The Indian government recently passed a rule requiring all VPN service providers to collect and store user data for five years, contrary to the primary mission of most such networks.
Now VPN providers are up for a fight with the authorities over new rules that will change the way they operate in India.
new rule
New directive from Indian Computer titled “Instructions under sub-section (6) of section 70B of the Information Technology Act, 2000 relating to information security practices, procedure, prevention, response and reporting of cyber incidents for secure and reliable Internet” The Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology was released on April 28.
According to the government, VPN providers have two months to comply with the laws and start data collection.
The reason given by CERT-in is that it requires the ability to investigate potential cybercrime, but VPN companies disagree, with some saying they will disobey orders.
Cybersecurity expert Sandeep Kumar Panda, CEO and co-founder of InstaSafe, told News18: “While everyone is still waiting for a clear data privacy law in this country, new ones like this have been quietly released. Instruction requires launching an array of technology companies. User data logging is causing more confusion among service providers.”
Currently, different service providers have different policies and take on user data, he said. “Some of the biggest VPN companies state that they collect only minimal information about their users and also allow methods for their users to remain largely anonymous. So, their internal rules are now set to bring them into conflict with the IT ministry,” he explained.
Panda said that the list of data points that the government has directed to be stored is quite long as storing these data points for such a long period will cost the VPN vendors huge as they will have to store them in the cloud. Moreover, these guidelines would also require them to change their product which would be a big nuisance for VPN providers, he said.
according to a report by wiredMany VPN providers also expressed similar concerns regarding the new directive. For example, ExpressVPN’s vice president Harold Lee said the company would never log user information or activity, and would change its operations and infrastructure “to preserve this principle if necessary”.
Additionally, Surfshark told Wired that the VPN provider can no longer comply with India’s logging rules because it only uses RAM servers that automatically overwrite user-related data, while ProtonVPN said That even though it is monitoring the instructions, it is committed to its no-logs policy and to protect the privacy of its users.
Similarly, Nord Security said it will remove servers from India if no other option is available. It should be noted that Nord Security is the developer of Nord VPN, one of the most popular VPN services in India.
how does vpn work
A VPN, or Virtual Private Network, connects a user to the Internet in a secure and encrypted manner. It enables users to hide their browsing history, IP address and geographic location as well as their web activities and devices.
To better understand the importance of VPNs, we can take a look at China – where authorities control internet access domestically through a censorship system known as the “Great Firewall”. In that country, both expatriates and native Chinese citizens use VPN services to securely access blocked websites and mobile apps such as Facebook, Gmail, Google+, YouTube, WhatsApp and Western news media.
Now the new rules regarding such services in India are causing great concern.
The industry is not satisfied with the directive which states that VPN providers will be required to keep valid client names, their physical addresses, email details, phone numbers and reason for using the service, along with the dates they have used the service . and their ownership patterns.
As per the document released by CERT-In, VPN service providers are also asked to keep a record of users’ IP address and email details while registering the service along with the timestamp of registration. They have to keep track of all the IP addresses assigned to customers as well as the list of IP addresses that consumers use frequently.
Apart from VPN providers, data centers and cloud service providers will also have to comply with these rules.
However, as reported, non-compliance with these rules, which according to the authorities are necessary from the security point of view, can lead to a jail term of up to one year.
Venkatesh Sundar, who is the co-founder and CMO of IndusFace, a leading Tata Growth Capital funded SaaS company, told News18: “While the reasons for implementing it with respect to the VPN service are understandable, I think the move are directly conflicting. and contrary to the basic purpose and benefits of a VPN for legitimate purposes.”
This move, he said, directly attacks the core advantage of offering a VPN service to its users and why users chose to use a VPN service (for their own security and privacy and not just for illegal stuff). “I can see why this has triggered an immediate extreme reaction of VPN providers to leave the country. I personally feel, there could have been a better middle way – that is to allow VPN providers to comply with the laws and policies of restricted sites and not be able to provide them access to services that are restricted in the country . Said beautiful.
It is easier for any VPN service provider to verify if they are breaking the law and thus would be forced to ensure better responsible behavior from VPN providers that, while giving them the advantage of user privacy, can be used to circumvent laws. Because they have a single country-specific policy restricting access in place, he said.
“I think it could have been a better middle ground rather than the latest one which is an extreme step that hits the core of the real value from VPN service providers and many more completely in order to maintain their privacy and security for users. Legitimate matters and benefits to be had. Legal and lawful things on the Internet.” he adds.
read all Breaking News , today’s fresh news And IPL 2022 Live Updates Here.