Following the new Indian cybersecurity norms from Govt. of India’s CERT-In department, the leading global VPN (Virtual Private Network) provider ExpressVPN is shutting down its servers operating in the country. It calls out the new VPN regulations by our government to be counter-intuitive to the core reasoning behind using a VPN solution. Let’s understand what the new VPN policies of the center are and how it impacts the VPN business and the end-user.

What are the new VPN rules of India?

ExpressVPN

On April 28, 2022, CERT-In issued a press release titled, “Directions relating to information security practices, procedure, prevention, response and reporting of cyber incidents for Safe & Trusted Internet”.

CERT-In for the uninitiated, stands for Computer Emergency Response Team that oversees protection of cybersecurity. Coming the the issue at hand, it warns of certain gaps in the cybersecurity rules that are apparently hindering incident analysis. 

It notes its new rules try to address “the directions cover aspects relating to synchronization of ICT system clocks; mandatory reporting of cyber incidents to CERT-In; maintenance of logs of ICT systems; subscriber/customer registrations details by Data centers, Virtual Private Server (VPS) providers, VPN Service providers, Cloud service providers; KYC norms and practices by virtual asset service providers, virtual asset exchange providers, and custodian wallet providers. These directions shall enhance the overall cyber security posture and ensure safe & trusted Internet in the country”.

Simply put, Government wants VPN companies with domestic servers must keep records of user data like names, mobile numbers, email IDs, IP addresses, etc for at least 5 years. This is said to be for tackling cybercrime that are relying on VPNs.

Why is ExpressVPN discontinuing its Indian servers?

ExpressVPN

There is the aforementioned CERT-In rule. But also it is as Minister of State for Electronics and Information and Technology Rajeev Chandrashekhar had cautioned the VPN brands. He had said,”“If you’re a VPN that wants to hide and be anonymous about those who use VPNs and you don’t want to go by these rules, then if you want to pull out (from the country), frankly, that is the only opportunity you will have. You will have to pull out.”

So in reaction to this ExpressVPN remarked, “The law is also overreaching and so broad as to open up the window for potential abuse. We believe the damage done by potential misuse of this kind of law far outweighs any benefit that lawmakers claim would come from it”.

The company thinks this would “limit the Internet freedom” and blames the new Indian cyber laws to be “incompatible with the purpose of VPNs, which are designed to keep users’ online activity private”.

How do the Indian Cyber rules and ExpressVPN quitting its servers affect users?

ExpressVPN

ExpressVPN’s Indian subscribers can still use the VPN through “virtual” India servers set in the UK and Singapore.

Assuring its Indian users, ExpressVPN says, “We will never collect logs of user activity, including no logging of browsing history, traffic destination, data content, or DNS queries. We also never store connection logs, meaning no logs of IP addresses, outgoing VPN IP addresses, connection timestamps, or session durations”.

As for other news, reviews, feature stories, buying guides, and everything else tech-related, keep reading Digit.in.



Source link