A “worrying” order from the Indian government requesting that virtual private network (VPN) operators gather and turn over user data is being resisted and criticized by the providers. The Computer Emergency Response Team (CERT-In) of the Indian government issued the directive on April 28, and it may result in VPN providers completely leaving the nation.
To aid in the investigation of suspected cybercrime, it mandates that all VPN providers operating in the nation retain user data for at least five years and report cyber events within six hours. In the meantime, if you want to feel safe and secure, check out the best VPNs we offer for march 2023.
In two months, the new regulations are anticipated to go into force. India might join nations like North Korea, Russia, and China where ISPs have either never had a presence or have removed their servers if the directive goes into force.
Users may access an IP address on the internet in the nation of their choice while having their data encrypted through VPNs. By swapping the IP address of the user’s device with a transient one housed on a distant server, they conceal users’ identities.
The new regulation calls for accurate and thorough user data registration from all Indian customers by VPN providers.
These details include users’ legitimate identities, duration of usage, assigned IPs, email addresses, time stamps from registration, legitimate addresses, and legitimate contact numbers for at least five years, even if users terminate their subscriptions.
ExpressVPN and ProtonVPN are two more service providers who have expressed their worries and mentioned that they may decide not to comply.
“The new Indian VPN regulations are an assault on privacy and threaten to put citizens under a microscope of surveillance. We remain committed to our no-logs policy,” Proton VPN shared with its customers about residing in high-risk countries.
ExpressVPN vice president Harold Li told Wired that the action taken by the Indian government “represents a troubling attempt” to restrict the citizens’ digital liberties and said that the firm will never track user data or activities.
Concerns over the proposed action have also been voiced by human rights organizations.
Amnesty International’s India branch recently made a tweet and criticized the law, stating that “digital anonymity which has been instrumental in protecting the rights of journalists, activists, and students who have faced a relentless crackdown for speaking truth to power.”
They also added that having privacy in the world wide web is just as important as any other privacy concern and international human right.
However, Indian officials insisted that the policy is intended to fight the rising threat of cybercrime faced by residents rather than stifle freedom of expression and privacy.
According to a new survey by Dutch VPN service provider Surfshark, over 675,000 Indian customers had breached this quarter, while 1.77 million users’ data was taken in the fourth quarter of 2021, keeping India among the top five countries targeted by hackers.
While the new directive says government organizations would only want these VPN records when absolutely needed for an inquiry, there are worries about the exploitation of the laws.
The new rule also appears to represent India’s departure from a free and transparent democracy, where there have already been increasing levels of repression against activists, journalists, and charitable organizations.
The nation saw the most number of intentional internet outages in the world in 2021 with 106. According to Reporters Without Borders, India has dropped eight places in a year and is currently ranked 150th out of 189 nations in the Press Freedom Index.