VPN market to impact severely in India
India is the second-largest market for VPN, with 45% of internet usage happening through VPN. There are few VPN service providers in India includes Surfshark, NordVPN, ExpressVPN, PureVPN, CyberGhost and IPVanish.
The Government’s new directions mandating all VPN providers and a few other entities to collect and hold user data for five years or more has sparked a debate in the cybersecurity community.
Due to the pandemic, more individuals are working from home, which has increased the number of VPN users in the country. VPNs are used for various purposes, including securely connecting to workplace networks while working from home, accessing geo-restricted material, and just remaining anonymous. India had over 270 million VPN users in 2021, accounting for around 20% of the population. This figure is almost certainly higher now. The new guideline will impact the users as the VPN providers have no option but to leave the country. Essentially, one of the key benefits and use cases of VPNs – anonymity – will be eliminated.
According to the directive of The Indian Computer Emergency Response Team (CERT-In), the country’s cyber watchdog, has issued the directive. The new standards will take effect sixty days after they are published, which is towards the end of June. CERT-In can request this information from these service providers at any moment. Failure to provide the data will result in penalties under the Information Technology Act of 2000 and other applicable legislation.
The directions from MeitY has asked all the VPN providers to collect and record validated names of subscribers, IPs allotted to them, IP addresses, email addresses, validated addresses, contact numbers, and ownership patterns for 5 years or longer even after the customer has cancelled the registration. Corporate VPN providers have been exempted from this.
The cybersecurity directions were issued by the Government of India as part of its policy goals of safety and trust in the Internet in India. The policy comes to effect with the growing cyber security incidents and ability of all platforms to produce logs and details related to cybersecurity incidents, when required in investigations, is essential to achieving policies of safety and trust and are non-negotiable and essential.
The exponential growth of the Internet interconnections has led to a significant growth of cyberattack incidents often with disastrous and grievous consequences. Malware is the primary choice of weapon to carry out malicious intents in cyberspace, either by exploitation into existing vulnerabilities or utilization of unique characteristics of emerging technologies.
The development of more innovative and effective malware defense mechanisms has been regarded as an urgent requirement in the cybersecurity community. Days after ExpressVPN removed its India servers, virtual private network (VPN) service providers Surfshark, Windscribe and NordVPN may voluntarily remove or be forced to remove their Indian servers.
An expert says, it’s very likely that these guidelines will be misused, while these requirements have the potential to enable mass surveillance, commercial profiling, censorship, and more. As many journalists, activists, and whistleblowers use VPNs. The country also has data localisation requirements, which, when combined with these data retention guidelines, raises serious concerns about state-sponsored mass surveillance
A VPN company said that the physical servers will be shut down before June 27 -- the day when the directions come into force. In its place, these companies will introduce a cloud server, a virtual Indian server (rather than a physical server) running in a cloud computing environment, which will be located in Singapore and London. Virtual servers were functionally identical to physical ones – with the main difference being that they would not be located in the country. Experts say, Indian users will still be able to “connect to VPN servers that will give them Indian IP addresses”. Users won't notice the difference with virtual servers.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.