IAS Gyan
X

Daily News Analysis

INDIA’S NEW VPN RULES

27th June, 2022 Science and Technology

Disclaimer: Copyright infringement not intended.

Context

  • India’s cybersecurity agency passed a rule mandating Virtual Private Network (VPN) providers to record and keep their customers’ logs for 180 days.

 

What is a VPN?

  • VPN stands for Virtual Private Network. Using a VPN is an easy and efficient way to increase your online safety, privacy and freedom.
  • When a user using the internet, there is a constant process of the user’s device exchanging data with other parties on the web. A VPN creates a secure tunnel between the user’s device (e.g. smartphone or laptop) and the internet. The VPN allows the user to send data via an encrypted, secure connection to an external server: the VPN server. From there, user’s data will be sent onward to its destination on the internet.
  • Rerouting internet traffic through a VPN server has several advantages. First, it helps the user hide her identity online. Second, it secures user’s data. And third, it allows the user to use the internet more freely.

 

In a nutshell,

  • A virtual private network, or VPN, is an encrypted connection over the Internet from a device to a network. The encrypted connection helps ensure that sensitive data is safely transmitted. It prevents unauthorized people from eavesdropping on the traffic and allows the user to conduct work remotely. VPN technology is widely used in corporate environments.

How does a virtual private network (VPN) work?

  • The VPN software on the user’s computer encrypts user data traffic and sends it to the VPN server through a secure connection. The data also goes through your Internet Service Provider, but they can no longer snoop because of the encryption.
  • The encrypted data from user’s computer is decrypted by the VPN server.
  • The VPN server will send your data on to the internet and receive a reply, which is meant for you, the user.
  • The traffic is then encrypted again by the VPN-server and is sent back to the user.
  • The VPN-software on user’s device will decrypt the data so that user can actually understand and use it.  

    

                                                                                                          

Significance of VPN

  • An increasing part of our lives takes place online. We do our banking, keep in touch with friends, check our medical records and work online. It’s important that all this information about us doesn’t just end up on the street.
  • If we do not secure your internet connection, we run the risk that hackers, governments, your internet provider, websites, our employer and others hijacking our data. A VPN shields our data from all these groups.

  • A VPN might not offer complete guaranties that our data will never be hacked. However, a VPN will considerably lessen the chance that anyone can see your personal data, browser history and other online activities.

 

India’s new VPN rules at a glance

  • India’s cybersecurity agency CERT-In passed a rule mandating Virtual Private Network (VPN) providers to record and keeps their customers’ logs for 180 days.
  • It also asked these firms to collect and store customer data for up to five years.
  • It further mandated that any cybercrime recorded must be reported to the CERT-In (Computer Emergency Response Team) within six hours of the crime.

 

Note: The rules are applicable to “any entity whatsoever” in the matter of cyber incidents and cyber security incidents, regardless of whether they have a physical presence in India or not, as long as they deliver services to Indian users.

Who all will be affected by the new rules?

  • CERT-In directions are applicable to data centres, virtual private server (VPS) providers, cloud service providers, virtual asset service providers, virtual asset exchange providers, custodian wallet providers and government organisations. Firms that provide Internet proxy-like services through VPN technologies also come under the ambit of the new rule. Corporate entities are not under the scanner.

 

What are the repurcussions of the government's move?

Money laundering will become tough

  • Stolen identities and banking fraud are very real concerns. While privacy is important for both VPN service providers and users to avoid being tracked, the government's move will help to trace anti-social elements and cybercriminals indulging in various heinous activities online.
  • The new regulation will also shut door for money laundering as with the rise in digital banking, VPNs were playing a big role in opening rooms to such illegal activities.

 

Bank frauds and scams will dip

  • India as a nation will definitely see a dip in cases with regard to bank frauds and scams due to the implementation of the new VPN regulations. Fraudsters and scammers will not be able to hide behind the mask of a VPN henceforth, and will be exposed for the crimes that they commit. The regulations will bring in much needed accountability and stability in the banking sector.

 

Concerns

User privacy

  • While VPNs will still remain legal, it will now be regulated in India. Moreover, VPN users are now at the risk of being targets of surveillance and loss of privacy.
  • 9 million Indians have had their accounts breached since 2004. The concern is that collecting excessive amounts of data within Indian jurisdiction without robust protection mechanisms could lead to even more breaches.
  • Users' ability to rely on the privacy and anonymity offered by VPNs, data centers and cloud storage facilities for genuine and legitimate activities, may also be impacted.
  • The new VPN Rules could potentially violate the “Right to Privacy” of the customers, as enumerated under Article 21 as the rules direct the VPN providers to keep the personal data of users for 5 years or longer and the violation of which may tantamount to fine or jail term.
  • The VPN providers will have to amend their privacy policy and such unilateral amendments, post execution of contract, may violate the basic principles of Contract Act which may hamper the rights of the users.

 

Final Thoughts

  • The security of a few internet users should not come at the cost of the privacy of the rest. Government needs to implement a robust data protection mechanism before introducing rules that mandate the collection of personal data by the service providers. The long-awaited data privacy bill needs to come into force effectively.

 

https://epaper.thehindu.com/Home/ShareArticle?OrgId=GQC9VFTAH.1&imageview=0

Download PDF
play-store
Our Study Materials

About Us

Resources

Help Centre

Legal Stuff