Saturday, June 25, 2022
HomeTechnologyVPN: Why Indians are concerned about the new rule?

VPN: Why Indians are concerned about the new rule?

Virtual private networks or VPNs, which encrypt data and give users anonymity online, have witnessed a spike in usage in India. In the past few years, the Indian government tightened its control on the internet to limit opposition as more people began working from home.

Some providers are already leaving India, while others are contemplating it ahead of new restrictions that the government claims are intended to enhance cybersecurity. The companies warn they are prone to misuse and might put customers’ data in Danger.

New laws governing VPN user data are set to take effect later this month, especially in light of Rajeev Kumar, Minister of State for Information Technology.

Despite Chandrasekhar’s severe warning to operators to comply with Indian legislation or leave the nation, most of them chose to pull the plug on India rather than compromise on their core purpose of providing customers with privacy.

Virtual private network providers, who encrypt data and give users online anonymity, protest and criticize the government’s recent directive requiring them to gather and send over user data “when needed.”

How to Test Whether Your VPN Is Working (and Spot VPN Leaks)Who uses VPN, and why do they do so?

VPNs encrypt user information while providing them with an IP address in their chosen nation on the internet. They hide users’ identities by assigning a temporary IP address to their device hosted on a distant server.

Businesses use most of them, but activists, journalists, attorneys, and whistleblowers also use VPNs to access restricted websites, safeguard their data and conceal their identities.

Some providers are already leaving India, while others are contemplating it ahead of new restrictions that the government claims are intended to enhance cybersecurity. The companies warn they are prone to misuse and might put customers’ data in danger.

VPNs – What you need to know - UK Safer Internet CentreWhat are the new VPN rules?

In April, the Ministry of Electronics and Information Technology’s Computer Emergency Response Team (CERT-In) announced a new order requiring VPN companies to gather and preserve user data for five years. According to CERT-In, it is necessary to be able to investigate potential cybercrime.

Customers’ identities, ownership patterns, contact information, and the purpose for why they are employing these services must be registered alongside VPN providers’ data centres, cloud service providers, and cryptocurrency exchanges, according to the study.

Unless the compliance deadline is extended, the new standards will take effect on June 27. The overarching purpose of the directive is for CERT-in to be able to react to cyber events within six hours of their detection.

Data breaches, phony mobile applications, server infrastructure attacks, and even unauthorized access to a user’s social media accounts must be reported under the CERT-In. Organizations that fail to give the relevant information are also subject to Section 70B (7) of the IT Act, which entails a one-year jail penalty.

Is cybersecurity worth it at the expense of cyber privacy?

The Indian Computer Emergency Response Team (CERT-In) issued rules requiring VPN service providers to keep logs of users, including their real names, IP addresses, usage patterns, and other identifying data, for five years – even after they stopped using the service – claiming that the government had the right to seek VPN records to combat cybercrime.

Privacy advocates and VPN providers such as NordVPN, SurfShark, and ExpressVPN vehemently oppose the regulations. However, according to CERT-In, the new restrictions will not apply to commercial and corporate virtual private networks.

Non-compliance with the new legislation may result in VPN firms being shut down and CEOs facing up to a year in jail.

Technology companies are concerned about the compliance burden and reporting timeline. Still, some observers see this as part of a more significant trend in which governments worldwide are tightening their grip on the flow of information online to control dissent and monitor citizens’ activities.

One big company has already changed its business strategy due to the new laws. ExpressVPN, one of the world’s major VPN companies, has pulled its servers out of India, claiming that “the new data regulation established by CERT-In, meant to assist combat cybercrime, is incompatible with the objective of VPNs, which are designed to keep users’ online behavior secret.”

Customers of ExpressVPN will still be able to connect to VPN servers in Singapore and the United Kingdom that will supply them with Indian IP addresses.

US citizens worried about online privacy but won't act - Smart Cities WorldIs everyone in Danger?

India isn’t the only government enforcing restrictions on VPNs. Last year, Russia blocked many VPN providers as part of a broader effort that opponents say restricts internet freedom, but it did not completely stop them.

After Russia invaded Ukraine, it began blocking global news sites and social media platforms, akin to China’s “Great Firewall,” raising fears that the internet is dividing along geopolitical lines, digitally isolating people.

According to Prateek Waghre, policy director at the Internet Freedom Foundation, a digital rights advocacy group in Delhi, India’s new order was drafted with minimal engagement with the IT sector or civil society organizations.

“As a result, there are now a lot of confusing directives with a huge compliance cost, including the possibility of incarceration for non-compliance,” he stated.

He said that the guidelines could inflict a lot of damage, especially in the absence of data protection legislation.

“While there is a genuine need for increased cybersecurity when you call for indiscriminate data collecting, everyone is at danger – and those already at risk, such as activists, journalists, dissidents, and minorities, are at much greater risk,” he added.

The World's Most Famous and Best Hackers (and Their Fascinating Stories)VPN criticism and the government’s stance

The business also said that it would continue to battle to keep consumers connected to the open, free internet with privacy and security regardless of their location, emphasizing privacy and freedom of speech.

CERT issued new instructions in April requiring service providers to record their customers’ identities and IP addresses and use trends and other data.

In terms of VPNs, most big VPNs have criticized the government’s new laws.

Surfshank, located in the Netherlands, also said that it was looking into the potential of filing a legal challenge to the orders.

In response to this criticism, Rajeev Chandrasekhar, Minister of State for Information Technology, said that VPN service providers are “free to leave India” if they do not wish to follow the new directives.

He further said that these new paths would not affect the company’s viability.

He said that the work done on the internet might be both beneficial and harmful. We have developed cyber security rules to provide a safe and trustworthy platform. The sole limitation is that if VPN is used for criminal purposes, VPN providers will be required to collaborate and disclose the data of the criminal.

Edited by Prakriti Arora



Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular

Recent Comments

%d bloggers like this: