.png)
Dr. Srinath Sridharan is a Corporate Advisor & Independent Director on Corporate Boards. He is the author of ‘Family and Dhanda’.
Anand Venkatanarayanan is co-founder and Chief Technology Officer at DeepStrat
December 12, 2025 at 5:33 AM IST
A growing argument in public discourse suggests that SIM binding for messaging platforms is a necessary evil — a hard but unavoidable trade-off between personal privacy and national security. According to this view, the real debate is not whether to bind SIM identities to messaging accounts, but with what guardrails, particularly since the state can already track mobile phones, collect metadata, and may one day use quantum computing to crack encrypted communication.
The SIM-binding mandate, however, is not a procedural privilege the state grants itself; it is a structural redesign of India’s digital ecosystem. Such a redesign demands evidence, proportionality, and technical coherence.
The most striking gap is the absence of any evidentiary or analytical link between the threats of cybercrime invoked and the important policy discussions:
- A mandated government root app on all devices (now withdrawn)
- SIM binding for messaging platforms.
Without this linkage, SIM binding promotes what can only be described as a form of “Bahubali jurisprudence”: the idea that law is whatever the sovereign declares it to be, without rational nexus, proportionality, or evidentiary grounding.
To expose the logical fallacy, consider analogous propositions:
- Everyone should talk less because speech might enable bad actors.
- Everyone should eat less because food consumption could facilitate harmful actions.
There is no causal bridge between the restriction and the alleged threat. The same is true of the claim that reducing privacy for all Indians will meaningfully curb digital crime.
This reasoning is rooted in a pre-Bill-of-Rights worldview, where the ruler’s powers are presumed absolute, justified by the divine or sovereign entitlement. Such thinking was unsuitable for 15th-century Europe; it is utterly unfit for a 21st-century India of 1.5 billion people.
Technical Infeasibility
The directive of SIM binding also overlooks technical incoherence. Modern operating systems - Apple’s iOS and Google’s Android - deliberately prevent apps from accessing permanent device identifiers (IMEI), SIM identifiers (IMSI), and phone numbers, except for telecom operators. These restrictions exist to prevent tracking, spoofing, device compromise, and privacy breaches.
Mandating SIM binding therefore means legislating a capability that the underlying technology stack explicitly prohibits.
- Business messaging — which relies on server-side orchestration and APIs — would malfunction.
- Travellers, SIM switchers, and users replacing lost phones would be locked out.
- Enterprises would face operational chaos across customer support, logistics, and authentication processes.
Two decades of real-world data show that strong encryption works, and that governments oppose it primarily because it prevents surveillance, not because it is ineffective.
Messaging platforms have already begun transitioning to Post-Quantum Cryptography (PQC), anticipating future threats long before quantum machines are operationally viable for cryptanalysis.
End-to-end encryption has also emerged after cryptographers responded to the decade-long mass-surveillance excesses revealed in the Snowden disclosures. The Signal Protocol, today’s gold standard, was created explicitly to rebalance power between citizens and the state.
An analogy helps clarify the point: imagine the world discovering a safe, healthy banana recipe that governments refused to share, preferring an inferior diet whose side-effects they could trigger at will. Citizens would naturally adopt the better recipe. That is precisely what happened with encrypted messaging.
Unable to roll back this shift, many governments turned to unauthorised spyware - even though major platforms already provide metadata to law enforcement, including group affiliations, contact patterns, and message frequency. As a former NSA chief had stated, “We kill based on metadata.”
Thus, the state already holds the balance between privacy (content) and surveillance (metadata). What it lacks is not access, but investigative capacity—the discipline to gather evidence, analyse it rigorously, and prosecute cases effectively.
Unable to build this capacity at scale, the state should not appear in haste, and seemingly preferring a jugaadu shortcut: compelling technology companies to undermine their own products, framed as patriotism and necessity.
This is what may be termed the “If everyone listens to Father, no child will be harmed” doctrine — a framing device that diverts attention from the absence of correlation between state directives and the persistence of cybercrime, now as pervasive as polluted air in Indian cities.
Perhaps the most revealing flaw is that SIM binding is rarely defined. For a proposal of such magnitude, there is no clarity on:
- what binding technically entails,
- how it interacts with OS-level restrictions,
- how it coexists with end-to-end encryption,
- how it affects multi-device functionality,
- how it aligns with global digital identity frameworks, or
- how it emerged historically alongside the evolution of messaging apps and encryption from fringe ideas to global norms.
SIM binding rests on a false binary: that one must choose between privacy and security. India need not accept this choice. A confident digital nation requires:
- privacy-preserving authentication mechanisms,
- transparent policy consultation,
- institutional investigative capacity, and
- technically coherent regulation grounded in global best practice.
Security must be created with citizens, not extracted from them.
India does not need to weaken its digital foundations to strengthen its national security. It needs to strengthen its institutions, its processes, and above all, its commitment to constitutional modernity.
More From BasisPoint
