India Pushes Ahead with New Cybersecurity Rules For VPN Service Providers
Last month, the Indian Computer Emergency Response Team (CERT-In) proposed a set of cybersecurity regulations obliging VPN and cloud service providers to keep track of customers’ names and IP addresses. Indian authorities suggested providers who refuse to comply with the new rules pull out of the Indian market.
The new set of rules, called the Cyber Security Directions, requires concerned parties to collect and store customers’ names, IP addresses, email addresses, financial transactions, and know-your-customer (KYC) records for five years.
In an FAQ document, the government agency said the Cyber Security Directions of 28.04.2022 apply to “service providers, intermediaries, data centers, body corporate, Virtual Private Server (VPS) providers, cloud service providers, VPN Service providers, virtual asset service providers, virtual asset exchange providers, custodian wallet providers, and Government organizations.”
The document says the regulations won’t affect individual citizens, and won’t apply to enterprise and corporate VPNs.
Several VPN providers, including NordVPN, ExpressVPN and ProtonVPN, expressed concerns. The consensus seems to be that the new regulations are “an assault on privacy,” and they “threaten to put citizens under a microscope of surveillance.” ProtonVPN stated it will remain committed to its no-logs policy, while NordVPN said it might pull out of India if it has “no other options.”
Rajeev Chandrasekhar, India’s junior IT minister, said VPN providers who want to cloak the identity of their customers “will have to pull out.” He added that no public consultation will be held on the new regulations.
These regulations were adopted in the wake of several large-scale data breaches that hit Indian companies. However, leaving VPN providers unable to conceal the identity of their customers runs counter to their very purpose. VPN services exist to offer customers peace of mind and safe keep their privacy against any form of violation, including governmental surveillance.
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data
May 24, 2022
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight
April 15, 2022
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users
April 14, 2022
Why and how to hide your IP address while traveling
April 13, 2022
How Bitdefender Can Help Restore Your Privacy in the Digital Age
April 04, 2022
How Strong is VPN Encryption?
February 28, 2022