While the move is aimed at strengthening "cyber security", it raises an important question of user privacy as VPNs are generally used to conceal information. VPN services don't store logs of user activities and users usually use VPNs to hide their IP address from their Internet Service Providers (ISPs) and other third parties.
According to a directive from the Ministry of Electronics and Information Technology’s cyber arm Computer Emergency Response Team (CERT-In), details must include names, addresses, contact numbers, and email addresses of customers hiring the services, period of hire, IPs allotted to them, the time stamp used at the time of registration, the purpose for hiring services and ownership pattern of the customers.
The mandate applies to Virtual Private Server (VPS) providers, VPN service providers, cloud service providers, and data centers.
The order from CERT-In, which serves as the national agency that analyses cyber threats, will become effective after 60 days and the service providers may face action if they fail to provide users' information.
In a detailed statement put out on Thursday afternoon, the Internet Freedom Foundation, a New Delhi-based digital rights advocacy group, said that the rules were “excessive” and would harm the “individual liberty and privacy” of VPN users.
“Such excessive requirements for collecting and handing over data will not just impact VPN service providers but VPN users as well, harming their individual liberty and privacy. Here, it is also important to notice that it remains unclear how the 5-year period of data retention for VPNs will help in increasing cyber security,” it said in a statement.
However, this does not mean users in India will not be able to continue using these services but here's how it may impact users and VPN providers:
A Virtual Private Network (VPN) creates a secure private network from a public internet connection. Simply put, VPNs help you hide your internet protocol (IP) address so your online actions are virtually untraceable.
A VPN encrypts your connection to provide greater privacy as it prevents others from seeing the data you’re transferring. It hides you digital activity, including the search history, links you click or the files you download.
This keeps your data secure from any spying attempts, hackers, and cybercriminals, particularly on free public Wi-Fi networks.
A VPN encrypts your network traffic and disguises your network identity using its servers all over the world. This makes it almost impossible for third parties to track your online activities and steal your data.
The users' data will become vulnerable once the directive comes into effect.
The very idea to use a VPN is to prevent your information from being logged and people buy premium plans to save their data from being picked by companies and third parties for targeted ads and other use.
Several students, techies, journalists, activists, and business persons use VPNs to protect their data.
It's also not clear how the government may use this data and it also spells trouble for people who use VPNs to access content blocked in the country.
The global VPN market is predicted to reach 35.73 billion dollars by 2022 with more and more people using VPNs every day.
However, some dubious VPN providers have also emerged recently, which help users to access restricted content.
After India banned 59 Chinese apps, including Tik Tok, a few VPNs were reportedly offering access to these apps.
However, VPNs mostly help journalists and activists to spread information in countries that put several restrictions and curtail information flow.
Amid the war with Russia, some of the VPN providers in Ukraine were offering free cybersecurity tools to journalists working in the country.
ProtonVPN pledged support to affected journalists within the country. ExpressVPN reminded its audience of its Press Room project open to journalists, civic society, and non-profit organizations seeking safer internet connections.
Other providers, including TunnelBear and Windscribe, were offering more free connection data for journalists.
Activists have been employing novel, inventive, and old-school strategies to get Ukraine facts past the Russian propaganda block since the beginning of the Russia-Ukraine war. Ukrainian firms are using their own applications to inform Russians about what's happening. Since the beginning of the conflict, the usage of virtual private networks, or VPNs, has exploded in Moscow.
Citizen journalists also use VPNs as it helps them to conceal their identity and hide their location online. They also ensure online communication is encrypted, thereby preventing governments from monitoring citizen journalists’ reporting.
Syria has in place several restrictions which led several journalists and citizens to bypass them using VPNs.
NordVPN, one of the world’s largest VPN providers, may pull out of India after the directive, Entrackr reported.
“We are committed to protecting the privacy of our customers therefore, we may remove our servers from India if no other options are left,” it quoted Patricija Cerniauskaite, a spokesperson for NordVPN’s parent Nord Security, as saying.
Privacy is the main reason people buy premium subscription plans from VPN providers and after the directive comes into effect, it may result in a loss in business for companies at the same time, some may have to stop operations in India.
Generally, VPNs are legal to use in most countries but some countries put restrictions citing "protection". The ISPs and governments find it hard to track and monitor the activities of VPN users and hence partial regulations or complete bans are often considered by countries.
Companies such as Nord VPN and Express VPN have removed their physical services from Russia and China after the countries tightened their rules.
China made the use of all VPNs illegal, except for government-approved service providers. In 2017, Russia enacted a law banning VPNs in the country, raising criticisms about eroding Digital Freedoms in the country. The move is just one among a number designed to increase government control over the Internet.
Countries like Belarus, China, Iraq, North Korea, Oman, Turkey, Turkmenistan, etc. have banned VPNs. While it's partially regulated in countries such as UAE.
On the other hand, VPNs are legal in countries such as the USA, Australia, UK, Japan, etc.
