MeitY Sets Meeting With Stakeholders After VPN Firms Halt Services In India

According to a report from ET, the meeting is being held in response to a joint letter sent by tech policy groups including BSA India, Internet Freedom Foundation, SFLC.in, and The Dialogue AccessNow. 

 

VPN Firms Halting Services In India

The meeting comes just days following the exit of two VPN firms -- ExpressVPN and Surfshark -- from the Indian market. The companies halted their services to Indian users after the government asked them to store user activity logs along with the names and email & IP addresses of the users.

Cert-In issued directives regarding information security prevention, response, and reporting cybercrimes on April 28. These directives reduced VPN’s core concept of keeping the users anonymous. The government has ordered VPN firms to collect user activity logs for five years. Besides, the company isn’t allowed to delete the data even after the user no longer uses their service.

“It is a high-level meeting in which policy heads from various companies will also be present. There will be discussions primarily on the Cert-In directives which were issued on April 28, and whether it has had an adverse impact on the startup ecosystem yet. We also expect senior officials from other ministries to be present,” according to an ET source.

VPN Users At Risk Of Being Surveilled

Surfshark said it would shut down its servers in the country before the new law is implemented, as it operates under a 'no logs’ policy for all other markets. Besides, many legal experts and tech policy groups have also shown dissent over the new directives.

While the new government directives don’t apply to corporate VPN firms, it still means that individuals using VPN services are at risk of being surveilled by the government. Surprisingly, MoS for Information Technology Rajeev Chandrasekhar asked VPN companies to stop their services in the country if they aren’t ready to follow the new guidelines.

“If you don’t have the logs, start maintaining the logs. If you’re a VPN that wants to hide and be anonymous about those who use VPNs and you don’t want to go by these rules, then if you want to pull out (from the country), frankly, that is the only opportunity you will have. You will have to pull out,” Chandrasekhar said.

VPN Data Logging Can Encourage Cybercrimes

India is among the biggest VPN markets across the globe and the government’s latest move hasn’t gone noticed in other parts of the world. US-India Business Council, techUK, US Chamber of Commerce, and others have even written to the Cert-In director general Sanjay Bahl, showing concerns over the latest move.

If the government still moves forward with the new guidelines, it could pave the way for bigger cyber crimes. If VPNs collect more data, there is a greater chance of data leaks and breaches. And, given the fact that the government wants the firms to collect the physical addresses and phone numbers of the users, the situation could get worse.