Business Standard How will the new rules for VPN providers threaten user privacy?
The Indian government has recently asked VPN service providers to register and record certain information about its users for a period of at least 5 years. This was one among the several new directives issued by CERT-In, or Central Emergency Response Team, which is India’s national agency that looks into matters of cybersecurity. The new directives are slated to come into effect from June 27 this year. However, experts say that these rules raise serious privacy concerns, especially
the ones about VPN service providers But before moving ahead, let’s understand what a VPN really is. VPN or a Virtual Private Network establishes a secure and encrypted connection between a user and the internet. VPN helps users hide their browsing history, IP address and geographical location, as well as their web activities and the devices being used. In a connected world, it’s of immense use to journalists, whistleblowers and activists. Now let’s understand how the new rules pose challenges to a VPN user’s privacy? CERT-In’s new rules require VPN service providers to collect and store certain ‘accurate’ information for a period of at least five years, even after a customer has cancelled his/her subscription. The ‘personal’ information to be collected and stored includes names, IP addresses, emails, contact numbers and purpose for using the VPN service. Data centres and cloud service providers will also have to abide by these directives
Read Complete Article