFCOP (Telecom Analytics for Fraud Management and Consumer Protection) system are telecommunications-specific tools to identify and block SIM cards used in fraud.

  • Indian Cyber Crime Coordination Centre (I4C): established 2018 under MHA; nodal body for coordinating cyber crime investigations.
  • National Cyber Crime Reporting Portal: cybercrime.gov.in — citizens can report fraud; portal processed over 4 million complaints between 2019–2024.
  • Citizen Financial Cyber Fraud Reporting and Management System: 1930 helpline (formerly 155260) for immediate reporting of financial cyber fraud within the "golden hour" of the transaction.
  • Sanchar Saathi portal: launched 2023 to detect and block SIM cards misused for fraud; reported blocking over 10 lakh suspicious connections by 2024.
  • The MHA high-level committee's scope covers banking, telecom, and social media intermediary coordination — reflecting that digital arrest syndicates exploit gaps across all three sectors.

Connection to this news: The government's WhatsApp directive is the latest action within the I4C-coordinated multi-sectoral framework for cyber fraud, specifically targeting the social media vector after earlier actions addressed telecom (SIM blocking via Sanchar Saathi) and banking (mule account freezing).

Key Facts & Data

  • "Digital arrest": legally non-existent concept; no Indian law permits remote arrest via video call
  • Supreme Court described digital arrest scams as "digital dacoity" (February 2026)
  • MHA high-level committee: directed WhatsApp to block device IDs and retain deleted account data for 180 days
  • IT Act, 2000 Section 69A: government power to block online content/accounts on national security or public order grounds
  • IT Rules, 2021 Rule 3: 180-day data retention obligation for significant social media intermediaries
  • Indian Cyber Crime Coordination Centre (I4C): MHA nodal body, established 2018
  • 1930 helpline: national helpline for financial cyber fraud immediate reporting
  • National Cyber Crime Reporting Portal: cybercrime.gov.in — processed 4 million+ complaints (2019–2024)
  • Sanchar Saathi portal: blocked 10 lakh+ suspicious SIM connections by 2024