One in five Indians used a VPN in 2021, according to data gathered by service provider Atlas VPN-up from just 3 percent in 2020. “That way, if needs it for law enforcement, intelligence purposes, or other purposes, they can grab it later.” And the VPN data grab could, potentially, collect information on millions of Indians who rely on the technology. “This is a blunderbuss way of remembering all data and keeping tabs on your users,” says Anupam Chander, professor of law at Georgetown University in Washington, DC. That ‘collect data first, ask questions later’ approach to law enforcement has others worried, too. “We may remove our servers from India if no other options are left.” “Our team is investigating the new directive and exploring the best course of action,” says Laura Tyrylyte, head of public relations at Nord Security, which develops Nord VPN. “ProtonVPN is monitoring the situation, but ultimately we remain committed to our no-logs policy and preserving our users’ privacy,” says spokesperson Matt Fossen. ProtonVPN is similarly concerned, calling the move an erosion of civil liberties. “We are still investigating the new regulation and its implications for us, but the overall aim is to continue providing no-logs services to all of our users,” he says. Gytis Malinauskas, head of Surfshark’s legal department, says the VPN provider couldn’t currently comply with India’s logging requirements because it uses RAM-only servers, which automatically overwrite user-related data. Other VPN providers are also considering their options. ![]() He adds that the company would never log user information or activity and that it will adjust its “operations and infrastructure to preserve this principle if and when necessary.” “This latest move by the Indian government to require VPN companies to hand over user personal data represents a worrying attempt to infringe on the digital rights of its citizens,” says Harold Li, vice president of ExpressVPN. ![]() But that doesn’t wash with VPN providers, some of whom have said they may ignore the demands. The justification from the country’s Computer Emergency Response Team (CERT-In) is that it needs to be able to investigate potential cybercrime. VPN providers have two months to accede to the rules and start collecting data. On April 28, officials announced that virtual private network companies will be required to collect swathes of customer data-and maintain it for five years or more-under a new national directive. VPN companies are squaring up for a fight with the Indian government over new rules designed to change how they operate in the country.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |