INDIA’S NEW VPN RULES

INDIA’S NEW VPN RULES

|
May 10, 2022 - 10:22 am

Govt. Mandates VPN Providers To Store User Logs For Up To 5 Years


    Back in 2021, the Indian government proposed a law that would ban VPNs in their entirety. Nothing seemingly came of it for a while, but now, a milder, more terrifying version of the bill has resurfaced. The government of India has asked the Virtual Private Network (VPN) or cloud services providers in the country to collect and store “extensive and accurate” data of their customers for five years. As per reports, the directive has been issued by the Indian Computer Emergency Response Team (Cert-In) under the new cybersecurity policy from the Ministry of Electronics and Information Technology. This has resulted in these service providers being worried about their position and major companies like NordVPN have also considered leaving the country if they don’t get privacy to serve their customers. VPN service providers have said the new directive would mean a total loss of privacy for the users–one of the most important unique selling points of such services.

    The policy that’s expected to go into effect in June 28, 2022 has also listed cryptocurrency exchanges and data centres under its provision. The directive asks VPN companies to keep user info even after the user no longer has an account with the service provider. They’ll be asked to store user names, IP addresses, usage patterns as well as other kinds of identifiable information. CERT-In is doing so to deal with a bunch of vulnerabilities including fake mobile apps, data breaches, unauthorised access to social media accounts and others.

     VPN or “virtual private network” is a service that helps internet users stay private online by hiding their IP addresses. VPN establishes an encrypted connection between the user’s computer and the internet, providing a private tunnel for their data, making them anonymous and blocking anyone from tracking their movements like where they are going or what they are doing. It is the IP address– a special number unique user’s internet network–  that helps websites, law enforcement agencies, cybercriminals or anyone else looking into an individual’s internet activities and track down their accurate location. Without a VPN, the user’s IP address is visible to the web. VPNs obscure the user’s internet usage by jumping the signal off multiple servers.

     The government is applying these provisions to keep in check a total of 20 vulnerabilities including unauthorised access of social media accounts, IT systems, cyber attacks of any kind.  Essentially, it doesn’t want bad actors online to have this invisibility cloak thinking they can get away by doing all the wrongs. By allowing access to VPN data, cybercrime teams can lock down on potential bad actors a lot more effectively -- something that would be almost impossible without it. The list doesn’t really include visiting banned websites, including those that stream pornography or illegal torrent websites. But this data would also be reflected if VPNs are to store all of your browsing histories. 

     India has been one of the biggest markets for VPN service providers and ranks second globally according to a report. This is due to the ever-growing internet censorship in the country. A report suggests that around 45% of users in the country rely on a VPN and hence the latest released order raises a lot of questions for the VPN service providers in the country. The governments new diktat comes at a time when VPN use has soared in the country due to increased digital habits during the pandemic and due to adhoc internet shutdowns by the government. As per advocacy group Access Now, government-imposed internet disruptions in India make up over 60% of the global shutdown.

    Though it is unclear how the Centre plans to use the users’ VPN data, but, the move would make it easier for the law enforcement agencies to track criminals who use VPNs to hide their internet footprint. However, the users’ data and also be easily missed by the government and its agencies to suppress dissent. In the past, VPNs have been of vital importance in countries that try to suppress dissent. By using VPNs, dissidents are able to spoof their location and stay safe. Moreover, the government can also take action against users accessing content that is banned in India using VPNs, such as the game PUBG Mobile.

Questions and Answers Questions and Answers

Question : When did the Indian government propose a law that would ban VPNs in their entirety?
Answers : 2021
Question : How long has the government asked the Virtual Private Network (VPN) providers to store user logs?
Answers : 5 years
Question : Who issued the directive under the new cybersecurity policy from the Ministry of Electronics and Information Technology?
Answers : Cert-In
Question : What does the directive ask VPN companies to keep user info even after the user no longer has an account with the service provider?
Answers : They ll be asked to store user names, IP addresses, usage patterns as well as other kinds of identifiable information
Question : What is a VPN or cloud service provider in India?
Answers : Virtual private network
Question : What is a service that helps internet users stay private online?
Answers : Hide their IP addresses
Question : What is an encrypted connection between the user's computer and the internet?
Answers : VPN
Question : What is a special number unique user's internet network that helps websites, law enforcement agencies, cybercriminals and anyone else looking into an individual ?
Answers : IP address
Question : What do VPNs obscure the user's internet usage?
Answers : Jumping the signal off multiple servers
Question : What country has been one of the biggest markets for VPN service providers?
Answers : India
Question : What is the reason India ranks second globally for VPN service providers?
Answers : Evergrowing internet censorship